[tor-commits] [tor/master] Hand-conversion and audit phase of memcmp transition
nickm at torproject.org
nickm at torproject.org
Thu May 12 23:28:06 UTC 2011
commit 59f9097d5c3dc010847c359888d31757d1c97904
Author: Nick Mathewson <nickm at torproject.org>
Date: Tue May 10 16:58:38 2011 -0400
Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:
If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
changed it to a fast_memcmp or fast_memeq.
Otherwise if there was a tor_memcmp that could turn into a
tor_memneq or tor_memeq, I converted it.
This wants close attention.
[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
---
src/common/compat.c | 4 +++-
src/common/container.c | 2 +-
src/common/crypto.c | 2 +-
src/common/di_ops.h | 2 ++
src/common/torgzip.c | 2 +-
src/common/util.c | 21 +++++++++++++--------
src/common/util.h | 4 ++--
src/or/circuitbuild.c | 2 +-
src/or/circuitlist.c | 2 +-
src/or/circuituse.c | 2 +-
src/or/connection_edge.c | 4 ++--
src/or/connection_or.c | 2 +-
src/or/control.c | 8 ++++----
src/or/directory.c | 12 ++++++------
src/or/dirserv.c | 12 ++++++------
src/or/dirvote.c | 38 +++++++++++++++++++-------------------
src/or/eventdns.c | 2 +-
src/or/networkstatus.c | 8 ++++----
src/or/onion.c | 4 ++--
src/or/relay.c | 2 +-
src/or/rendclient.c | 2 +-
src/or/rendmid.c | 2 +-
src/or/rendservice.c | 4 ++--
src/or/rephist.c | 4 ++--
src/or/router.c | 2 +-
src/or/routerlist.c | 18 +++++++++---------
src/or/routerparse.c | 23 ++++++++++++-----------
27 files changed, 100 insertions(+), 90 deletions(-)
diff --git a/src/common/compat.c b/src/common/compat.c
index ea46d43..3965108 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -312,6 +312,8 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args)
* <b>needle</b>, return a pointer to the first occurrence of the needle
* within the haystack, or NULL if there is no such occurrence.
*
+ * This function is <em>not</em> timing-safe.
+ *
* Requires that nlen be greater than zero.
*/
const void *
@@ -336,7 +338,7 @@ tor_memmem(const void *_haystack, size_t hlen,
while ((p = memchr(p, first, end-p))) {
if (p+nlen > end)
return NULL;
- if (tor_memeq(p, needle, nlen))
+ if (fast_memeq(p, needle, nlen))
return p;
++p;
}
diff --git a/src/common/container.c b/src/common/container.c
index d1d5ce3..c741eb0 100644
--- a/src/common/container.c
+++ b/src/common/container.c
@@ -223,7 +223,7 @@ smartlist_digest_isin(const smartlist_t *sl, const char *element)
int i;
if (!sl) return 0;
for (i=0; i < sl->num_used; i++)
- if (tor_memcmp((const char*)sl->list[i],element,DIGEST_LEN)==0)
+ if (tor_memeq((const char*)sl->list[i],element,DIGEST_LEN))
return 1;
return 0;
}
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 9269428..f3268fe 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -845,7 +845,7 @@ crypto_pk_public_checksig_digest(crypto_pk_env_t *env, const char *data,
tor_free(buf);
return -1;
}
- if (tor_memcmp(buf, digest, DIGEST_LEN)) {
+ if (tor_memneq(buf, digest, DIGEST_LEN)) {
log_warn(LD_CRYPTO, "Signature mismatched with digest.");
tor_free(buf);
return -1;
diff --git a/src/common/di_ops.h b/src/common/di_ops.h
index 1b223d9..4a212b0 100644
--- a/src/common/di_ops.h
+++ b/src/common/di_ops.h
@@ -24,5 +24,7 @@ int tor_memeq(const void *a, const void *b, size_t sz);
* implementation.
*/
#define fast_memcmp(a,b,c) (memcmp((a),(b),(c)))
+#define fast_memeq(a,b,c) (0==memcmp((a),(b),(c)))
+#define fast_memneq(a,b,c) (0!=memcmp((a),(b),(c)))
#endif
diff --git a/src/common/torgzip.c b/src/common/torgzip.c
index 51b29ba..f5709aa 100644
--- a/src/common/torgzip.c
+++ b/src/common/torgzip.c
@@ -356,7 +356,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
compress_method_t
detect_compression_method(const char *in, size_t in_len)
{
- if (in_len > 2 && tor_memeq(in, "\x1f\x8b", 2)) {
+ if (in_len > 2 && fast_memeq(in, "\x1f\x8b", 2)) {
return GZIP_METHOD;
} else if (in_len > 2 && (in[0] & 0x0f) == 8 &&
(ntohs(get_uint16(in)) % 31) == 0) {
diff --git a/src/common/util.c b/src/common/util.c
index cb2cfed..879a0e4 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -459,7 +459,7 @@ strcmp_len(const char *s1, const char *s2, size_t s1_len)
return -1;
if (s1_len > s2_len)
return 1;
- return tor_memcmp(s1, s2, s2_len);
+ return fast_memcmp(s1, s2, s2_len);
}
/** Compares the first strlen(s2) characters of s1 with s2. Returns as for
@@ -501,17 +501,17 @@ strcasecmpend(const char *s1, const char *s2)
/** Compare the value of the string <b>prefix</b> with the start of the
* <b>memlen</b>-byte memory chunk at <b>mem</b>. Return as for strcmp.
