Re: [PATCH net] ah: use crypto_memneq to check the ICV

2017-05-19 Thread Steffen Klassert 
On Fri, May 19, 2017 at 02:25:14PM +0200, Sabrina Dubroca wrote:
> Hi Steffen,
> 
> 2017-05-04, 12:41:24 +0200, Steffen Klassert wrote:
> > On Wed, May 03, 2017 at 04:57:57PM +0200, Sabrina Dubroca wrote:
> > > Signed-off-by: Sabrina Dubroca 
> > > ---
> > >  net/ipv4/ah4.c | 5 +++--
> > >  net/ipv6/ah6.c | 5 +++--
> > >  2 files changed, 6 insertions(+), 4 deletions(-)
> > 
> > Is this a fix for something? If so, please describe what it fixes.
> > If not, it can wait until after the merge window and merged into
> > ipsec-next then.
> 
> Do you prefer that I resend the patch, or can you take it directly?

No need to resend, I've just applied it directly.

Thanks a lot Sabrina!

Re: [PATCH net] ah: use crypto_memneq to check the ICV

2017-05-19 Thread Sabrina Dubroca 
Hi Steffen,

2017-05-04, 12:41:24 +0200, Steffen Klassert wrote:
> On Wed, May 03, 2017 at 04:57:57PM +0200, Sabrina Dubroca wrote:
> > Signed-off-by: Sabrina Dubroca 
> > ---
> >  net/ipv4/ah4.c | 5 +++--
> >  net/ipv6/ah6.c | 5 +++--
> >  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> Is this a fix for something? If so, please describe what it fixes.
> If not, it can wait until after the merge window and merged into
> ipsec-next then.

Do you prefer that I resend the patch, or can you take it directly?
I just checked, it applies cleanly on top of linux-next.

Thanks,

-- 
Sabrina

Re: [PATCH net] ah: use crypto_memneq to check the ICV

2017-05-04 Thread Sabrina Dubroca 
2017-05-04, 12:41:24 +0200, Steffen Klassert wrote:
> On Wed, May 03, 2017 at 04:57:57PM +0200, Sabrina Dubroca wrote:
> > Signed-off-by: Sabrina Dubroca 
> > ---
> >  net/ipv4/ah4.c | 5 +++--
> >  net/ipv6/ah6.c | 5 +++--
> >  2 files changed, 6 insertions(+), 4 deletions(-)
> 
> Is this a fix for something? If so, please describe what it fixes.
> If not, it can wait until after the merge window and merged into
> ipsec-next then.

Yeah, not really. I suppose you could see it as a fix for the commit
that introduced crypto_memneq and did some conversions (6bf37e5aa90f
("crypto: crypto_memneq - add equality testing of memory regions w/o
timing leaks")), but that may be a bit of a stretch.

I can repost that for ipsec-next in a couple of weeks.


Thanks,

-- 
Sabrina

Re: [PATCH net] ah: use crypto_memneq to check the ICV

2017-05-04 Thread Steffen Klassert 
On Wed, May 03, 2017 at 04:57:57PM +0200, Sabrina Dubroca wrote:
> Signed-off-by: Sabrina Dubroca 
> ---
>  net/ipv4/ah4.c | 5 +++--
>  net/ipv6/ah6.c | 5 +++--
>  2 files changed, 6 insertions(+), 4 deletions(-)

Is this a fix for something? If so, please describe what it fixes.
If not, it can wait until after the merge window and merged into
ipsec-next then.

[PATCH net] ah: use crypto_memneq to check the ICV

2017-05-03 Thread Sabrina Dubroca 
Signed-off-by: Sabrina Dubroca 
---
 net/ipv4/ah4.c | 5 +++--
 net/ipv6/ah6.c | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 22377c8ff14b..207350b30f88 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -1,5 +1,6 @@
 #define pr_fmt(fmt) "IPsec: " fmt
 
+#include 
 #include 
 #include 
 #include 
@@ -277,7 +278,7 @@ static void ah_input_done(struct crypto_async_request 
*base, int err)
auth_data = ah_tmp_auth(work_iph, ihl);
icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len);
 
-   err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG: 0;
+   err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
if (err)
goto out;
 
@@ -413,7 +414,7 @@ static int ah_input(struct xfrm_state *x, struct sk_buff 
*skb)
goto out_free;
}
 
-   err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG: 0;
+   err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
if (err)
goto out_free;
 
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index dda6035e3b84..ac747b13a8dc 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -25,6 +25,7 @@
 
 #define pr_fmt(fmt) "IPv6: " fmt
 
+#include 
 #include 
 #include 
 #include 
@@ -481,7 +482,7 @@ static void ah6_input_done(struct crypto_async_request 
*base, int err)
auth_data = ah_tmp_auth(work_iph, hdr_len);
icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len);
 
-   err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
+   err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
if (err)
goto out;
 
@@ -627,7 +628,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff 
*skb)
goto out_free;
}
 
-   err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
+   err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0;
if (err)
goto out_free;
 
-- 
2.12.2