ksmbd: Compare MACs in constant time (c5794709) · Commits · git / linux-nf

fs/smb/server/Kconfig

+1 −0

+3 −1

Original line number	Diff line number	Diff line
		@@ -15,6 +15,7 @@
		#include <crypto/aead.h>
		#include <crypto/md5.h>
		#include <crypto/sha2.h>
		#include <crypto/utils.h>
		#include <linux/random.h>
		#include <linux/scatterlist.h>

		@@ -165,7 +166,8 @@ int ksmbd_auth_ntlmv2(struct ksmbd_conn conn, struct ksmbd_session sess,
		ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE,
		sess->sess_key);

		if (memcmp(ntlmv2->ntlmv2_hash, ntlmv2_rsp, CIFS_HMAC_MD5_HASH_SIZE) != 0)
		if (crypto_memneq(ntlmv2->ntlmv2_hash, ntlmv2_rsp,
		CIFS_HMAC_MD5_HASH_SIZE))
		return -EINVAL;
		return 0;
		}

+3 −2

Original line number	Diff line number	Diff line
		@@ -4,6 +4,7 @@
		* Copyright (C) 2018 Samsung Electronics Co., Ltd.
		*/

		#include <crypto/utils.h>
		#include <linux/inetdevice.h>
		#include <net/addrconf.h>
		#include <linux/syscalls.h>
		@@ -8880,7 +8881,7 @@ int smb2_check_sign_req(struct ksmbd_work *work)
		ksmbd_sign_smb2_pdu(work->conn, work->sess->sess_key, iov, 1,
		signature);

		if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
		if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
		pr_err("bad smb2 signature\n");
		return 0;
		}
		@@ -8968,7 +8969,7 @@ int smb3_check_sign_req(struct ksmbd_work *work)
		if (ksmbd_sign_smb3_pdu(conn, signing_key, iov, 1, signature))
		return 0;

		if (memcmp(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
		if (crypto_memneq(signature, signature_req, SMB2_SIGNATURE_SIZE)) {
		pr_err("bad smb2 signature\n");
		return 0;
		}