KEYS: encrypted: use constant-time HMAC comparison

MACs should, in general, be compared using crypto_memneq() to prevent timing attacks. Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N Eric Biggers <ebiggers@google.com> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N James Morris <james.l.morris@oracle.com>

KEYS: encrypted: use constant-time HMAC comparison
MACs should, in general, be compared using crypto_memneq() to prevent timing attacks. Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: N Eric Biggers <ebiggers@google.com> Signed-off-by: N David Howells <dhowells@redhat.com> Signed-off-by: N James Morris <james.l.morris@oracle.com>
0f534e4a · Eric Biggers · James Morris · 64d107d3 · 0f534e4a
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

security/keys/encrypted-keys/encrypted.c security/keys/encrypted-keys/encrypted.c +3 -2

未找到文件。
--- a/security/keys/encrypted-keys/encrypted.c
+++ b/security/keys/encrypted-keys/encrypted.c
@@ -30,6 +30,7 @@
 #include <linux/scatterlist.h>
 #include <linux/ctype.h>
 #include <crypto/aes.h>
+#include <crypto/algapi.h>
 #include <crypto/hash.h>
 #include <crypto/sha.h>
 #include <crypto/skcipher.h>
@@ -534,8 +535,8 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
 	ret = calc_hmac(digest, derived_key, sizeof derived_key, p, len);
 	if (ret < 0)
 		goto out;
-	ret = memcmp(digest, epayload->format + epayload->datablob_len,
-		     sizeof digest);
+	ret = crypto_memneq(digest, epayload->format + epayload->datablob_len,
+			    sizeof(digest));
 	if (ret) {
 		ret = -EINVAL;
 		dump_hmac("datablob",