From 150e8864673fb3b65a00e9188f50ca6a5bae927d Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Thu, 19 Jun 2014 21:29:51 +0000
Subject: convert CRYPTO_memcmp to timingsafe_memcmp based on current policy
 favoring libc interfaces over libcrypto interfaces. for now we also prefer
 timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
 ok beck deraadt matthew miod

---
 src/lib/libssl/d1_pkt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/lib/libssl/d1_pkt.c')

diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
index aa2185d2ed..d75f56beb6 100644
--- a/src/lib/libssl/d1_pkt.c
+++ b/src/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.29 2014/06/15 15:29:25 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.30 2014/06/19 21:29:51 tedu Exp $ */
 /* 
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -414,7 +414,7 @@ dtls1_process_record(SSL *s)
 		}
 
 		i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
-		if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+		if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
 			enc_err = -1;
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
 			enc_err = -1;
-- 
cgit v1.2.3-55-g6feb