use timing-safe compares for checking results in signature verification

(there are no known attacks, this is just inexpensive prudence) feedback and ok tb@ jsing@
author: djm <djm@openbsd.org> 2018-09-05 00:55:33 +0000
committer: djm <djm@openbsd.org> 2018-09-05 00:55:33 +0000
commit: 2f115aa846580043bf0b23d9fcc2c382657c60f6 (patch)
tree: b1dcb8e269bb67857fd9ca9ab329116ebb67890e /lib/libcrypto/rsa/rsa_saos.c
parent: Forgot to rename pf_frent_holes() prototype in previous commit. (diff)
download: wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.tar.xz
wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libcrypto/rsa/rsa_saos.c b/lib/libcrypto/rsa/rsa_saos.c
index e1fbdcb5dfb..93492ac5035 100644
--- a/lib/libcrypto/rsa/rsa_saos.c
+++ b/lib/libcrypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_saos.c,v 1.23 2017/05/02 03:59:45 deraadt Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.24 2018/09/05 00:55:33 djm Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -130,7 +130,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
 		goto err;
 
 	if ((unsigned int)sig->length != m_len ||
-	    memcmp(m, sig->data, m_len) != 0) {
+	    timingsafe_bcmp(m, sig->data, m_len) != 0) {
 		RSAerror(RSA_R_BAD_SIGNATURE);
 	} else
 		ret = 1;
author	djm <djm@openbsd.org>	2018-09-05 00:55:33 +0000
committer	djm <djm@openbsd.org>	2018-09-05 00:55:33 +0000
commit	2f115aa846580043bf0b23d9fcc2c382657c60f6 (patch)
tree	b1dcb8e269bb67857fd9ca9ab329116ebb67890e /lib/libcrypto/rsa/rsa_saos.c
parent	Forgot to rename pf_frent_holes() prototype in previous commit. (diff)
download	wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.tar.xz wireguard-openbsd-2f115aa846580043bf0b23d9fcc2c382657c60f6.zip