*
- * [As tor_memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is less
- * than strlen(prefix).]
+ * [As fast_memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is
+ * less than strlen(prefix).]
*/
int
-memcmpstart(const void *mem, size_t memlen,
+fast_memcmpstart(const void *mem, size_t memlen,
const char *prefix)
{
size_t plen = strlen(prefix);
if (memlen < plen)
return -1;
- return tor_memcmp(mem, prefix, plen);
+ return fast_memcmp(mem, prefix, plen);
}
/** Return a pointer to the first char of s that is not whitespace and
@@ -644,14 +644,16 @@ tor_mem_is_zero(const char *mem, size_t len)
0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0,
};
while (len >= sizeof(ZERO)) {
- if (tor_memcmp(mem, ZERO, sizeof(ZERO)))
+ /* It's safe to use fast_memcmp here, since the very worst thing an
+ * attacker could learn is how many initial bytes of a secret were zero */
+ if (fast_memcmp(mem, ZERO, sizeof(ZERO)))
return 0;
len -= sizeof(ZERO);
mem += sizeof(ZERO);
}
/* Deal with leftover bytes. */
if (len)
- return tor_memeq(mem, ZERO, len);
+ return fast_memeq(mem, ZERO, len);
return 1;
}
@@ -660,7 +662,10 @@ tor_mem_is_zero(const char *mem, size_t len)
int
tor_digest_is_zero(const char *digest)
{
- return tor_mem_is_zero(digest, DIGEST_LEN);
+ static const uint8_t ZERO_DIGEST[] = {
+ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0
+ };
+ return tor_memeq(digest, ZERO_DIGEST, DIGEST_LEN);
}
/* Helper: common code to check whether the result of a strtol or strtoul or
diff --git a/src/common/util.h b/src/common/util.h
index 7bc5286..1012a11 100644
--- a/src/common/util.h
+++ b/src/common/util.h
@@ -172,8 +172,8 @@ int strcasecmpstart(const char *s1, const char *s2)
int strcmpend(const char *s1, const char *s2) ATTR_PURE ATTR_NONNULL((1,2));
int strcasecmpend(const char *s1, const char *s2)
ATTR_PURE ATTR_NONNULL((1,2));
-int memcmpstart(const void *mem, size_t memlen,
- const char *prefix) ATTR_PURE;
+int fast_memcmpstart(const void *mem, size_t memlen,
+ const char *prefix) ATTR_PURE;
void tor_strstrip(char *s, const char *strip) ATTR_NONNULL((1,2));
long tor_parse_long(const char *s, int base, long min,
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 8527bea..208a9cb 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -430,7 +430,7 @@ circuit_n_conn_done(or_connection_t *or_conn, int status)
continue;
} else {
/* We expected a key. See if it's the right one. */
- if (tor_memcmp(or_conn->identity_digest,
+ if (tor_memneq(or_conn->identity_digest,
circ->n_hop->identity_digest, DIGEST_LEN))
continue;
}
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 686524d..9cf331e 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -241,7 +241,7 @@ circuit_get_all_pending_on_or_conn(smartlist_t *out, or_connection_t *or_conn)
continue;
} else {
/* We expected a key. See if it's the right one. */
- if (tor_memcmp(or_conn->identity_digest,
+ if (tor_memneq(or_conn->identity_digest,
circ->n_hop->identity_digest, DIGEST_LEN))
continue;
}
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 8568488..41c1899 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -94,7 +94,7 @@ circuit_is_acceptable(circuit_t *circ, edge_connection_t *conn,
char digest[DIGEST_LEN];
if (hexdigest_to_digest(conn->chosen_exit_name, digest) < 0)
return 0; /* broken digest, we don't want it */
- if (tor_memcmp(digest, build_state->chosen_exit->identity_digest,
+ if (tor_memneq(digest, build_state->chosen_exit->identity_digest,
DIGEST_LEN))
return 0; /* this is a circuit to somewhere else */
if (tor_digest_is_zero(digest)) {
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 31abf6a..0ec2002 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -530,7 +530,7 @@ connection_ap_fail_onehop(const char *failed_digest,
if (!edge_conn->want_onehop)
continue;
if (hexdigest_to_digest(edge_conn->chosen_exit_name, digest) < 0 ||
- tor_memcmp(digest, failed_digest, DIGEST_LEN))
+ tor_memneq(digest, failed_digest, DIGEST_LEN))
continue;
if (tor_digest_is_zero(digest)) {
/* we don't know the digest; have to compare addr:port */
@@ -2904,7 +2904,7 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit)
if (conn->chosen_exit_name) {
routerinfo_t *chosen_exit =
router_get_by_nickname(conn->chosen_exit_name, 1);
- if (!chosen_exit || tor_memcmp(chosen_exit->cache_info.identity_digest,
+ if (!chosen_exit || tor_memneq(chosen_exit->cache_info.identity_digest,
exit->cache_info.identity_digest, DIGEST_LEN)) {
/* doesn't match */
// log_debug(LD_APP,"Requested node '%s', considering node '%s'. No.",
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 759657a..d402563 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -1024,7 +1024,7 @@ connection_or_check_valid_tls_handshake(or_connection_t *conn,
int as_advertised = 1;
tor_assert(has_cert);
tor_assert(has_identity);
- if (tor_memcmp(digest_rcvd_out, conn->identity_digest, DIGEST_LEN)) {
+ if (tor_memneq(digest_rcvd_out, conn->identity_digest, DIGEST_LEN)) {
/* I was aiming for a particular digest. I didn't get it! */
char seen[HEX_DIGEST_LEN+1];
char expected[HEX_DIGEST_LEN+1];
diff --git a/src/or/control.c b/src/or/control.c
index d47f35b..f91afaf 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -346,7 +346,7 @@ write_escaped_data(const char *data, size_t len, char **out)
}
*outp++ = *data++;
}
- if (outp < *out+2 || tor_memcmp(outp-2, "\r\n", 2)) {
+ if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) {
*outp++ = '\r';
*outp++ = '\n';
}
@@ -512,7 +512,7 @@ connection_printf_to_buf(control_connection_t *conn, const char *format, ...)
