From f1af6a0fd89c7819b589f8168a570bcd35c0f727 Mon Sep 17 00:00:00 2001 From: tedu <> Date: Wed, 4 Jun 2014 14:10:23 +0000 Subject: without overthinking it, replace a few memcmp calls with CRYPTO_memcmp where it is feasible to do so. better safe than sorry. --- src/lib/libssl/s3_clnt.c | 4 ++-- src/lib/libssl/s3_srvr.c | 2 +- src/lib/libssl/src/ssl/s3_clnt.c | 4 ++-- src/lib/libssl/src/ssl/s3_srvr.c | 2 +- src/lib/libssl/src/ssl/ssl_sess.c | 2 +- src/lib/libssl/src/ssl/t1_lib.c | 2 +- src/lib/libssl/src/ssl/t1_reneg.c | 6 +++--- src/lib/libssl/ssl_sess.c | 2 +- src/lib/libssl/t1_lib.c | 2 +- src/lib/libssl/t1_reneg.c | 6 +++--- 10 files changed, 16 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 052d23bbf4..2c3ce60fb3 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c @@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s) } if (j != 0 && j == s->session->session_id_length && - memcmp(p, s->session->session_id, j) == 0) { + CRYPTO_memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || - memcmp(s->session->sid_ctx, + CRYPTO_memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index f12b680e99..948569a156 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c @@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s) goto f_err; } /* else cookie verification succeeded */ - } else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie, + } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie, s->d1->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; diff --git a/src/lib/libssl/src/ssl/s3_clnt.c b/src/lib/libssl/src/ssl/s3_clnt.c index 052d23bbf4..2c3ce60fb3 100644 --- a/src/lib/libssl/src/ssl/s3_clnt.c +++ b/src/lib/libssl/src/ssl/s3_clnt.c @@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s) } if (j != 0 && j == s->session->session_id_length && - memcmp(p, s->session->session_id, j) == 0) { + CRYPTO_memcmp(p, s->session->session_id, j) == 0) { if (s->sid_ctx_length != s->session->sid_ctx_length || - memcmp(s->session->sid_ctx, + CRYPTO_memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) { /* actually a client application bug */ al = SSL_AD_ILLEGAL_PARAMETER; diff --git a/src/lib/libssl/src/ssl/s3_srvr.c b/src/lib/libssl/src/ssl/s3_srvr.c index f12b680e99..948569a156 100644 --- a/src/lib/libssl/src/ssl/s3_srvr.c +++ b/src/lib/libssl/src/ssl/s3_srvr.c @@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s) goto f_err; } /* else cookie verification succeeded */ - } else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie, + } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie, s->d1->cookie_len) != 0) { /* default verification */ al = SSL_AD_HANDSHAKE_FAILURE; diff --git a/src/lib/libssl/src/ssl/ssl_sess.c b/src/lib/libssl/src/ssl/ssl_sess.c index 2900490ad2..1e2bade1fb 100644 --- a/src/lib/libssl/src/ssl/ssl_sess.c +++ b/src/lib/libssl/src/ssl/ssl_sess.c @@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { + || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index 3546a45df1..a18032b9c8 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c @@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, renew_ticket = 1; } else { /* Check key name matches */ - if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) + if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); diff --git a/src/lib/libssl/src/ssl/t1_reneg.c b/src/lib/libssl/src/ssl/t1_reneg.c index 5f96e1fa7e..c9e0704c07 100644 --- a/src/lib/libssl/src/ssl/t1_reneg.c +++ b/src/lib/libssl/src/ssl/t1_reneg.c @@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (memcmp(d, s->s3->previous_client_finished, + if (CRYPTO_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (memcmp(d, s->s3->previous_client_finished, + if (CRYPTO_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, } d += s->s3->previous_client_finished_len; - if (memcmp(d, s->s3->previous_server_finished, + if (CRYPTO_memcmp(d, s->s3->previous_server_finished, s->s3->previous_server_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 2900490ad2..1e2bade1fb 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c @@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { + || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index 3546a45df1..a18032b9c8 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c @@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, renew_ticket = 1; } else { /* Check key name matches */ - if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) + if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, tlsext_tick_md(), NULL); diff --git a/src/lib/libssl/t1_reneg.c b/src/lib/libssl/t1_reneg.c index 5f96e1fa7e..c9e0704c07 100644 --- a/src/lib/libssl/t1_reneg.c +++ b/src/lib/libssl/t1_reneg.c @@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (memcmp(d, s->s3->previous_client_finished, + if (CRYPTO_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } - if (memcmp(d, s->s3->previous_client_finished, + if (CRYPTO_memcmp(d, s->s3->previous_client_finished, s->s3->previous_client_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); @@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, } d += s->s3->previous_client_finished_len; - if (memcmp(d, s->s3->previous_server_finished, + if (CRYPTO_memcmp(d, s->s3->previous_server_finished, s->s3->previous_server_finished_len)) { SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, SSL_R_RENEGOTIATION_MISMATCH); -- cgit v1.2.3-55-g6feb