From 42e5fcbf2befe204d7e64b7f93ae0bee86c6ec18 Mon Sep 17 00:00:00 2001
From: John-Mark Gurney <jmg@FreeBSD.org>
Date: Fri, 31 Jul 2015 00:31:52 +0000
Subject: [PATCH] these are comparing authenticators and need to be constant
 time... This could be a side channel attack...  Now that we have a function
 for this, use it...

jmgurney/ipsecgcm:	24d704cc and 7f37a14
---
 sys/netipsec/xform_ah.c  | 2 +-
 sys/netipsec/xform_esp.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c
index ae0feb9f627..350a735a89b 100644
--- a/sys/netipsec/xform_ah.c
+++ b/sys/netipsec/xform_ah.c
@@ -777,7 +777,7 @@ ah_input_cb(struct cryptop *crp)
 
 	/* Verify authenticator. */
 	ptr = (caddr_t) (tc + 1);
-	if (bcmp(ptr + skip + rplen, calc, authsize)) {
+	if (timingsafe_bcmp(ptr + skip + rplen, calc, authsize)) {
 		DPRINTF(("%s: authentication hash mismatch for packet "
 		    "in SA %s/%08lx\n", __func__,
 		    ipsec_address(&saidx->dst, buf, sizeof(buf)),
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c
index 67551caef43..d8182dfdf58 100644
--- a/sys/netipsec/xform_esp.c
+++ b/sys/netipsec/xform_esp.c
@@ -534,7 +534,7 @@ esp_input_cb(struct cryptop *crp)
 		ptr = (caddr_t) (tc + 1);
 
 		/* Verify authenticator */
-		if (bcmp(ptr, aalg, alen) != 0) {
+		if (timingsafe_bcmp(ptr, aalg, alen) != 0) {
 			DPRINTF(("%s: authentication hash mismatch for "
 			    "packet in SA %s/%08lx\n", __func__,
 			    ipsec_address(&saidx->dst, buf, sizeof(buf)),