From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
David Safford <safford@us.ibm.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, stable@vger.kernel.org
Subject: [kernel-hardening] [PATCH 4/6] security/keys: use constant time memory comparison for macs
Date: Sat, 10 Jun 2017 04:59:10 +0200 [thread overview]
Message-ID: <20170610025912.6499-5-Jason@zx2c4.com> (raw)
In-Reply-To: <20170610025912.6499-1-Jason@zx2c4.com>
Otherwise, we enable a MAC forgery via timing attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Safford <safford@us.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: stable@vger.kernel.org
---
security/keys/trusted.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 2ae31c5a87de..df7d30b0a6f7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,7 @@
* See Documentation/security/keys-trusted-encrypted.txt
*/
+#include <crypto/algapi.h>
#include <crypto/hash_info.h>
#include <linux/uaccess.h>
#include <linux/module.h>
@@ -243,7 +244,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
if (ret < 0)
goto out;
- if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
+ if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
kfree(sdesc);
@@ -335,7 +336,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
if (ret < 0)
goto out;
- if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
+ if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
ret = -EINVAL;
goto out;
}
@@ -344,7 +345,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
if (ret < 0)
goto out;
- if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
+ if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
kfree(sdesc);
--
2.13.1
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
David Safford <safford@us.ibm.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, stable@vger.kernel.org
Subject: [PATCH 4/6] security/keys: use constant time memory comparison for macs
Date: Sat, 10 Jun 2017 02:59:10 +0000 [thread overview]
Message-ID: <20170610025912.6499-5-Jason@zx2c4.com> (raw)
In-Reply-To: <20170610025912.6499-1-Jason@zx2c4.com>
Otherwise, we enable a MAC forgery via timing attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Safford <safford@us.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: stable@vger.kernel.org
---
security/keys/trusted.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 2ae31c5a87de..df7d30b0a6f7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,7 @@
* See Documentation/security/keys-trusted-encrypted.txt
*/
+#include <crypto/algapi.h>
#include <crypto/hash_info.h>
#include <linux/uaccess.h>
#include <linux/module.h>
@@ -243,7 +244,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
if (ret < 0)
goto out;
- if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
+ if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
kfree(sdesc);
@@ -335,7 +336,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
if (ret < 0)
goto out;
- if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
+ if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
ret = -EINVAL;
goto out;
}
@@ -344,7 +345,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
if (ret < 0)
goto out;
- if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
+ if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
kfree(sdesc);
--
2.13.1
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>,
David Safford <safford@us.ibm.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, stable@vger.kernel.org
Subject: [PATCH 4/6] security/keys: use constant time memory comparison for macs
Date: Sat, 10 Jun 2017 04:59:10 +0200 [thread overview]
Message-ID: <20170610025912.6499-5-Jason@zx2c4.com> (raw)
In-Reply-To: <20170610025912.6499-1-Jason@zx2c4.com>
Otherwise, we enable a MAC forgery via timing attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: David Safford <safford@us.ibm.com>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: stable@vger.kernel.org
---
security/keys/trusted.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/security/keys/trusted.c b/security/keys/trusted.c
index 2ae31c5a87de..df7d30b0a6f7 100644
--- a/security/keys/trusted.c
+++ b/security/keys/trusted.c
@@ -11,6 +11,7 @@
* See Documentation/security/keys-trusted-encrypted.txt
*/
+#include <crypto/algapi.h>
#include <crypto/hash_info.h>
#include <linux/uaccess.h>
#include <linux/module.h>
@@ -243,7 +244,7 @@ static int TSS_checkhmac1(unsigned char *buffer,
if (ret < 0)
goto out;
- if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE))
