| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170610025912.6499-1-Jason@zx2c4.com>
Date: Sat, 10 Jun 2017 04:59:06 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
Anna Schumaker <anna.schumaker@...app.com>,
David Howells <dhowells@...hat.com>,
David Safford <safford@...ibm.com>,
"David S. Miller" <davem@...emloft.net>,
Gilad Ben-Yossef <gilad@...yossef.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Gustavo Padovan <gustavo@...ovan.org>,
"J. Bruce Fields" <bfields@...ldses.org>,
Jeff Layton <jlayton@...chiereds.net>,
Johan Hedberg <johan.hedberg@...il.com>,
Johannes Berg <johannes@...solutions.net>,
Marcel Holtmann <marcel@...tmann.org>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Trond Myklebust <trond.myklebust@...marydata.com>,
keyrings@...r.kernel.org, linux-bluetooth@...r.kernel.org,
linux-nfs@...r.kernel.org, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org
Subject: [PATCH 0/6] Constant Time Memory Comparisons Are Important
Whenever you're comparing two MACs, it's important to do this using
crypto_memneq instead of memcmp. With memcmp, you leak timing information,
which could then be used to iteratively forge a MAC. This is far too basic
of a mistake for us to have so pervasively in the year 2017, so let's begin
cleaning this stuff up. The following 6 locations were found with some
simple regex greps, but I'm sure more lurk below the surface. If you
maintain some code or know somebody who maintains some code that deals
with MACs, tell them to double check which comparison function they're
using.
Jason A. Donenfeld (6):
sunrpc: use constant time memory comparison for mac
net/ipv6: use constant time memory comparison for mac
ccree: use constant time memory comparison for macs and tags
security/keys: use constant time memory comparison for macs
bluetooth/smp: use constant time memory comparison for secret values
mac80211/wpa: use constant time memory comparison for MACs
Cc: Anna Schumaker <anna.schumaker@...app.com>
Cc: David Howells <dhowells@...hat.com>
Cc: David Safford <safford@...ibm.com>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Gilad Ben-Yossef <gilad@...yossef.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Gustavo Padovan <gustavo@...ovan.org>
Cc: "J. Bruce Fields" <bfields@...ldses.org>
Cc: Jeff Layton <jlayton@...chiereds.net>
Cc: Johan Hedberg <johan.hedberg@...il.com>
Cc: Johannes Berg <johannes@...solutions.net>
Cc: Marcel Holtmann <marcel@...tmann.org>
Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: Trond Myklebust <trond.myklebust@...marydata.com>
Cc: keyrings@...r.kernel.org
Cc: linux-bluetooth@...r.kernel.org
Cc: linux-nfs@...r.kernel.org
Cc: linux-wireless@...r.kernel.org
Cc: netdev@...r.kernel.org
drivers/staging/ccree/ssi_fips_ll.c | 17 ++++++++-------
net/bluetooth/smp.c | 39 ++++++++++++++++++-----------------
net/ipv6/seg6_hmac.c | 3 ++-
net/mac80211/wpa.c | 9 ++++----
net/sunrpc/auth_gss/gss_krb5_crypto.c | 3 ++-
security/keys/trusted.c | 7 ++++---
6 files changed, 42 insertions(+), 36 deletions(-)
--
2.13.1
Powered by blists - more mailing lists