generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add and use a constant-time memcmp.

Browse Source 
This change adds CRYPTO_memcmp, which compares two vectors of bytes in
an amount of time that's independent of their contents. It also changes
several MAC compares in the code to use this over the standard memcmp,
which may leak information about the size of a matching prefix.
(cherry picked from commit 2ee798880a)
This commit is contained in:
Ben Laurie
2013-01-28 17:30:38 +00:00
committed by Dr. Stephen Henson
parent ea34a58385
commit 7c770d572a
9 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ssl/s3_both.c
View File

@@ -265,7 +265,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
goto f_err;
}
if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
{
al=SSL_AD_DECRYPT_ERROR;
SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);