Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp Saves some bytes and mbedtls_platform_memcmp is a bit safer for side channel attacks.

commit: 707ceb88f042570e655e906218b3dd1d944ed333 [log] [tgz]
author: Teppo Järvelin <teppo.jarvelin@arm.com> Fri Oct 04 07:49:39 2019 +0300
committer: Teppo Järvelin <teppo.jarvelin@arm.com> Fri Oct 04 08:52:00 2019 +0300
tree: c4db7178273a03a202759d4c9b40e50b1d06cfa1
parent: 650343cdcd3e93b00b1f4ad58045728ce7ab8bfe [diff] [blame]
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 16f1513..16f1329 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c

@@ -1152,9 +1152,9 @@
         /* Check verify-data in constant-time. The length OTOH is no secret */
         if( len    != 1 + ssl->verify_data_len * 2 ||
             buf[0] !=     ssl->verify_data_len * 2 ||
-            mbedtls_ssl_safer_memcmp( buf + 1,
+            mbedtls_platform_memcmp( buf + 1,
                           ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
-            mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
+            mbedtls_platform_memcmp( buf + 1 + ssl->verify_data_len,
                           ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
commit	707ceb88f042570e655e906218b3dd1d944ed333	[log] [tgz]
author	Teppo Järvelin <teppo.jarvelin@arm.com>	Fri Oct 04 07:49:39 2019 +0300
committer	Teppo Järvelin <teppo.jarvelin@arm.com>	Fri Oct 04 08:52:00 2019 +0300
tree	c4db7178273a03a202759d4c9b40e50b1d06cfa1
parent	650343cdcd3e93b00b1f4ad58045728ce7ab8bfe [diff] [blame]