use timing-safe compares for checking results in signature verification

(there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@
author: djm <djm@openbsd.org> 2018-09-05 00:55:33 +0000
committer: djm <djm@openbsd.org> 2018-09-05 00:55:33 +0000
commit: 2f115aa846580043bf0b23d9fcc2c382657c60f6 (patch)
tree: b1dcb8e269bb67857fd9ca9ab329116ebb67890e /lib/libcrypto/rsa/rsa_pmeth.c
parent: Forgot to rename pf_frent_holes() prototype in previous commit. (diff)
download: wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.tar.xz
wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c
index b4a4e730c01..ea6401b3dab 100644
--- a/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.20 2017/08/28 17:41:59 jsing Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.21 2018/09/05 00:55:33 djm Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -296,7 +296,7 @@ pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen,
 			return 0;
 	}
 
-	if (rslen != tbslen || memcmp(tbs, rctx->tbuf, rslen))
+	if (rslen != tbslen || timingsafe_bcmp(tbs, rctx->tbuf, rslen))
 		return 0;
 
 	return 1;
author	djm <djm@openbsd.org>	2018-09-05 00:55:33 +0000
committer	djm <djm@openbsd.org>	2018-09-05 00:55:33 +0000
commit	2f115aa846580043bf0b23d9fcc2c382657c60f6 (patch)
tree	b1dcb8e269bb67857fd9ca9ab329116ebb67890e /lib/libcrypto/rsa/rsa_pmeth.c
parent	Forgot to rename pf_frent_holes() prototype in previous commit. (diff)
download	wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.tar.xz wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.zip