diff options
author | Sabrina Dubroca <sd@queasysnail.net> | 2017-05-03 16:57:57 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2017-05-19 14:30:50 +0200 |
commit | 67df58a3e5535d8ffeb48a41ec0b38859cc284b8 (patch) | |
tree | f3ab5c8e131711c9d12109200581cc59e895c8b7 /net | |
parent | 24d472e4e497c29d2eb8fcbe6d9b373b66804e01 (diff) | |
download | linux-67df58a3e5535d8ffeb48a41ec0b38859cc284b8.tar.gz linux-67df58a3e5535d8ffeb48a41ec0b38859cc284b8.tar.bz2 linux-67df58a3e5535d8ffeb48a41ec0b38859cc284b8.zip |
ah: use crypto_memneq to check the ICV
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/ah4.c | 5 | ||||
-rw-r--r-- | net/ipv6/ah6.c | 5 |
2 files changed, 6 insertions, 4 deletions
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c index 22377c8ff14b..207350b30f88 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c @@ -1,5 +1,6 @@ #define pr_fmt(fmt) "IPsec: " fmt +#include <crypto/algapi.h> #include <crypto/hash.h> #include <linux/err.h> #include <linux/module.h> @@ -277,7 +278,7 @@ static void ah_input_done(struct crypto_async_request *base, int err) auth_data = ah_tmp_auth(work_iph, ihl); icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len); - err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG: 0; + err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; if (err) goto out; @@ -413,7 +414,7 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb) goto out_free; } - err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG: 0; + err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; if (err) goto out_free; diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index dda6035e3b84..ac747b13a8dc 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -25,6 +25,7 @@ #define pr_fmt(fmt) "IPv6: " fmt +#include <crypto/algapi.h> #include <crypto/hash.h> #include <linux/module.h> #include <linux/slab.h> @@ -481,7 +482,7 @@ static void ah6_input_done(struct crypto_async_request *base, int err) auth_data = ah_tmp_auth(work_iph, hdr_len); icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len); - err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; + err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; if (err) goto out; @@ -627,7 +628,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) goto out_free; } - err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; + err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; if (err) goto out_free; |