sctp: Fix MAC comparison to be constant-time

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

To prevent timing attacks, MACs need to be compared in constant time.
Use the appropriate helper function for this.

Fixes: bbd0d59809f9 ("[SCTP]: Implement the receive and verification of AUTH chunk")
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Link: https://patch.msgid.link/20250818205426.30222-3-ebiggers@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Eric Biggers and committed by

Jakub Kicinski 7 months ago dd91c79e 490a9591

+4 -2

2 changed files

expand all

net

sctp

sm_make_chunk.c

sm_statefuns.c

+2 -1

net/sctp/sm_make_chunk.c

··· 31 31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 32 32 33 33 #include <crypto/hash.h> 34 + #include <crypto/utils.h> 34 35 #include <linux/types.h> 35 36 #include <linux/kernel.h> 36 37 #include <linux/ip.h> ··· 1789 1788 } 1790 1789 } 1791 1790 1792 - if (memcmp(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1791 + if (crypto_memneq(digest, cookie->signature, SCTP_SIGNATURE_SIZE)) { 1793 1792 *error = -SCTP_IERROR_BAD_SIG; 1794 1793 goto fail; 1795 1794 }

+2 -1

net/sctp/sm_statefuns.c

··· 30 30 31 31 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 32 32 33 + #include <crypto/utils.h> 33 34 #include <linux/types.h> 34 35 #include <linux/kernel.h> 35 36 #include <linux/ip.h> ··· 4417 4416 sh_key, GFP_ATOMIC); 4418 4417 4419 4418 /* Discard the packet if the digests do not match */ 4420 - if (memcmp(save_digest, digest, sig_len)) { 4419 + if (crypto_memneq(save_digest, digest, sig_len)) { 4421 4420 kfree(save_digest); 4422 4421 return SCTP_IERROR_BAD_SIG; 4423 4422 }