Skip to content

Commit

Permalink
crypto: talitos - Fix timing leak in ESP ICV verification
Browse files Browse the repository at this point in the history 
Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  • Loading branch information
David Gstir authored and Herbert Xu committed Nov 16, 2015
1 parent cb8affb commit 7996094
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/crypto/talitos.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -977,7 +977,7 @@ static void ipsec_esp_decrypt_swauth_done(struct device *dev,
} else
oicv = (char *)&edesc->link_tbl[0];

err = memcmp(oicv, icv, authsize) ? -EBADMSG : 0;
err = crypto_memneq(oicv, icv, authsize) ? -EBADMSG : 0;
}

kfree(edesc);
Expand Down

0 comments on commit 7996094

Please sign in to comment.