Mailing-List: contact commits-help@apr.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@apr.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1765375 - in /apr/apr-util/branches/1.6.x: ./ configure.in
 crypto/ crypto/apr_crypto.c include/apr_crypto.h test/testcrypto.c
Date: Mon, 17 Oct 2016 21:40:26 -0000
To: commits@apr.apache.org
From: ylavic@apache.org
Message-Id: <20161017214026.967793A0E17@svn01-us-west.apache.org>
archived-at: Mon, 17 Oct 2016 21:40:32 -0000

Author: ylavic
Date: Mon Oct 17 21:40:26 2016
New Revision: 1765375

URL: http://svn.apache.org/viewvc?rev=1765375&view=rev
Log:
Merge r1763665, r1763667, r1763669, r1763842 from trunk:

crypto: provide apr_crypto_memzero, garanteed to not be optimized out by
compilers.

Follow up to r1763665: use correct array initializer.

crypto: provide apr_crypto_equals(), a timing attacks safe buffers comparison
function.

crypto: follow up to r1763669.
Add tests for apr_crypto_memzero() and apr_crypto_equals.

Modified:
    apr/apr-util/branches/1.6.x/   (props changed)
    apr/apr-util/branches/1.6.x/configure.in
    apr/apr-util/branches/1.6.x/crypto/   (props changed)
    apr/apr-util/branches/1.6.x/crypto/apr_crypto.c
    apr/apr-util/branches/1.6.x/include/apr_crypto.h
    apr/apr-util/branches/1.6.x/test/testcrypto.c

Propchange: apr/apr-util/branches/1.6.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Oct 17 21:40:26 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751567,1751806,1751898,1752008
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751567,1751806,1751898,1752008,1763665,1763667,1763669,1763842
 /apr/apr-util/branches/1.3.x:896410,1154885
 /apr/apr-util/branches/1.4.x:1126217,1211211,1211219,1211223,1211330
 /apr/apr-util/branches/1.5.x:1757430

Modified: apr/apr-util/branches/1.6.x/configure.in
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/configure.in?rev=1765375&r1=1765374&r2=1765375&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/configure.in (original)
+++ apr/apr-util/branches/1.6.x/configure.in Mon Oct 17 21:40:26 2016
@@ -188,6 +188,59 @@ if test "$crypt_r" = "1"; then
   APU_CHECK_CRYPT_R_STYLE
 fi
 
+AC_CACHE_CHECK([whether the compiler handles weak symbols], [apu_cv_weak_symbols],
+[AC_TRY_RUN([
+__attribute__ ((weak))
+int weak_noop(void)
+{
+    return 0;
+}
+int main()
+{
+    return weak_noop();
+}], [apu_cv_weak_symbols=yes], [apu_cv_weak_symbols=no], [apu_cv_weak_symbols=no])])
+
+if test "$apu_cv_weak_symbols" = "yes"; then
+    AC_DEFINE(HAVE_WEAK_SYMBOLS, 1, [Define if compiler handles weak symbols])
+fi
+
+AC_CACHE_CHECK([for memset_s support], [apu_cv_memset_s],
+[AC_TRY_RUN([
+#ifdef HAVE_STRING_H
+#define __STDC_WANT_LIB_EXT1__ 1
+#include <string.h>
+#endif
+
+int main(int argc, const char **argv)
+{
+    char buf[1] = {1};
+    return memset_s(buf, sizeof buf, 0, sizeof buf) != 0 || *buf != '\0';
+}], [apu_cv_memset_s=yes], [apu_cv_memset_s=no], [apu_cv_memset_s=no])])
+
+if test "$apu_cv_memset_s" = "yes"; then
+   AC_DEFINE([HAVE_MEMSET_S], 1, [Define if memset_s function is supported])
+fi
+
+AC_CACHE_CHECK([for explicit_bzero support], [apu_cv_explicit_bzero],
+[AC_TRY_RUN([
+#ifdef HAVE_STRING_H
+#include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+int main(int argc, const char **argv)
+{
+    char buf[1] = {1};
+    explicit_bzero(buf, sizeof buf);
+    return *buf != '\0';
+}], [apu_cv_explicit_bzero=yes], [apu_cv_explicit_bzero=no], [apu_cv_explicit_bzero=no])])
+
+if test "$apu_cv_explicit_bzero" = "yes"; then
+   AC_DEFINE([HAVE_EXPLICIT_BZERO], 1, [Define if explicit_bzero function is supported])
+fi
+
 so_ext=$APR_SO_EXT
 lib_target=$APR_LIB_TARGET
 AC_SUBST(so_ext)

