Fossil SCM
Rename constant_time_eq to constant_time_cmp to better indicate that these functions return 0 when values are equal, like memcmp, strcmp, etc., not truth, to avoid possible mistakes.
Commit
d244c484e73e5eb18eef0cc1f8e5fb04632fc2a8
Parent
13a9a1244c8c2b4…
3 files changed
+1
-1
+10
-10
+2
-2
+1
-1
| --- src/blob.c | ||
| +++ src/blob.c | ||
| @@ -319,11 +319,11 @@ | ||
| 319 | 319 | /* |
| 320 | 320 | ** Compare two blobs in constant time and return zero if they are equal. |
| 321 | 321 | ** Constant time comparison only applies for blobs of the same length. |
| 322 | 322 | ** If lengths are different, immediately returns 1. |
| 323 | 323 | */ |
| 324 | -int blob_constant_time_eq(Blob *pA, Blob *pB){ | |
| 324 | +int blob_constant_time_cmp(Blob *pA, Blob *pB){ | |
| 325 | 325 | int szA, szB, i; |
| 326 | 326 | unsigned char *buf1, *buf2; |
| 327 | 327 | unsigned char rc = 0; |
| 328 | 328 | |
| 329 | 329 | blob_is_init(pA); |
| 330 | 330 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -319,11 +319,11 @@ | |
| 319 | /* |
| 320 | ** Compare two blobs in constant time and return zero if they are equal. |
| 321 | ** Constant time comparison only applies for blobs of the same length. |
| 322 | ** If lengths are different, immediately returns 1. |
| 323 | */ |
| 324 | int blob_constant_time_eq(Blob *pA, Blob *pB){ |
| 325 | int szA, szB, i; |
| 326 | unsigned char *buf1, *buf2; |
| 327 | unsigned char rc = 0; |
| 328 | |
| 329 | blob_is_init(pA); |
| 330 |
| --- src/blob.c | |
| +++ src/blob.c | |
| @@ -319,11 +319,11 @@ | |
| 319 | /* |
| 320 | ** Compare two blobs in constant time and return zero if they are equal. |
| 321 | ** Constant time comparison only applies for blobs of the same length. |
| 322 | ** If lengths are different, immediately returns 1. |
| 323 | */ |
| 324 | int blob_constant_time_cmp(Blob *pA, Blob *pB){ |
| 325 | int szA, szB, i; |
| 326 | unsigned char *buf1, *buf2; |
| 327 | unsigned char rc = 0; |
| 328 | |
| 329 | blob_is_init(pA); |
| 330 |
+10
-10
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -231,12 +231,12 @@ | ||
| 231 | 231 | if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ |
| 232 | 232 | /* The user requests a password change */ |
| 233 | 233 | zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0); |
| 234 | 234 | if( db_int(1, "SELECT 0 FROM user" |
| 235 | 235 | " WHERE uid=%d" |
| 236 | - " AND (constant_time_eq(pw,%Q)=0" | |
| 237 | - " OR constant_time_eq(pw,%Q)=0)", | |
| 236 | + " AND (constant_time_cmp(pw,%Q)=0" | |
| 237 | + " OR constant_time_cmp(pw,%Q)=0)", | |
| 238 | 238 | g.userUid, zSha1Pw, zPasswd) ){ |
| 239 | 239 | sleep(1); |
| 240 | 240 | zErrMsg = |
| 241 | 241 | @ <p><span class="loginError"> |
| 242 | 242 | @ You entered an incorrect old password while attempting to change |
| @@ -310,11 +310,11 @@ | ||
| 310 | 310 | uid = db_int(0, |
| 311 | 311 | "SELECT uid FROM user" |
| 312 | 312 | " WHERE login=%Q" |
| 313 | 313 | " AND length(cap)>0 AND length(pw)>0" |
| 314 | 314 | " AND login NOT IN ('anonymous','nobody','developer','reader')" |
| 315 | - " AND (constant_time_eq(pw,%Q)=0 OR constant_time_eq(pw,%Q)=0)", | |