return;
}
len = strlen(buf);
- if (tor_memcmp("\r\n\0", buf+len-2, 3)) {
+ if (fast_memcmp("\r\n\0", buf+len-2, 3)) {
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-1] = '\0';
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-2] = '\n';
buf[CONNECTION_PRINTF_TO_BUF_BUFFERSIZE-3] = '\r';
@@ -611,7 +611,7 @@ send_control_event_impl(uint16_t event, event_format_t which, int extended,
}
len = strlen(buf);
- if (tor_memcmp("\r\n\0", buf+len-2, 3)) {
+ if (fast_memcmp("\r\n\0", buf+len-2, 3)) {
/* if it is not properly terminated, do it now */
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-1] = '\0';
buf[SEND_CONTROL1_EVENT_BUFFERSIZE-2] = '\n';
@@ -1128,7 +1128,7 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len,
goto err;
}
bad_cookie = 1;
- } else if (tor_memcmp(authentication_cookie, password, password_len)) {
+ } else if (tor_memneq(authentication_cookie, password, password_len)) {
if (!also_password) {
log_warn(LD_CONTROL, "Got mismatched authentication cookie");
errstr = "Authentication cookie did not match expected value.";
diff --git a/src/or/directory.c b/src/or/directory.c
index bc146c7..01f3375 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -2358,7 +2358,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
SMARTLIST_FOREACH(v->voters, networkstatus_voter_info_t *, vi, {
if (vi->signature &&
- tor_memeq(vi->identity_digest, want_digest, want_len)) {
+ fast_memeq(vi->identity_digest, want_digest, want_len)) {
have++;
break;
};
@@ -3451,17 +3451,17 @@ dir_routerdesc_download_failed(smartlist_t *failed, int status_code,
* every 10 or 60 seconds (FOO_DESCRIPTOR_RETRY_INTERVAL) in main.c. */
}
-/** Helper. Compare two fp_pair_t objects, and return -1, 0, or 1 as
- * appropriate. */
+/** Helper. Compare two fp_pair_t objects, and return negative, 0, or
+ * positive as appropriate. */
static int
_compare_pairs(const void **a, const void **b)
{
const fp_pair_t *fp1 = *a, *fp2 = *b;
int r;
- if ((r = tor_memcmp(fp1->first, fp2->first, DIGEST_LEN)))
+ if ((r = fast_memcmp(fp1->first, fp2->first, DIGEST_LEN)))
return r;
else
- return tor_memcmp(fp1->second, fp2->second, DIGEST_LEN);
+ return fast_memcmp(fp1->second, fp2->second, DIGEST_LEN);
}
/** Divide a string <b>res</b> of the form FP1-FP2+FP3-FP4...[.z], where each
@@ -3577,7 +3577,7 @@ dir_split_resource_into_fingerprints(const char *resource,
char *cp = smartlist_get(fp_tmp, i);
char *last = smartlist_get(fp_tmp2, smartlist_len(fp_tmp2)-1);
- if ((decode_hex && tor_memcmp(cp, last, DIGEST_LEN))
+ if ((decode_hex && fast_memcmp(cp, last, DIGEST_LEN))
|| (!decode_hex && strcasecmp(cp, last)))
smartlist_add(fp_tmp2, cp);
else
diff --git a/src/or/dirserv.c b/src/or/dirserv.c
index efb169b..e367cb1 100644
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -1991,7 +1991,7 @@ routerstatus_format_entry(char *buf, size_t buf_len,
id, dd);
return -1;
};
- if (tor_memcmp(desc->cache_info.signed_descriptor_digest,
+ if (fast_memcmp(desc->cache_info.signed_descriptor_digest,
rs->descriptor_digest,
DIGEST_LEN)) {
char rl_d[HEX_DIGEST_LEN+1];
@@ -2007,7 +2007,7 @@ routerstatus_format_entry(char *buf, size_t buf_len,
"(router %s)\n",
rl_d, rs_d, id);
- tor_assert(tor_memeq(desc->cache_info.signed_descriptor_digest,
+ tor_assert(fast_memeq(desc->cache_info.signed_descriptor_digest,
rs->descriptor_digest,
DIGEST_LEN));
};
@@ -2083,9 +2083,9 @@ _compare_routerinfo_by_ip_and_bw(const void **a, const void **b)
/* They're equal! Compare by identity digest, so there's a
* deterministic order and we avoid flapping. */
- return tor_memcmp(first->cache_info.identity_digest,
- second->cache_info.identity_digest,
- DIGEST_LEN);
+ return fast_memcmp(first->cache_info.identity_digest,
