From 150e8864673fb3b65a00e9188f50ca6a5bae927d Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Thu, 19 Jun 2014 21:29:51 +0000
Subject: convert CRYPTO_memcmp to timingsafe_memcmp based on current policy
 favoring libc interfaces over libcrypto interfaces. for now we also prefer
 timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
 ok beck deraadt matthew miod

---
 src/lib/libssl/s3_clnt.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/lib/libssl/s3_clnt.c')

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index d8036c4061..7257ba566d 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s)
 	}
 
 	if (j != 0 && j == s->session->session_id_length &&
-	    CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
+	    timingsafe_memcmp(p, s->session->session_id, j) == 0) {
 		if (s->sid_ctx_length != s->session->sid_ctx_length ||
-		    CRYPTO_memcmp(s->session->sid_ctx,
+		    timingsafe_memcmp(s->session->sid_ctx,
 		    s->sid_ctx, s->sid_ctx_length)) {
 			/* actually a client application bug */
 			al = SSL_AD_ILLEGAL_PARAMETER;
-- 
cgit v1.2.3-55-g6feb