diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2021-03-05 09:27:22 +0100 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2021-07-30 19:50:36 +0200 |
commit | 0a9f9a7410681e55362f8311537ebc7be9ad0fbe (patch) | |
tree | 9f7463b586b060fbca23cca4852245f7b5cdb623 | |
parent | 610db8d457fe7f479e93fb4d88e869792133f9d5 (diff) | |
download | barebox-0a9f9a7410681e55362f8311537ebc7be9ad0fbe.tar.gz barebox-0a9f9a7410681e55362f8311537ebc7be9ad0fbe.tar.xz |
crypto: digest: use crypto_memneq()
When verifying a digest it is important not to leak timing information
through memcmp(). Use crypto_memneq() instead.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
-rw-r--r-- | crypto/digest.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/crypto/digest.c b/crypto/digest.c index d23245e15f..621d384168 100644 --- a/crypto/digest.c +++ b/crypto/digest.c @@ -22,6 +22,7 @@ #include <errno.h> #include <module.h> #include <linux/err.h> +#include <crypto.h> #include <crypto/internal.h> static LIST_HEAD(digests); @@ -47,8 +48,10 @@ int digest_generic_verify(struct digest *d, const unsigned char *md) if (ret) goto end; - ret = memcmp(md, tmp, len); - ret = ret ? -EINVAL : 0; + if (crypto_memneq(md, tmp, len)) + ret = -EINVAL; + else + ret = 0; end: free(tmp); return ret; |