without overthinking it, replace a few memcmp calls with CRYPTO_memcmp

where it is feasible to do so. better safe than sorry.
author: tedu <> 2014-06-04 14:10:23 +0000
committer: tedu <> 2014-06-04 14:10:23 +0000
commit: d492661281c20abc5a3d96742866e0d1e698192a (patch)
tree: 2239b639d15116fcc235465d6e2d18383e6f7ce1 /src
parent: cb4fd7a5079a34d011180ce6d23a7730cbed57e5 (diff)
download: openbsd-d492661281c20abc5a3d96742866e0d1e698192a.tar.gz
openbsd-d492661281c20abc5a3d96742866e0d1e698192a.tar.bz2
openbsd-d492661281c20abc5a3d96742866e0d1e698192a.zip
10 files changed, 16 insertions, 16 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 052d23bbf4..2c3ce60fb3 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s)
        }
        if (j != 0 && j == s->session->session_id_length &&
-            memcmp(p, s->session->session_id, j) == 0) {
+            CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
                if (s->sid_ctx_length != s->session->sid_ctx_length ||
-                    memcmp(s->session->sid_ctx,
+                    CRYPTO_memcmp(s->session->sid_ctx,
                    s->sid_ctx, s->sid_ctx_length)) {
                        /* actually a client application bug */
                        al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index f12b680e99..948569a156 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
                                        goto f_err;
                                }
                                /* else cookie verification succeeded */
-                        } else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+                        } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
                            s->d1->cookie_len) != 0) {
                                /* default verification */
                                al = SSL_AD_HANDSHAKE_FAILURE;
diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c
index 052d23bbf4..2c3ce60fb3 100644
--- a/src/lib/libssl/src/ssl/s3_clnt.c
+++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s)
        }
        if (j != 0 && j == s->session->session_id_length &&
-            memcmp(p, s->session->session_id, j) == 0) {
+            CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
                if (s->sid_ctx_length != s->session->sid_ctx_length ||
-                    memcmp(s->session->sid_ctx,
+                    CRYPTO_memcmp(s->session->sid_ctx,
                    s->sid_ctx, s->sid_ctx_length)) {
                        /* actually a client application bug */
                        al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c
index f12b680e99..948569a156 100644
--- a/src/lib/libssl/src/ssl/s3_srvr.c
+++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
                                        goto f_err;
                                }
                                /* else cookie verification succeeded */
-                        } else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+                        } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
                            s->d1->cookie_len) != 0) {
                                /* default verification */
                                al = SSL_AD_HANDSHAKE_FAILURE;
diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c
index 2900490ad2..1e2bade1fb 100644
--- a/src/lib/libssl/src/ssl/ssl_sess.c
+++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        /* Now ret is non-NULL and we own one of its reference counts. */
        if (ret->sid_ctx_length != s->sid_ctx_length
-                || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+            || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
                /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
                goto err; /* treat like cache miss */
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c
index 3546a45df1..a18032b9c8 100644
--- a/src/lib/libssl/src/ssl/t1_lib.c
+++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                        renew_ticket = 1;
        } else {
                /* Check key name matches */
-                if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+                if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
                        return 2;
                HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                    tlsext_tick_md(), NULL);
diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c
index 5f96e1fa7e..c9e0704c07 100644
--- a/src/lib/libssl/src/ssl/t1_reneg.c
+++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-        if (memcmp(d, s->s3->previous_client_finished,
+        if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
            s->s3->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-        if (memcmp(d, s->s3->previous_client_finished,
+        if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
            s->s3->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        d += s->s3->previous_client_finished_len;
-        if (memcmp(d, s->s3->previous_server_finished,
+        if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
            s->s3->previous_server_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 2900490ad2..1e2bade1fb 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
        /* Now ret is non-NULL and we own one of its reference counts. */
        if (ret->sid_ctx_length != s->sid_ctx_length
-                || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+            || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
                /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
                goto err; /* treat like cache miss */
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 3546a45df1..a18032b9c8 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                        renew_ticket = 1;
        } else {
                /* Check key name matches */
-                if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+                if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
                        return 2;
                HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                    tlsext_tick_md(), NULL);
diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c
index 5f96e1fa7e..c9e0704c07 100644
--- a/src/lib/libssl/t1_reneg.c
+++ b/src/lib/libssl/t1_reneg.c
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-        if (memcmp(d, s->s3->previous_client_finished,
+        if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
            s->s3->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                return 0;
        }
-        if (memcmp(d, s->s3->previous_client_finished,
+        if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
            s->s3->previous_client_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
        }
        d += s->s3->previous_client_finished_len;
-        if (memcmp(d, s->s3->previous_server_finished,
+        if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
            s->s3->previous_server_finished_len)) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
author	tedu <>	2014-06-04 14:10:23 +0000
committer	tedu <>	2014-06-04 14:10:23 +0000
commit	d492661281c20abc5a3d96742866e0d1e698192a (patch)
tree	2239b639d15116fcc235465d6e2d18383e6f7ce1 /src
parent	cb4fd7a5079a34d011180ce6d23a7730cbed57e5 (diff)
download	openbsd-d492661281c20abc5a3d96742866e0d1e698192a.tar.gz openbsd-d492661281c20abc5a3d96742866e0d1e698192a.tar.bz2 openbsd-d492661281c20abc5a3d96742866e0d1e698192a.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 052d23bbf4..2c3ce60fb3 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s)
887	}	887	}
888		888
889	if (j != 0 && j == s->session->session_id_length &&	889	if (j != 0 && j == s->session->session_id_length &&
890	memcmp(p, s->session->session_id, j) == 0) {	890	CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
891	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|	891	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|
892	memcmp(s->session->sid_ctx,	892	CRYPTO_memcmp(s->session->sid_ctx,
893	s->sid_ctx, s->sid_ctx_length)) {	893	s->sid_ctx, s->sid_ctx_length)) {
894	/* actually a client application bug */	894	/* actually a client application bug */
895	al = SSL_AD_ILLEGAL_PARAMETER;	895	al = SSL_AD_ILLEGAL_PARAMETER;


diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index f12b680e99..948569a156 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
1025	goto f_err;	1025	goto f_err;
1026	}	1026	}
1027	/* else cookie verification succeeded */	1027	/* else cookie verification succeeded */
1028	} else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,	1028	} else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
1029	s->d1->cookie_len) != 0) {	1029	s->d1->cookie_len) != 0) {
1030	/* default verification */	1030	/* default verification */
1031	al = SSL_AD_HANDSHAKE_FAILURE;	1031	al = SSL_AD_HANDSHAKE_FAILURE;


diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 052d23bbf4..2c3ce60fb3 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c
@@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s)
887	}	887	}
888		888
889	if (j != 0 && j == s->session->session_id_length &&	889	if (j != 0 && j == s->session->session_id_length &&
890	memcmp(p, s->session->session_id, j) == 0) {	890	CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
891	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|	891	if (s->sid_ctx_length != s->session->sid_ctx_length \|\|
892	memcmp(s->session->sid_ctx,	892	CRYPTO_memcmp(s->session->sid_ctx,
893	s->sid_ctx, s->sid_ctx_length)) {	893	s->sid_ctx, s->sid_ctx_length)) {
894	/* actually a client application bug */	894	/* actually a client application bug */
895	al = SSL_AD_ILLEGAL_PARAMETER;	895	al = SSL_AD_ILLEGAL_PARAMETER;


diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index f12b680e99..948569a156 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
1025	goto f_err;	1025	goto f_err;
1026	}	1026	}
1027	/* else cookie verification succeeded */	1027	/* else cookie verification succeeded */
1028	} else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,	1028	} else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
1029	s->d1->cookie_len) != 0) {	1029	s->d1->cookie_len) != 0) {
1030	/* default verification */	1030	/* default verification */
1031	al = SSL_AD_HANDSHAKE_FAILURE;	1031	al = SSL_AD_HANDSHAKE_FAILURE;


diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 2900490ad2..1e2bade1fb 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL s, unsigned char session_id, int len,
498	/* Now ret is non-NULL and we own one of its reference counts. */	498	/* Now ret is non-NULL and we own one of its reference counts. */
499		499
500	if (ret->sid_ctx_length != s->sid_ctx_length	500	if (ret->sid_ctx_length != s->sid_ctx_length
501	\|\| memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {	501	\|\| CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
502	/* We have the session requested by the client, but we don't	502	/* We have the session requested by the client, but we don't
503	* want to use it in this context. */	503	* want to use it in this context. */
504	goto err; /* treat like cache miss */	504	goto err; /* treat like cache miss */


diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 3546a45df1..a18032b9c8 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL s, const unsigned char etick, int eticklen,
2083	renew_ticket = 1;	2083	renew_ticket = 1;
2084	} else {	2084	} else {
2085	/* Check key name matches */	2085	/* Check key name matches */
2086	if (memcmp(etick, tctx->tlsext_tick_key_name, 16))	2086	if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
2087	return 2;	2087	return 2;
2088	HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,	2088	HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2089	tlsext_tick_md(), NULL);	2089	tlsext_tick_md(), NULL);


diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c index 5f96e1fa7e..c9e0704c07 100644 --- a/src/lib/libssl/src/ssl/t1_reneg.c +++ b/src/lib/libssl/src/ssl/t1_reneg.c
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
172	return 0;	172	return 0;
173	}	173	}
174		174
175	if (memcmp(d, s->s3->previous_client_finished,	175	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
176	s->s3->previous_client_finished_len)) {	176	s->s3->previous_client_finished_len)) {
177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
178	SSL_R_RENEGOTIATION_MISMATCH);	178	SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
259	return 0;	259	return 0;
260	}	260	}
261		261
262	if (memcmp(d, s->s3->previous_client_finished,	262	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
263	s->s3->previous_client_finished_len)) {	263	s->s3->previous_client_finished_len)) {
264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
265	SSL_R_RENEGOTIATION_MISMATCH);	265	SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
268	}	268	}
269	d += s->s3->previous_client_finished_len;	269	d += s->s3->previous_client_finished_len;
270		270
271	if (memcmp(d, s->s3->previous_server_finished,	271	if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
272	s->s3->previous_server_finished_len)) {	272	s->s3->previous_server_finished_len)) {
273	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	273	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
274	SSL_R_RENEGOTIATION_MISMATCH);	274	SSL_R_RENEGOTIATION_MISMATCH);


diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 2900490ad2..1e2bade1fb 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL s, unsigned char session_id, int len,
498	/* Now ret is non-NULL and we own one of its reference counts. */	498	/* Now ret is non-NULL and we own one of its reference counts. */
499		499
500	if (ret->sid_ctx_length != s->sid_ctx_length	500	if (ret->sid_ctx_length != s->sid_ctx_length
501	\|\| memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {	501	\|\| CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
502	/* We have the session requested by the client, but we don't	502	/* We have the session requested by the client, but we don't
503	* want to use it in this context. */	503	* want to use it in this context. */
504	goto err; /* treat like cache miss */	504	goto err; /* treat like cache miss */


diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 3546a45df1..a18032b9c8 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL s, const unsigned char etick, int eticklen,
2083	renew_ticket = 1;	2083	renew_ticket = 1;
2084	} else {	2084	} else {
2085	/* Check key name matches */	2085	/* Check key name matches */
2086	if (memcmp(etick, tctx->tlsext_tick_key_name, 16))	2086	if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
2087	return 2;	2087	return 2;
2088	HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,	2088	HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
2089	tlsext_tick_md(), NULL);	2089	tlsext_tick_md(), NULL);


diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 5f96e1fa7e..c9e0704c07 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL s, unsigned char d, int len,
172	return 0;	172	return 0;
173	}	173	}
174		174
175	if (memcmp(d, s->s3->previous_client_finished,	175	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
176	s->s3->previous_client_finished_len)) {	176	s->s3->previous_client_finished_len)) {
177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,	177	SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
178	SSL_R_RENEGOTIATION_MISMATCH);	178	SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
259	return 0;	259	return 0;
260	}	260	}
261		261
262	if (memcmp(d, s->s3->previous_client_finished,	262	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
263	s->s3->previous_client_finished_len)) {	263	s->s3->previous_client_finished_len)) {
264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	264	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
265	SSL_R_RENEGOTIATION_MISMATCH);	265	SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL s, unsigned char d, int len,
268	}	268	}
269	d += s->s3->previous_client_finished_len;	269	d += s->s3->previous_client_finished_len;
270		270
271	if (memcmp(d, s->s3->previous_server_finished,	271	if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
272	s->s3->previous_server_finished_len)) {	272	s->s3->previous_server_finished_len)) {
273	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,	273	SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
274	SSL_R_RENEGOTIATION_MISMATCH);	274	SSL_R_RENEGOTIATION_MISMATCH);