Skip to content

Commit

Permalink
crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
Browse files Browse the repository at this point in the history 
Otherwise, we enable all sorts of forgeries via timing attack.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Suggested-by: Stephan Müller <smueller@chronox.de>
Cc: stable@vger.kernel.org
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  • Loading branch information
Jason A. Donenfeld authored and Herbert Xu committed Jun 20, 2017
1 parent ffe5526 commit fec17cb
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion crypto/rsa-pkcs1pad.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
goto done;
pos++;

if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
goto done;

pos += digest_info->size;
Expand Down

0 comments on commit fec17cb

Please sign in to comment.