mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-01 04:12:07 +00:00
Introduce constant-time memcmp and use it for snmpv3_get_engine_boots
See #65118
This commit is contained in:
parent
09d929f7ff
commit
25de99d1c1
@ -1058,7 +1058,7 @@ snmp_parse_inbound_frame(struct snmp_request *request)
|
|||||||
IF_PARSE_EXEC(snmpv3_get_user((char *)request->msg_user_name, &auth, key, NULL, NULL));
|
IF_PARSE_EXEC(snmpv3_get_user((char *)request->msg_user_name, &auth, key, NULL, NULL));
|
||||||
IF_PARSE_EXEC(snmpv3_auth(&auth_stream, request->inbound_pbuf->tot_len, key, auth, hmac));
|
IF_PARSE_EXEC(snmpv3_auth(&auth_stream, request->inbound_pbuf->tot_len, key, auth, hmac));
|
||||||
|
|
||||||
if (memcmp(request->msg_authentication_parameters, hmac, SNMP_V3_MAX_AUTH_PARAM_LENGTH)) {
|
if (lwip_memcmp_consttime(request->msg_authentication_parameters, hmac, SNMP_V3_MAX_AUTH_PARAM_LENGTH)) {
|
||||||
snmp_stats.wrongdigests++;
|
snmp_stats.wrongdigests++;
|
||||||
request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
request->msg_flags = SNMP_V3_NOAUTHNOPRIV;
|
||||||
request->error_status = SNMP_ERR_AUTHORIZATIONERROR;
|
request->error_status = SNMP_ERR_AUTHORIZATIONERROR;
|
||||||
|
@ -261,3 +261,26 @@ lwip_itoa(char *result, size_t bufsize, int number)
|
|||||||
memmove(res, tmp, (size_t)((result + bufsize) - tmp));
|
memmove(res, tmp, (size_t)((result + bufsize) - tmp));
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef lwip_memcmp_consttime
|
||||||
|
/**
|
||||||
|
* @ingroup sys_nonstandard
|
||||||
|
* The goal of this function is to compare memory with constant runtime in order to prevent
|
||||||
|
* timing attacks to various parts in the stack.
|
||||||
|
* To do that, in contrast to memcmp(), it only returns:
|
||||||
|
* 0: equal
|
||||||
|
* != 0: not equal
|
||||||
|
*/
|
||||||
|
int lwip_memcmp_consttime(const void* s1, const void* s2, size_t len)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
const unsigned char* a1 = s1;
|
||||||
|
const unsigned char* a2 = s2;
|
||||||
|
unsigned char ret = 0;
|
||||||
|
|
||||||
|
for (i = 0; i < len; i++) {
|
||||||
|
ret |= a1[i] ^ a2[i];
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
@ -148,6 +148,16 @@ char* lwip_strnstr(const char* buffer, const char* token, size_t n);
|
|||||||
/* This can be #defined to strnistr() depending on your platform */
|
/* This can be #defined to strnistr() depending on your platform */
|
||||||
char* lwip_strnistr(const char* buffer, const char* token, size_t n);
|
char* lwip_strnistr(const char* buffer, const char* token, size_t n);
|
||||||
#endif
|
#endif
|
||||||
|
#ifndef lwip_memcmp_consttime
|
||||||
|
/* This could be #defined to something existing on your platform
|
||||||
|
* The goal of this function is to compare memory with constant runtime in order to prevent
|
||||||
|
* timing attacks to various parts in the stack.
|
||||||
|
* To do that, in contrast to memcmp(), it only returns:
|
||||||
|
* 0: equal
|
||||||
|
* != 0: not equal
|
||||||
|
*/
|
||||||
|
int lwip_memcmp_consttime(const void* s1, const void* s2, size_t len);
|
||||||
|
#endif
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user