convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring

libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
author: tedu <> 2014-06-19 21:29:51 +0000
committer: tedu <> 2014-06-19 21:29:51 +0000
commit: 150e8864673fb3b65a00e9188f50ca6a5bae927d (patch)
tree: 7d822bfb3203433ec1d2621e3b77a893bd97b408 /src/lib/libssl/s3_clnt.c
parent: 41e038d2e8f6a205e6aa50aa0e910df4ff76ec9e (diff)
download: openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.gz
openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.bz2
openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index d8036c4061..7257ba566d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s)
        }
        if (j != 0 && j == s->session->session_id_length &&
-            CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
+            timingsafe_memcmp(p, s->session->session_id, j) == 0) {
                if (s->sid_ctx_length != s->session->sid_ctx_length ||
-                    CRYPTO_memcmp(s->session->sid_ctx,
+                    timingsafe_memcmp(s->session->sid_ctx,
                    s->sid_ctx, s->sid_ctx_length)) {
                        /* actually a client application bug */
                        al = SSL_AD_ILLEGAL_PARAMETER;
author	tedu <>	2014-06-19 21:29:51 +0000
committer	tedu <>	2014-06-19 21:29:51 +0000
commit	150e8864673fb3b65a00e9188f50ca6a5bae927d (patch)
tree	7d822bfb3203433ec1d2621e3b77a893bd97b408 /src/lib/libssl/s3_clnt.c
parent	41e038d2e8f6a205e6aa50aa0e910df4ff76ec9e (diff)
download	openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.gz openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.bz2 openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index d8036c4061..7257ba566d 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s)
883	}	883	}
884		884
885	if (j != 0 && j == s->session->session_id_length &&	885	if (j != 0 && j == s->session->session_id_length &&
886	CRYPTO_memcmp(p, s->session->session_id, j) == 0) {	886	timingsafe_memcmp(p, s->session->session_id, j) == 0) {
887	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|	887	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|
888	CRYPTO_memcmp(s->session->sid_ctx,	888	timingsafe_memcmp(s->session->sid_ctx,
889	s->sid_ctx, s->sid_ctx_length)) {	889	s->sid_ctx, s->sid_ctx_length)) {
890	/* actually a client application bug */	890	/* actually a client application bug */
891	al = SSL_AD_ILLEGAL_PARAMETER;	891	al = SSL_AD_ILLEGAL_PARAMETER;