lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 11 Jun 2017 23:06:14 +0200
From:   Stephan Müller <>
To:     "Jason A. Donenfeld" <>
        Anna Schumaker <>,
        David Howells <>,
        David Safford <>,
        "David S. Miller" <>,
        Gilad Ben-Yossef <>,
        Greg Kroah-Hartman <>,
        Gustavo Padovan <>,
        "J. Bruce Fields" <>,
        Jeff Layton <>,
        Johan Hedberg <>,
        Johannes Berg <>,
        Marcel Holtmann <>,
        Mimi Zohar <>,
        Trond Myklebust <>,,,,,
Subject: Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Am Samstag, 10. Juni 2017, 04:59:06 CEST schrieb Jason A. Donenfeld:

Hi Jason,

> Whenever you're comparing two MACs, it's important to do this using
> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
> which could then be used to iteratively forge a MAC. This is far too basic
> of a mistake for us to have so pervasively in the year 2017, so let's begin
> cleaning this stuff up. The following 6 locations were found with some
> simple regex greps, but I'm sure more lurk below the surface. If you
> maintain some code or know somebody who maintains some code that deals
> with MACs, tell them to double check which comparison function they're
> using.

Are you planning to send an update to your patch set? If yes, there is another 
one which should be converted too: crypto/rsa-pkcs1pad.c.

Otherwise, I will send a patch converting this one.



Powered by blists - more mailing lists