+ second->cache_info.identity_digest,
+ DIGEST_LEN);
}
/** Given a list of routerinfo_t in <b>routers</b>, return a new digestmap_t
@@ -2844,7 +2844,7 @@ dirserv_orconn_tls_done(const char *address,
SMARTLIST_FOREACH(rl->routers, routerinfo_t *, ri, {
if (!strcasecmp(address, ri->address) && or_port == ri->or_port &&
as_advertised &&
- tor_memeq(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
+ fast_memeq(ri->cache_info.identity_digest, digest_rcvd, DIGEST_LEN)) {
/* correct digest. mark this router reachable! */
if (!bridge_auth || ri->purpose == ROUTER_PURPOSE_BRIDGE) {
log_info(LD_DIRSERV, "Found router %s to be reachable. Yay.",
diff --git a/src/or/dirvote.c b/src/or/dirvote.c
index c0cb130..9e763bd 100644
--- a/src/or/dirvote.c
+++ b/src/or/dirvote.c
@@ -231,7 +231,7 @@ static int
_compare_votes_by_authority_id(const void **_a, const void **_b)
{
const networkstatus_t *a = *_a, *b = *_b;
- return tor_memcmp(get_voter(a)->identity_digest,
+ return fast_memcmp(get_voter(a)->identity_digest,
get_voter(b)->identity_digest, DIGEST_LEN);
}
@@ -248,7 +248,7 @@ _compare_dir_src_ents_by_authority_id(const void **_a, const void **_b)
a_id = a->is_legacy ? a_v->legacy_id_digest : a_v->identity_digest;
b_id = b->is_legacy ? b_v->legacy_id_digest : b_v->identity_digest;
- return tor_memcmp(a_id, b_id, DIGEST_LEN);
+ return fast_memcmp(a_id, b_id, DIGEST_LEN);
}
/** Given a sorted list of strings <b>in</b>, add every member to <b>out</b>
@@ -311,10 +311,10 @@ static int
compare_vote_rs(const vote_routerstatus_t *a, const vote_routerstatus_t *b)
{
int r;
- if ((r = tor_memcmp(a->status.identity_digest, b->status.identity_digest,
+ if ((r = fast_memcmp(a->status.identity_digest, b->status.identity_digest,
DIGEST_LEN)))
return r;
- if ((r = tor_memcmp(a->status.descriptor_digest, b->status.descriptor_digest,
+ if ((r = fast_memcmp(a->status.descriptor_digest, b->status.descriptor_digest,
DIGEST_LEN)))
return r;
if ((r = (int)(b->status.published_on - a->status.published_on)))
@@ -768,7 +768,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
strmap_set_lc(name_to_id_map, rs->status.nickname,
rs->status.identity_digest);
} else if (d != conflict &&
- tor_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) {
+ fast_memcmp(d, rs->status.identity_digest, DIGEST_LEN)) {
/* Authorities disagree about this nickname. */
strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
} else {
@@ -792,7 +792,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
} else if (!d) {
/* We have no name officially mapped to this digest. */
strmap_set_lc(name_to_id_map, rs->status.nickname, unknown);
- } else if (tor_memeq(d, rs->status.identity_digest, DIGEST_LEN)) {
+ } else if (fast_memeq(d, rs->status.identity_digest, DIGEST_LEN)) {
/* Authorities disagree about this nickname. */
strmap_set_lc(name_to_id_map, rs->status.nickname, conflict);
} else {
@@ -823,7 +823,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
if (index[v_sl_idx] < size[v_sl_idx]) {
rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
if (!lowest_id ||
- tor_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN) < 0)
+ fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN) < 0)
lowest_id = rs->status.identity_digest;
}
});
@@ -841,7 +841,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
if (index[v_sl_idx] >= size[v_sl_idx])
continue; /* out of entries. */
rs = smartlist_get(v->routerstatus_list, index[v_sl_idx]);
- if (tor_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN))
+ if (fast_memcmp(rs->status.identity_digest, lowest_id, DIGEST_LEN))
continue; /* doesn't include this router. */
/* At this point, we know that we're looking at a routerstatus with
* identity "lowest".
