Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj NSS_3_46_BRANCH
authorDeian Stefan <deian@cs.ucsd.edu>
Thu, 26 Sep 2019 16:13:21 -0700
branchNSS_3_46_BRANCH
changeset 15322 e2945c4342867ffb29000910df3a14f32a10a17e
parent 15277 a75ea4cdacd95282c6c245ebb849c25e84ccd908
child 15323 f8dc0ce54c16b5094fcbea3befb1634cece457b0
push id3524
push userjjones@mozilla.com
push dateWed, 02 Oct 2019 21:47:02 +0000
reviewerskjacobs, jcj
bugs1582343
Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj
lib/softoken/pkcs11c.c
lib/softoken/tlsprf.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1925,17 +1925,17 @@ sftk_SignCopy(
     return SECSuccess;
 }
 
 /* Verify is just a compare for HMAC */
 static SECStatus
 sftk_HMACCmp(CK_ULONG *copyLen, unsigned char *sig, unsigned int sigLen,
              unsigned char *hash, unsigned int hashLen)
 {
-    return (PORT_Memcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
+    return (NSS_SecureMemcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
 }
 
 /*
  * common HMAC initalization routine
  */
 static CK_RV
 sftk_doHMACInit(SFTKSessionContext *context, HASH_HashType hash,
                 SFTKObject *key, CK_ULONG mac_size)
@@ -2041,17 +2041,17 @@ sftk_SSLMACVerify(SFTKSSLMACInfo *info, 
     unsigned char tmpBuf[SFTK_MAX_MAC_LENGTH];
     unsigned int out;
 
     info->begin(info->hashContext);
     info->update(info->hashContext, info->key, info->keySize);
     info->update(info->hashContext, ssl_pad_2, info->padSize);
     info->update(info->hashContext, hash, hashLen);
     info->end(info->hashContext, tmpBuf, &out, SFTK_MAX_MAC_LENGTH);
-    return (PORT_Memcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
+    return (NSS_SecureMemcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
 }
 
 /*
  * common HMAC initalization routine
  */
 static CK_RV
 sftk_doSSLMACInit(SFTKSessionContext *context, SECOidTag oid,
                   SFTKObject *key, CK_ULONG mac_size)
@@ -3553,17 +3553,17 @@ NSC_VerifyFinal(CK_SESSION_HANDLE hSessi
         (*context->end)(context->hashInfo, tmpbuf, &digestLen, sizeof(tmpbuf));
         if (SECSuccess != (context->verify)(context->cipherInfo, pSignature,
                                             ulSignatureLen, tmpbuf, digestLen))
             crv = sftk_MapCryptError(PORT_GetError());
     } else if (ulSignatureLen != context->macSize) {
         /* must be block cipher MACing */
         crv = CKR_SIGNATURE_LEN_RANGE;
     } else if (CKR_OK == (crv = sftk_MACFinal(context))) {
-        if (PORT_Memcmp(pSignature, context->macBuf, ulSignatureLen))
+        if (NSS_SecureMemcmp(pSignature, context->macBuf, ulSignatureLen))
             crv = CKR_SIGNATURE_INVALID;
     }
 
     sftk_TerminateOp(session, SFTK_VERIFY, context);
     sftk_FreeSession(session);
     return crv;
 }
 
--- a/lib/softoken/tlsprf.c
+++ b/lib/softoken/tlsprf.c
@@ -124,17 +124,17 @@ sftk_TLSPRFVerify(TLSPRFContext *cx,
     if (hashLen) {
         /* hashLen is non-zero when the user does a one-step verify.
         ** In this case, none of the data has been input yet.
         */
         sftk_TLSPRFHashUpdate(cx, hash, hashLen);
     }
     rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
     if (rv == SECSuccess) {
-        rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
+        rv = (SECStatus)(1 - !NSS_SecureMemcmp(tmp, sig, sigLen));
     }
     PORT_ZFree(tmp, sigLen);
     return rv;
 }
 
 static void
 sftk_TLSPRFHashDestroy(TLSPRFContext *cx, PRBool freeit)
 {