crypto: talitos - Fix timing leak in ESP ICV verification

author David Gstir <david@sigma-star.at>

Sun, 15 Nov 2015 16:14:42 +0000 (17:14 +0100)

committer Herbert Xu <herbert@gondor.apana.org.au>

Mon, 16 Nov 2015 13:39:24 +0000 (21:39 +0800)
author David Gstir <david@sigma-star.at>
Sun, 15 Nov 2015 16:14:42 +0000 (17:14 +0100)
committer Herbert Xu <herbert@gondor.apana.org.au>
Mon, 16 Nov 2015 13:39:24 +0000 (21:39 +0800)
diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c

index 46f531e19ccf07e97af05c221a5bfbb0d060d0a7..b6f9f42e2985b476ecc63ac16f648535be0cddc2 100644 (file)
--- a/drivers/crypto/talitos.c
+++ b/drivers/crypto/talitos.c
@@ -977,7 +977,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev,
                 } else
                         oicv = (char *)&edesc->link_tbl[0];
  
-               err = memcmp(oicv, icv, authsize) ? -EBADMSG : 0;
+               err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0;
         }
  
         kfree(edesc);
author	David Gstir <david@sigma-star.at>
	Sun, 15 Nov 2015 16:14:42 +0000 (17:14 +0100)
committer	Herbert Xu <herbert@gondor.apana.org.au>
	Mon, 16 Nov 2015 13:39:24 +0000 (21:39 +0800)