CVE-2024-56738: Fix for grub_crypto_memcmp to use constant-time algorithm

[Amin, Mostafa]

Dear Security team,

I am submitting a fix for CVE-2024-56738 affecting the GRUB2 package in Debian.

Description of the vulnerability:
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. The current implementation returns early when a difference is found, which can lead to timing attacks that reveal information about the compared data.

Affected Debian versions:
- bookworm
- bullseye
- trixie/sid

The fix implements a constant-time comparison algorithm that:
1. Uses bitwise operations (XOR and OR) instead of conditional branching
2. Always processes all bytes regardless of whether differences are found
3. Uses volatile to prevent compiler optimizations that could reintroduce timing issues

I've verified that the patch is syntactically correct and implements proper constant-time comparison according to cryptographic best practices.


I've attached the patch file to this email.

Thanks,
Mostafa Amin


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20250429/c1ee6558/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-grub-crypto-memcmp-constant-time.patch
Type: text/x-patch
Size: 1491 bytes
Desc: fix-grub-crypto-memcmp-constant-time.patch
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20250429/c1ee6558/attachment-0001.bin>