summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/libssl/d1_pkt.c4
-rw-r--r--lib/libssl/s3_both.c4
-rw-r--r--lib/libssl/s3_clnt.c6
-rw-r--r--lib/libssl/s3_pkt.c4
-rw-r--r--lib/libssl/s3_srvr.c4
-rw-r--r--lib/libssl/ssl_lib.c4
-rw-r--r--lib/libssl/ssl_sess.c4
-rw-r--r--lib/libssl/t1_lib.c6
-rw-r--r--lib/libssl/t1_reneg.c8
9 files changed, 22 insertions, 22 deletions
diff --git a/lib/libssl/d1_pkt.c b/lib/libssl/d1_pkt.c
index aa2185d2ed3..d75f56beb63 100644
--- a/lib/libssl/d1_pkt.c
+++ b/lib/libssl/d1_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_pkt.c,v 1.29 2014/06/15 15:29:25 jsing Exp $ */
+/* $OpenBSD: d1_pkt.c,v 1.30 2014/06/19 21:29:51 tedu Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -414,7 +414,7 @@ dtls1_process_record(SSL *s)
}
i = s->method->ssl3_enc->mac(s, md, 0 /* not send */);
- if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+ if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
enc_err = -1;
diff --git a/lib/libssl/s3_both.c b/lib/libssl/s3_both.c
index 4f40adbb1a5..2da6b527e11 100644
--- a/lib/libssl/s3_both.c
+++ b/lib/libssl/s3_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_both.c,v 1.24 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_both.c,v 1.25 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -256,7 +256,7 @@ ssl3_get_finished(SSL *s, int a, int b)
goto f_err;
}
- if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
+ if (timingsafe_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) {
al = SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED, SSL_R_DIGEST_CHECK_FAILED);
goto f_err;
diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index d8036c40618..7257ba566d3 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.70 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.71 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -883,9 +883,9 @@ ssl3_get_server_hello(SSL *s)
}
if (j != 0 && j == s->session->session_id_length &&
- CRYPTO_memcmp(p, s->session->session_id, j) == 0) {
+ timingsafe_memcmp(p, s->session->session_id, j) == 0) {
if (s->sid_ctx_length != s->session->sid_ctx_length ||
- CRYPTO_memcmp(s->session->sid_ctx,
+ timingsafe_memcmp(s->session->sid_ctx,
s->sid_ctx, s->sid_ctx_length)) {
/* actually a client application bug */
al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c
index f5d8bedbea1..a508d5ee495 100644
--- a/lib/libssl/s3_pkt.c
+++ b/lib/libssl/s3_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_pkt.c,v 1.47 2014/06/13 10:52:24 jsing Exp $ */
+/* $OpenBSD: s3_pkt.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -447,7 +447,7 @@ again:
i = s->method->ssl3_enc->mac(s,md,0 /* not send */);
if (i < 0 || mac == NULL ||
- CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+ timingsafe_memcmp(md, mac, (size_t)mac_size) != 0)
enc_err = -1;
if (rr->length >
SSL3_RT_MAX_COMPRESSED_LENGTH + extra + mac_size)
diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index cab034d18f5..161534295fa 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_srvr.c,v 1.65 2014/06/18 04:51:31 miod Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.66 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1024,7 +1024,7 @@ ssl3_get_client_hello(SSL *s)
goto f_err;
}
/* else cookie verification succeeded */
- } else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+ } else if (timingsafe_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
s->d1->cookie_len) != 0) {
/* default verification */
al = SSL_AD_HANDSHAKE_FAILURE;
diff --git a/lib/libssl/ssl_lib.c b/lib/libssl/ssl_lib.c
index 04c33930532..f867daab0ec 100644
--- a/lib/libssl/ssl_lib.c
+++ b/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.68 2014/06/17 01:41:01 tedu Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.69 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1678,7 +1678,7 @@ ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
return (1);
if (a->session_id_length != b->session_id_length)
return (1);
- if (CRYPTO_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
+ if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
return (1);
return (0);
}
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 273a7d68171..9046dce7f88 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.32 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
/* Now ret is non-NULL and we own one of its reference counts. */
if (ret->sid_ctx_length != s->sid_ctx_length
- || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+ || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
/* We have the session requested by the client, but we don't
* want to use it in this context. */
goto err; /* treat like cache miss */
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 054de0ceef1..7b3393820bc 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.47 2014/06/18 04:49:40 miod Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.48 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -1879,7 +1879,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
renew_ticket = 1;
} else {
/* Check key name matches */
- if (CRYPTO_memcmp(etick, tctx->tlsext_tick_key_name, 16))
+ if (timingsafe_memcmp(etick, tctx->tlsext_tick_key_name, 16))
return 2;
HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
tlsext_tick_md(), NULL);
@@ -1899,7 +1899,7 @@ tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
- if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
+ if (timingsafe_memcmp(tick_hmac, etick + eticklen, mlen)) {
EVP_CIPHER_CTX_cleanup(&ctx);
return 2;
}
diff --git a/lib/libssl/t1_reneg.c b/lib/libssl/t1_reneg.c
index 43ad73a5986..483d311e9cc 100644
--- a/lib/libssl/t1_reneg.c
+++ b/lib/libssl/t1_reneg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_reneg.c,v 1.6 2014/06/12 15:49:31 deraadt Exp $ */
+/* $OpenBSD: t1_reneg.c,v 1.7 2014/06/19 21:29:51 tedu Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -172,7 +172,7 @@ ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
return 0;
}
- if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
+ if (timingsafe_memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
@@ -259,7 +259,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
return 0;
}
- if (CRYPTO_memcmp(d, s->s3->previous_client_finished,
+ if (timingsafe_memcmp(d, s->s3->previous_client_finished,
s->s3->previous_client_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);
@@ -268,7 +268,7 @@ ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
}
d += s->s3->previous_client_finished_len;
- if (CRYPTO_memcmp(d, s->s3->previous_server_finished,
+ if (timingsafe_memcmp(d, s->s3->previous_server_finished,
s->s3->previous_server_finished_len)) {
SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
SSL_R_RENEGOTIATION_MISMATCH);