| 315 | + " AND (constant_time_cmp(pw,%Q)=0 OR constant_time_cmp(pw,%Q)=0)", | |
| 316 | 316 | zUsername, zSha1Pw, zPasswd |
| 317 | 317 | ); |
| 318 | 318 | if( uid<=0 ){ |
| 319 | 319 | sleep(1); |
| 320 | 320 | zErrMsg = |
| @@ -458,11 +458,11 @@ | ||
| 458 | 458 | |
| 459 | 459 | /* |
| 460 | 460 | ** SQL function for constant time comparison of two values. |
| 461 | 461 | ** Sets result to 0 if two values are equal. |
| 462 | 462 | */ |
| 463 | -static void constant_time_eq_function( | |
| 463 | +static void constant_time_cmp_function( | |
| 464 | 464 | sqlite3_context *context, |
| 465 | 465 | int argc, |
| 466 | 466 | sqlite3_value **argv |
| 467 | 467 | ){ |
| 468 | 468 | const unsigned char *buf1, *buf2; |
| @@ -510,21 +510,21 @@ | ||
| 510 | 510 | if( zOtherRepo==0 ) return 0; /* No such peer repository */ |
| 511 | 511 | |
| 512 | 512 | rc = sqlite3_open(zOtherRepo, &pOther); |
| 513 | 513 | if( rc==SQLITE_OK ){ |
| 514 | 514 | sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0); |
| 515 | - sqlite3_create_function(pOther, "constant_time_eq", 2, SQLITE_UTF8, 0, | |
| 516 | - constant_time_eq_function, 0, 0); | |
| 515 | + sqlite3_create_function(pOther, "constant_time_cmp", 2, SQLITE_UTF8, 0, | |
| 516 | + constant_time_cmp_function, 0, 0); | |
| 517 | 517 | sqlite3_busy_timeout(pOther, 5000); |
| 518 | 518 | zSQL = mprintf( |
| 519 | 519 | "SELECT cexpire FROM user" |
| 520 | 520 | " WHERE login=%Q" |
| 521 | 521 | " AND ipaddr=%Q" |
| 522 | 522 | " AND length(cap)>0" |
| 523 | 523 | " AND length(pw)>0" |
| 524 | 524 | " AND cexpire>julianday('now')" |
| 525 | - " AND constant_time_eq(cookie,%Q)=0", | |
| 525 | + " AND constant_time_cmp(cookie,%Q)=0", | |
| 526 | 526 | zLogin, zRemoteAddr, zHash |
| 527 | 527 | ); |
| 528 | 528 | pStmt = 0; |
| 529 | 529 | rc = sqlite3_prepare_v2(pOther, zSQL, -1, &pStmt, 0); |
| 530 | 530 | if( rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW ){ |
| @@ -562,11 +562,11 @@ | ||
| 562 | 562 | " WHERE login=%Q" |
| 563 | 563 | " AND ipaddr=%Q" |
| 564 | 564 | " AND cexpire>julianday('now')" |
| 565 | 565 | " AND length(cap)>0" |
| 566 | 566 | " AND length(pw)>0" |
| 567 | - " AND constant_time_eq(cookie,%Q)=0", | |
| 567 | + " AND constant_time_cmp(cookie,%Q)=0", | |
| 568 | 568 | zLogin, zRemoteAddr, zCookie |
| 569 | 569 | ); |
| 570 | 570 | return uid; |
| 571 | 571 | } |
| 572 | 572 | |
| @@ -586,12 +586,12 @@ | ||
| 586 | 586 | const char *zCap = 0; /* Capability string */ |
| 587 | 587 | |
| 588 | 588 | /* Only run this check once. */ |
| 589 | 589 | if( g.userUid!=0 ) return; |
| 590 | 590 | |
| 591 | - sqlite3_create_function(g.db, "constant_time_eq", 2, SQLITE_UTF8, 0, | |
| 592 | - constant_time_eq_function, 0, 0); | |
| 591 | + sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, | |
| 592 | + constant_time_cmp_function, 0, 0); | |
| 593 | 593 | |
| 594 | 594 | /* If the HTTP connection is coming over 127.0.0.1 and if |
| 595 | 595 | ** local login is disabled and if we are using HTTP and not HTTPS, |
| 596 | 596 | ** then there is no need to check user credentials. |
| 597 | 597 | ** |
| 598 | 598 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -231,12 +231,12 @@ | |