Propchange: apr/apr-util/branches/1.6.x/crypto/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Oct 17 21:40:26 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk/crypto:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1394552,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751806
+/apr/apr/trunk/crypto:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1394552,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751806,1763665,1763667,1763669,1763842
 /apr/apr-util/branches/1.3.x/crypto:896410,1154885
 /apr/apr-util/branches/1.4.x/crypto:1126217,1211211,1211219,1211223,1211330
 /apr/apr-util/trunk/crypto:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630,1626561

Modified: apr/apr-util/branches/1.6.x/crypto/apr_crypto.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/crypto/apr_crypto.c?rev=1765375&r1=1765374&r2=1765375&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/crypto/apr_crypto.c (original)
+++ apr/apr-util/branches/1.6.x/crypto/apr_crypto.c Mon Oct 17 21:40:26 2016
@@ -120,7 +120,7 @@ static apr_status_t crypto_clear(void *p
 {
     apr_crypto_clear_t *clear = (apr_crypto_clear_t *)ptr;
 
-    memset(clear->buffer, 0, clear->size);
+    apr_crypto_memzero(clear->buffer, clear->size);
     clear->buffer = NULL;
     clear->size = 0;
 
@@ -141,6 +141,53 @@ APU_DECLARE(apr_status_t) apr_crypto_cle
     return APR_SUCCESS;
 }
 
+#if defined(HAVE_WEAK_SYMBOLS)
+void apr__memzero_explicit(void *buffer, apr_size_t size);
+
+__attribute__ ((weak))
+void apr__memzero_explicit(void *buffer, apr_size_t size)
+{
+    memset(buffer, 0, size);
+}
+#endif
+
+APR_DECLARE(apr_status_t) apr_crypto_memzero(void *buffer, apr_size_t size)
+{
+#if defined(WIN32)
+    SecureZeroMemory(buffer, size);
+#elif defined(HAVE_MEMSET_S)
+    if (size) {
+        return memset_s(buffer, (rsize_t)size, 0, (rsize_t)size);
+    }
+#elif defined(HAVE_EXPLICIT_BZERO)
+    explicit_bzero(buffer, size);
+#elif defined(HAVE_WEAK_SYMBOLS)
+    apr__memzero_explicit(buffer, size);
+#else
+    apr_size_t i;
+    volatile unsigned char *volatile ptr = buffer;
+    for (i = 0; i < size; ++i) {
+        ptr[i] = 0;
+    }
+#endif
+    return APR_SUCCESS;
+}
+
+APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2,
+                                   apr_size_t size)
+{
+    const unsigned char *p1 = buf1;
+    const unsigned char *p2 = buf2;
+    unsigned char diff = 0;
+    apr_size_t i;
+
+    for (i = 0; i < size; ++i) {
+        diff |= p1[i] ^ p2[i];
+    }
+
+    return 1 & ((diff - 1) >> 8);
+}
+
 APU_DECLARE(apr_status_t) apr_crypto_get_driver(
         const apr_crypto_driver_t **driver, const char *name,
         const char *params, const apu_err_t **result, apr_pool_t *pool)

Modified: apr/apr-util/branches/1.6.x/include/apr_crypto.h
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/include/apr_crypto.h?rev=1765375&r1=1765374&r2=1765375&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/include/apr_crypto.h (original)
+++ apr/apr-util/branches/1.6.x/include/apr_crypto.h Mon Oct 17 21:40:26 2016
@@ -178,8 +178,7 @@ typedef struct apr_crypto_key_rec_t {
 APU_DECLARE(apr_status_t) apr_crypto_init(apr_pool_t *pool);
 
 /**
- * @brief Register a cleanup to zero out the buffer provided
- * when the pool is cleaned up.
+ * @brief Zero out the buffer provided when the pool is cleaned up.
  *
  * @param pool - pool to register the cleanup
  * @param buffer - buffer to zero out
@@ -189,6 +188,27 @@ APU_DECLARE(apr_status_t) apr_crypto_cle
         apr_size_t size);
 
 /**
+ * @brief Always zero out the buffer provided, without being optimized out by
+ * the compiler.
+ *
+ * @param buffer - buffer to zero out
+ * @param size - size of the buffer to zero out
+ */
+APR_DECLARE(apr_status_t) apr_crypto_memzero(void *buffer, apr_size_t size);
+
+/**
+ * @brief Timing attacks safe buffers comparison, where the executing time does
+ * not depend on the bytes compared but solely on the number of bytes.
+ *
+ * @param buf1 - first buffer to compare
+ * @param buf2 - second buffer to compare
+ * @param size - size of the buffers to compare
+ * @return 1 if the buffers are equals, 0 otherwise.
+ */
+APR_DECLARE(int) apr_crypto_equals(const void *buf1, const void *buf2,
+                                   apr_size_t size);
+
+/**
  * @brief Get the driver struct for a name
  *
  * @param driver - pointer to driver struct.

