From f1af6a0fd89c7819b589f8168a570bcd35c0f727 Mon Sep 17 00:00:00 2001
From: tedu <>
Date: Wed, 4 Jun 2014 14:10:23 +0000
Subject: without overthinking it, replace a few memcmp calls with
 CRYPTO_memcmp where it is feasible to do so. better safe than sorry.

---
 src/lib/libssl/t1_lib.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/libssl/t1_lib.c')

diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
index 3546a45df1..a18032b9c8 100644
--- a/src/lib/libssl/t1_lib.c
+++ b/src/lib/libssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 			renew_ticket = 1;
 	} else {
 		/* Check key name matches */
-		if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+		if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
 			return 2;
 		HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
 		    tlsext_tick_md(), NULL);
-- 
cgit v1.2.3-55-g6feb