Add and use a constant-time memcmp.

This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98) Conflicts: crypto/crypto.h ssl/t1_lib.c (cherry picked from commit dc406b59f3169fe191e58906df08dce97edb727c) Conflicts: crypto/crypto.h ssl/d1_pkt.c ssl/s3_pkt.c
author: Ben Laurie <ben@links.org> 2013-01-28 17:30:38 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-05 16:50:32 +0000
commit: 270881316664396326c461ec7a124aec2c6cc081 (patch)
tree: a5e48a018e0e932e2f1f1ae63b9bb8614049a732 /ssl/t1_lib.c
parent: affe98998af77e0b929db6251f13322da8691a78 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 00b8286acb..d56456e14d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1012,7 +1012,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);
-	if (memcmp(tick_hmac, etick + eticklen, mlen))
+	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
 		goto tickerr;
 	/* Attempt to decrypt session data */
 	/* Move p after IV to start of encrypted ticket, update length */
author	Ben Laurie <ben@links.org>	2013-01-28 17:30:38 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-05 16:50:32 +0000
commit	270881316664396326c461ec7a124aec2c6cc081 (patch)
tree	a5e48a018e0e932e2f1f1ae63b9bb8614049a732 /ssl/t1_lib.c
parent	affe98998af77e0b929db6251f13322da8691a78 (diff)