From 9487b0ac6d1f630adf05813c7864e0c0fba67850 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 3 Jul 2023 09:59:20 +0000 Subject: Switch ossl_ecdsa_verify() to timingsafe_memcmp() Requested by jsing --- src/lib/libcrypto/ecdsa/ecs_ossl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/lib/libcrypto/ecdsa/ecs_ossl.c') diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c index 7e03c234ee..83be5fd38b 100644 --- a/src/lib/libcrypto/ecdsa/ecs_ossl.c +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecs_ossl.c,v 1.49 2023/07/03 09:55:42 tb Exp $ */ +/* $OpenBSD: ecs_ossl.c,v 1.50 2023/07/03 09:59:20 tb Exp $ */ /* * Written by Nils Larsch for the OpenSSL project */ @@ -440,7 +440,7 @@ ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, /* Ensure signature uses DER and doesn't have trailing garbage */ if ((derlen = i2d_ECDSA_SIG(s, &der)) != sig_len) goto err; - if (memcmp(sigbuf, der, derlen)) + if (timingsafe_memcmp(sigbuf, der, derlen)) goto err; ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); -- cgit v1.2.3-55-g6feb