ah: use crypto_memneq to check the ICV (67df58a3) · Commits · e / devices / android_kernel_fairphone_FP5

net/ipv4/ah4.c

+3 −2

Original line number	Diff line number	Diff line
		#define pr_fmt(fmt) "IPsec: " fmt

		#include <crypto/algapi.h>
		#include <crypto/hash.h>
		#include <linux/err.h>
		#include <linux/module.h>
		@@ -277,7 +278,7 @@ static void ah_input_done(struct crypto_async_request *base, int err)
		auth_data = ah_tmp_auth(work_iph, ihl);
		icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len);

		err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG: 0;
		err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
		if (err)
		goto out;

		@@ -413,7 +414,7 @@ static int ah_input(struct xfrm_state x, struct sk_buff skb)
		goto out_free;
		}

		err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG: 0;
		err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
		if (err)
		goto out_free;

+3 −2

Original line number	Diff line number	Diff line
		@@ -25,6 +25,7 @@

		#define pr_fmt(fmt) "IPv6: " fmt

		#include <crypto/algapi.h>
		#include <crypto/hash.h>
		#include <linux/module.h>
		#include <linux/slab.h>
		@@ -481,7 +482,7 @@ static void ah6_input_done(struct crypto_async_request *base, int err)
		auth_data = ah_tmp_auth(work_iph, hdr_len);
		icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len);

		err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
		err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
		if (err)
		goto out;

		@@ -627,7 +628,7 @@ static int ah6_input(struct xfrm_state x, struct sk_buff skb)
		goto out_free;
		}

		err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
		err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
		if (err)
		goto out_free;