MFC r286101:

these are comparing authenticators and need to be constant time... This could be a side channel attack... Now that we have a function for this, use it... jmgurney/ipsecgcm: 24d704cc and 7f37a14 TAG: IPSEC-HEAD Issue: #4841
author: Luiz Otavio O Souza <luiz@netgate.com> 2015-09-16 08:16:45 -0500
committer: Luiz Otavio O Souza <luiz@netgate.com> 2015-10-20 12:10:19 -0500
commit: 7cb0430572e4dc864b7b0cd7876d037a0757cbdb (patch)
tree: b6ff1bfa85a4b16b7d63e34a6c5ab287e1b6027c /sys/netipsec/xform_ah.c
parent: 87917f89b81d1289daae2e25ff274fa49de2e533 (diff)
download: FreeBSD-src-7cb0430572e4dc864b7b0cd7876d037a0757cbdb.zip
FreeBSD-src-7cb0430572e4dc864b7b0cd7876d037a0757cbdb.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index d45889a..6829d59 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -775,7 +775,7 @@ ah_input_cb(struct cryptop *crp)
 
 	/* Verify authenticator. */
 	ptr = (caddr_t) (tc + 1);
-	if (bcmp(ptr + skip + rplen, calc, authsize)) {
+	if (timingsafe_bcmp(ptr + skip + rplen, calc, authsize)) {
 		DPRINTF(("%s: authentication hash mismatch for packet "
 		    "in SA %s/%08lx\n", __func__,
 		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
author	Luiz Otavio O Souza <luiz@netgate.com>	2015-09-16 08:16:45 -0500
committer	Luiz Otavio O Souza <luiz@netgate.com>	2015-10-20 12:10:19 -0500
commit	7cb0430572e4dc864b7b0cd7876d037a0757cbdb (patch)
tree	b6ff1bfa85a4b16b7d63e34a6c5ab287e1b6027c /sys/netipsec/xform_ah.c
parent	87917f89b81d1289daae2e25ff274fa49de2e533 (diff)
download	FreeBSD-src-7cb0430572e4dc864b7b0cd7876d037a0757cbdb.zip FreeBSD-src-7cb0430572e4dc864b7b0cd7876d037a0757cbdb.tar.gz