From owner-svn-src-all@freebsd.org Fri Jul 31 00:31:53 2015 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DDD629AFC25; Fri, 31 Jul 2015 00:31:53 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CA20014D; Fri, 31 Jul 2015 00:31:53 +0000 (UTC) (envelope-from jmg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6V0VriC015965; Fri, 31 Jul 2015 00:31:53 GMT (envelope-from jmg@FreeBSD.org) Received: (from jmg@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6V0VrrE015963; Fri, 31 Jul 2015 00:31:53 GMT (envelope-from jmg@FreeBSD.org) Message-Id: <201507310031.t6V0VrrE015963@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jmg set sender to jmg@FreeBSD.org using -f From: John-Mark Gurney Date: Fri, 31 Jul 2015 00:31:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r286101 - head/sys/netipsec X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Jul 2015 00:31:54 -0000 Author: jmg Date: Fri Jul 31 00:31:52 2015 New Revision: 286101 URL: https://svnweb.freebsd.org/changeset/base/286101 Log: these are comparing authenticators and need to be constant time... This could be a side channel attack... Now that we have a function for this, use it... jmgurney/ipsecgcm: 24d704cc and 7f37a14 Modified: head/sys/netipsec/xform_ah.c head/sys/netipsec/xform_esp.c Modified: head/sys/netipsec/xform_ah.c ============================================================================== --- head/sys/netipsec/xform_ah.c Fri Jul 31 00:23:21 2015 (r286100) +++ head/sys/netipsec/xform_ah.c Fri Jul 31 00:31:52 2015 (r286101) @@ -777,7 +777,7 @@ ah_input_cb(struct cryptop *crp) /* Verify authenticator. */ ptr = (caddr_t) (tc + 1); - if (bcmp(ptr + skip + rplen, calc, authsize)) { + if (timingsafe_bcmp(ptr + skip + rplen, calc, authsize)) { DPRINTF(("%s: authentication hash mismatch for packet " "in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst, buf, sizeof(buf)), Modified: head/sys/netipsec/xform_esp.c ============================================================================== --- head/sys/netipsec/xform_esp.c Fri Jul 31 00:23:21 2015 (r286100) +++ head/sys/netipsec/xform_esp.c Fri Jul 31 00:31:52 2015 (r286101) @@ -534,7 +534,7 @@ esp_input_cb(struct cryptop *crp) ptr = (caddr_t) (tc + 1); /* Verify authenticator */ - if (bcmp(ptr, aalg, alen) != 0) { + if (timingsafe_bcmp(ptr, aalg, alen) != 0) { DPRINTF(("%s: authentication hash mismatch for " "packet in SA %s/%08lx\n", __func__, ipsec_address(&saidx->dst, buf, sizeof(buf)),