diff options
| author |   tedu <tedu@openbsd.org> | 2014-06-19 21:29:51 +0000 |
|---|---|---|
| committer | tedu <tedu@openbsd.org> | 2014-06-19 21:29:51 +0000 |
| commit | c00bf8c60a5d0061a6eaa71135f6fed7c074ffce (patch) | |
| tree | 1e45d15fc5a126542016b8ca16854da86d3b8d4e /lib/libssl/ssl_sess.c | |
| parent | check stack push return and make some effort to clean up. ok beck miod (diff) | |
| download | wireguard-openbsd-c00bf8c60a5d0061a6eaa71135f6fed7c074ffce.tar.xz wireguard-openbsd-c00bf8c60a5d0061a6eaa71135f6fed7c074ffce.zip | |
convert CRYPTO_memcmp to timingsafe_memcmp based on current policy favoring
libc interfaces over libcrypto interfaces. for now we also prefer
timingsafe_memcmp over timingsafe_bcmp, even when the latter is acceptable.
ok beck deraadt matthew miod
Diffstat (limited to 'lib/libssl/ssl_sess.c')
| -rw-r--r-- | lib/libssl/ssl_sess.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c index 273a7d68171..9046dce7f88 100644 --- a/lib/libssl/ssl_sess.c +++ b/lib/libssl/ssl_sess.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_sess.c,v 1.32 2014/06/12 15:49:31 deraadt Exp $ */ +/* $OpenBSD: ssl_sess.c,v 1.33 2014/06/19 21:29:51 tedu Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, /* Now ret is non-NULL and we own one of its reference counts. */ if (ret->sid_ctx_length != s->sid_ctx_length - || CRYPTO_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { + || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) { /* We have the session requested by the client, but we don't * want to use it in this context. */ goto err; /* treat like cache miss */ |