From 500c35c4f020d87efbd1b5f638d51d78cce1b5ea Mon Sep 17 00:00:00 2001
From: djm <>
Date: Wed, 5 Sep 2018 00:55:33 +0000
Subject: use timing-safe compares for checking results in signature
 verification (there are no known attacks, this is just inexpensive prudence)

feedback and ok tb@ jsing@
---
 src/lib/libcrypto/rsa/rsa_pss.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/rsa/rsa_pss.c')

diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 870f634b8d..562f7b252c 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.13 2018/09/05 00:55:33 djm Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -163,7 +163,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
 	}
 	if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
 		goto err;
-	if (memcmp(H_, H, hLen)) {
+	if (timingsafe_bcmp(H_, H, hLen)) {
 		RSAerror(RSA_R_BAD_SIGNATURE);
 		ret = 0;
 	} else
-- 
cgit v1.2.3-55-g6feb