without overthinking it, replace a few memcmp calls with CRYPTO_memcmp

where it is feasible to do so. better safe than sorry.
author: tedu <> 2014-06-04 14:10:23 +0000
committer: tedu <> 2014-06-04 14:10:23 +0000
commit: f1af6a0fd89c7819b589f8168a570bcd35c0f727 (patch)
tree: 2239b639d15116fcc235465d6e2d18383e6f7ce1 /src/lib/libssl/ssl_sess.c
parent: 3968230a0022bbdf64e7caf8e2e998f8299a5add (diff)
download: openbsd-f1af6a0fd89c7819b589f8168a570bcd35c0f727.tar.gz
openbsd-f1af6a0fd89c7819b589f8168a570bcd35c0f727.tar.bz2
openbsd-f1af6a0fd89c7819b589f8168a570bcd35c0f727.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 2900490ad2..1e2bade1fb 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        /* Now ret is non-NULL and we own one of its reference counts. */
        if (ret->sid_ctx_length != s->sid_ctx_length
-                || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+            || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
                /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
                goto err; /* treat like cache miss */
author	tedu <>	2014-06-04 14:10:23 +0000
committer	tedu <>	2014-06-04 14:10:23 +0000
commit	f1af6a0fd89c7819b589f8168a570bcd35c0f727 (patch)
tree	2239b639d15116fcc235465d6e2d18383e6f7ce1 /src/lib/libssl/ssl_sess.c
parent	3968230a0022bbdf64e7caf8e2e998f8299a5add (diff)
download	openbsd-f1af6a0fd89c7819b589f8168a570bcd35c0f727.tar.gz openbsd-f1af6a0fd89c7819b589f8168a570bcd35c0f727.tar.bz2 openbsd-f1af6a0fd89c7819b589f8168a570bcd35c0f727.zip

diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 2900490ad2..1e2bade1fb 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL s, unsigned char session_id, int len,
498	/* Now ret is non-NULL and we own one of its reference counts. */	498	/* Now ret is non-NULL and we own one of its reference counts. */
499		499
500	if (ret->sid_ctx_length != s->sid_ctx_length	500	if (ret->sid_ctx_length != s->sid_ctx_length
501	\|\| memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {	501	\|\| CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
502	/* We have the session requested by the client, but we don't	502	/* We have the session requested by the client, but we don't
503	* want to use it in this context. */	503	* want to use it in this context. */
504	goto err; /* treat like cache miss */	504	goto err; /* treat like cache miss */