summaryrefslogtreecommitdiff
path: root/lib/libssl
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2014-06-04 14:10:24 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2014-06-04 14:10:24 +0000
commitad6177b2f5ad04223501eabac49eea913f229ab4 (patch)
tree65f93cf253cf7595cb10edfc97d162a7fd122014 /lib/libssl
parent87d1db1a9e9211db765776a4cc58461f701a42a6 (diff)
without overthinking it, replace a few memcmp calls with CRYPTO_memcmp
where it is feasible to do so. better safe than sorry.
Diffstat (limited to 'lib/libssl')
-rw-r--r--lib/libssl/s3_clnt.c4
-rw-r--r--lib/libssl/s3_srvr.c2
-rw-r--r--lib/libssl/ssl_sess.c2
-rw-r--r--lib/libssl/t1_lib.c2
-rw-r--r--lib/libssl/t1_reneg.c6
5 files changed, 8 insertions, 8 deletions
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 052d23bbf40..2c3ce60fb3a 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -887,9 +887,9 @@ ssl3_get_server_hello(SSL *s)
}
if (j != 0 && j == s->session->session_id_length &&
- memcmp(p, s->session->session_id, j) == 0) {
+ CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
if (s->sid_ctx_length != s->session->sid_ctx_length ||
- memcmp(s->session->sid_ctx,
+ CRYPTO_memcmp(s->session->sid_ctx,
s->sid_ctx, s->sid_ctx_length)) {
/* actually a client application bug */
al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index f12b680e996..948569a156e 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
goto f_err;
}
/* else cookie verification succeeded */
- } else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+ } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
s->d1->cookie_len) != 0) {
/* default verification */
al = SSL_AD_HANDSHAKE_FAILURE;
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 2900490ad2e..1e2bade1fbe 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
/* Now ret is non-NULL and we own one of its reference counts. */
if (ret->sid_ctx_length != s->sid_ctx_length
- || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+ || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
/* We have the session requested by the client, but we don't
* want to use it in this context. */
goto err; /* treat like cache miss */
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 3546a45df12..a18032b9c8b 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -2083,7 +2083,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
renew_ticket = 1;
} else {
/* Check key name matches */
- if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
+ if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
tlsext_tick_md(), NULL);
diff --git a/lib/libssl/t1_reneg.c b/lib/libssl/t1_reneg.c
index 5f96e1fa7e9..c9e0704c079 100644
--- a/lib/libssl/t1_reneg.c
+++ b/lib/libssl/t1_reneg.c
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
return 0;
}
- if (memcmp(d, s->s3->previous_client_finished,
+ if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
return 0;
}
- if (memcmp(d, s->s3->previous_client_finished,
+ if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
}
d += s->s3->previous_client_finished_len;
- if (memcmp(d, s->s3->previous_server_finished,
+ if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
s->s3->previous_server_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);