4.12-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <ja...@zx2c4.com>
commit 15a8b93fd5690de017ce665382ea45e5d61811a4 upstream.
Otherwise, we enable a MAC forgery via timing attack.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Cc: "J. Bruce Fields" <bfie...@fieldses.org>
Cc: Jeff Layton <jlay...@poochiereds.net>
Cc: Trond Myklebust <trond.mykleb...@primarydata.com>
Cc: Anna Schumaker <anna.schuma...@netapp.com>
Cc: linux-...@vger.kernel.org
Signed-off-by: Anna Schumaker <anna.schuma...@netapp.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
---
net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
+#include <crypto/algapi.h>
#include <crypto/hash.h>
#include <crypto/skcipher.h>
#include <linux/err.h>
@@ -927,7 +928,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kc
if (ret)
goto out_err;
- if (memcmp(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
+ if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
ret = GSS_S_BAD_SIG;
goto out_err;
}
