From: <gregkh@linuxfoundation.org>
To: Jason@zx2c4.com, Anna.Schumaker@Netapp.com,
anna.schumaker@netapp.com, bfields@fieldses.org,
gregkh@linuxfoundation.org, jlayton@poochiereds.net,
trond.myklebust@primarydata.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "sunrpc: use constant time memory comparison for mac" has been added to the 4.12-stable tree
Date: Mon, 24 Jul 2017 21:39:57 -0700 [thread overview]
Message-ID: <1500957597231129@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
sunrpc: use constant time memory comparison for mac
to the 4.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
sunrpc-use-constant-time-memory-comparison-for-mac.patch
and it can be found in the queue-4.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 15a8b93fd5690de017ce665382ea45e5d61811a4 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Sat, 10 Jun 2017 04:59:07 +0200
Subject: sunrpc: use constant time memory comparison for mac
From: Jason A. Donenfeld <Jason@zx2c4.com>
commit 15a8b93fd5690de017ce665382ea45e5d61811a4 upstream.
Otherwise, we enable a MAC forgery via timing attack.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Jeff Layton <jlayton@poochiereds.net>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: Anna Schumaker <anna.schumaker@netapp.com>
Cc: linux-nfs@vger.kernel.org
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/sunrpc/auth_gss/gss_krb5_crypto.c
+++ b/net/sunrpc/auth_gss/gss_krb5_crypto.c
@@ -34,6 +34,7 @@
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
+#include <crypto/algapi.h>
#include <crypto/hash.h>
#include <crypto/skcipher.h>
#include <linux/err.h>
@@ -927,7 +928,7 @@ gss_krb5_aes_decrypt(struct krb5_ctx *kc
if (ret)
goto out_err;
- if (memcmp(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
+ if (crypto_memneq(pkt_hmac, our_hmac, kctx->gk5e->cksumlength) != 0) {
ret = GSS_S_BAD_SIG;
goto out_err;
}
Patches currently in stable-queue which might be from Jason@zx2c4.com are
queue-4.12/sunrpc-use-constant-time-memory-comparison-for-mac.patch
queue-4.12/bluetooth-use-constant-time-memory-comparison-for-secret-values.patch
reply other threads:[~2017-07-25 4:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1500957597231129@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=Anna.Schumaker@Netapp.com \
--cc=Jason@zx2c4.com \
--cc=bfields@fieldses.org \
--cc=jlayton@poochiereds.net \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).