crypto: rsa-pkcs1pad - use constant time memory comparison for MACs

commit fec17cb2 upstream. Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: Stephan Müller <smueller@chronox.de> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
commit fec17cb2 upstream. Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: Stephan Müller <smueller@chronox.de> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
71698654 · Jason A. Donenfeld · Greg Kroah-Hartman · 0d6758f7 · 71698654
Commit 71698654 authored Jun 11, 2017 by Jason A. Donenfeld Committed by Greg Kroah-Hartman Jul 15, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

crypto/rsa-pkcs1pad.c crypto/rsa-pkcs1pad.c +1 -1

No files found.
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -496,7 +496,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
 		goto done;
 	pos++;
-	if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
+	if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
 		goto done;
 	pos += digest_info->size;