projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add and use a constant-time memcmp.
[openssl.git] / ssl / s2_clnt.c
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 76b690ea1340f04bad5c9eeb25e3cc9dc43ed9cb..03b6cf9673809a7582c4c176c30a75b7e0e1b6a4 100644 (file)
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -939,7 +939,7 @@ static int get_server_verify(SSL *s)
                s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
        p += 1;
 
-       if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+       if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
                {
                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
Unnamed repository; edit this file 'description' to name the repository.