@@ -881,7 +881,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
* routerinfo and its contents are. */
rs = compute_routerstatus_consensus(matching_descs);
/* Copy bits of that into rs_out. */
- tor_assert(tor_memeq(lowest_id, rs->status.identity_digest, DIGEST_LEN));
+ tor_assert(fast_memeq(lowest_id, rs->status.identity_digest, DIGEST_LEN));
memcpy(rs_out.identity_digest, lowest_id, DIGEST_LEN);
memcpy(rs_out.descriptor_digest, rs->status.descriptor_digest,
DIGEST_LEN);
@@ -905,7 +905,7 @@ networkstatus_compute_consensus(smartlist_t *votes,
const char *d = strmap_get_lc(name_to_id_map, rs_out.nickname);
if (!d) {
is_named = is_unnamed = 0;
- } else if (tor_memeq(d, lowest_id, DIGEST_LEN)) {
+ } else if (fast_memeq(d, lowest_id, DIGEST_LEN)) {
is_named = 1; is_unnamed = 0;
} else {
is_named = 0; is_unnamed = 1;
@@ -972,11 +972,11 @@ networkstatus_compute_consensus(smartlist_t *votes,
SMARTLIST_FOREACH(matching_descs, vote_routerstatus_t *, vsr, {
/* Check if the vote where this status comes from had the
* proper descriptor */
- tor_assert(tor_memeq(rs_out.identity_digest,
+ tor_assert(fast_memeq(rs_out.identity_digest,
vsr->status.identity_digest,
DIGEST_LEN));
if (vsr->status.has_exitsummary &&
- tor_memeq(rs_out.descriptor_digest,
+ fast_memeq(rs_out.descriptor_digest,
vsr->status.descriptor_digest,
DIGEST_LEN)) {
tor_assert(vsr->status.exitsummary);
@@ -1192,7 +1192,7 @@ networkstatus_add_detached_signatures(networkstatus_t *target,
return -1;
}
/* Are they the same consensus? */
- if (tor_memcmp(target->networkstatus_digest, sigs->networkstatus_digest,
+ if (fast_memcmp(target->networkstatus_digest, sigs->networkstatus_digest,
DIGEST_LEN)) {
*msg_out = "Digest mismatch when adding detached signatures to consensus";
return -1;
@@ -1799,11 +1799,11 @@ dirvote_add_vote(const char *vote_body, const char **msg_out, int *status_out)
/* Now see whether we already have a vote from this authority. */
SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, v, {
- if (tor_memeq(v->vote->cert->cache_info.identity_digest,
+ if (fast_memeq(v->vote->cert->cache_info.identity_digest,
vote->cert->cache_info.identity_digest,
DIGEST_LEN)) {
networkstatus_voter_info_t *vi_old = get_voter(v->vote);
- if (tor_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) {
+ if (fast_memeq(vi_old->vote_digest, vi->vote_digest, DIGEST_LEN)) {
/* Ah, it's the same vote. Not a problem. */
log_info(LD_DIR, "Discarding a vote we already have.");
if (*status_out < 200)
@@ -2218,23 +2218,23 @@ dirvote_get_vote(const char *fp, int flags)
if (by_id) {
if (pending_vote_list && include_pending) {
SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv,
- if (tor_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
+ if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
return pv->vote_body);
}
if (previous_vote_list && include_previous) {
SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv,
- if (tor_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
+ if (fast_memeq(get_voter(pv->vote)->identity_digest, fp, DIGEST_LEN))
return pv->vote_body);
}
} else {
if (pending_vote_list && include_pending) {
SMARTLIST_FOREACH(pending_vote_list, pending_vote_t *, pv,
- if (tor_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN))
+ if (fast_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN))
return pv->vote_body);
}
if (previous_vote_list && include_previous) {
SMARTLIST_FOREACH(previous_vote_list, pending_vote_t *, pv,
- if (tor_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN))
+ if (fast_memeq(pv->vote->networkstatus_digest, fp, DIGEST_LEN))
return pv->vote_body);
}
}
diff --git a/src/or/eventdns.c b/src/or/eventdns.c
index 42885a2..bef6062 100644
--- a/src/or/eventdns.c
+++ b/src/or/eventdns.c
@@ -463,7 +463,7 @@ sockaddr_eq(const struct sockaddr *sa1, const struct sockaddr *sa2,
const struct sockaddr_in6 *sin1, *sin2;
sin1 = (const struct sockaddr_in6 *)sa1;
sin2 = (const struct sockaddr_in6 *)sa2;
- if (tor_memcmp(sin1->sin6_addr.s6_addr, sin2->sin6_addr.s6_addr, 16))
+ if (tor_memneq(sin1->sin6_addr.s6_addr, sin2->sin6_addr.s6_addr, 16))
return 0;
else if (include_port && sin1->sin6_port != sin2->sin6_port)
return 0;
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index e91ff93..dcd8159 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -336,7 +336,7 @@ networkstatus_get_voter_by_id(networkstatus_t *vote,
if (!vote || !vote->voters)
return NULL;
SMARTLIST_FOREACH(vote->voters, networkstatus_voter_info_t *, voter,
- if (tor_memeq(voter->identity_digest, identity, DIGEST_LEN))
+ if (fast_memeq(voter->identity_digest, identity, DIGEST_LEN))
return voter);
return NULL;
}