| 231 | if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ |
| 232 | /* The user requests a password change */ |
| 233 | zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0); |
| 234 | if( db_int(1, "SELECT 0 FROM user" |
| 235 | " WHERE uid=%d" |
| 236 | " AND (constant_time_eq(pw,%Q)=0" |
| 237 | " OR constant_time_eq(pw,%Q)=0)", |
| 238 | g.userUid, zSha1Pw, zPasswd) ){ |
| 239 | sleep(1); |
| 240 | zErrMsg = |
| 241 | @ <p><span class="loginError"> |
| 242 | @ You entered an incorrect old password while attempting to change |
| @@ -310,11 +310,11 @@ | |
| 310 | uid = db_int(0, |
| 311 | "SELECT uid FROM user" |
| 312 | " WHERE login=%Q" |
| 313 | " AND length(cap)>0 AND length(pw)>0" |
| 314 | " AND login NOT IN ('anonymous','nobody','developer','reader')" |
| 315 | " AND (constant_time_eq(pw,%Q)=0 OR constant_time_eq(pw,%Q)=0)", |
| 316 | zUsername, zSha1Pw, zPasswd |
| 317 | ); |
| 318 | if( uid<=0 ){ |
| 319 | sleep(1); |
| 320 | zErrMsg = |
| @@ -458,11 +458,11 @@ | |
| 458 | |
| 459 | /* |
| 460 | ** SQL function for constant time comparison of two values. |
| 461 | ** Sets result to 0 if two values are equal. |
| 462 | */ |
| 463 | static void constant_time_eq_function( |
| 464 | sqlite3_context *context, |
| 465 | int argc, |
| 466 | sqlite3_value **argv |
| 467 | ){ |
| 468 | const unsigned char *buf1, *buf2; |
| @@ -510,21 +510,21 @@ | |
| 510 | if( zOtherRepo==0 ) return 0; /* No such peer repository */ |
| 511 | |
| 512 | rc = sqlite3_open(zOtherRepo, &pOther); |
| 513 | if( rc==SQLITE_OK ){ |
| 514 | sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0); |
| 515 | sqlite3_create_function(pOther, "constant_time_eq", 2, SQLITE_UTF8, 0, |
| 516 | constant_time_eq_function, 0, 0); |
| 517 | sqlite3_busy_timeout(pOther, 5000); |
| 518 | zSQL = mprintf( |
| 519 | "SELECT cexpire FROM user" |
| 520 | " WHERE login=%Q" |
| 521 | " AND ipaddr=%Q" |
| 522 | " AND length(cap)>0" |
| 523 | " AND length(pw)>0" |
| 524 | " AND cexpire>julianday('now')" |
| 525 | " AND constant_time_eq(cookie,%Q)=0", |
| 526 | zLogin, zRemoteAddr, zHash |
| 527 | ); |
| 528 | pStmt = 0; |
| 529 | rc = sqlite3_prepare_v2(pOther, zSQL, -1, &pStmt, 0); |
| 530 | if( rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW ){ |
| @@ -562,11 +562,11 @@ | |
| 562 | " WHERE login=%Q" |
| 563 | " AND ipaddr=%Q" |
| 564 | " AND cexpire>julianday('now')" |
| 565 | " AND length(cap)>0" |
| 566 | " AND length(pw)>0" |
| 567 | " AND constant_time_eq(cookie,%Q)=0", |
| 568 | zLogin, zRemoteAddr, zCookie |
| 569 | ); |
| 570 | return uid; |
| 571 | } |
| 572 | |
| @@ -586,12 +586,12 @@ | |
| 586 | const char *zCap = 0; /* Capability string */ |
| 587 | |
| 588 | /* Only run this check once. */ |
| 589 | if( g.userUid!=0 ) return; |
| 590 | |
| 591 | sqlite3_create_function(g.db, "constant_time_eq", 2, SQLITE_UTF8, 0, |
| 592 | constant_time_eq_function, 0, 0); |
| 593 | |
| 594 | /* If the HTTP connection is coming over 127.0.0.1 and if |
| 595 | ** local login is disabled and if we are using HTTP and not HTTPS, |
| 596 | ** then there is no need to check user credentials. |
| 597 | ** |
| 598 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -231,12 +231,12 @@ | |
