Commit 5997a245 authored by Lars Persson's avatar Lars Persson Committed by Herbert Xu

crypto: axis - use a constant time tag compare

Avoid plain memcmp() on the AEAD tag value as this could leak
information through a timing side channel.
Signed-off-by: default avatarLars Persson <larper@axis.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 48ef0908
...@@ -2201,9 +2201,9 @@ static void artpec6_crypto_complete_aead(struct crypto_async_request *req) ...@@ -2201,9 +2201,9 @@ static void artpec6_crypto_complete_aead(struct crypto_async_request *req)
areq->assoclen + areq->cryptlen - areq->assoclen + areq->cryptlen -
authsize); authsize);
if (memcmp(req_ctx->decryption_tag, if (crypto_memneq(req_ctx->decryption_tag,
input_tag, input_tag,
authsize)) { authsize)) {
pr_debug("***EBADMSG:\n"); pr_debug("***EBADMSG:\n");
print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1, print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1,
input_tag, authsize, true); input_tag, authsize, true);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment