Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20170610025912.6499-1-Jason@zx2c4.com>
Date: Sat, 10 Jun 2017 04:59:06 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: linux-kernel@...r.kernel.org,
	kernel-hardening@...ts.openwall.com
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
	Anna Schumaker <anna.schumaker@...app.com>,
	David Howells <dhowells@...hat.com>,
	David Safford <safford@...ibm.com>,
	"David S. Miller" <davem@...emloft.net>,
	Gilad Ben-Yossef <gilad@...yossef.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Gustavo Padovan <gustavo@...ovan.org>,
	"J. Bruce Fields" <bfields@...ldses.org>,
	Jeff Layton <jlayton@...chiereds.net>,
	Johan Hedberg <johan.hedberg@...il.com>,
	Johannes Berg <johannes@...solutions.net>,
	Marcel Holtmann <marcel@...tmann.org>,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Trond Myklebust <trond.myklebust@...marydata.com>,
	keyrings@...r.kernel.org,
	linux-bluetooth@...r.kernel.org,
	linux-nfs@...r.kernel.org,
	linux-wireless@...r.kernel.org,
	netdev@...r.kernel.org
Subject: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Whenever you're comparing two MACs, it's important to do this using
crypto_memneq instead of memcmp. With memcmp, you leak timing information,
which could then be used to iteratively forge a MAC. This is far too basic
of a mistake for us to have so pervasively in the year 2017, so let's begin
cleaning this stuff up. The following 6 locations were found with some
simple regex greps, but I'm sure more lurk below the surface. If you
maintain some code or know somebody who maintains some code that deals
with MACs, tell them to double check which comparison function they're
using.

Jason A. Donenfeld (6):
  sunrpc: use constant time memory comparison for mac
  net/ipv6: use constant time memory comparison for mac
  ccree: use constant time memory comparison for macs and tags
  security/keys: use constant time memory comparison for macs
  bluetooth/smp: use constant time memory comparison for secret values
  mac80211/wpa: use constant time memory comparison for MACs

Cc: Anna Schumaker <anna.schumaker@...app.com>
Cc: David Howells <dhowells@...hat.com>
Cc: David Safford <safford@...ibm.com>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Gilad Ben-Yossef <gilad@...yossef.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Gustavo Padovan <gustavo@...ovan.org>
Cc: "J. Bruce Fields" <bfields@...ldses.org>
Cc: Jeff Layton <jlayton@...chiereds.net>
Cc: Johan Hedberg <johan.hedberg@...il.com>
Cc: Johannes Berg <johannes@...solutions.net>
Cc: Marcel Holtmann <marcel@...tmann.org>
Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: Trond Myklebust <trond.myklebust@...marydata.com>
Cc: keyrings@...r.kernel.org
Cc: linux-bluetooth@...r.kernel.org
Cc: linux-nfs@...r.kernel.org
Cc: linux-wireless@...r.kernel.org
Cc: netdev@...r.kernel.org

 drivers/staging/ccree/ssi_fips_ll.c   | 17 ++++++++-------
 net/bluetooth/smp.c                   | 39 ++++++++++++++++++-----------------
 net/ipv6/seg6_hmac.c                  |  3 ++-
 net/mac80211/wpa.c                    |  9 ++++----
 net/sunrpc/auth_gss/gss_krb5_crypto.c |  3 ++-
 security/keys/trusted.c               |  7 ++++---
 6 files changed, 42 insertions(+), 36 deletions(-)

-- 
2.13.1

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.