Skip to content

Commit 98c67d1

Browse files
zx2c4jmberg-intel
zx2c4
authored and
jmberg-intel
committed
mac80211/wpa: use constant time memory comparison for MACs
Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: linux-wireless@vger.kernel.org Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg <johannes.berg@intel.com>
1 parent c87905b commit 98c67d1

File tree

1 file changed

+5
-4
lines changed

1 file changed

+5
-4
lines changed

net/mac80211/wpa.c

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
#include <asm/unaligned.h>
1818
#include <net/mac80211.h>
1919
#include <crypto/aes.h>
20+
#include <crypto/algapi.h>
2021

2122
#include "ieee80211_i.h"
2223
#include "michael.h"
@@ -153,7 +154,7 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
153154
data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
154155
key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
155156
michael_mic(key, hdr, data, data_len, mic);
156-
if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
157+
if (crypto_memneq(mic, data + data_len, MICHAEL_MIC_LEN))
157158
goto mic_fail;
158159

159160
/* remove Michael MIC from payload */
@@ -1048,7 +1049,7 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
10481049
bip_aad(skb, aad);
10491050
ieee80211_aes_cmac(key->u.aes_cmac.tfm, aad,
10501051
skb->data + 24, skb->len - 24, mic);
1051-
if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
1052+
if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
10521053
key->u.aes_cmac.icverrors++;
10531054
return RX_DROP_UNUSABLE;
10541055
}
@@ -1098,7 +1099,7 @@ ieee80211_crypto_aes_cmac_256_decrypt(struct ieee80211_rx_data *rx)
10981099
bip_aad(skb, aad);
10991100
ieee80211_aes_cmac_256(key->u.aes_cmac.tfm, aad,
11001101
skb->data + 24, skb->len - 24, mic);
1101-
if (memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
1102+
if (crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
11021103
key->u.aes_cmac.icverrors++;
11031104
return RX_DROP_UNUSABLE;
11041105
}
@@ -1202,7 +1203,7 @@ ieee80211_crypto_aes_gmac_decrypt(struct ieee80211_rx_data *rx)
12021203
if (ieee80211_aes_gmac(key->u.aes_gmac.tfm, aad, nonce,
12031204
skb->data + 24, skb->len - 24,
12041205
mic) < 0 ||
1205-
memcmp(mic, mmie->mic, sizeof(mmie->mic)) != 0) {
1206+
crypto_memneq(mic, mmie->mic, sizeof(mmie->mic))) {
12061207
key->u.aes_gmac.icverrors++;
12071208
return RX_DROP_UNUSABLE;
12081209
}

0 commit comments

Comments
 (0)