From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754613AbcBNXSt (ORCPT ); Sun, 14 Feb 2016 18:18:49 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:45901 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754165AbcBNXOv (ORCPT ); Sun, 14 Feb 2016 18:14:51 -0500 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Gstir , Herbert Xu Subject: [PATCH 4.3 007/200] crypto: talitos - Fix timing leak in ESP ICV verification Date: Sun, 14 Feb 2016 14:20:14 -0800 Message-Id: <20160214222217.367310671@linuxfoundation.org> X-Mailer: git-send-email 2.7.1 In-Reply-To: <20160214222217.084543173@linuxfoundation.org> References: <20160214222217.084543173@linuxfoundation.org> User-Agent: quilt/0.64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.3-stable review patch. If anyone has any objections, please let me know. ------------------ From: David Gstir commit 79960943fdc114fd4583c9ab164b5c89da7aa601 upstream. Using non-constant time memcmp() makes the verification of the authentication tag in the decrypt path vulnerable to timing attacks. Fix this by using crypto_memneq() instead. Signed-off-by: David Gstir Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/talitos.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1015,7 +1015,7 @@ static void ipsec_esp_decrypt_swauth_don } else oicv = (char *)&edesc->link_tbl[0]; - err = memcmp(oicv, icv, authsize) ? -EBADMSG : 0; + err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0; } kfree(edesc);