Use constant-time memcmp when comparing sensitive buffers

This helps to avoid timing attacks. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-02-17 15:35:51 +13:00
parent 20f038f4f0
commit b19633f9b9
9 changed files with 12 additions and 12 deletions
--- a/lib/hcrypto/rsa.c
+++ b/lib/hcrypto/rsa.c
@@ -426,7 +426,7 @@ RSA_verify(int type, const unsigned char *from, unsigned int flen,
 	    return -4;
 	}

-	if (flen != di.digest.length || memcmp(di.digest.data, from, flen) != 0) {
+	if (flen != di.digest.length || ct_memcmp(di.digest.data, from, flen) != 0) {
 	    free_DigestInfo(&di);
 	    return -5;
 	}