| 231 | if( g.perm.Password && zPasswd && (zNew1 = P("n1"))!=0 && (zNew2 = P("n2"))!=0 ){ |
| 232 | /* The user requests a password change */ |
| 233 | zSha1Pw = sha1_shared_secret(zPasswd, g.zLogin, 0); |
| 234 | if( db_int(1, "SELECT 0 FROM user" |
| 235 | " WHERE uid=%d" |
| 236 | " AND (constant_time_cmp(pw,%Q)=0" |
| 237 | " OR constant_time_cmp(pw,%Q)=0)", |
| 238 | g.userUid, zSha1Pw, zPasswd) ){ |
| 239 | sleep(1); |
| 240 | zErrMsg = |
| 241 | @ <p><span class="loginError"> |
| 242 | @ You entered an incorrect old password while attempting to change |
| @@ -310,11 +310,11 @@ | |
| 310 | uid = db_int(0, |
| 311 | "SELECT uid FROM user" |
| 312 | " WHERE login=%Q" |
| 313 | " AND length(cap)>0 AND length(pw)>0" |
| 314 | " AND login NOT IN ('anonymous','nobody','developer','reader')" |
| 315 | " AND (constant_time_cmp(pw,%Q)=0 OR constant_time_cmp(pw,%Q)=0)", |
| 316 | zUsername, zSha1Pw, zPasswd |
| 317 | ); |
| 318 | if( uid<=0 ){ |
| 319 | sleep(1); |
| 320 | zErrMsg = |
| @@ -458,11 +458,11 @@ | |
| 458 | |
| 459 | /* |
| 460 | ** SQL function for constant time comparison of two values. |
| 461 | ** Sets result to 0 if two values are equal. |
| 462 | */ |
| 463 | static void constant_time_cmp_function( |
| 464 | sqlite3_context *context, |
| 465 | int argc, |
| 466 | sqlite3_value **argv |
| 467 | ){ |
| 468 | const unsigned char *buf1, *buf2; |
| @@ -510,21 +510,21 @@ | |
| 510 | if( zOtherRepo==0 ) return 0; /* No such peer repository */ |
| 511 | |
| 512 | rc = sqlite3_open(zOtherRepo, &pOther); |
| 513 | if( rc==SQLITE_OK ){ |
| 514 | sqlite3_create_function(pOther,"now",0,SQLITE_ANY,0,db_now_function,0,0); |
| 515 | sqlite3_create_function(pOther, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 516 | constant_time_cmp_function, 0, 0); |
| 517 | sqlite3_busy_timeout(pOther, 5000); |
| 518 | zSQL = mprintf( |
| 519 | "SELECT cexpire FROM user" |
| 520 | " WHERE login=%Q" |
| 521 | " AND ipaddr=%Q" |
| 522 | " AND length(cap)>0" |
| 523 | " AND length(pw)>0" |
| 524 | " AND cexpire>julianday('now')" |
| 525 | " AND constant_time_cmp(cookie,%Q)=0", |
| 526 | zLogin, zRemoteAddr, zHash |
| 527 | ); |
| 528 | pStmt = 0; |
| 529 | rc = sqlite3_prepare_v2(pOther, zSQL, -1, &pStmt, 0); |
| 530 | if( rc==SQLITE_OK && sqlite3_step(pStmt)==SQLITE_ROW ){ |
| @@ -562,11 +562,11 @@ | |
| 562 | " WHERE login=%Q" |
| 563 | " AND ipaddr=%Q" |
| 564 | " AND cexpire>julianday('now')" |
| 565 | " AND length(cap)>0" |
| 566 | " AND length(pw)>0" |
| 567 | " AND constant_time_cmp(cookie,%Q)=0", |
| 568 | zLogin, zRemoteAddr, zCookie |
| 569 | ); |
| 570 | return uid; |
| 571 | } |
| 572 | |
| @@ -586,12 +586,12 @@ | |
| 586 | const char *zCap = 0; /* Capability string */ |
| 587 | |
| 588 | /* Only run this check once. */ |
| 589 | if( g.userUid!=0 ) return; |
| 590 | |
| 591 | sqlite3_create_function(g.db, "constant_time_cmp", 2, SQLITE_UTF8, 0, |
| 592 | constant_time_cmp_function, 0, 0); |
| 593 | |
| 594 | /* If the HTTP connection is coming over 127.0.0.1 and if |
| 595 | ** local login is disabled and if we are using HTTP and not HTTPS, |
| 596 | ** then there is no need to check user credentials. |
| 597 | ** |
| 598 |
+2
-2
| --- src/xfer.c | ||
