From ad6177b2f5ad04223501eabac49eea913f229ab4 Mon Sep 17 00:00:00 2001
From: Ted Unangst <tedu@cvs.openbsd.org>
Date: Wed, 4 Jun 2014 14:10:24 +0000
Subject: without overthinking it, replace a few memcmp calls with
 CRYPTO_memcmp where it is feasible to do so. better safe than sorry.

---
 lib/libssl/s3_srvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/libssl/s3_srvr.c')

diff --git a/lib/libssl/s3_srvr.c b/lib/libssl/s3_srvr.c
index f12b680e996..948569a156e 100644
--- a/lib/libssl/s3_srvr.c
+++ b/lib/libssl/s3_srvr.c
@@ -1025,7 +1025,7 @@ ssl3_get_client_hello(SSL *s)
 					goto f_err;
 				}
 				/* else cookie verification succeeded */
-			} else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie,
+			} else if (CRYPTO_memcmp(s->d1->rcvd_cookie, s->d1->cookie,
 			    s->d1->cookie_len) != 0) {
 				/* default verification */
 				al = SSL_AD_HANDSHAKE_FAILURE;
-- 
cgit v1.2.3