archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 03:24:45 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/security
History
Eric Biggers eed0e3d305 KEYS: trusted_tpm1: Compare HMAC values in constant time 
To prevent timing attacks, HMAC value comparison needs to be constant
time.  Replace the memcmp() with the correct function, crypto_memneq().

[For the Fixes commit I used the commit that introduced the memcmp().
It predates the introduction of crypto_memneq(), but it was still a bug
at the time even though a helper function didn't exist yet.]

Fixes: d00a1c72f7 ("keys: add new trusted key-type")
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@kernel.org>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2025-09-27 21:05:06 +03:00
..
apparmor + Features 2025-08-04 08:17:28 -07:00
bpf bpf: lsm: Remove hook to bpf_task_storage_free 2024-12-16 12:32:31 -08:00
integrity integrity-v6.17 2025-07-31 11:42:11 -07:00
ipe ipe/stable-6.17 PR 20250728 2025-07-31 09:42:20 -07:00
keys KEYS: trusted_tpm1: Compare HMAC values in constant time 2025-09-27 21:05:06 +03:00
landlock Landlock update for v6.17-rc1 2025-07-28 19:21:32 -07:00
loadpin loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported 2025-03-03 09:35:50 -08:00
lockdown lockdown: initialize local array before use to quiet static analysis 2025-01-05 12:48:43 -05:00
safesetid safesetid: check size of policy writes 2025-01-04 22:46:09 -05:00
selinux selinux/stable-6.17 PR 20250725 2025-07-28 18:25:57 -07:00
smack Networking changes for 6.16. 2025-05-28 15:24:36 -07:00
tomoyo tomoyo: use better patterns for procfs in learning mode 2025-01-31 00:27:44 +09:00
yama yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl() 2025-03-07 19:58:05 -08:00
commoncap.c exec: Correct the permission check for unsafe exec 2025-06-23 10:38:39 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c make securityfs_remove() remove the entire subtree 2025-06-11 18:19:46 -04:00
Kconfig mseal sysmap: kernel config and header change 2025-04-01 15:17:14 -07:00
Kconfig.hardening kstack_erase: Support Clang stack depth tracking 2025-07-26 14:28:35 -07:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set 2025-01-04 11:50:44 -05:00
min_addr.c security: min_addr: move sysctl to security/min_addr.c 2025-02-07 16:53:04 +01:00
security.c lsm/stable-6.17 PR 20250725 2025-07-28 18:20:32 -07:00