Ryan Ware 613317bd21 EVM: Use crypto_memneq() for digest comparisons ... This patch fixes vulnerability CVE-2016-2085. The problem exists because the vm_verify_hmac() function includes a use of memcmp(). Unfortunately, this allows timing side channel attacks; specifically a MAC forgery complexity drop from 2^128 to 2^12. This patch changes the memcmp() to the cryptographically safe crypto_memneq(). Reported-by: Xiaofei Rex Guo <xiaofei.rex.guo@intel.com> Signed-off-by: Ryan Ware <ware@linux.intel.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: James Morris <james.l.morris@oracle.com>		2016-02-12 18:36:47 +11:00
..
apparmor	apparmor: clarify CRYPTO dependency	2015-10-22 11:11:28 +11:00
integrity	EVM: Use crypto_memneq() for digest comparisons	2016-02-12 18:36:47 +11:00
keys	KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set	2016-01-28 10:48:40 +11:00
selinux	selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables	2016-02-09 04:55:05 -05:00
smack	security: let security modules use PTRACE_MODE_* with bitmasks	2016-01-20 17:09:18 -08:00
tomoyo	convert a bunch of open-coded instances of memdup_user_nul()	2016-01-04 10:26:58 -05:00
yama	security: let security modules use PTRACE_MODE_* with bitmasks	2016-01-20 17:09:18 -08:00
commoncap.c	ptrace: use fsuid, fsgid, effective creds for fs access checks	2016-01-20 17:09:18 -08:00
device_cgroup.c	security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition	2015-09-03 18:13:10 -07:00
inode.c	wrappers for ->i_mutex access	2016-01-22 18:04:28 -05:00
Kconfig	Yama: remove needless CONFIG_SECURITY_YAMA_STACKED	2015-07-28 13:18:19 +10:00
lsm_audit.c	Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next	2015-08-15 13:29:57 +10:00
Makefile	LSM: Switch to lists of hooks	2015-05-12 15:00:41 +10:00
min_addr.c	mmap_min_addr check CAP_SYS_RAWIO only for write	2010-04-23 08:56:31 +10:00
security.c	security: Add hook to invalidate inode security labels	2015-12-24 11:09:40 -05:00