@@ -356,7 +356,7 @@ networkstatus_check_voter_signature(networkstatus_t *consensus,
size_t signed_digest_len;
if (crypto_pk_get_digest(cert->signing_key, d)<0)
return -1;
- if (tor_memcmp(voter->signing_key_digest, d, DIGEST_LEN))
+ if (tor_memneq(voter->signing_key_digest, d, DIGEST_LEN))
return -1;
signed_digest_len = crypto_pk_keysize(cert->signing_key);
signed_digest = tor_malloc(signed_digest_len);
@@ -365,7 +365,7 @@ networkstatus_check_voter_signature(networkstatus_t *consensus,
signed_digest_len,
voter->signature,
voter->signature_len) != DIGEST_LEN ||
- tor_memcmp(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) {
+ tor_memneq(signed_digest, consensus->networkstatus_digest, DIGEST_LEN)) {
log_warn(LD_DIR, "Got a bad signature on a networkstatus vote");
voter->bad_signature = 1;
} else {
@@ -1296,7 +1296,7 @@ routerstatus_has_changed(const routerstatus_t *a, const routerstatus_t *b)
tor_assert(tor_memeq(a->identity_digest, b->identity_digest, DIGEST_LEN));
return strcmp(a->nickname, b->nickname) ||
- tor_memcmp(a->descriptor_digest, b->descriptor_digest, DIGEST_LEN) ||
+ fast_memneq(a->descriptor_digest, b->descriptor_digest, DIGEST_LEN) ||
a->addr != b->addr ||
a->or_port != b->or_port ||
a->dir_port != b->dir_port ||
diff --git a/src/or/onion.c b/src/or/onion.c
index ecd04a5..4c26deb 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -311,7 +311,7 @@ onion_skin_client_handshake(crypto_dh_env_t *handshake_state,
if (len < 0)
goto err;
- if (tor_memcmp(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) {
+ if (tor_memneq(key_material, handshake_reply+DH_KEY_LEN, DIGEST_LEN)) {
/* H(K) does *not* match. Something fishy. */
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on onion handshake. "
"Bug or attack.");
@@ -398,7 +398,7 @@ fast_client_handshake(const uint8_t *handshake_state,/*DIGEST_LEN bytes*/
if (crypto_expand_key_material(tmp, sizeof(tmp), out, out_len)) {
goto done;
}
- if (tor_memcmp(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) {
+ if (tor_memneq(out, handshake_reply_out+DIGEST_LEN, DIGEST_LEN)) {
/* H(K) does *not* match. Something fishy. */
log_warn(LD_PROTOCOL,"Digest DOES NOT MATCH on fast handshake. "
"Bug or attack.");
diff --git a/src/or/relay.c b/src/or/relay.c
index 61971a4..59e2c5c 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -89,7 +89,7 @@ relay_digest_matches(crypto_digest_env_t *digest, cell_t *cell)
crypto_digest_add_bytes(digest, (char*) cell->payload, CELL_PAYLOAD_SIZE);
crypto_digest_get_digest(digest, calculated_integrity, 4);
- if (tor_memcmp(received_integrity, calculated_integrity, 4)) {
+ if (tor_memneq(received_integrity, calculated_integrity, 4)) {
// log_fn(LOG_INFO,"Recognized=0 but bad digest. Not recognizing.");
// (%d vs %d).", received_integrity, calculated_integrity);
/* restore digest to its old form */
diff --git a/src/or/rendclient.c b/src/or/rendclient.c
index 100ea40..7bda705 100644
--- a/src/or/rendclient.c
+++ b/src/or/rendclient.c
@@ -748,7 +748,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request,
goto err;
/* Check whether the digest is right... */
- if (tor_memcmp(keys, request+DH_KEY_LEN, DIGEST_LEN)) {
+ if (tor_memneq(keys, request+DH_KEY_LEN, DIGEST_LEN)) {
log_warn(LD_PROTOCOL, "Incorrect digest of key material.");
goto err;
}
diff --git a/src/or/rendmid.c b/src/or/rendmid.c
index c8e614d..d73f0a1 100644
--- a/src/or/rendmid.c
+++ b/src/or/rendmid.c
@@ -57,7 +57,7 @@ rend_mid_establish_intro(or_circuit_t *circ, const uint8_t *request,
log_warn(LD_BUG, "Internal error computing digest.");
goto err;
}
- if (tor_memcmp(expected_digest, request+2+asn1len, DIGEST_LEN)) {
+ if (tor_memneq(expected_digest, request+2+asn1len, DIGEST_LEN)) {
log_warn(LD_PROTOCOL, "Hash of session info was not as expected.");
reason = END_CIRC_REASON_TORPROTOCOL;
goto err;
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 2c5eb97..d1cc7f4 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -962,7 +962,7 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
/* first DIGEST_LEN bytes of request is intro or service pk digest */
crypto_pk_get_digest(intro_key, intro_key_digest);
- if (tor_memcmp(intro_key_digest, request, DIGEST_LEN)) {
+ if (tor_memneq(intro_key_digest, request, DIGEST_LEN)) {
base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1,
(char*)request, REND_SERVICE_ID_LEN);
log_warn(LD_REND, "Got an INTRODUCE2 cell for the wrong service (%s).",
@@ -1306,7 +1306,7 @@ rend_service_launch_establish_intro(rend_service_t *service,
return -1;
}
- if (tor_memcmp(intro->extend_info->identity_digest,
+ if (tor_memneq(intro->extend_info->identity_digest,
launched->build_state->chosen_exit->identity_digest, DIGEST_LEN)) {
