Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6bc55148 authored by Jason A. Donenfeld's avatar Jason A. Donenfeld Committed by Greg Kroah-Hartman
Browse files

mac80211/wpa: use constant time memory comparison for MACs 



commit 98c67d187db7808b1f3c95f2110dd4392d034182 upstream.

Otherwise, we enable all sorts of forgeries via timing attack.

Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 131e696c

net/mac80211/wpa.c

+3 −2
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
#include <asm/unaligned.h>

#include <net/mac80211.h>

#include <crypto/aes.h>

#include <crypto/algapi.h>



#include "ieee80211_i.h"

#include "michael.h"
@@ -150,7 +151,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 
	data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;

	key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];

	michael_mic(key, hdr, data, data_len, mic);

	if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)

	if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))

		goto mic_fail;



	/* remove Michael MIC from payload */
@@ -771,7 +772,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) 
		bip_aad(skb, aad);

		ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,

				   skb->data + 24, skb->len - 24, mic);

		if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {

		if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {

			key->u.aes_cmac.icverrors++;

			return RX_DROP_UNUSABLE;

		}