From 8a60d9e2a8dc5b81b44426002b03110ef391f618 Mon Sep 17 00:00:00 2001 From: cinap_lenrek Date: Wed, 16 Dec 2015 21:23:40 +0100 Subject: [PATCH] libsec: use tsmemcmp() when comparing hashes, use mpfield() for ecc, use mptober() when right adjusting mpint to bytes --- sys/src/libsec/port/ecc.c | 5 +---- sys/src/libsec/port/tlshand.c | 16 ++++------------ sys/src/libsec/port/x509.c | 4 ++-- 3 files changed, 7 insertions(+), 18 deletions(-) diff --git a/sys/src/libsec/port/ecc.c b/sys/src/libsec/port/ecc.c index 8cd2741c5..04d130c5b 100644 --- a/sys/src/libsec/port/ecc.c +++ b/sys/src/libsec/port/ecc.c @@ -517,7 +517,6 @@ base58dec(char *src, uchar *dst, int len) { mpint *n, *b, *r; char *t; - int l; n = mpnew(0); r = mpnew(0); @@ -535,9 +534,7 @@ base58dec(char *src, uchar *dst, int len) mpmul(n, b, n); mpadd(n, r, n); } - memset(dst, 0, len); - l = (mpsignif(n) + 7) / 8; - mptobe(n, dst + (len - l), l, nil); + mptober(n, dst, len); mpfree(n); mpfree(r); mpfree(b); diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index b94a31023..fef121402 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -901,7 +901,7 @@ tlsSecECDHEc(TlsSec *sec, uchar *srandom, int vers, int curve, Bytes *Ys) epm = nil; memset(&dom, 0, sizeof(dom)); - dom.p = strtomp(nc->p, nil, 16, nil); + dom.p = mpfield(strtomp(nc->p, nil, 16, nil)); dom.a = strtomp(nc->a, nil, 16, nil); dom.b = strtomp(nc->b, nil, 16, nil); dom.n = strtomp(nc->n, nil, 16, nil); @@ -926,14 +926,6 @@ tlsSecECDHEc(TlsSec *sec, uchar *srandom, int vers, int curve, Bytes *Ys) if(dom.p == nil || dom.a == nil || dom.b == nil || dom.n == nil || dom.h == nil) goto Out; - if(Q.x == nil || Q.y == nil || Q.d == nil) - goto Out; - if(G.x == nil || G.y == nil) - goto Out; - if(K.x == nil || K.y == nil) - goto Out; - if(Y.x == nil || Y.y == nil) - goto Out; dom.G = strtoec(&dom, nc->G, nil, &G); if(dom.G == nil) @@ -1005,7 +997,7 @@ verifyDHparams(TlsConnection *c, Bytes *par, Bytes *sig, int sigalg) else { md5(blob->data, blob->len, hashes, nil); sha1(blob->data, blob->len, hashes+MD5dlen, nil); - if(memcmp(buf, hashes, sizeof(hashes)) != 0) + if(tsmemcmp(buf, hashes, sizeof(hashes)) != 0) err = "digests did not match"; } free(buf); @@ -2069,7 +2061,7 @@ setVersion(TlsConnection *c, int version) static int finishedMatch(TlsConnection *c, Finished *f) { - return memcmp(f->verify, c->finished.verify, f->n) == 0; + return tsmemcmp(f->verify, c->finished.verify, f->n) == 0; } // free memory associated with TlsConnection struct @@ -2767,7 +2759,7 @@ mptobytes(mpint* big) n = (mpsignif(big)+7)/8; if(n == 0) n = 1; ans = newbytes(n); - ans->len = mptobe(big, ans->data, n, nil); + mptober(big, ans->data, ans->len); return ans; } diff --git a/sys/src/libsec/port/x509.c b/sys/src/libsec/port/x509.c index aaecc314b..d790bc45d 100644 --- a/sys/src/libsec/port/x509.c +++ b/sys/src/libsec/port/x509.c @@ -2246,7 +2246,7 @@ X509verifydigest(uchar *sig, int siglen, uchar *edigest, int edigestlen, RSApub return e; if(digestalg[sigalg]->len != edigestlen) return "bad digest length"; - if(memcmp(digest, edigest, edigestlen) != 0) + if(tsmemcmp(digest, edigest, edigestlen) != 0) return "digests did not match"; return nil; } @@ -2262,7 +2262,7 @@ X509verifydata(uchar *sig, int siglen, uchar *data, int datalen, RSApub *pk) if(e != nil) return e; (*digestalg[sigalg]->fun)(data, datalen, edigest, nil); - if(memcmp(digest, edigest, digestalg[sigalg]->len) != 0) + if(tsmemcmp(digest, edigest, digestalg[sigalg]->len) != 0) return "digests did not match"; return nil; }