char cann[HEX_DIGEST_LEN+1], orig[HEX_DIGEST_LEN+1];
base16_encode(cann, sizeof(cann),
diff --git a/src/or/rephist.c b/src/or/rephist.c
index dee74ed..a3d8bcc 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -103,7 +103,7 @@ get_or_history(const char* id)
{
or_history_t *hist;
- if (tor_mem_is_zero(id, DIGEST_LEN))
+ if (tor_digest_is_zero(id))
return NULL;
hist = digestmap_get(history_map, id);
@@ -130,7 +130,7 @@ get_link_history(const char *from_id, const char *to_id)
orhist = get_or_history(from_id);
if (!orhist)
return NULL;
- if (tor_mem_is_zero(to_id, DIGEST_LEN))
+ if (tor_digest_is_zero(to_id))
return NULL;
lhist = (link_history_t*) digestmap_get(orhist->link_history_map, to_id);
if (!lhist) {
diff --git a/src/or/router.c b/src/or/router.c
index bfb6d5c..cc60041 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -634,7 +634,7 @@ init_keys(void)
ds->type = type;
}
if (v3_digest_set && (ds->type & V3_AUTHORITY) &&
- tor_memcmp(v3_digest, ds->v3_identity_digest, DIGEST_LEN)) {
+ tor_memneq(v3_digest, ds->v3_identity_digest, DIGEST_LEN)) {
log_warn(LD_DIR, "V3 identity key does not match identity declared in "
"DirServer line. Adjusting.");
memcpy(ds->v3_identity_digest, v3_digest, DIGEST_LEN);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index 454bb1c..9f04620 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2263,7 +2263,7 @@ signed_descriptor_get_body_impl(signed_descriptor_t *desc,
tor_assert(r);
if (!with_annotations) {
- if (tor_memcmp("router ", r, 7) && tor_memcmp("extra-info ", r, 11)) {
+ if (fast_memcmp("router ", r, 7) && fast_memcmp("extra-info ", r, 11)) {
char *cp = tor_strndup(r, 64);
log_err(LD_DIR, "descriptor at %p begins with unexpected string %s. "
"Is another process running in our data directory? Exiting.",
@@ -2765,7 +2765,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
routerlist_insert(rl, ri_new);
return;
}
- if (tor_memcmp(ri_old->cache_info.identity_digest,
+ if (tor_memneq(ri_old->cache_info.identity_digest,
ri_new->cache_info.identity_digest, DIGEST_LEN)) {
/* digests don't match; digestmap_set won't replace */
rimap_remove(rl->identity_map, ri_old->cache_info.identity_digest);
@@ -2791,7 +2791,7 @@ routerlist_replace(routerlist_t *rl, routerinfo_t *ri_old,
if (!tor_digest_is_zero(sd->extra_info_digest))
sdmap_set(rl->desc_by_eid_map, sd->extra_info_digest, sd);
} else {
- if (tor_memcmp(ri_old->cache_info.signed_descriptor_digest,
+ if (tor_memneq(ri_old->cache_info.signed_descriptor_digest,
ri_new->cache_info.signed_descriptor_digest,
DIGEST_LEN)) {
/* digests don't match; digestmap_set didn't replace */
@@ -3118,7 +3118,7 @@ _compare_old_routers_by_identity(const void **_a, const void **_b)
{
int i;
const signed_descriptor_t *r1 = *_a, *r2 = *_b;
- if ((i = tor_memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN)))
+ if ((i = fast_memcmp(r1->identity_digest, r2->identity_digest, DIGEST_LEN)))
return i;
return (int)(r1->published_on - r2->published_on);
}
@@ -3378,7 +3378,7 @@ routerlist_remove_old_routers(void)
cur_id = r->identity_digest;
hi = i;
}
- if (tor_memcmp(cur_id, r->identity_digest, DIGEST_LEN)) {
+ if (tor_memneq(cur_id, r->identity_digest, DIGEST_LEN)) {
routerlist_remove_old_cached_routers_with_id(now,
cutoff, i+1, hi, retain);
cur_id = r->identity_digest;
@@ -4192,7 +4192,7 @@ update_consensus_router_descriptor_downloads(time_t now)
routerinfo_t *ri;
++n_have;
if (!(ri = router_get_by_digest(rs->identity_digest)) ||
- tor_memcmp(ri->cache_info.signed_descriptor_digest,
+ tor_memneq(ri->cache_info.signed_descriptor_digest,
sd->signed_descriptor_digest, DIGEST_LEN)) {
/* We have a descriptor with this digest, but either there is no
* entry in routerlist with the same ID (!ri), or there is one,
@@ -4665,7 +4665,7 @@ routerinfo_incompatible_with_extrainfo(routerinfo_t *ri, extrainfo_t *ei,
/* The identity must match exactly to have been generated at the same time
* by the same router. */
- if (tor_memcmp(ri->cache_info.identity_digest, ei->cache_info.identity_digest,
+ if (tor_memneq(ri->cache_info.identity_digest, ei->cache_info.identity_digest,
DIGEST_LEN)) {
if (msg) *msg = "Extrainfo nickname or identity did not match routerinfo";
goto err; /* different servers */
@@ -4676,7 +4676,7 @@ routerinfo_incompatible_with_extrainfo(routerinfo_t *ri, extrainfo_t *ei,
if (crypto_pk_public_checksig(ri->identity_pkey,
signed_digest, sizeof(signed_digest),
ei->pending_sig, ei->pending_sig_len) != DIGEST_LEN ||
- tor_memcmp(signed_digest, ei->cache_info.signed_descriptor_digest,
+ tor_memneq(signed_digest, ei->cache_info.signed_descriptor_digest,
DIGEST_LEN)) {
ei->bad_sig = 1;
tor_free(ei->pending_sig);
@@ -4836,7 +4836,7 @@ static int
