crypto: rsa-pkcs1pad - use constant time memory comparison for MACs

Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: N Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: N Stephan Müller <smueller@chronox.de> Cc: stable@vger.kernel.org Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>

crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: N Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: N Stephan Müller <smueller@chronox.de> Cc: stable@vger.kernel.org Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org Signed-off-by: N Herbert Xu <herbert@gondor.apana.org.au>
fec17cb2 · Jason A. Donenfeld · Herbert Xu · ffe55266 · fec17cb2
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

crypto/rsa-pkcs1pad.c crypto/rsa-pkcs1pad.c +1 -1

未找到文件。
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -490,7 +490,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
 		goto done;
 	pos++;

-	if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
+	if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
 		goto done;

 	pos += digest_info->size;