diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-05-27 17:12:13 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-06-08 15:01:14 +0200 |
commit | ac32a77cd69784568090e934a31622ddfee49ca7 (patch) | |
tree | 395bb6bc89fde1ba17a2e6b686dad06e0e947099 /crypto/evp | |
parent | f877da9cedb95df94105d7292f8e0963175e58dc (diff) |
Use CRYPTO_memcmp when comparing authenticators
Pointed out by Victor Vasiliev (vasilvv@mit.edu) via Adam Langley
(Google).
Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 1e4a355dcabe2f75df5bb8b41b394d37037169d2)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/e_aes.c | 5 | ||||
-rw-r--r-- | crypto/evp/e_rc4_hmac_md5.c | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index af4aa1801e..33cbed87f4 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -50,6 +50,7 @@ #include <openssl/opensslconf.h> #ifndef OPENSSL_NO_AES +#include <openssl/crypto.h> # include <openssl/evp.h> # include <openssl/err.h> # include <string.h> @@ -1455,7 +1456,7 @@ static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, /* Retrieve tag */ CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); /* If tag mismatch wipe buffer */ - if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { OPENSSL_cleanse(out, len); goto err; } @@ -1895,7 +1896,7 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { unsigned char tag[16]; if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { - if (!memcmp(tag, ctx->buf, cctx->M)) + if (!CRYPTO_memcmp(tag, ctx->buf, cctx->M)) rv = len; } } diff --git a/crypto/evp/e_rc4_hmac_md5.c b/crypto/evp/e_rc4_hmac_md5.c index e6b0cdff43..2da1117829 100644 --- a/crypto/evp/e_rc4_hmac_md5.c +++ b/crypto/evp/e_rc4_hmac_md5.c @@ -54,6 +54,7 @@ #if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) +# include <openssl/crypto.h> # include <openssl/evp.h> # include <openssl/objects.h> # include <openssl/rc4.h> @@ -210,7 +211,7 @@ static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); MD5_Final(mac, &key->md); - if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) return 0; } else { MD5_Update(&key->md, out + md5_off, len - md5_off); |