| +++ src/xfer.c | ||
| @@ -573,11 +573,11 @@ | ||
| 573 | 573 | blob_zero(&combined); |
| 574 | 574 | blob_copy(&combined, pNonce); |
| 575 | 575 | blob_append(&combined, blob_buffer(&pw), szPw); |
| 576 | 576 | sha1sum_blob(&combined, &hash); |
| 577 | 577 | assert( blob_size(&hash)==40 ); |
| 578 | - rc = blob_constant_time_eq(&hash, pSig); | |
| 578 | + rc = blob_constant_time_cmp(&hash, pSig); | |
| 579 | 579 | blob_reset(&hash); |
| 580 | 580 | blob_reset(&combined); |
| 581 | 581 | if( rc!=0 && szPw!=40 ){ |
| 582 | 582 | /* If this server stores cleartext passwords and the password did not |
| 583 | 583 | ** match, then perhaps the client is sending SHA1 passwords. Try |
| @@ -588,11 +588,11 @@ | ||
| 588 | 588 | blob_zero(&combined); |
| 589 | 589 | blob_copy(&combined, pNonce); |
| 590 | 590 | blob_append(&combined, zSecret, -1); |
| 591 | 591 | free(zSecret); |
| 592 | 592 | sha1sum_blob(&combined, &hash); |
| 593 | - rc = blob_constant_time_eq(&hash, pSig); | |
| 593 | + rc = blob_constant_time_cmp(&hash, pSig); | |
| 594 | 594 | blob_reset(&hash); |
| 595 | 595 | blob_reset(&combined); |
| 596 | 596 | } |
| 597 | 597 | if( rc==0 ){ |
| 598 | 598 | const char *zCap; |
| 599 | 599 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -573,11 +573,11 @@ | |
| 573 | blob_zero(&combined); |
| 574 | blob_copy(&combined, pNonce); |
| 575 | blob_append(&combined, blob_buffer(&pw), szPw); |
| 576 | sha1sum_blob(&combined, &hash); |
| 577 | assert( blob_size(&hash)==40 ); |
| 578 | rc = blob_constant_time_eq(&hash, pSig); |
| 579 | blob_reset(&hash); |
| 580 | blob_reset(&combined); |
| 581 | if( rc!=0 && szPw!=40 ){ |
| 582 | /* If this server stores cleartext passwords and the password did not |
| 583 | ** match, then perhaps the client is sending SHA1 passwords. Try |
| @@ -588,11 +588,11 @@ | |
| 588 | blob_zero(&combined); |
| 589 | blob_copy(&combined, pNonce); |
| 590 | blob_append(&combined, zSecret, -1); |
| 591 | free(zSecret); |
| 592 | sha1sum_blob(&combined, &hash); |
| 593 | rc = blob_constant_time_eq(&hash, pSig); |
| 594 | blob_reset(&hash); |
| 595 | blob_reset(&combined); |
| 596 | } |
| 597 | if( rc==0 ){ |
| 598 | const char *zCap; |
| 599 |
| --- src/xfer.c | |
| +++ src/xfer.c | |
| @@ -573,11 +573,11 @@ | |
| 573 | blob_zero(&combined); |
| 574 | blob_copy(&combined, pNonce); |
| 575 | blob_append(&combined, blob_buffer(&pw), szPw); |
| 576 | sha1sum_blob(&combined, &hash); |
| 577 | assert( blob_size(&hash)==40 ); |
| 578 | rc = blob_constant_time_cmp(&hash, pSig); |
| 579 | blob_reset(&hash); |
| 580 | blob_reset(&combined); |
| 581 | if( rc!=0 && szPw!=40 ){ |
| 582 | /* If this server stores cleartext passwords and the password did not |
| 583 | ** match, then perhaps the client is sending SHA1 passwords. Try |
| @@ -588,11 +588,11 @@ | |
| 588 | blob_zero(&combined); |
| 589 | blob_copy(&combined, pNonce); |
| 590 | blob_append(&combined, zSecret, -1); |
| 591 | free(zSecret); |
| 592 | sha1sum_blob(&combined, &hash); |
| 593 | rc = blob_constant_time_cmp(&hash, pSig); |
| 594 | blob_reset(&hash); |
| 595 | blob_reset(&combined); |
| 596 | } |
| 597 | if( rc==0 ){ |
| 598 | const char *zCap; |
| 599 |