+ if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
kfree(sdesc);
@@ -335,7 +336,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0);
if (ret < 0)
goto out;
- if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
+ if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) {
ret = -EINVAL;
goto out;
}
@@ -344,7 +345,7 @@ static int TSS_checkhmac2(unsigned char *buffer,
TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0);
if (ret < 0)
goto out;
- if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE))
+ if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE))
ret = -EINVAL;
out:
kfree(sdesc);
--
2.13.1
next prev parent reply other threads:[~2017-06-10 2:59 UTC|newest]
Thread overview: 71+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-10 2:59 [kernel-hardening] [PATCH 0/6] Constant Time Memory Comparisons Are Important Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-10 2:59 ` [kernel-hardening] [PATCH 1/6] sunrpc: use constant time memory comparison for mac Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-10 2:59 ` [kernel-hardening] [PATCH 2/6] net/ipv6: " Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-10 2:59 ` [kernel-hardening] [PATCH 3/6] ccree: use constant time memory comparison for macs and tags Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-10 7:43 ` [kernel-hardening] " Gilad Ben-Yossef
2017-06-10 7:43 ` Gilad Ben-Yossef
2017-06-10 10:54 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-10 10:54 ` Jason A. Donenfeld
2017-06-10 21:43 ` [kernel-hardening] " Henrique de Moraes Holschuh
2017-06-10 21:43 ` Henrique de Moraes Holschuh
2017-06-10 2:59 ` Jason A. Donenfeld [this message]
2017-06-10 2:59 ` [PATCH 4/6] security/keys: use constant time memory comparison for macs Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-14 8:47 ` [kernel-hardening] " James Morris
2017-06-14 8:47 ` James Morris
2017-06-10 2:59 ` [kernel-hardening] [PATCH 5/6] bluetooth/smp: use constant time memory comparison for secret values Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-10 13:49 ` [kernel-hardening] " Marcel Holtmann
2017-06-10 13:49 ` Marcel Holtmann
2017-06-10 2:59 ` [kernel-hardening] [PATCH 6/6] mac80211/wpa: use constant time memory comparison for MACs Jason A. Donenfeld
2017-06-10 2:59 ` Jason A. Donenfeld
2017-06-13 8:20 ` [kernel-hardening] " Johannes Berg
2017-06-13 8:20 ` Johannes Berg
2017-06-13 13:28 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-13 13:28 ` Jason A. Donenfeld
2017-06-11 8:13 ` [kernel-hardening] Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important Kalle Valo
2017-06-11 8:13 ` Kalle Valo
2017-06-11 8:13 ` Kalle Valo
2017-06-11 8:13 ` Kalle Valo
2017-06-11 13:36 ` [kernel-hardening] " Kees Cook
2017-06-11 13:36 ` Kees Cook
2017-06-11 13:36 ` Kees Cook
2017-06-11 13:36 ` Kees Cook
2017-06-11 20:48 ` [kernel-hardening] " Emmanuel Grumbach
2017-06-11 20:48 ` Emmanuel Grumbach
2017-06-11 20:48 ` Emmanuel Grumbach
2017-06-11 20:48 ` Emmanuel Grumbach
2017-06-11 21:30 ` [kernel-hardening] " Emil Lenngren
2017-06-11 21:30 ` Emil Lenngren
2017-06-11 21:30 ` Emil Lenngren
2017-06-11 21:30 ` Emil Lenngren
2017-06-12 5:03 ` [kernel-hardening] " Emmanuel Grumbach
2017-06-12 5:03 ` Emmanuel Grumbach
2017-06-12 5:03 ` Emmanuel Grumbach
2017-06-12 5:03 ` Emmanuel Grumbach
2017-06-12 7:33 ` [kernel-hardening] " Arend van Spriel
2017-06-12 7:33 ` Arend van Spriel
2017-06-12 7:33 ` Arend van Spriel
2017-06-12 7:33 ` Arend van Spriel
2017-06-12 13:46 ` [kernel-hardening] " Kalle Valo
2017-06-12 13:46 ` Kalle Valo
2017-06-12 13:46 ` Kalle Valo
2017-06-11 21:06 ` [kernel-hardening] " Stephan Müller
2017-06-11 21:06 ` Stephan Müller
2017-06-11 21:06 ` Stephan Müller
2017-06-11 21:06 ` Stephan Müller
2017-06-11 21:21 ` [kernel-hardening] " Jason A. Donenfeld
2017-06-11 21:21 ` Jason A. Donenfeld
2017-06-11 21:21 ` Jason A. Donenfeld
2017-06-11 21:21 ` Jason A. Donenfeld
2017-06-11 21:21 ` Jason A. Donenfeld
2017-06-11 21:20 ` [kernel-hardening] [PATCH] rsa-pkcs1pad: use constant time memory comparison for MACs Jason A. Donenfeld
2017-06-11 21:20 ` Jason A. Donenfeld
2017-06-20 3:38 ` [kernel-hardening] " Herbert Xu
2017-06-20 3:38 ` Herbert Xu
2017-06-20 3:38 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170610025912.6499-5-Jason@zx2c4.com \
--to=jason@zx2c4.com \
--cc=dhowells@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=safford@us.ibm.com \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.