diff options
author | Sabrina Dubroca <sd@queasysnail.net> | 2017-05-03 16:57:57 +0200 |
---|---|---|
committer | Steffen Klassert <steffen.klassert@secunet.com> | 2017-05-19 14:30:50 +0200 |
commit | 67df58a3e5535d8ffeb48a41ec0b38859cc284b8 (patch) | |
tree | f3ab5c8e131711c9d12109200581cc59e895c8b7 /net/ipv6/ah6.c | |
parent | 24d472e4e497c29d2eb8fcbe6d9b373b66804e01 (diff) |
ah: use crypto_memneq to check the ICV
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'net/ipv6/ah6.c')
-rw-r--r-- | net/ipv6/ah6.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c index dda6035e3b84..ac747b13a8dc 100644 --- a/net/ipv6/ah6.c +++ b/net/ipv6/ah6.c @@ -25,6 +25,7 @@ #define pr_fmt(fmt) "IPv6: " fmt +#include <crypto/algapi.h> #include <crypto/hash.h> #include <linux/module.h> #include <linux/slab.h> @@ -481,7 +482,7 @@ static void ah6_input_done(struct crypto_async_request *base, int err) auth_data = ah_tmp_auth(work_iph, hdr_len); icv = ah_tmp_icv(ahp->ahash, auth_data, ahp->icv_trunc_len); - err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; + err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; if (err) goto out; @@ -627,7 +628,7 @@ static int ah6_input(struct xfrm_state *x, struct sk_buff *skb) goto out_free; } - err = memcmp(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; + err = crypto_memneq(icv, auth_data, ahp->icv_trunc_len) ? -EBADMSG : 0; if (err) goto out_free; |