auth: Use constant-time memcmp when comparing sensitive buffers

This helps to avoid timing attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 30 insertions, 0 deletions

diff --git a/lib/util/data_blob.c b/lib/util/data_blob.c
index da1730dccf5..1b05809119d 100644
--- a/lib/util/data_blob.c
+++ b/lib/util/data_blob.c
@@ -21,6 +21,7 @@
 #include "replace.h"
 #include "attr.h"
 #include "data_blob.h"
+#include "lib/util/samba_util.h"
 
 const DATA_BLOB data_blob_null = { NULL, 0 };
 
@@ -130,6 +131,29 @@ _PUBLIC_ int data_blob_cmp(const DATA_BLOB *d1, const DATA_BLOB *d2)
 }
 
 /**
+check if two data blobs are equal, where the time taken should not depend on the
+contents of either blob.
+**/
+_PUBLIC_ int data_blob_cmp_const_time(const DATA_BLOB *d1, const DATA_BLOB *d2)
+{
+	int ret;
+	if (d1->data == NULL && d2->data != NULL) {
+		return -1;
+	}
+	if (d1->data != NULL && d2->data == NULL) {
+		return 1;
+	}
+	if (d1->data == d2->data) {
+		return d1->length - d2->length;
+	}
+	ret = memcmp_const_time(d1->data, d2->data, MIN(d1->length, d2->length));
+	if (ret == 0) {
+		return d1->length - d2->length;
+	}
+	return ret;
+}
+
+/**
 print the data_blob as hex string
 **/
 _PUBLIC_ char *data_blob_hex_string_lower(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob)
diff --git a/lib/util/data_blob.h b/lib/util/data_blob.h
index 7a0dc3b0014..0f3eae16592 100644
--- a/lib/util/data_blob.h
+++ b/lib/util/data_blob.h
@@ -87,6 +87,12 @@ check if two data blobs are equal
 _PUBLIC_ int data_blob_cmp(const DATA_BLOB *d1, const DATA_BLOB *d2);
 
 /**
+check if two data blobs are equal, where the time taken should not depend on the
+contents of either blob.
+**/
+_PUBLIC_ int data_blob_cmp_const_time(const DATA_BLOB *d1, const DATA_BLOB *d2);
+
+/**
 print the data_blob as hex string
 **/
 _PUBLIC_ char *data_blob_hex_string_upper(TALLOC_CTX *mem_ctx, const DATA_BLOB *blob);