[v9_8] added isc_safe_memcmp()

3611.	[bug]		Improved resistance to a theoretical authentication
			attack based on differential timing.  [RT #33939]
(cherry picked from commit 5b7abbef51)
(cherry picked from commit a66c88dd26)

CHANGES

@@ -1,3 +1,6 @@
+3611.	[bug]		Improved resistance to a theoretical authentication
+			attack based on differential timing.  [RT #33939]
+
 3610.	[cleanup]	win32: Some executables had been omitted from the
 			installer. [RT #34116]
 

configure

@@ -1339,6 +1339,7 @@ PERL
 ETAGS
 LN
 ARFLAGS
+CCNOOPT
 CCOPT
 STD_CWARNINGS
 STD_CDEFINES
@@ -11827,6 +11828,7 @@ fi
 
 
 
+
 # Warn if the user specified libbind, which is now deprecated
 # Check whether --enable-libbind was given.
 if test "${enable_libbind+set}" = set; then :
@@ -12749,6 +12751,13 @@ case "$host" in
 	  ;;
 esac
 
+#
+# CCNOOPT defaults to -O0 on gcc and disables optimization when is last
+#
+if test "X$CCNOOPT" = "X" -a "X$GCC" = "Xyes"; then
+	CCNOOPT="-O0"
+fi
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
 $as_echo_n "checking for ANSI C header files... " >&6; }
 if ${ac_cv_header_stdc+:} false; then :
@@ -15184,11 +15193,13 @@ then
 		*-freebsd*)
 			CC="$CC -pthread"
 			CCOPT="$CCOPT -pthread"
+			CCNOOPT="$CCNOOPT -pthread"
 			STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
 			;;
 		*-openbsd*)
 			CC="$CC -pthread"
 			CCOPT="$CCOPT -pthread"
+			CCNOOPT="$CCNOOPT -pthread"
 			;;
 		*-solaris*)
 			LIBS="$LIBS -lthread"
@@ -15202,10 +15213,12 @@ then
 		*-dec-osf*)
 			CC="$CC -pthread"
 			CCOPT="$CCOPT -pthread"
+			CCNOOPT="$CCNOOPT -pthread"
 			;;
 		*-solaris*)
 			CC="$CC -mt"
 			CCOPT="$CCOPT -mt"
+			CCNOOPT="$CCNOOPT -mt"
 			;;
 		*-ibm-aix*)
 			STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
@@ -15213,10 +15226,12 @@ then
 		*-sco-sysv*uw*|*-*-sysv*UnixWare*)
 			CC="$CC -Kthread"
 			CCOPT="$CCOPT -Kthread"
+			CCNOOPT="$CCNOOPT -Kthread"
 			;;
 		*-*-sysv*OpenUNIX*)
 			CC="$CC -Kpthread"
 			CCOPT="$CCOPT -Kpthread"
+			CCNOOPT="$CCNOOPT -Kpthread"
 			;;
 		esac
 	fi
@@ -15704,6 +15719,7 @@ else
 	*-dec-osf*)
 		CC="$CC -std"
 		CCOPT="$CCOPT -std"
+		CCNOOPT="$CCNOOPT -std"
 		MKDEPCC="$CC"
 		;;
 	*-hp-hpux*)
@@ -15722,6 +15738,7 @@ else
 			;;
 		esac
 		CCOPT="$CCOPT -Ae -z"
+		CCNOOPT="$CCNOOPT -Ae -z"
 		LDFLAGS="-Wl,+vnocompatwarnings $LDFLAGS"
 		MKDEPPROG='cc -Ae -E -Wp,-M >/dev/null 2>>$TMP'
 		;;

configure.in

@@ -50,6 +50,7 @@ AC_SUBST(STD_CINCLUDES)
 AC_SUBST(STD_CDEFINES)
 AC_SUBST(STD_CWARNINGS)
 AC_SUBST(CCOPT)
+AC_SUBST(CCNOOPT)
 
 # Warn if the user specified libbind, which is now deprecated
 AC_ARG_ENABLE(libbind, [  --enable-libbind	  deprecated])
@@ -296,6 +297,13 @@ case "$host" in
 	  ;;
 esac
 
+#
+# CCNOOPT defaults to -O0 on gcc and disables optimization when is last
+#
+if test "X$CCNOOPT" = "X" -a "X$GCC" = "Xyes"; then
+	CCNOOPT="-O0"
+fi
+
 AC_HEADER_STDC
 
 AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
@@ -1149,11 +1157,13 @@ then
 		*-freebsd*)
 			CC="$CC -pthread"
 			CCOPT="$CCOPT -pthread"
+			CCNOOPT="$CCNOOPT -pthread"
 			STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
 			;;
 		*-openbsd*)
 			CC="$CC -pthread"
 			CCOPT="$CCOPT -pthread"
+			CCNOOPT="$CCNOOPT -pthread"
 			;;
 		*-solaris*)
 			LIBS="$LIBS -lthread"
@@ -1167,10 +1177,12 @@ then
 		*-dec-osf*)
 			CC="$CC -pthread"
 			CCOPT="$CCOPT -pthread"
+			CCNOOPT="$CCNOOPT -pthread"
 			;;
 		*-solaris*)
 			CC="$CC -mt"
 			CCOPT="$CCOPT -mt"
+			CCNOOPT="$CCNOOPT -mt"
 			;;
 		*-ibm-aix*)
 			STD_CDEFINES="$STD_CDEFINES -D_THREAD_SAFE"
@@ -1178,10 +1190,12 @@ then
 		*-sco-sysv*uw*|*-*-sysv*UnixWare*)
 			CC="$CC -Kthread"
 			CCOPT="$CCOPT -Kthread"
+			CCNOOPT="$CCNOOPT -Kthread"
 			;;
 		*-*-sysv*OpenUNIX*)
 			CC="$CC -Kpthread"
 			CCOPT="$CCOPT -Kpthread"
+			CCNOOPT="$CCNOOPT -Kpthread"
 			;;
 		esac
 	fi
@@ -1391,6 +1405,7 @@ else
 	*-dec-osf*)
 		CC="$CC -std"
 		CCOPT="$CCOPT -std"
+		CCNOOPT="$CCNOOPT -std"
 		MKDEPCC="$CC"
 		;;
 	*-hp-hpux*)
@@ -1409,6 +1424,7 @@ else
 			;;
 		esac
 		CCOPT="$CCOPT -Ae -z"
+		CCNOOPT="$CCNOOPT -Ae -z"
 		LDFLAGS="-Wl,+vnocompatwarnings $LDFLAGS"
 		MKDEPPROG='cc -Ae -E -Wp,-M >/dev/null 2>>$TMP'
 		;;

lib/dns/hmac_link.c

@@ -42,6 +42,7 @@
 #include <isc/md5.h>
 #include <isc/sha1.h>
 #include <isc/mem.h>
+#include <isc/safe.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
@@ -138,7 +139,7 @@ hmacmd5_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);
@@ -414,7 +415,7 @@ hmacsha1_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH) == 0)
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA1_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);
@@ -690,7 +691,7 @@ hmacsha224_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH) == 0)
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA224_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);
@@ -968,7 +969,7 @@ hmacsha256_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH) == 0)
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA256_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);
@@ -1246,7 +1247,7 @@ hmacsha384_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH) == 0)
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA384_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);
@@ -1524,7 +1525,7 @@ hmacsha512_compare(const dst_key_t *key1, const dst_key_t *key2) {
 	else if (hkey1 == NULL || hkey2 == NULL)
 		return (ISC_FALSE);
 
-	if (memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH) == 0)
+	if (isc_safe_memcmp(hkey1->key, hkey2->key, ISC_SHA512_BLOCK_LENGTH))
 		return (ISC_TRUE);
 	else
 		return (ISC_FALSE);

lib/export/isc/Makefile.in

@@ -70,8 +70,8 @@ OBJS =		@ISC_EXTRA_OBJS@ \
 		md5.@O@ mutexblock.@O@ netaddr.@O@ netscope.@O@ \
 		ondestroy.@O@ parseint.@O@ portset.@O@ radix.@O@ \
 		random.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
-		rwlock.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ \
-		stats.@O@ string.@O@ \
+		rwlock.@O@ safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ \
+		sockaddr.@O@ stats.@O@ string.@O@ \
 		symtab.@O@ \
 		version.@O@ \
 		${APIOBJS} ${ISCDRIVEROBJS} \
@@ -94,7 +94,8 @@ SRCS =		@ISC_EXTRA_SRCS@ \
 		ondestroy.c \
 		parseint.c portset.c radix.c \
 		random.c refcount.c region.c regex.c result.c rwlock.c \
-		serial.c sha1.c sha2.c sockaddr.c stats.c string.c symtab.c \
+		safe.c serial.c sha1.c sha2.c sockaddr.c \
+		stats.c string.c symtab.c \
 		version.c \
 		${APISRCS} ${ISCDRIVERSRCS}
 

lib/isc/Makefile.in

@@ -62,7 +62,7 @@ OBJS =		@ISC_EXTRA_OBJS@ \
 		parseint.@O@ portset.@O@ quota.@O@ radix.@O@ random.@O@ \
 		ratelimiter.@O@ refcount.@O@ region.@O@ regex.@O@ result.@O@ \
 		rwlock.@O@ \
-		serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
+		safe.@O@ serial.@O@ sha1.@O@ sha2.@O@ sockaddr.@O@ stats.@O@ \
 		string.@O@ strtoul.@O@ symtab.@O@ task.@O@ taskpool.@O@ \
 		timer.@O@ version.@O@ ${UNIXOBJS} ${NLSOBJS} ${THREADOBJS}
 SYMTBLOBJS =	backtrace-emptytbl.@O@
@@ -78,8 +78,9 @@ SRCS =		@ISC_EXTRA_SRCS@ \
 		netaddr.c netscope.c ondestroy.c \
 		parseint.c portset.c quota.c radix.c random.c \
 		ratelimiter.c refcount.c region.c regex.c result.c rwlock.c \
-		serial.c sha1.c sha2.c sockaddr.c stats.c string.c strtoul.c \
-		symtab.c symtbl-empty.c task.c taskpool.c timer.c version.c
+		safe.c serial.c sha1.c sha2.c sockaddr.c stats.c string.c \
+		strtoul.c symtab.c symtbl-empty.c task.c taskpool.c timer.c \
+		version.c
 
 LIBS =		@LIBS@
 
@@ -93,6 +94,10 @@ TESTDIRS =	@UNITTESTS@
 
 @BIND9_MAKE_RULES@
 
+safe.@O@: safe.c
+	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} @CCNOOPT@ \
+		-c ${srcdir}/safe.c
+
 version.@O@: version.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
 		-DVERSION=\"${VERSION}\" \

lib/isc/hmacmd5.c

@@ -28,6 +28,7 @@
 #include <isc/hmacmd5.h>
 #include <isc/md5.h>
 #include <isc/platform.h>
+#include <isc/safe.h>
 #include <isc/string.h>
 #include <isc/types.h>
 #include <isc/util.h>
@@ -145,5 +146,5 @@ isc_hmacmd5_verify2(isc_hmacmd5_t *ctx, unsigned char *digest, size_t len) {
 
 	REQUIRE(len <= ISC_MD5_DIGESTLENGTH);
 	isc_hmacmd5_sign(ctx, newdigest);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+	return (isc_safe_memcmp(digest, newdigest, len));
 }

lib/isc/hmacsha.c

@@ -27,6 +27,7 @@
 #include <isc/assertions.h>
 #include <isc/hmacsha.h>
 #include <isc/platform.h>
+#include <isc/safe.h>
 #include <isc/sha1.h>
 #include <isc/sha2.h>
 #include <isc/string.h>
@@ -538,7 +539,7 @@ isc_hmacsha1_verify(isc_hmacsha1_t *ctx, unsigned char *digest, size_t len) {
 
 	REQUIRE(len <= ISC_SHA1_DIGESTLENGTH);
 	isc_hmacsha1_sign(ctx, newdigest, ISC_SHA1_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+	return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -551,7 +552,7 @@ isc_hmacsha224_verify(isc_hmacsha224_t *ctx, unsigned char *digest, size_t len)
 
 	REQUIRE(len <= ISC_SHA224_DIGESTLENGTH);
 	isc_hmacsha224_sign(ctx, newdigest, ISC_SHA224_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+	return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -564,7 +565,7 @@ isc_hmacsha256_verify(isc_hmacsha256_t *ctx, unsigned char *digest, size_t len)
 
 	REQUIRE(len <= ISC_SHA256_DIGESTLENGTH);
 	isc_hmacsha256_sign(ctx, newdigest, ISC_SHA256_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+	return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -577,7 +578,7 @@ isc_hmacsha384_verify(isc_hmacsha384_t *ctx, unsigned char *digest, size_t len)
 
 	REQUIRE(len <= ISC_SHA384_DIGESTLENGTH);
 	isc_hmacsha384_sign(ctx, newdigest, ISC_SHA384_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+	return (isc_safe_memcmp(digest, newdigest, len));
 }
 
 /*
@@ -590,5 +591,5 @@ isc_hmacsha512_verify(isc_hmacsha512_t *ctx, unsigned char *digest, size_t len)
 
 	REQUIRE(len <= ISC_SHA512_DIGESTLENGTH);
 	isc_hmacsha512_sign(ctx, newdigest, ISC_SHA512_DIGESTLENGTH);
-	return (ISC_TF(memcmp(digest, newdigest, len) == 0));
+	return (isc_safe_memcmp(digest, newdigest, len));
 }

lib/isc/include/isc/Makefile.in

@@ -37,7 +37,7 @@ HEADERS =	app.h assertions.h base64.h bind9.h bitstring.h boolean.h \
 		namespace.h netaddr.h ondestroy.h os.h parseint.h \
 		print.h quota.h radix.h random.h ratelimiter.h \
 		refcount.h regex.h region.h resource.h \
-		result.h resultclass.h rwlock.h serial.h sha1.h sha2.h \
+		result.h resultclass.h rwlock.h safe.h serial.h sha1.h sha2.h \
 		sockaddr.h socket.h stdio.h stdlib.h string.h \
 		symtab.h \
 	        task.h taskpool.h timer.h types.h util.h version.h \

lib/isc/include/isc/safe.h

@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef ISC_SAFE_H
+#define ISC_SAFE_H 1
+
+/*! \file isc/safe.h */
+
+#include <isc/types.h>
+
+ISC_LANG_BEGINDECLS
+
+isc_boolean_t
+isc_safe_memcmp(const void *s1, const void *s2, size_t n);
+/*%<
+ * Clone of libc memcmp() safe to differential timing attacks.
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* ISC_SAFE_H */

lib/isc/safe.c

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/*! \file */
+
+#include <config.h>
+
+#include <isc/safe.h>
+#include <isc/util.h>
+
+#ifdef _MSC_VER
+#pragma optimize("", off)
+#endif
+
+isc_boolean_t
+isc_safe_memcmp(const void *s1, const void *s2, size_t n) {
+	isc_uint8_t acc = 0;
+
+	if (n != 0) {
+		const isc_uint8_t *p1 = s1, *p2 = s2;
+
+		do {
+			acc |= *p1++ ^ *p2++;
+		} while (--n != 0);
+	}
+	return (ISC_TF(acc == 0));
+}

lib/isc/tests/Makefile.in

@@ -37,11 +37,12 @@ LIBS =		@LIBS@ @ATFLIBS@
 OBJS =		isctest.@O@
 
 SRCS =		isctest.c taskpool_test.c hash_test.c sockaddr_test.c \
-		symtab_test.c parse_test.c regex_test.c
+		safe_test.c symtab_test.c parse_test.c regex_test.c
 
 SUBDIRS =
 TARGETS =	taskpool_test@EXEEXT@ hash_test@EXEEXT@ sockaddr_test@EXEEXT@ \
-		symtab_test@EXEEXT@ parse_test@EXEEXT@ regex_test@EXEEXT@
+		safe_test@EXEEXT@ symtab_test@EXEEXT@ parse_test@EXEEXT@ \
+		regex_test@EXEEXT@
 
 @BIND9_MAKE_RULES@
 
@@ -69,6 +70,10 @@ regex_test@EXEEXT@: regex_test.@O@ ${ISCDEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 			regex_test.@O@ ${ISCLIBS} ${LIBS}
 
+safe_test@EXEEXT@: safe_test.@O@ ${ISCDEPLIBS}
+	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
+			safe_test.@O@ ${ISCLIBS} ${LIBS}
+
 unit::
 	sh ${top_srcdir}/unit/unittest.sh
 

lib/isc/tests/safe_test.c

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2013  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* ! \file */
+
+#include <config.h>
+
+#include <atf-c.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <isc/safe.h>
+#include <isc/util.h>
+
+ATF_TC(isc_safe_memcmp);
+ATF_TC_HEAD(isc_safe_memcmp, tc) {
+	atf_tc_set_md_var(tc, "descr", "safe memcmp()");
+}
+ATF_TC_BODY(isc_safe_memcmp, tc) {
+	UNUSED(tc);
+
+	ATF_CHECK(isc_safe_memcmp("test", "test", 4));
+	ATF_CHECK(!isc_safe_memcmp("test", "tesc", 4));
+	ATF_CHECK(isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x00", 4));
+	ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x00", "\x00\x00\x00\x01", 4));
+	ATF_CHECK(!isc_safe_memcmp("\x00\x00\x00\x02", "\x00\x00\x00\x00", 4));
+}
+
+/*
+ * Main
+ */
+ATF_TP_ADD_TCS(tp) {
+	ATF_TP_ADD_TC(tp, isc_safe_memcmp);
+	return (atf_no_error());
+}
+

lib/isc/win32/libisc.def

@@ -456,6 +456,7 @@ isc_rwlock_lock
 isc_rwlock_trylock
 isc_rwlock_tryupgrade
 isc_rwlock_unlock
+isc_safe_memcmp
 isc_serial_eq
 isc_serial_ge
 isc_serial_gt

lib/isc/win32/libisc.dsp

@@ -487,6 +487,10 @@ SOURCE=..\include\isc\rwlock.h
 # End Source File
 # Begin Source File
 
+SOURCE=..\include\isc\safe.h
+# End Source File
+# Begin Source File
+
 SOURCE=..\include\isc\serial.h
 # End Source File
 # Begin Source File
@@ -755,6 +759,10 @@ SOURCE=..\rwlock.c
 # End Source File
 # Begin Source File
 
+SOURCE=..\safe.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\serial.c
 # End Source File
 # Begin Source File

lib/isc/win32/libisc.mak

@@ -173,6 +173,7 @@ CLEAN :
 	-@erase "$(INTDIR)\resource.obj"
 	-@erase "$(INTDIR)\result.obj"
 	-@erase "$(INTDIR)\rwlock.obj"
+	-@erase "$(INTDIR)\safe.obj"
 	-@erase "$(INTDIR)\serial.obj"
 	-@erase "$(INTDIR)\sha1.obj"
 	-@erase "$(INTDIR)\sha2.obj"
@@ -276,6 +277,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\refcount.obj" \
 	"$(INTDIR)\result.obj" \
 	"$(INTDIR)\rwlock.obj" \
+	"$(INTDIR)\safe.obj" \
 	"$(INTDIR)\serial.obj" \
 	"$(INTDIR)\sha1.obj" \
 	"$(INTDIR)\sha2.obj" \
@@ -427,6 +429,8 @@ CLEAN :
 	-@erase "$(INTDIR)\result.sbr"
 	-@erase "$(INTDIR)\rwlock.obj"
 	-@erase "$(INTDIR)\rwlock.sbr"
+	-@erase "$(INTDIR)\safe.obj"
+	-@erase "$(INTDIR)\safe.sbr"
 	-@erase "$(INTDIR)\serial.obj"
 	-@erase "$(INTDIR)\serial.sbr"
 	-@erase "$(INTDIR)\sha1.obj"
@@ -548,6 +552,7 @@ BSC32_SBRS= \
 	"$(INTDIR)\refcount.sbr" \
 	"$(INTDIR)\result.sbr" \
 	"$(INTDIR)\rwlock.sbr" \
+	"$(INTDIR)\safe.sbr" \
 	"$(INTDIR)\serial.sbr" \
 	"$(INTDIR)\sha1.sbr" \
 	"$(INTDIR)\sha2.sbr" \
@@ -637,6 +642,7 @@ LINK32_OBJS= \
 	"$(INTDIR)\refcount.obj" \
 	"$(INTDIR)\result.obj" \
 	"$(INTDIR)\rwlock.obj" \
+	"$(INTDIR)\safe.obj" \
 	"$(INTDIR)\serial.obj" \
 	"$(INTDIR)\sha1.obj" \
 	"$(INTDIR)\sha2.obj" \
@@ -1875,6 +1881,24 @@ SOURCE=..\rwlock.c
 	$(CPP) $(CPP_PROJ) $(SOURCE)
 
 
+!ENDIF 
+
+SOURCE=..\safe.c
+
+!IF  "$(CFG)" == "libisc - Win32 Release"
+
+
+"$(INTDIR)\safe.obj" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
+!ELSEIF  "$(CFG)" == "libisc - Win32 Debug"
+
+
+"$(INTDIR)\safe.obj"	"$(INTDIR)\safe.sbr" : $(SOURCE) "$(INTDIR)"
+	$(CPP) $(CPP_PROJ) $(SOURCE)
+
+
 !ENDIF 
 
 SOURCE=..\serial.c

lib/isccc/cc.c

@@ -42,6 +42,7 @@
 #include <isc/assertions.h>
 #include <isc/hmacmd5.h>
 #include <isc/print.h>
+#include <isc/safe.h>
 #include <isc/stdlib.h>
 
 #include <isccc/alist.h>
@@ -311,7 +312,8 @@ verify(isccc_sexpr_t *alist, unsigned char *data, unsigned int length,
 	/*
 	 * Verify.
 	 */
-	if (strcmp((char *)digestb64, isccc_sexpr_tostring(hmd5)) != 0)
+	if (!isc_safe_memcmp((unsigned char *) isccc_sexpr_tostring(hmd5),
+			     digestb64, HMD5_LENGTH))
 		return (ISCCC_R_BADAUTH);
 
 	return (ISC_R_SUCCESS);