Add and use a constant-time memcmp.

This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98)
author: Ben Laurie <ben@links.org> 2013-01-28 17:30:38 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-06 13:56:12 +0000
commit: f5cd3561ba9363e6bcc58fcb6b1e94930f81967d (patch)
tree: a4d926b0e59470d717c082e85006c6961e1e1efb /ssl/s2_clnt.c
parent: 115f7fa5625580b8ec7850c093ba4e334756da92 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 76b690ea13..03b6cf9673 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -939,7 +939,7 @@ static int get_server_verify(SSL *s)
 		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
 	p += 1;
 
-	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+	if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
author	Ben Laurie <ben@links.org>	2013-01-28 17:30:38 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-06 13:56:12 +0000
commit	f5cd3561ba9363e6bcc58fcb6b1e94930f81967d (patch)
tree	a4d926b0e59470d717c082e85006c6961e1e1efb /ssl/s2_clnt.c
parent	115f7fa5625580b8ec7850c093ba4e334756da92 (diff)