Add and use a constant-time memcmp.

This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
author: Ben Laurie <ben@links.org> 2013-01-28 17:30:38 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-06 13:56:12 +0000
commit: f5cd3561ba9363e6bcc58fcb6b1e94930f81967d (patch)
tree: a4d926b0e59470d717c082e85006c6961e1e1efb /crypto/rsa
parent: 115f7fa5625580b8ec7850c093ba4e334756da92 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 553d212ebe..af4d24a56e 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -149,7 +149,7 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
 	if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
 		return -1;
 
-	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
 		goto decoding_err;
 	else
 		{
author	Ben Laurie <ben@links.org>	2013-01-28 17:30:38 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-06 13:56:12 +0000
commit	f5cd3561ba9363e6bcc58fcb6b1e94930f81967d (patch)
tree	a4d926b0e59470d717c082e85006c6961e1e1efb /crypto/rsa
parent	115f7fa5625580b8ec7850c093ba4e334756da92 (diff)