these are comparing authenticators and need to be constant time...

This could be a side channel attack...  Now that we have a function
for this, use it...

jmgurney/ipsecgcm:	24d704cc and 7f37a14

2 files changed, 2 insertions, 2 deletions

diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index ae0feb9..350a735 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -777,7 +777,7 @@ ah_input_cb(struct cryptop *crp)
 
 	/* Verify authenticator. */
 	ptr = (caddr_t) (tc + 1);
-	if (bcmp(ptr + skip + rplen, calc, authsize)) {
+	if (timingsafe_bcmp(ptr + skip + rplen, calc, authsize)) {
 		DPRINTF(("%s: authentication hash mismatch for packet "
 		    "in SA %s/%08lx\n", __func__,
 		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 67551ca..d8182df 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -534,7 +534,7 @@ esp_input_cb(struct cryptop *crp)
 		ptr = (caddr_t) (tc + 1);
 
 		/* Verify authenticator */
-		if (bcmp(ptr, aalg, alen) != 0) {
+		if (timingsafe_bcmp(ptr, aalg, alen) != 0) {
 			DPRINTF(("%s: authentication hash mismatch for "
 			    "packet in SA %s/%08lx\n", __func__,
 			    ipsec_address(&saidx->dst, buf, sizeof(buf)),