src - OpenBSD base system

diff options


context:
space:
mode:

author	Ted Unangst <tedu@cvs.openbsd.org>	2014-06-21 20:27:26 +0000
committer	Ted Unangst <tedu@cvs.openbsd.org>	2014-06-21 20:27:26 +0000
commit	8915222daf2926bd357aae0eb1171eb70390994e (patch)
tree	74a244fd2ad0ccd77db425b31e95da33cbaf4cbc /lib
parent	cef9f704bf7ff1454d28aa9fc3d7ff4f6b0365e5 (diff)

always compare memcmp against 0, for clarity.

Diffstat (limited to 'lib')

-rw-r--r--

lib/libssl/s3_clnt.c

-rw-r--r--

lib/libssl/ssl_sess.c

-rw-r--r--

lib/libssl/t1_reneg.c

3 files changed, 7 insertions, 7 deletions

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index 7257ba566d3..03500190785 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */

+/* $OpenBSD: s3_clnt.c,v 1.72 2014/06/21 20:27:25 tedu Exp $ */

@@ -886,7 +886,7 @@ ssl3_get_server_hello(SSL *s)

timingsafe_memcmp(p, s->session->session_id, j) == 0) {

if (s->sid_ctx_length != s->session->sid_ctx_length ||

timingsafe_memcmp(s->session->sid_ctx,

- s->sid_ctx, s->sid_ctx_length)) {

+ s->sid_ctx, s->sid_ctx_length) != 0) {

/* actually a client application bug */

al = SSL_AD_ILLEGAL_PARAMETER;

SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,

diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 9046dce7f88..7932f201512 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */

+/* $OpenBSD: ssl_sess.c,v 1.34 2014/06/21 20:27:25 tedu Exp $ */

@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,

/* Now ret is non-NULL and we own one of its reference counts. */

if (ret->sid_ctx_length != s->sid_ctx_length

- || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {

+ || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length) != 0) {

/* We have the session requested by the client, but we don't

* want to use it in this context. */

goto err; /* treat like cache miss */

diff --git a/lib/libssl/t1_reneg.c b/lib/libssl/t1_reneg.c
index 483d311e9cc..fee9dd8e4a1 100644
--- a/lib/libssl/t1_reneg.c
+++ b/lib/libssl/t1_reneg.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */

+/* $OpenBSD: t1_reneg.c,v 1.8 2014/06/21 20:27:25 tedu Exp $ */

@@ -173,7 +173,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,

}

if (timingsafe_memcmp(d, s->s3->previous_client_finished,

- s->s3->previous_client_finished_len)) {

+ s->s3->previous_client_finished_len) != 0) {

SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,

SSL_R_RENEGOTIATION_MISMATCH);

*al = SSL_AD_HANDSHAKE_FAILURE;

@@ -260,7 +260,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,

}

if (timingsafe_memcmp(d, s->s3->previous_client_finished,

- s->s3->previous_client_finished_len)) {

+ s->s3->previous_client_finished_len) != 0) {

SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,

SSL_R_RENEGOTIATION_MISMATCH);

*al = SSL_AD_HANDSHAKE_FAILURE;