ChangeLog update to mention the constant_runtime_cmp() change

2013-06-01 22:30:29 -04:00 · 2013-06-01 22:30:29 -04:00 · 1c8d247887
commit 1c8d247887
parent af88af3e51
2 changed files with 9 additions and 1 deletions
--- a/2
+++ b/2
@ -131,5 +131,5 @@ Dan Lauber

 Ryman
    - Reported a timing attack bug in the HMAC comparison operation (#85) and
-      suggested a fix derived from YaSSL:
+      suggested a fix derived from yaSSL:
      http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html
--- a/8
+++ b/8
@ -26,6 +26,14 @@ fwknop-2.5 (//2013):
      compliant with PBKDF1 and is only brought forward into fwknop-2.5 for
      backwards compatibility.  Future versions of fwknop will remove this
      code altogether since PBKDF1 is now implemented.
+    - [libfko+server] Ensure that all HMAC, digest, and other comparisons are
+      done via a dedicated constant_runtime_cmp() function so that a potential
+      attacker cannot gain any information about fail/success just by mounting
+      a timing attack.  This function always compares two buffers from
+      beginning to end regardless of whether a difference is detected early on
+      in the comparison, and this strategy mirrors changes in SSL libraries
+      such as yaSSL to protect against potential timing attacks.  This change
+      fixes #85 on github which was reported by Ryman.
    - [test suite] Added --enable-openssl-checks to send all SPA packets
      encrypted via libfko through the OpenSSL library to ensure that the
      libfko usage of AES is always compatible with OpenSSL.  This ensures