From 1c8d247887cae8979f7381b5808aa2b4e50e8b07 Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Sat, 1 Jun 2013 22:30:29 -0400 Subject: [PATCH] ChangeLog update to mention the constant_runtime_cmp() change --- CREDITS | 2 +- ChangeLog | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CREDITS b/CREDITS index 00f65291..630a7aec 100644 --- a/CREDITS +++ b/CREDITS @@ -131,5 +131,5 @@ Dan Lauber Ryman - Reported a timing attack bug in the HMAC comparison operation (#85) and - suggested a fix derived from YaSSL: + suggested a fix derived from yaSSL: http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg320402.html diff --git a/ChangeLog b/ChangeLog index e3e26b67..58c51de0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,14 @@ fwknop-2.5 (//2013): compliant with PBKDF1 and is only brought forward into fwknop-2.5 for backwards compatibility. Future versions of fwknop will remove this code altogether since PBKDF1 is now implemented. + - [libfko+server] Ensure that all HMAC, digest, and other comparisons are + done via a dedicated constant_runtime_cmp() function so that a potential + attacker cannot gain any information about fail/success just by mounting + a timing attack. This function always compares two buffers from + beginning to end regardless of whether a difference is detected early on + in the comparison, and this strategy mirrors changes in SSL libraries + such as yaSSL to protect against potential timing attacks. This change + fixes #85 on github which was reported by Ryman. - [test suite] Added --enable-openssl-checks to send all SPA packets encrypted via libfko through the OpenSSL library to ensure that the libfko usage of AES is always compatible with OpenSSL. This ensures