forked from Minki/linux
KEYS: encrypted: use constant-time HMAC comparison
MACs should, in general, be compared using crypto_memneq() to prevent timing attacks. Cc: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
parent
64d107d3ac
commit
0f534e4a13
@ -30,6 +30,7 @@
|
||||
#include <linux/scatterlist.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <crypto/aes.h>
|
||||
#include <crypto/algapi.h>
|
||||
#include <crypto/hash.h>
|
||||
#include <crypto/sha.h>
|
||||
#include <crypto/skcipher.h>
|
||||
@ -534,8 +535,8 @@ static int datablob_hmac_verify(struct encrypted_key_payload *epayload,
|
||||
ret = calc_hmac(digest, derived_key, sizeof derived_key, p, len);
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
ret = memcmp(digest, epayload->format + epayload->datablob_len,
|
||||
sizeof digest);
|
||||
ret = crypto_memneq(digest, epayload->format + epayload->datablob_len,
|
||||
sizeof(digest));
|
||||
if (ret) {
|
||||
ret = -EINVAL;
|
||||
dump_hmac("datablob",
|
||||
|
Loading…
Reference in New Issue
Block a user