Switch ossl_ecdsa_verify() to timingsafe_memcmp()

Requested by jsing
author: tb <> 2023-07-03 09:59:20 +0000
committer: tb <> 2023-07-03 09:59:20 +0000
commit: 9487b0ac6d1f630adf05813c7864e0c0fba67850 (patch)
tree: e04ed84707835b756f45a7744883cf76816f3e68 /src
parent: b7bf542a80b8e960840d2ae7d1c844dfdb441703 (diff)
download: openbsd-9487b0ac6d1f630adf05813c7864e0c0fba67850.tar.gz
openbsd-9487b0ac6d1f630adf05813c7864e0c0fba67850.tar.bz2
openbsd-9487b0ac6d1f630adf05813c7864e0c0fba67850.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c
index 7e03c234ee..83be5fd38b 100644
--- a/src/lib/libcrypto/ecdsa/ecs_ossl.c
+++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_ossl.c,v 1.49 2023/07/03 09:55:42 tb Exp $ */
+/* $OpenBSD: ecs_ossl.c,v 1.50 2023/07/03 09:59:20 tb Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -440,7 +440,7 @@ ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
        /* Ensure signature uses DER and doesn't have trailing garbage */
        if ((derlen = i2d_ECDSA_SIG(s, &der)) != sig_len)
                goto err;
-        if (memcmp(sigbuf, der, derlen))
+        if (timingsafe_memcmp(sigbuf, der, derlen))
                goto err;
        ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
author	tb <>	2023-07-03 09:59:20 +0000
committer	tb <>	2023-07-03 09:59:20 +0000
commit	9487b0ac6d1f630adf05813c7864e0c0fba67850 (patch)
tree	e04ed84707835b756f45a7744883cf76816f3e68 /src
parent	b7bf542a80b8e960840d2ae7d1c844dfdb441703 (diff)
download	openbsd-9487b0ac6d1f630adf05813c7864e0c0fba67850.tar.gz openbsd-9487b0ac6d1f630adf05813c7864e0c0fba67850.tar.bz2 openbsd-9487b0ac6d1f630adf05813c7864e0c0fba67850.zip

diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 7e03c234ee..83be5fd38b 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ecs_ossl.c,v 1.49 2023/07/03 09:55:42 tb Exp $ */	1	/* $OpenBSD: ecs_ossl.c,v 1.50 2023/07/03 09:59:20 tb Exp $ */
2	/*	2	/*
3	* Written by Nils Larsch for the OpenSSL project	3	* Written by Nils Larsch for the OpenSSL project
4	*/	4	*/
@@ -440,7 +440,7 @@ ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
440	/* Ensure signature uses DER and doesn't have trailing garbage */	440	/* Ensure signature uses DER and doesn't have trailing garbage */
441	if ((derlen = i2d_ECDSA_SIG(s, &der)) != sig_len)	441	if ((derlen = i2d_ECDSA_SIG(s, &der)) != sig_len)
442	goto err;	442	goto err;
443	if (memcmp(sigbuf, der, derlen))	443	if (timingsafe_memcmp(sigbuf, der, derlen))
444	goto err;	444	goto err;
445		445
446	ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);	446	ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);