without overthinking it, replace a few memcmp calls with CRYPTO_memcmp

where it is feasible to do so. better safe than sorry.

5 files changed, 8 insertions, 8 deletions

diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 052d23bbf40..2c3ce60fb3a 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c
@@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s)
 	}
 
 	if (j != 0 && j == s->session->session_id_length &&
-	    memcmp(p, s->session->session_id, j) == 0) {
+	    CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
 		if (s->sid_ctx_length != s->session->sid_ctx_length ||
-		    memcmp(s->session->sid_ctx,
+		    CRYPTO_memcmp(s->session->sid_ctx,
 		    s->sid_ctx, s->sid_ctx_length)) {
 			/* actually a client application bug */
 			al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index f12b680e996..948569a156e 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
 					goto f_err;
 				}
 				/* else cookie verification succeeded */
-			} else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+			} else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
 			    s->d1->cookie_len) != 0) {
 				/* default verification */
 				al = SSL_AD_HANDSHAKE_FAILURE;
diff --git a/lib/libssl/src/ssl/ssl_sess.c b/lib/libssl/src/ssl/ssl_sess.c
index 2900490ad2e..1e2bade1fbe 100644
--- a/lib/libssl/src/ssl/ssl_sess.c
+++ b/lib/libssl/src/ssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 	/* Now ret is non-NULL and we own one of its reference counts. */
 
 	if (ret->sid_ctx_length != s->sid_ctx_length
-		|| memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+	    || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
 		/* We have the session requested by the client, but we don't
 		 * want to use it in this context. */
 		goto err; /* treat like cache miss */
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index 3546a45df12..a18032b9c8b 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 			renew_ticket = 1;
 	} else {
 		/* Check key name matches */
-		if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+		if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
 			return 2;
 		HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
 		    tlsext_tick_md(), NULL);
diff --git a/lib/libssl/src/ssl/t1_reneg.c b/lib/libssl/src/ssl/t1_reneg.c
index 5f96e1fa7e9..c9e0704c079 100644
--- a/lib/libssl/src/ssl/t1_reneg.c
+++ b/lib/libssl/src/ssl/t1_reneg.c
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
 		return 0;
 	}
 
-	if (memcmp(d, s->s3->previous_client_finished,
+	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
 	    s->s3->previous_client_finished_len)) {
 		SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
 		    SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
 		return 0;
 	}
 
-	if (memcmp(d, s->s3->previous_client_finished,
+	if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
 	    s->s3->previous_client_finished_len)) {
 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 		    SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
 	}
 	d += s->s3->previous_client_finished_len;
 
-	if (memcmp(d, s->s3->previous_server_finished,
+	if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
 	    s->s3->previous_server_finished_len)) {
 		SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
 		    SSL_R_RENEGOTIATION_MISMATCH);