_compare_routerinfo_by_id_digest(const void **a, const void **b)
{
routerinfo_t *first = *(routerinfo_t **)a, *second = *(routerinfo_t **)b;
- return tor_memcmp(first->cache_info.identity_digest,
+ return fast_memcmp(first->cache_info.identity_digest,
second->cache_info.identity_digest,
DIGEST_LEN);
}
diff --git a/src/or/routerparse.c b/src/or/routerparse.c
index 9931d0f..7ff0e2c 100644
--- a/src/or/routerparse.c
+++ b/src/or/routerparse.c
@@ -959,7 +959,7 @@ check_signature_token(const char *digest,
}
// log_debug(LD_DIR,"Signed %s hash starts %s", doctype,
// hex_str(signed_digest,4));
- if (tor_memcmp(digest, signed_digest, DIGEST_LEN)) {
+ if (tor_memneq(digest, signed_digest, DIGEST_LEN)) {
log_warn(LD_DIR, "Error reading %s: signature does not match.", doctype);
tor_free(signed_digest);
return -1;
@@ -1347,7 +1347,7 @@ router_parse_entry_from_string(const char *s, const char *end,
escaped(tok->args[0]));
goto err;
}
- if (tor_memcmp(d,router->cache_info.identity_digest, DIGEST_LEN)!=0) {
+ if (tor_memneq(d,router->cache_info.identity_digest, DIGEST_LEN)) {
log_warn(LD_DIR, "Fingerprint '%s' does not match identity digest.",
tok->args[0]);
goto err;
@@ -1669,7 +1669,7 @@ authority_cert_parse_from_string(const char *s, const char **end_of_string)
cert->cache_info.identity_digest))
goto err;
- if (tor_memcmp(cert->cache_info.identity_digest, fp_declared, DIGEST_LEN)) {
+ if (tor_memneq(cert->cache_info.identity_digest, fp_declared, DIGEST_LEN)) {
log_warn(LD_DIR, "Digest of certificate key didn't match declared "
"fingerprint");
goto err;
@@ -2005,7 +2005,7 @@ static int
_compare_routerstatus_entries(const void **_a, const void **_b)
{
const routerstatus_t *a = *_a, *b = *_b;
- return tor_memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN);
+ return fast_memcmp(a->identity_digest, b->identity_digest, DIGEST_LEN);
}
/** Helper: used in call to _smartlist_uniq to clear out duplicate entries. */
@@ -2098,7 +2098,7 @@ networkstatus_v2_parse_from_string(const char *s)
log_warn(LD_DIR, "Couldn't compute signing key digest");
goto err;
}
- if (tor_memcmp(tmp_digest, ns->identity_digest, DIGEST_LEN)) {
+ if (tor_memneq(tmp_digest, ns->identity_digest, DIGEST_LEN)) {
log_warn(LD_DIR,
"network-status fingerprint did not match dir-signing-key");
goto err;
@@ -2394,7 +2394,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
goto err;
}
if (ns->type != NS_TYPE_CONSENSUS &&
- tor_memcmp(ns->cert->cache_info.identity_digest,
+ tor_memneq(ns->cert->cache_info.identity_digest,
voter->identity_digest, DIGEST_LEN)) {
log_warn(LD_DIR,"Mismatch between identities in certificate and vote");
goto err;
@@ -2499,7 +2499,8 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
rs1 = smartlist_get(ns->routerstatus_list, i-1);
rs2 = smartlist_get(ns->routerstatus_list, i);
}
- if (tor_memcmp(rs1->identity_digest, rs2->identity_digest, DIGEST_LEN) >= 0) {
+ if (fast_memcmp(rs1->identity_digest, rs2->identity_digest, DIGEST_LEN)
+ >= 0) {
log_warn(LD_DIR, "Vote networkstatus entries not sorted by identity "
"digest");
goto err;
@@ -2555,7 +2556,7 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
}
if (ns->type != NS_TYPE_CONSENSUS) {
- if (tor_memcmp(declared_identity, ns->cert->cache_info.identity_digest,
+ if (tor_memneq(declared_identity, ns->cert->cache_info.identity_digest,
DIGEST_LEN)) {
log_warn(LD_DIR, "Digest mismatch between declared and actual on "
"network-status vote.");
@@ -3744,7 +3745,7 @@ rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out,
crypto_pk_get_digest(result->pk, public_key_hash);
rend_get_descriptor_id_bytes(test_desc_id, public_key_hash,
secret_id_part);
- if (tor_memcmp(desc_id_out, test_desc_id, DIGEST_LEN)) {
+ if (tor_memneq(desc_id_out, test_desc_id, DIGEST_LEN)) {
log_warn(LD_REND, "Parsed descriptor ID does not match "
"computed descriptor ID.");
goto err;
@@ -3834,7 +3835,7 @@ rend_decrypt_introduction_points(char **ipos_decrypted,
tor_free(dec);
return -1;
}
- if (memcmpstart(dec, declen, "introduction-point ")) {
+ if (fast_memcmpstart(dec, declen, "introduction-point ")) {
log_warn(LD_REND, "Decrypted introduction points don't "
"look like we could parse them.");
tor_free(dec);
@@ -3903,7 +3904,7 @@ rend_parse_introduction_points(rend_service_descriptor_t *parsed,
parsed->intro_nodes = smartlist_create();
area = memarea_new();
- while (!memcmpstart(current_ipo, end_of_intro_points-current_ipo,
+ while (!fast_memcmpstart(current_ipo, end_of_intro_points-current_ipo,
"introduction-point ")) {
/* Determine end of string. */
const char *eos = tor_memstr(current_ipo, end_of_intro_points-current_ipo,
More information about the tor-commits
mailing list