aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorRobert Ransom <rransom.8774@gmail.com>2012-09-15 02:47:14 -0700
committerNick Mathewson <nickm@torproject.org>2012-09-17 11:02:52 -0400
commitf3916a685594a6e0e4f4a215a57f5aea34c8570c (patch)
treef37a9595e6809e4c736de973bb6535258e55a56b /src/common
parent32d9cea2892f79d8f16adcc5ae417980af33f082 (diff)
downloadtor-f3916a685594a6e0e4f4a215a57f5aea34c8570c.tar.gz
tor-f3916a685594a6e0e4f4a215a57f5aea34c8570c.zip
Make crypto_pk_cmp_keys do something sane for NULL keys
Fixes bug 4283; bugfix on r76 (Git commit 01aadefbfc7dbd99ddaff922b897996b768cf2f9).
Diffstat (limited to 'src/common')
-rw-r--r--src/common/crypto.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 7768cc37b1..5b5fb755b2 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -748,19 +748,23 @@ crypto_pk_public_exponent_ok(crypto_pk_t *env)
return BN_is_word(env->key->e, 65537);
}
-/** Compare the public-key components of a and b. Return -1 if a\<b, 0
- * if a==b, and 1 if a\>b.
+/** Compare the public-key components of a and b. Return -1 if a\<b,
+ * 0 if a==b, and 1 if a\>b. A NULL key is considered to be less than
+ * all non-NULL keys, and equal to itself.
+ *
+ * Note that this may leak information about the keys through timing.
*/
int
crypto_pk_cmp_keys(crypto_pk_t *a, crypto_pk_t *b)
{
int result;
+ char a_is_non_null = (a != NULL) && (a->key != NULL);
+ char b_is_non_null = (b != NULL) && (b->key != NULL);
+ char an_argument_is_null = !a_is_non_null | !b_is_non_null;
- if (!a || !b)
- return -1;
-
- if (!a->key || !b->key)
- return -1;
+ result = tor_memcmp(&a_is_non_null, &b_is_non_null, sizeof(a_is_non_null));
+ if (an_argument_is_null)
+ return result;
tor_assert(PUBLIC_KEY_OK(a));
tor_assert(PUBLIC_KEY_OK(b));