averello/linux-stable-mirror
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2026-04-03 12:05:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
34143a23fca850d98c2ea3f4eef875d70ca66add
linux-stable-mirror/security
History
Eric Biggers ec230e7ac6 KEYS: trusted_tpm1: Compare HMAC values in constant time 
commit eed0e3d305 upstream.

To prevent timing attacks, HMAC value comparison needs to be constant
time.  Replace the memcmp() with the correct function, crypto_memneq().

[For the Fixes commit I used the commit that introduced the memcmp().
It predates the introduction of crypto_memneq(), but it was still a bug
at the time even though a helper function didn't exist yet.]

Fixes: d00a1c72f7 ("keys: add new trusted key-type")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-10-19 16:33:51 +02:00
..
apparmor
apparmor: Fix 8-byte alignment for initial dfa blob streams
2025-08-28 16:30:56 +02:00
bpf
integrity
ima: process_measurement() needlessly takes inode_lock() on MAY_READ
2025-05-29 11:02:00 +02:00
ipe
keys
KEYS: trusted_tpm1: Compare HMAC values in constant time
2025-10-19 16:33:51 +02:00
landlock
landlock: Prepare to add second errata
2025-04-20 10:15:56 +02:00
loadpin
lockdown
safesetid
selinux
selinux: change security_compute_sid to return the ssid or tsid on match
2025-07-10 16:05:04 +02:00
smack
smack: Revert "smackfs: Added check catlen"
2025-05-29 11:02:48 +02:00
tomoyo
yama
commoncap.c
device_cgroup.c
inode.c
securityfs: don't pin dentries twice, once is enough...
2025-08-20 18:30:21 +02:00
Kconfig
lsm: CONFIG_LSM can depend on CONFIG_SECURITY
2025-10-15 11:59:55 +02:00
Kconfig.hardening
lsm_audit.c
lsm_syscalls.c
Makefile
min_addr.c
security.c