commit 31ff1d2e4fb9ea0b9ffccff990e780bbc3369d7b
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 28 13:46:11 2013 +0100
committer Paul Bakker <p.j.bakker@polarssl.org> Thu Oct 31 14:23:12 2013 +0100
tree 0705c7da7a6f89a82a1f3a48181b2453eb0c335b
parent 291f9af935e8cbe78216c93ae3b62728e4e62729

Safer buffer comparisons in the SSL modules

library/ssl_cli.c

diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ad6583b..0eaa531 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -628,11 +628,13 @@
     }
     else
     {
+        /* Check verify-data in constant-time. The length OTOH is no secret */
         if( len    != 1 + ssl->verify_data_len * 2 ||
             buf[0] !=     ssl->verify_data_len * 2 ||
-            memcmp( buf + 1, ssl->own_verify_data,  ssl->verify_data_len ) != 0 ||
-            memcmp( buf + 1 + ssl->verify_data_len,
-                    ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
+            safer_memcmp( buf + 1,
+                          ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
+            safer_memcmp( buf + 1 + ssl->verify_data_len,
+                          ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
         {
             SSL_DEBUG_MSG( 1, ( "non-matching renegotiated connection field" ) );