use timing-safe compares for checking results in signature verification

(there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@
author: djm <> 2018-09-05 00:55:33 +0000
committer: djm <> 2018-09-05 00:55:33 +0000
commit: 500c35c4f020d87efbd1b5f638d51d78cce1b5ea (patch)
tree: e041735a97a92c3a22eab8257b329a2e73d4f9b0 /src/lib/libcrypto/rsa/rsa_saos.c
parent: a707e9b3b7839a52fa4e75b9c174d23c7dd8b683 (diff)
download: openbsd-500c35c4f020d87efbd1b5f638d51d78cce1b5ea.tar.gz
openbsd-500c35c4f020d87efbd1b5f638d51d78cce1b5ea.tar.bz2
openbsd-500c35c4f020d87efbd1b5f638d51d78cce1b5ea.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index e1fbdcb5df..93492ac503 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_saos.c,v 1.23 2017/05/02 03:59:45 deraadt Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.24 2018/09/05 00:55:33 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -130,7 +130,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
                goto err;
        if ((unsigned int)sig->length != m_len ||
-            memcmp(m, sig->data, m_len) != 0) {
+            timingsafe_bcmp(m, sig->data, m_len) != 0) {
                RSAerror(RSA_R_BAD_SIGNATURE);
        } else
                ret = 1;
author	djm <>	2018-09-05 00:55:33 +0000
committer	djm <>	2018-09-05 00:55:33 +0000
commit	500c35c4f020d87efbd1b5f638d51d78cce1b5ea (patch)
tree	e041735a97a92c3a22eab8257b329a2e73d4f9b0 /src/lib/libcrypto/rsa/rsa_saos.c
parent	a707e9b3b7839a52fa4e75b9c174d23c7dd8b683 (diff)
download	openbsd-500c35c4f020d87efbd1b5f638d51d78cce1b5ea.tar.gz openbsd-500c35c4f020d87efbd1b5f638d51d78cce1b5ea.tar.bz2 openbsd-500c35c4f020d87efbd1b5f638d51d78cce1b5ea.zip

diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c index e1fbdcb5df..93492ac503 100644 --- a/src/lib/libcrypto/rsa/rsa_saos.c +++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_saos.c,v 1.23 2017/05/02 03:59:45 deraadt Exp $ */	1	/* $OpenBSD: rsa_saos.c,v 1.24 2018/09/05 00:55:33 djm Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -130,7 +130,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
130	goto err;	130	goto err;
131		131
132	if ((unsigned int)sig->length != m_len \|\|	132	if ((unsigned int)sig->length != m_len \|\|
133	memcmp(m, sig->data, m_len) != 0) {	133	timingsafe_bcmp(m, sig->data, m_len) != 0) {
134	RSAerror(RSA_R_BAD_SIGNATURE);	134	RSAerror(RSA_R_BAD_SIGNATURE);
135	} else	135	} else
136	ret = 1;	136	ret = 1;