Add and use a constant-time memcmp.

This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix.
author: Ben Laurie <ben@links.org> 2013-01-28 17:30:38 +0000
committer: Ben Laurie <ben@links.org> 2013-01-28 17:30:38 +0000
commit: 2ee798880a246d648ecddadc5b91367bee4a5d98 (patch)
tree: 519fae50d830922bb0f0cf55bd8da81f373e6395 /ssl/s2_pkt.c
parent: ffcf4c61641068918e36b738b9464a16d0488e43 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index ac963b2d47..8bb6ab8baa 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -269,8 +269,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
 			s->s2->ract_data_length-=mac_size;
 			ssl2_mac(s,mac,0);
 			s->s2->ract_data_length-=s->s2->padding;
-			if (	(memcmp(mac,s->s2->mac_data,
-				(unsigned int)mac_size) != 0) ||
+			if (	(CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
 				{
 				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
author	Ben Laurie <ben@links.org>	2013-01-28 17:30:38 +0000
committer	Ben Laurie <ben@links.org>	2013-01-28 17:30:38 +0000
commit	2ee798880a246d648ecddadc5b91367bee4a5d98 (patch)
tree	519fae50d830922bb0f0cf55bd8da81f373e6395 /ssl/s2_pkt.c
parent	ffcf4c61641068918e36b738b9464a16d0488e43 (diff)