convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring

libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod
author: tedu <> 2014-06-19 21:29:51 +0000
committer: tedu <> 2014-06-19 21:29:51 +0000
commit: 150e8864673fb3b65a00e9188f50ca6a5bae927d (patch)
tree: 7d822bfb3203433ec1d2621e3b77a893bd97b408 /src/lib/libssl/t1_reneg.c
parent: 41e038d2e8f6a205e6aa50aa0e910df4ff76ec9e (diff)
download: openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.gz
openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.bz2
openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.zip
1 files changed, 4 insertions, 4 deletions
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 43ad73a598..483d311e9c 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-        if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
+        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
            s->s3->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-        if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
+        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
            s->s3->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        d += s->s3->previous_client_finished_len;
-        if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
+        if (timingsafe_memcmp(d, s->s3->previous_server_finished,
            s->s3->previous_server_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
author	tedu <>	2014-06-19 21:29:51 +0000
committer	tedu <>	2014-06-19 21:29:51 +0000
commit	150e8864673fb3b65a00e9188f50ca6a5bae927d (patch)
tree	7d822bfb3203433ec1d2621e3b77a893bd97b408 /src/lib/libssl/t1_reneg.c
parent	41e038d2e8f6a205e6aa50aa0e910df4ff76ec9e (diff)
download	openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.gz openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.tar.bz2 openbsd-150e8864673fb3b65a00e9188f50ca6a5bae927d.zip

diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 43ad73a598..483d311e9c 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
172	return 0;	172	return 0;
173	}	173	}
174		174
175	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,	175	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
176	s->s3->previous_client_finished_len)) {	176	s->s3->previous_client_finished_len)) {
177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
178	SSL_R_RENEGOTIATION_MISMATCH);	178	SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
259	return 0;	259	return 0;
260	}	260	}
261		261
262	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,	262	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
263	s->s3->previous_client_finished_len)) {	263	s->s3->previous_client_finished_len)) {
264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
265	SSL_R_RENEGOTIATION_MISMATCH);	265	SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
268	}	268	}
269	d += s->s3->previous_client_finished_len;	269	d += s->s3->previous_client_finished_len;
270		270
271	if (CRYPTO_memcmp(d, s->s3->previous_server_finished,	271	if (timingsafe_memcmp(d, s->s3->previous_server_finished,
272	s->s3->previous_server_finished_len)) {	272	s->s3->previous_server_finished_len)) {
273	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	273	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
274	SSL_R_RENEGOTIATION_MISMATCH);	274	SSL_R_RENEGOTIATION_MISMATCH);