[6/7] crypto: axis - use a constant time tag compare

Message ID	ccf244b67f651050402c35bd638533a5b43bec65.1548243646.git.larper@axis.com (mailing list archive)
State	Accepted
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> field: "References" From: Lars Persson <lars.persson@axis.com> To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au Cc: Lars Persson <larper@axis.com> Subject: [PATCH 6/7] crypto: axis - use a constant time tag compare Date: Wed, 23 Jan 2019 12:59:45 +0100 Message-Id: <ccf244b67f651050402c35bd638533a5b43bec65.1548243646.git.larper@axis.com> In-Reply-To: <cover.1548243646.git.larper@axis.com> References: <cover.1548243646.git.larper@axis.com> In-Reply-To: <cover.1548243646.git.larper@axis.com> References: <cover.1548243646.git.larper@axis.com> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk
Series	crypto: axis - fixes for the Artpec SoCs \| expand [0/7] crypto: axis - fixes for the Artpec SoCs [1/7] crypto: axis - remove sha384 support for artpec7 [2/7] crypto: axis - remove sha512 support for artpec7 [3/7] crypto: axis - fix for recursive locking from bottom half [4/7] crypto: axis - give DMA the start of the status buffer [5/7] crypto: axis - support variable AEAD tag length [6/7] crypto: axis - use a constant time tag compare [7/7] crypto: axis - move request unmap outside of the queue lock

Message ID

ccf244b67f651050402c35bd638533a5b43bec65.1548243646.git.larper@axis.com (mailing list archive)

State

Accepted

Delegated to:

Herbert Xu

Headers

From: Lars Persson <lars.persson@axis.com>
To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au
Cc: Lars Persson <larper@axis.com>
Subject: [PATCH 6/7] crypto: axis - use a constant time tag compare
Date: Wed, 23 Jan 2019 12:59:45 +0100
Message-Id: 
 <ccf244b67f651050402c35bd638533a5b43bec65.1548243646.git.larper@axis.com>
In-Reply-To: <cover.1548243646.git.larper@axis.com>
References: <cover.1548243646.git.larper@axis.com>
In-Reply-To: <cover.1548243646.git.larper@axis.com>
References: <cover.1548243646.git.larper@axis.com>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk

Series

crypto: axis - fixes for the Artpec SoCs | expand

Commit Message

Lars Persson Jan. 23, 2019, 11:59 a.m. UTC

Avoid plain memcmp() on the AEAD tag value as this could leak
information through a timing side channel.

Signed-off-by: Lars Persson <larper@axis.com>
---
 drivers/crypto/axis/artpec6_crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c
index 1be5bdd658a4..71ef9ce68fd8 100644
--- a/drivers/crypto/axis/artpec6_crypto.c
+++ b/drivers/crypto/axis/artpec6_crypto.c
@@ -2201,9 +2201,9 @@  static void artpec6_crypto_complete_aead(struct crypto_async_request *req)
 				   areq->assoclen + areq->cryptlen -
 				   authsize);
 
-		if (memcmp(req_ctx->decryption_tag,
-			   input_tag,
-			   authsize)) {
+		if (crypto_memneq(req_ctx->decryption_tag,
+				  input_tag,
+				  authsize)) {
 			pr_debug("***EBADMSG:\n");
 			print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1,
 					     input_tag, authsize, true);

[6/7] crypto: axis - use a constant time tag compare

Commit Message

Patch