Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Jun 2017 23:06:14 +0200
From: Stephan Müller <>
To: "Jason A. Donenfeld" <>
Cc:,, Anna Schumaker <>, David Howells <>, David Safford <>, "David S. Miller" <>, Gilad Ben-Yossef <>, Greg Kroah-Hartman <>, Gustavo Padovan <>, "J. Bruce Fields" <>, Jeff Layton <>, Johan Hedberg <>, Johannes Berg <>, Marcel Holtmann <>, Mimi Zohar <>, Trond Myklebust <>,,,,,
Subject: Re: [PATCH 0/6] Constant Time Memory Comparisons Are Important

Am Samstag, 10. Juni 2017, 04:59:06 CEST schrieb Jason A. Donenfeld:

Hi Jason,

> Whenever you're comparing two MACs, it's important to do this using
> crypto_memneq instead of memcmp. With memcmp, you leak timing information,
> which could then be used to iteratively forge a MAC. This is far too basic
> of a mistake for us to have so pervasively in the year 2017, so let's begin
> cleaning this stuff up. The following 6 locations were found with some
> simple regex greps, but I'm sure more lurk below the surface. If you
> maintain some code or know somebody who maintains some code that deals
> with MACs, tell them to double check which comparison function they're
> using.

Are you planning to send an update to your patch set? If yes, there is another 
one which should be converted too: crypto/rsa-pkcs1pad.c.

Otherwise, I will send a patch converting this one.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.