Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / cb8affb55c7e64816f3effcd9b2fc3268c016fac
commitcb8affb55c7e64816f3effcd9b2fc3268c016fac[log] [tgz]
authorDavid Gstir <david@sigma-star.at>Sun Nov 15 17:14:41 2015 +0100
committerHerbert Xu <herbert@gondor.apana.org.au>Mon Nov 16 21:39:23 2015 +0800
treea4db924f12ad7421f71ca0ca10a374b4eb814267
parent8005c49d9aea74d382f474ce11afbbc7d7130bec [diff]
crypto: nx - Fix timing leak in GCM and CCM decryption

Using non-constant time memcmp() makes the verification of the authentication
tag in the decrypt path vulnerable to timing attacks. Fix this by using
crypto_memneq() instead.

Cc: stable@vger.kernel.org
Signed-off-by: David Gstir <david@sigma-star.at>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2 files changed
tree: a4db924f12ad7421f71ca0ca10a374b4eb814267
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS