Use CRYPTO_memcmp for comparing derived secrets

author Nicola Tuveri <nic.tuv@gmail.com>

Thu, 6 Oct 2016 10:17:00 +0000 (13:17 +0300)

committer Rich Salz <rsalz@openssl.org>

Thu, 17 Nov 2016 05:36:23 +0000 (00:36 -0500)
author Nicola Tuveri <nic.tuv@gmail.com>
Thu, 6 Oct 2016 10:17:00 +0000 (13:17 +0300)
committer Rich Salz <rsalz@openssl.org>
Thu, 17 Nov 2016 05:36:23 +0000 (00:36 -0500)
diff --git a/apps/speed.c b/apps/speed.c

index c97c29856494cf4a089eff65344839bffdf14483..80b26f4a3c108fea6eeb1fe291b016fc082e19eb 100644 (file)
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2653,11 +2653,11 @@ int speed_main(int argc, char **argv)
                  rsa_count = 1;
                  break;
              }
-            for (k = 0; (unsigned int)k < test_outlen && ecdh_checks == 1; k++) {
-                if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
-                    ecdh_checks = 0;
-            }
-            if (ecdh_checks == 0) {
+
+            /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
+            if (CRYPTO_memcmp(loopargs[i].secret_a,
+                              loopargs[i].secret_b, outlen)) {
+                ecdh_checks = 0;
                  BIO_printf(bio_err, "ECDH computations don't match.\n");
                  ERR_print_errors(bio_err);
                  rsa_count = 1;
author	Nicola Tuveri <nic.tuv@gmail.com>
	Thu, 6 Oct 2016 10:17:00 +0000 (13:17 +0300)
committer	Rich Salz <rsalz@openssl.org>
	Thu, 17 Nov 2016 05:36:23 +0000 (00:36 -0500)