cherry pick bugfixes for http://www.openssl.org/news/secadv_20130205.txt

from the openssl git (changes between openssl 1.0.1c and 1.0.1d). ok djm@
author: markus <markus@openbsd.org> 2013-02-14 15:11:43 +0000
committer: markus <markus@openbsd.org> 2013-02-14 15:11:43 +0000
commit: c595715917a889d6c15d3474fe9e8945d861c0d3 (patch)
tree: 4fdb6bf2a69f47b4d95b0525e737fb4bb96c061f /lib/libssl/src/ssl/s3_both.c
parent: grow MAX_LOCALPART_SIZE and MAX_DOMAINPART_SIZE by 1 (for the '\0') (diff)
download: wireguard-openbsd-c595715917a889d6c15d3474fe9e8945d861c0d3.tar.xz
wireguard-openbsd-c595715917a889d6c15d3474fe9e8945d861c0d3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libssl/src/ssl/s3_both.c b/lib/libssl/src/ssl/s3_both.c
index b63460a56dd..6981852b5b1 100644
--- a/lib/libssl/src/ssl/s3_both.c
+++ b/lib/libssl/src/ssl/s3_both.c
@@ -263,7 +263,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 		goto f_err;
 		}
 
-	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+	if (timingsafe_bcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
author	markus <markus@openbsd.org>	2013-02-14 15:11:43 +0000
committer	markus <markus@openbsd.org>	2013-02-14 15:11:43 +0000
commit	c595715917a889d6c15d3474fe9e8945d861c0d3 (patch)
tree	4fdb6bf2a69f47b4d95b0525e737fb4bb96c061f /lib/libssl/src/ssl/s3_both.c
parent	grow MAX_LOCALPART_SIZE and MAX_DOMAINPART_SIZE by 1 (for the '\0') (diff)
download	wireguard-openbsd-c595715917a889d6c15d3474fe9e8945d861c0d3.tar.xz wireguard-openbsd-c595715917a889d6c15d3474fe9e8945d861c0d3.zip