ah input processing uses the asynchronous hash crypto API which supplies an error code as part of the operation completion but the error code was being ignored.
Treat a crypto API error indication as a verification failure. While a crypto API reported error would almost certainly result in a memcpy of the digest failing anyway and thus the security risk seems minor, performing a memory compare on what might be uninitialized memory is wrong. Signed-off-by: Gilad Ben-Yossef <gi...@benyossef.com> CC: Alexander Alemayhu <alexan...@alemayhu.com> --- The change was boot tested on Arm64 but I did not exercise the specific error code path in question. Changes from v2: - Added fix for same problem in IPv6 pointed out by Steffen Klassert Changes from v1: - Fixed typo in patch description pointed out by Alexander Gilad Ben-Yossef (2): IPsec: do not ignore crypto err in ah4 input IPsec: do not ignore crypto err in ah6 input net/ipv4/ah4.c | 3 +++ net/ipv6/ah6.c | 3 +++ 2 files changed, 6 insertions(+) -- 2.1.4
