From f1af6a0fd89c7819b589f8168a570bcd35c0f727 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Wed, 4 Jun 2014 14:10:23 +0000
Subject: without overthinking it, replace a few memcmp calls with
 CRYPTO_memcmp where it is feasible to do so. better safe than sorry.

---
 src/lib/libssl/s3_srvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/libssl/s3_srvr.c')

diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c
index f12b680e99..948569a156 100644
--- a/src/lib/libssl/s3_srvr.c
+++ b/src/lib/libssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
 					goto f_err;
 				}
 				/* else cookie verification succeeded */
-			} else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+			} else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
 			    s->d1->cookie_len) != 0) {
 				/* default verification */
 				al = SSL_AD_HANDSHAKE_FAILURE;
-- 
cgit v1.2.3-55-g6feb