Safer buffer comparisons in the SSL modules

commit: 5c8434cf524d33a57c89bedd1a2ad2750b3a40c9 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Oct 28 13:46:11 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Mon Jul 07 14:10:07 2014 +0200
tree: 335b8e3422eb99960482776ef28d111a9efbfc1f
parent: 79f1ff84edc219a6b3506df93763583086322e5e [diff] [blame]
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 15cb3bc..a8cc501 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1547,8 +1547,8 @@
     SSL_DEBUG_BUF( 4, "computed mac", ssl->in_msg + ssl->in_msglen,
                    ssl->transform_in->maclen );
 
-    if( memcmp( tmp, ssl->in_msg + ssl->in_msglen,
-                     ssl->transform_in->maclen ) != 0 )
+    if( safer_memcmp( tmp, ssl->in_msg + ssl->in_msglen,
+                      ssl->transform_in->maclen ) != 0 )
     {
 #if defined(POLARSSL_SSL_DEBUG_ALL)
         SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
@@ -2886,7 +2886,7 @@
         return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
     }
 
-    if( memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
+    if( safer_memcmp( ssl->in_msg + 4, buf, hash_len ) != 0 )
     {
         SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
         return( POLARSSL_ERR_SSL_BAD_HS_FINISHED );
commit	5c8434cf524d33a57c89bedd1a2ad2750b3a40c9	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Oct 28 13:46:11 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Mon Jul 07 14:10:07 2014 +0200
tree	335b8e3422eb99960482776ef28d111a9efbfc1f
parent	79f1ff84edc219a6b3506df93763583086322e5e [diff] [blame]