From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: Ryan Ware <ware@linux.intel.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
James Morris <james.l.morris@oracle.com>,
Jiri Slaby <jslaby@suse.cz>
Subject: [patch added to 3.12-stable] EVM: Use crypto_memneq() for digest comparisons
Date: Mon, 15 Feb 2016 17:12:43 +0100 [thread overview]
Message-ID: <1455552767-7413-15-git-send-email-jslaby@suse.cz> (raw)
In-Reply-To: <1455552767-7413-1-git-send-email-jslaby@suse.cz>
From: Ryan Ware <ware@linux.intel.com>
This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.
===============
commit 613317bd212c585c20796c10afe5daaa95d4b0a1 upstream.
This patch fixes vulnerability CVE-2016-2085. The problem exists
because the vm_verify_hmac() function includes a use of memcmp().
Unfortunately, this allows timing side channel attacks; specifically
a MAC forgery complexity drop from 2^128 to 2^12. This patch changes
the memcmp() to the cryptographically safe crypto_memneq().
Reported-by: Xiaofei Rex Guo <xiaofei.rex.guo@intel.com>
Signed-off-by: Ryan Ware <ware@linux.intel.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
security/integrity/evm/evm_main.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index d43b62c4a8e5..5bf01c8648a8 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -21,6 +21,7 @@
#include <linux/integrity.h>
#include <linux/evm.h>
#include <crypto/hash.h>
+#include <crypto/algapi.h>
#include "evm.h"
int evm_initialized;
@@ -132,7 +133,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
xattr_value_len, calc.digest);
if (rc)
break;
- rc = memcmp(xattr_data->digest, calc.digest,
+ rc = crypto_memneq(xattr_data->digest, calc.digest,
sizeof(calc.digest));
if (rc)
rc = -EINVAL;
--
2.7.1
next prev parent reply other threads:[~2016-02-15 16:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-15 16:12 [patch added to 3.12-stable] USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] USB: cp210x: add ID for IAI USB to RS485 adaptor Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] USB: serial: option: Adding support for Telit LE922 Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] USB: option: fix Cinterion AHxx enumeration Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] tty: Fix GPF in flush_to_ldisc() Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] tty: Fix unsafe ldisc reference via ioctl(TIOCGETD) Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] xhci: fix usb2 resume timing and races Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] ext4: Fix handling of extended tv_sec Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] crypto: af_alg - Disallow bind/setkey/... after accept(2) Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] crypto: af_alg - Fix socket double-free when accept fails Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] AHCI: Fix softreset failed issue of Port Multiplier Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] libata: disable forced PORTS_IMPL for >= AHCI 1.3 Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] ahci: Intel DNV device IDs SATA Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] crypto: algif_hash - wait for crypto_ahash_init() to complete Jiri Slaby
2016-02-15 16:12 ` Jiri Slaby [this message]
2016-02-15 16:12 ` [patch added to 3.12-stable] crypto: user - lock crypto_alg_list on alg dump Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] FS-Cache: Increase reference of parent after registering, netfs success Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] FS-Cache: Don't override netfs's primary_index if registering failed Jiri Slaby
2016-02-15 16:12 ` [patch added to 3.12-stable] binfmt_elf: Don't clobber passed executable's file header Jiri Slaby
-- strict thread matches above, loose matches on Subject: below --
2016-04-21 12:14 [patch added to 3.12-stable] cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind Jiri Slaby
2016-04-21 12:14 ` [patch added to 3.12-stable] EVM: Use crypto_memneq() for digest comparisons Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455552767-7413-15-git-send-email-jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=james.l.morris@oracle.com \
--cc=stable@vger.kernel.org \
--cc=ware@linux.intel.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).