Modified: apr/apr-util/branches/1.6.x/test/testcrypto.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.6.x/test/testcrypto.c?rev=1765375&r1=1765374&r2=1765375&view=diff
==============================================================================
--- apr/apr-util/branches/1.6.x/test/testcrypto.c (original)
+++ apr/apr-util/branches/1.6.x/test/testcrypto.c Mon Oct 17 21:40:26 2016
@@ -1375,6 +1375,81 @@ static void test_crypto_get_block_key_mo
 
 }
 
+static void test_crypto_memzero(abts_case *tc, void *data)
+{
+    /* Aligned message */
+    struct {
+        char buf[7 * sizeof(int)];
+        int untouched;
+    } msg;
+    /* A bit of type punning such that 'msg' might look unused
+     * after the call to apr_crypto_memzero().
+     */
+    int *ptr = (int *)&msg;
+    int i;
+
+    /* Fill buf with non-zeros (odds) */
+    for (i = 1; i < 2 * sizeof(msg.buf); i += 2) {
+        msg.buf[i / 2] = (char)i;
+        ABTS_ASSERT(tc, "test_crypto_memzero() barrier", msg.buf[i / 2] != 0);
+    }
+
+    /* Zero out the whole, and check it */
+    apr_crypto_memzero(&msg, sizeof msg);
+    for (i = 0; i < sizeof(msg) / sizeof(*ptr); ++i) {
+        ABTS_ASSERT(tc, "test_crypto_memzero() optimized out", ptr[i] == 0);
+    }
+}
+
+static void test_crypto_equals(abts_case *tc, void *data)
+{
+    /* Buffers of each type of scalar */
+    union {
+        char c;
+        short s;
+        int i;
+        long l;
+        float f;
+        double d;
+        void *p;
+    } buf0[7], buf1[7], buf[7];
+    char *ptr = (char *)buf;
+    int i;
+
+#define TEST_SCALAR_MATCH(i, x, r) \
+    ABTS_ASSERT(tc, "test_crypto_equals(" APR_STRINGIFY(x) ")" \
+                                   " != " APR_STRINGIFY(r), \
+                apr_crypto_equals(&buf##r[i].x, &buf[i].x, \
+                                  sizeof(buf[i].x)) == r)
+
+    /* Fill buf with non-zeros (odds) */
+    for (i = 1; i < 2 * sizeof(buf); i += 2) {
+        ptr[i / 2] = (char)i;
+    }
+    /* Set buf1 = buf */
+    memcpy(buf1, buf, sizeof buf);
+    /* Set buf0 = {0} */
+    memset(buf0, 0, sizeof buf0);
+
+    /* Check that buf1 == buf for each scalar */
+    TEST_SCALAR_MATCH(0, c, 1);
+    TEST_SCALAR_MATCH(1, s, 1);
+    TEST_SCALAR_MATCH(2, i, 1);
+    TEST_SCALAR_MATCH(3, l, 1);
+    TEST_SCALAR_MATCH(4, f, 1);
+    TEST_SCALAR_MATCH(5, d, 1);
+    TEST_SCALAR_MATCH(6, p, 1);
+
+    /* Check that buf0 != buf for each scalar */
+    TEST_SCALAR_MATCH(0, c, 0);
+    TEST_SCALAR_MATCH(1, s, 0);
+    TEST_SCALAR_MATCH(2, i, 0);
+    TEST_SCALAR_MATCH(3, l, 0);
+    TEST_SCALAR_MATCH(4, f, 0);
+    TEST_SCALAR_MATCH(5, d, 0);
+    TEST_SCALAR_MATCH(6, p, 0);
+}
+
 abts_suite *testcrypto(abts_suite *suite)
 {
     suite = ADD_SUITE(suite);
@@ -1451,6 +1526,9 @@ abts_suite *testcrypto(abts_suite *suite
     /* test block key modes commoncrypto */
     abts_run_test(suite, test_crypto_get_block_key_modes_commoncrypto, NULL);
 
+    abts_run_test(suite, test_crypto_memzero, NULL);
+    abts_run_test(suite, test_crypto_equals, NULL);
+
     return suite;
 }