cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt

from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@

1 files changed, 1 insertions, 1 deletions

diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c
index b63460a56d..6981852b5b 100644
--- a/src/lib/libssl/s3_both.c
+++ b/src/lib/libssl/s3_both.c
@@ -263,7 +263,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                 goto f_err;
                 }
 
-        if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+        if (timingsafe_bcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                 {
                 al=SSL_AD_DECRYPT_ERROR;
                 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);