diff options
author | David Gstir <david@sigma-star.at> | 2015-11-15 17:14:42 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2015-11-16 14:39:24 +0100 |
commit | 79960943fdc114fd4583c9ab164b5c89da7aa601 (patch) | |
tree | eee34426e869bbc88d47c233f490808dc38ffa02 /drivers/crypto | |
parent | crypto: nx - Fix timing leak in GCM and CCM decryption (diff) | |
download | linux-79960943fdc114fd4583c9ab164b5c89da7aa601.tar.xz linux-79960943fdc114fd4583c9ab164b5c89da7aa601.zip |
crypto: talitos - Fix timing leak in ESP ICV verification
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.
Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'drivers/crypto')
-rw-r--r-- | drivers/crypto/talitos.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index 46f531e19ccf..b6f9f42e2985 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -977,7 +977,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev, } else oicv = (char *)&edesc->link_tbl[0]; - err = memcmp(oicv, icv, authsize) ? -EBADMSG : 0; + err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0; } kfree(edesc); |