Otherwise, we enable all sorts of forgeries via timing attack. Signed-off-by: Jason A. Donenfeld <ja...@zx2c4.com> Suggested-by: Stephan Müller <smuel...@chronox.de> Cc: sta...@vger.kernel.org Cc: Herbert Xu <herb...@gondor.apana.org.au> Cc: linux-crypto@vger.kernel.org --- crypto/rsa-pkcs1pad.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index 8baab4307f7b..7830d304dff6 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -496,7 +496,7 @@ static int pkcs1pad_verify_complete(struct akcipher_request *req, int err) goto done; pos++; - if (memcmp(out_buf + pos, digest_info->data, digest_info->size)) + if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size)) goto done; pos += digest_info->size; -- 2.13.1