Closed Bug 1775359 Opened 2 years ago Closed 2 years ago

NSS_SecureMemcmp should reveal less in the non-equality case

Categories

(NSS :: Libraries, enhancement, P5)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: jschanck, Assigned: jschanck)

Details

Attachments

(1 file)

The NSS_SecureMemcmp function takes two arrays of equal length and outputs 0 if the arrays are bytewise equal and non-zero otherwise. The current implementation returns the OR of the bytewise XOR:

unsigned char r = 0;
for (i = 0; i < n; ++i)
  r |= a[i] ^ b[i];
return r;

This implementation reveals more about the inputs than is strictly necessary. E.g. it reveals whether or not a and b differ in bit 3 for some i. A more defensive implementation would output a fixed value, e.g. 1, in the case of non-equality.

A simple fix is to change r to an int and return 1 & (-r >> 8).

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:jschanck, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.

Flags: needinfo?(mt)
Flags: needinfo?(jschanck)
Flags: needinfo?(mt)
Flags: needinfo?(jschanck)
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: