Otherwise, we enable all sorts of forgeries via timing attack.
Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com>
Suggested-by: Stephan Müller <smuel...@chronox.de>
Cc: sta...@vger.kernel.org
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org
---
crypto/rsa-pkcs1pad.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 8baab4307f7b..7830d304dff6 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -496,7 +496,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request
*req, int err)
goto done;
pos++;
- if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
+ if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
goto done;
pos += digest_info->size;
--
2.13.1
