Add and use a constant-time memcmp.

This change adds CRYPTO_memcmp, which compares two vectors of bytes in an amount of time that's independent of their contents. It also changes several MAC compares in the code to use this over the standard memcmp, which may leak information about the size of a matching prefix. (cherry picked from commit 2ee798880a246d648ecddadc5b91367bee4a5d98) Conflicts: crypto/crypto.h ssl/t1_lib.c
author: Ben Laurie <ben@links.org> 2013-01-28 17:30:38 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2013-02-05 16:46:15 +0000
commit: 9c00a950604aca819cee977f1dcb4b45f2af3aa6 (patch)
tree: ad8b5da2caa00d90333a1f0aa4dabab392a8c916 /ssl/t1_lib.c
parent: ebc71865f0506a293242bd4aec97cdc7a8ef24b0 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index ffd5bf294e..81d1a12820 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1744,7 +1744,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);
-	if (memcmp(tick_hmac, etick + eticklen, mlen))
+	if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
 		goto tickerr;
 	/* Attempt to decrypt session data */
 	/* Move p after IV to start of encrypted ticket, update length */
author	Ben Laurie <ben@links.org>	2013-01-28 17:30:38 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2013-02-05 16:46:15 +0000
commit	9c00a950604aca819cee977f1dcb4b45f2af3aa6 (patch)
tree	ad8b5da2caa00d90333a1f0aa4dabab392a8c916 /ssl/t1_lib.c
parent	ebc71865f0506a293242bd4aec97cdc7a8ef24b0 (diff)