crypto: rsa-pkcs1pad - use constant time memory comparison for MACs
Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: Stephan Müller <smueller@chronox.de> Cc: stable@vger.kernel.org Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
ffe55266e3
commit
fec17cb223
|
@ -490,7 +490,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
|
|||
goto done;
|
||||
pos++;
|
||||
|
||||
if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
|
||||
if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
|
||||
goto done;
|
||||
|
||||
pos += digest_info->size;
|
||||
|
|
Loading…
Reference in New Issue