From 150e8864673fb3b65a00e9188f50ca6a5bae927d Mon Sep 17 00:00:00 2001 From: tedu <> Date: Thu, 19 Jun 2014 21:29:51 +0000 Subject: convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring libc interfaces over libcrypto interfaces. for now we also prefer timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable. ok beck deraadt matthew miod --- src/lib/libssl/t1_reneg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/lib/libssl/t1_reneg.c') diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 43ad73a598..483d311e9c 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (CRYPTO_memcmp(d, s->s3->previous_client_finished, + if (timingsafe_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (CRYPTO_memcmp(d, s->s3->previous_client_finished, + if (timingsafe_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, } d += s->s3->previous_client_finished_len; - if (CRYPTO_memcmp(d, s->s3->previous_server_finished, + if (timingsafe_memcmp(d, s->s3->previous_server_finished, s->s3->previous_server_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); -- cgit v1.2.3-55-g6feb