[PATCH 1/6] sunrpc: use constant time memory comparison for mac

2017-06-09 Thread Jason A. Donenfeld 
Otherwise, we enable a MAC forgery via timing attack.

Signed-off-by: Jason A. Donenfeld 
Cc: "J. Bruce Fields" 
Cc: Jeff Layton 
Cc: Trond Myklebust 
Cc: Anna Schumaker 
Cc: linux-...@vger.kernel.org
Cc: sta...@vger.kernel.org
---
 net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c 
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index fb39284ec174..12649c9fedab 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -927,7 +928,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, 
struct xdr_buf *buf,
if (ret)
goto out_err;
 
-   if (memcmp(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
+   if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
ret = GSS_S_BAD_SIG;
goto out_err;
}
-- 
2.13.1

[PATCH 1/6] sunrpc: use constant time memory comparison for mac

2017-06-09 Thread Jason A. Donenfeld 
Otherwise, we enable a MAC forgery via timing attack.

Signed-off-by: Jason A. Donenfeld 
Cc: "J. Bruce Fields" 
Cc: Jeff Layton 
Cc: Trond Myklebust 
Cc: Anna Schumaker 
Cc: linux-...@vger.kernel.org
Cc: sta...@vger.kernel.org
---
 net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/sunrpc/auth_gss/gss_krb5_crypto.c 
b/net/sunrpc/auth_gss/gss_krb5_crypto.c
index fb39284ec174..12649c9fedab 100644
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
 
+#include 
 #include 
 #include 
 #include 
@@ -927,7 +928,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kctx, u32 offset, 
struct xdr_buf *buf,
if (ret)
goto out_err;
 
-   if (memcmp(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
+   if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
ret = GSS_S_BAD_SIG;
goto out_err;
}
-- 
2.13.1