always compare memcmp against 0, for clarity.

author: tedu <> 2014-06-21 20:27:25 +0000
committer: tedu <> 2014-06-21 20:27:25 +0000
commit: 9792ceb010ad6377f4e016b43301244289ddf2f1 (patch)
tree: 8a5da5b6cd0c6d564a1b5211658d6c23da0ddee6 /src/lib
parent: e4a00d72f460a6b1ae6fd91aae01686bfbd0f3f3 (diff)
download: openbsd-9792ceb010ad6377f4e016b43301244289ddf2f1.tar.gz
openbsd-9792ceb010ad6377f4e016b43301244289ddf2f1.tar.bz2
openbsd-9792ceb010ad6377f4e016b43301244289ddf2f1.zip
6 files changed, 14 insertions, 14 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 7257ba566d..0350019078 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -886,7 +886,7 @@ ssl3_get_server_hello(SSL *s)
            timingsafe_memcmp(p, s->session->session_id, j) == 0) {
                if (s->sid_ctx_length != s->session->sid_ctx_length ||
                    timingsafe_memcmp(s->session->sid_ctx,
-                    s->sid_ctx, s->sid_ctx_length)) {
+                    s->sid_ctx, s->sid_ctx_length) != 0) {
                        /* actually a client application bug */
                        al = SSL_AD_ILLEGAL_PARAMETER;
                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 7257ba566d..0350019078 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -886,7 +886,7 @@ ssl3_get_server_hello(SSL *s)
            timingsafe_memcmp(p, s->session->session_id, j) == 0) {
                if (s->sid_ctx_length != s->session->sid_ctx_length ||
                    timingsafe_memcmp(s->session->sid_ctx,
-                    s->sid_ctx, s->sid_ctx_length)) {
+                    s->sid_ctx, s->sid_ctx_length) != 0) {
                        /* actually a client application bug */
                        al = SSL_AD_ILLEGAL_PARAMETER;
                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 9046dce7f8..7932f20151 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        /* Now ret is non-NULL and we own one of its reference counts. */
        if (ret->sid_ctx_length != s->sid_ctx_length
-            || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+            || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length) != 0) {
                /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
                goto err; /* treat like cache miss */
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c
index 483d311e9c..fee9dd8e4a 100644
--- a/src/lib/libssl/src/ssl/t1_reneg.c
+++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.8 2014/06/21 20:27:25 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -173,7 +173,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
+            s->s3->previous_client_finished_len) != 0) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
@@ -260,7 +260,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
+            s->s3->previous_client_finished_len) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 9046dce7f8..7932f20151 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        /* Now ret is non-NULL and we own one of its reference counts. */
        if (ret->sid_ctx_length != s->sid_ctx_length
-            || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+            || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length) != 0) {
                /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
                goto err; /* treat like cache miss */
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 483d311e9c..fee9dd8e4a 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.8 2014/06/21 20:27:25 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -173,7 +173,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
+            s->s3->previous_client_finished_len) != 0) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
@@ -260,7 +260,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
+            s->s3->previous_client_finished_len) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
author	tedu <>	2014-06-21 20:27:25 +0000
committer	tedu <>	2014-06-21 20:27:25 +0000
commit	9792ceb010ad6377f4e016b43301244289ddf2f1 (patch)
tree	8a5da5b6cd0c6d564a1b5211658d6c23da0ddee6 /src/lib
parent	e4a00d72f460a6b1ae6fd91aae01686bfbd0f3f3 (diff)
download	openbsd-9792ceb010ad6377f4e016b43301244289ddf2f1.tar.gz openbsd-9792ceb010ad6377f4e016b43301244289ddf2f1.tar.bz2 openbsd-9792ceb010ad6377f4e016b43301244289ddf2f1.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 7257ba566d..0350019078 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -886,7 +886,7 @@ ssl3_get_server_hello(SSL *s)
886	timingsafe_memcmp(p, s->session->session_id, j) == 0) {	886	timingsafe_memcmp(p, s->session->session_id, j) == 0) {
887	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|	887	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|
888	timingsafe_memcmp(s->session->sid_ctx,	888	timingsafe_memcmp(s->session->sid_ctx,
889	s->sid_ctx, s->sid_ctx_length)) {	889	s->sid_ctx, s->sid_ctx_length) != 0) {
890	/* actually a client application bug */	890	/* actually a client application bug */
891	al = SSL_AD_ILLEGAL_PARAMETER;	891	al = SSL_AD_ILLEGAL_PARAMETER;
892	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,	892	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,


diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 7257ba566d..0350019078 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -886,7 +886,7 @@ ssl3_get_server_hello(SSL *s)
886	timingsafe_memcmp(p, s->session->session_id, j) == 0) {	886	timingsafe_memcmp(p, s->session->session_id, j) == 0) {
887	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|	887	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|
888	timingsafe_memcmp(s->session->sid_ctx,	888	timingsafe_memcmp(s->session->sid_ctx,
889	s->sid_ctx, s->sid_ctx_length)) {	889	s->sid_ctx, s->sid_ctx_length) != 0) {
890	/* actually a client application bug */	890	/* actually a client application bug */
891	al = SSL_AD_ILLEGAL_PARAMETER;	891	al = SSL_AD_ILLEGAL_PARAMETER;
892	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,	892	SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,


diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 9046dce7f8..7932f20151 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL s, unsigned char session_id, int len,
498	/* Now ret is non-NULL and we own one of its reference counts. */	498	/* Now ret is non-NULL and we own one of its reference counts. */
499		499
500	if (ret->sid_ctx_length != s->sid_ctx_length	500	if (ret->sid_ctx_length != s->sid_ctx_length
501	\|\| timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {	501	\|\| timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length) != 0) {
502	/* We have the session requested by the client, but we don't	502	/* We have the session requested by the client, but we don't
503	* want to use it in this context. */	503	* want to use it in this context. */
504	goto err; /* treat like cache miss */	504	goto err; /* treat like cache miss */


diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c index 483d311e9c..fee9dd8e4a 100644 --- a/src/lib/libssl/src/ssl/t1_reneg.c +++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.8 2014/06/21 20:27:25 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -173,7 +173,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
173	}	173	}
174		174
175	if (timingsafe_memcmp(d, s->s3->previous_client_finished,	175	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
176	s->s3->previous_client_finished_len)) {	176	s->s3->previous_client_finished_len) != 0) {
177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
178	SSL_R_RENEGOTIATION_MISMATCH);	178	SSL_R_RENEGOTIATION_MISMATCH);
179	*al = SSL_AD_HANDSHAKE_FAILURE;	179	*al = SSL_AD_HANDSHAKE_FAILURE;
@@ -260,7 +260,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
260	}	260	}
261		261
262	if (timingsafe_memcmp(d, s->s3->previous_client_finished,	262	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
263	s->s3->previous_client_finished_len)) {	263	s->s3->previous_client_finished_len) != 0) {
264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
265	SSL_R_RENEGOTIATION_MISMATCH);	265	SSL_R_RENEGOTIATION_MISMATCH);
266	*al = SSL_AD_HANDSHAKE_FAILURE;	266	*al = SSL_AD_HANDSHAKE_FAILURE;


diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 9046dce7f8..7932f20151 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */	1	/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL s, unsigned char session_id, int len,
498	/* Now ret is non-NULL and we own one of its reference counts. */	498	/* Now ret is non-NULL and we own one of its reference counts. */
499		499
500	if (ret->sid_ctx_length != s->sid_ctx_length	500	if (ret->sid_ctx_length != s->sid_ctx_length
501	\|\| timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {	501	\|\| timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length) != 0) {
502	/* We have the session requested by the client, but we don't	502	/* We have the session requested by the client, but we don't
503	* want to use it in this context. */	503	* want to use it in this context. */
504	goto err; /* treat like cache miss */	504	goto err; /* treat like cache miss */


diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 483d311e9c..fee9dd8e4a 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */	1	/* $OpenBSD: t1_reneg.c,v 1.8 2014/06/21 20:27:25 tedu Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -173,7 +173,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
173	}	173	}
174		174
175	if (timingsafe_memcmp(d, s->s3->previous_client_finished,	175	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
176	s->s3->previous_client_finished_len)) {	176	s->s3->previous_client_finished_len) != 0) {
177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
178	SSL_R_RENEGOTIATION_MISMATCH);	178	SSL_R_RENEGOTIATION_MISMATCH);
179	*al = SSL_AD_HANDSHAKE_FAILURE;	179	*al = SSL_AD_HANDSHAKE_FAILURE;
@@ -260,7 +260,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
260	}	260	}
261		261
262	if (timingsafe_memcmp(d, s->s3->previous_client_finished,	262	if (timingsafe_memcmp(d, s->s3->previous_client_finished,
263	s->s3->previous_client_finished_len)) {	263	s->s3->previous_client_finished_len) != 0) {
264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
265	SSL_R_RENEGOTIATION_MISMATCH);	265	SSL_R_RENEGOTIATION_MISMATCH);
266	*al = SSL_AD_HANDSHAKE_FAILURE;	266	*al = SSL_AD_HANDSHAKE_FAILURE;