diff options
author | Eric Biggers <ebiggers@google.com> | 2017-06-08 14:48:32 +0100 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2017-06-09 13:29:47 +1000 |
commit | 0f534e4a13496b02ae284f50fcb0263f6ea37007 (patch) | |
tree | a5200ddfa62a42340dd2ee2e918fb5b001240382 | |
parent | 64d107d3acca1565c39c044c459fd18f70943534 (diff) | |
download | linux-0f534e4a13496b02ae284f50fcb0263f6ea37007.tar.gz linux-0f534e4a13496b02ae284f50fcb0263f6ea37007.tar.bz2 linux-0f534e4a13496b02ae284f50fcb0263f6ea37007.zip |
KEYS: encrypted: use constant-time HMAC comparison
MACs should, in general, be compared using crypto_memneq() to prevent
timing attacks.
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r-- | security/keys/encrypted-keys/encrypted.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index 702c80662069..5c98c2fe03f0 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -30,6 +30,7 @@ #include <linux/scatterlist.h> #include <linux/ctype.h> #include <crypto/aes.h> +#include <crypto/algapi.h> #include <crypto/hash.h> #include <crypto/sha.h> #include <crypto/skcipher.h> @@ -534,8 +535,8 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload, ret = calc_hmac(digest, derived_key, sizeof derived_key, p, len); if (ret < 0) goto out; - ret = memcmp(digest, epayload->format + epayload->datablob_len, - sizeof digest); + ret = crypto_memneq(digest, epayload->format + epayload->datablob_len, + sizeof(digest)); if (ret) { ret = -EINVAL; dump_hmac("datablob", |