Re: [PATCH net] net/tcp-ao: Fix MAC comparison to be constant-time

Next message: Thomas Hellstr&#xF6;m: "Re: [PATCH v2 3/4] drm/xe: Split TLB invalidation into submit and wait steps"
Previous message: Thomas Hellstr&#xF6;m: "Re: [PATCH v2 2/4] drm/xe/userptr: Convert invalidation to two-pass MMU notifier"
In reply to: Dmitry Safonov: "Re: [PATCH net] net/tcp-ao: Fix MAC comparison to be constant-time"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] net/tcp-ao: Fix MAC comparison to be constant-time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon Mar 02 2026 - 16:54:10 EST

On Mon, Mar 02, 2026 at 08:59:50PM +0000, Dmitry Safonov wrote:
> On Mon, 2 Mar 2026 at 20:36, Eric Biggers <ebiggers@xxxxxxxxxx> wrote:
> >
> > To prevent timing attacks, MACs need to be compared in constant
> > time. Use the appropriate helper function for this.
> >
> > Fixes: 0a3a809089eb ("net/tcp: Verify inbound TCP-AO signed segments")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Cc: Dmitry Safonov <0x7f454c46@xxxxxxxxx>
> > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx>
>
> Thanks, Eric, LGTM.
>
> Reviewed-by: Dmitry Safonov <0x7f454c46@xxxxxxxxx>
>
> Could you also send a similar patch for TCP-MD5?
> tcp_inbound_md5_hash(), tcp_v{4,6}_send_reset() would need the same change.

Already done, it was the first one I sent:
https://lore.kernel.org/netdev/20260302203409.13388-1-ebiggers@xxxxxxxxxx/

- Eric