sunrpc: use constant time memory comparison for mac

Otherwise, we enable a MAC forgery via timing attack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Jeff Layton <jlayton@poochiereds.net> Cc: Trond Myklebust <trond.myklebust@primarydata.com> Cc: Anna Schumaker <anna.schumaker@netapp.com> Cc: linux-nfs@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2017-06-09 22:59:07 -0400
committer: Anna Schumaker <Anna.Schumaker@Netapp.com> 2017-07-13 16:00:14 -0400
commit: 15a8b93fd5690de017ce665382ea45e5d61811a4 (patch)
tree: ef57074e15e84a0ed623c9d145cd2f27bc6c686e /net
parent: 1ee48bdd22440c0b45f215fc41e16032383c1c81 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index fb39284ec174..12649c9fedab 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 */
+#include <crypto/algapi.h>
 #include <crypto/hash.h>
 #include <crypto/skcipher.h>
 #include <linux/err.h>
@@ -927,7 +928,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, struct xdr_buf *buf,
        if (ret)
                goto out_err;
-        if (memcmp(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
+        if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
                ret = GSS_S_BAD_SIG;
                goto out_err;
        }
author	Jason A. Donenfeld <Jason@zx2c4.com>	2017-06-09 22:59:07 -0400
committer	Anna Schumaker <Anna.Schumaker@Netapp.com>	2017-07-13 16:00:14 -0400
commit	15a8b93fd5690de017ce665382ea45e5d61811a4 (patch)
tree	ef57074e15e84a0ed623c9d145cd2f27bc6c686e /net
parent	1ee48bdd22440c0b45f215fc41e16032383c1c81 (diff)