Closed Bug 1775359 Opened 3 years ago Closed 3 years ago

NSS_SecureMemcmp should reveal less in the non-equality case

Categories

(NSS :: Libraries, enhancement, P5)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jschanck, Assigned: jschanck)

Details

Attachments

(1 file)

Bug 1775359 - make NSS_SecureMemcmp 0/1 valued. r=#nss-reviewers
48 bytes, text/x-phabricator-request
Details | Review

The NSS_SecureMemcmp function takes two arrays of equal length and outputs 0 if the arrays are bytewise equal and non-zero otherwise. The current implementation returns the OR of the bytewise XOR:

unsigned char r = 0;
for (i = 0; i < n; ++i)
  r |= a[i] ^ b[i];
return r;

This implementation reveals more about the inputs than is strictly necessary. E.g. it reveals whether or not a and b differ in bit 3 for some i. A more defensive implementation would output a fixed value, e.g. 1, in the case of non-equality.

A simple fix is to change r to an int and return 1 & (-r >> 8).

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:jschanck, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.

Flags: needinfo?(mt)
Flags: needinfo?(jschanck)
Flags: needinfo?(mt)
Flags: needinfo?(jschanck)

https://hg.mozilla.org/projects/nss/rev/07727985696a30d3317f626c3d93ccb3302a611b

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: