diff options
author | David Gstir <david@sigma-star.at> | 2015-11-15 19:14:42 +0300 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-11-16 16:39:24 +0300 |
commit | 79960943fdc114fd4583c9ab164b5c89da7aa601 (patch) | |
tree | eee34426e869bbc88d47c233f490808dc38ffa02 | |
parent | cb8affb55c7e64816f3effcd9b2fc3268c016fac (diff) | |
download | linux-79960943fdc114fd4583c9ab164b5c89da7aa601.tar.xz |
crypto: talitos - Fix timing leak in ESP ICV verification
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.
Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-rw-r--r-- | drivers/crypto/talitos.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 46f531e19ccf..b6f9f42e2985 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -977,7 +977,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev, } else oicv = (char *)&edesc->link_tbl[0]; - err = memcmp(oicv, icv, authsize) ? -EBADMSG : 0; + err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0; } kfree(edesc); |