Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754057AbcDVLIF (ORCPT ); Fri, 22 Apr 2016 07:08:05 -0400 Received: from mx2.suse.de ([195.135.220.15]:43971 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753769AbcDVLGl (ORCPT ); Fri, 22 Apr 2016 07:06:41 -0400 X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" From: Jiri Slaby To: stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Ryan Ware , Mimi Zohar , James Morris , Jiri Slaby Subject: [PATCH 3.12 76/78] EVM: Use crypto_memneq() for digest comparisons Date: Fri, 22 Apr 2016 13:05:59 +0200 Message-Id: <77c6e7c3a82f0d5b2c3102a2158efce5d2d9994e.1461323133.git.jslaby@suse.cz> X-Mailer: git-send-email 2.8.1 In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1571 Lines: 46 From: Ryan Ware 3.12-stable review patch. If anyone has any objections, please let me know. =============== commit 613317bd212c585c20796c10afe5daaa95d4b0a1 upstream. This patch fixes vulnerability CVE-2016-2085. The problem exists because the vm_verify_hmac() function includes a use of memcmp(). Unfortunately, this allows timing side channel attacks; specifically a MAC forgery complexity drop from 2^128 to 2^12. This patch changes the memcmp() to the cryptographically safe crypto_memneq(). Reported-by: Xiaofei Rex Guo Signed-off-by: Ryan Ware Signed-off-by: Mimi Zohar Signed-off-by: James Morris Signed-off-by: Jiri Slaby --- security/integrity/evm/evm_main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index d43b62c4a8e5..5bf01c8648a8 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "evm.h" int evm_initialized; @@ -132,7 +133,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, xattr_value_len, calc.digest); if (rc) break; - rc = memcmp(xattr_data->digest, calc.digest, + rc = crypto_memneq(xattr_data->digest, calc.digest, sizeof(calc.digest)); if (rc) rc = -EINVAL; -- 2.8.1