summaryrefslogtreecommitdiff
path: root/src/openvpn/crypto.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2013-05-17 12:00:05 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2013-05-17 12:00:05 +0200
commit7da22c96dd646047e97732832331c84528bdc95e (patch)
tree182180f14a3e23d52308d40654e1cf06b554944c /src/openvpn/crypto.c
parent8a59dafbd02d0ee1faaf674f4420cdc412f13aea (diff)
parentfcc893c0d8d245525cfb023b6e2a8aae086304cf (diff)
Merge tag 'upstream/2.3.1'
Upstream version 2.3.1
Diffstat (limited to 'src/openvpn/crypto.c')
-rw-r--r--src/openvpn/crypto.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index ac2eecd..d9adf5b 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -65,6 +65,24 @@
#define CRYPT_ERROR(format) \
do { msg (D_CRYPT_ERRORS, "%s: " format, error_prefix); goto error_exit; } while (false)
+/**
+ * As memcmp(), but constant-time.
+ * Returns 0 when data is equal, non-zero otherwise.
+ */
+static int
+memcmp_constant_time (const void *a, const void *b, size_t size) {
+ const uint8_t * a1 = a;
+ const uint8_t * b1 = b;
+ int ret = 0;
+ size_t i;
+
+ for (i = 0; i < size; i++) {
+ ret |= *a1++ ^ *b1++;
+ }
+
+ return ret;
+}
+
void
openvpn_encrypt (struct buffer *buf, struct buffer work,
const struct crypto_options *opt,
@@ -244,7 +262,7 @@ openvpn_decrypt (struct buffer *buf, struct buffer work,
hmac_ctx_final (ctx->hmac, local_hmac);
/* Compare locally computed HMAC with packet HMAC */
- if (memcmp (local_hmac, BPTR (buf), hmac_len))
+ if (memcmp_constant_time (local_hmac, BPTR (buf), hmac_len))
CRYPT_ERROR ("packet HMAC authentication failed");
ASSERT (buf_advance (buf, hmac_len));
@@ -401,7 +419,7 @@ init_key_type (struct key_type *kt, const char *ciphername,
CLEAR (*kt);
if (ciphername && ciphername_defined)
{
- kt->cipher = cipher_kt_get (ciphername);
+ kt->cipher = cipher_kt_get (translate_cipher_name_from_openvpn(ciphername));
kt->cipher_length = cipher_kt_key_size (kt->cipher);
if (keysize > 0 && keysize <= MAX_CIPHER_KEY_LENGTH)
kt->cipher_length = keysize;