diff options
| author | Eric Biggers <ebiggers@kernel.org> | 2025-10-20 12:26:11 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-10-29 14:01:24 +0100 |
| commit | e277dda06130267c3083da3661a60d8498d8deca (patch) | |
| tree | 36c80693d9729bb98ca70fc052893f424707a576 | |
| parent | a82a50e99f240ed11b74641e9f7a1ea583502d0c (diff) | |
| download | linux-e277dda06130267c3083da3661a60d8498d8deca.tar.gz linux-e277dda06130267c3083da3661a60d8498d8deca.tar.bz2 linux-e277dda06130267c3083da3661a60d8498d8deca.zip | |
KEYS: trusted_tpm1: Compare HMAC values in constant time
[ Upstream commit eed0e3d305530066b4fc5370107cff8ef1a0d229 ]
To prevent timing attacks, HMAC value comparison needs to be constant
time. Replace the memcmp() with the correct function, crypto_memneq().
[For the Fixes commit I used the commit that introduced the memcmp().
It predates the introduction of crypto_memneq(), but it was still a bug
at the time even though a helper function didn't exist yet.]
Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
[ replaced crypto/utils.h include with crypto/algapi.h ]
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | security/keys/trusted-keys/trusted_tpm1.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index 4c3cffcd296a..3e9dc03d59c9 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -9,6 +9,7 @@ */ #include <crypto/hash_info.h> +#include <crypto/algapi.h> #include <linux/uaccess.h> #include <linux/module.h> #include <linux/init.h> @@ -248,7 +249,7 @@ int TSS_checkhmac1(unsigned char *buffer, if (ret < 0) goto out; - if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: kfree_sensitive(sdesc); @@ -341,7 +342,7 @@ static int TSS_checkhmac2(unsigned char *buffer, TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { ret = -EINVAL; goto out; } @@ -350,7 +351,7 @@ static int TSS_checkhmac2(unsigned char *buffer, TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: kfree_sensitive(sdesc); |