mac80211/wpa: use constant time memory comparison for MACs (98c67d18) · Commits · e / devices / android_kernel_oneplus_sm7250

net/mac80211/wpa.c

+5 −4

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		#include <asm/unaligned.h>
		#include <net/mac80211.h>
		#include <crypto/aes.h>
		#include <crypto/algapi.h>

		#include "ieee80211_i.h"
		#include "michael.h"
		@@ -153,7 +154,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
		data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
		key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
		michael_mic(key, hdr, data, data_len, mic);
		if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
		if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))
		goto mic_fail;

		/* remove Michael MIC from payload */
		@@ -1048,7 +1049,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
		bip_aad(skb, aad);
		ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
		skb->data + 24, skb->len - 24, mic);
		if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
		if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
		key->u.aes_cmac.icverrors++;
		return RX_DROP_UNUSABLE;
		}
		@@ -1098,7 +1099,7 @@ ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx)
		bip_aad(skb, aad);
		ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
		skb->data + 24, skb->len - 24, mic);
		if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
		if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
		key->u.aes_cmac.icverrors++;
		return RX_DROP_UNUSABLE;
		}
		@@ -1202,7 +1203,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
		if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
		skb->data + 24, skb->len - 24,
		mic) < 0 \|\|
		memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
		crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
		key->u.aes_gmac.icverrors++;
		return RX_DROP_UNUSABLE;
		}