Initial support for RFC6689, a.k.a. DANE.

[oweals/openssl.git] / ssl / t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9daf9c706eecff8d693b63a90c78276b0ebacc29..88570201a1b1a2ec0ddc85ab78b2cb9f0c145a23 100644 (file)
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1387,13 +1387,11 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
        /* 1 byte for the list (we only support audit proofs) */
        if (s->ctx->tlsext_authz_server_audit_proof_cb != NULL)
                {
-               size_t lenmax;
                 const unsigned short ext_len = 2;
                 const unsigned char list_len = 1;
 
                if (limit < ret + 6)
                        return NULL;
-               lenmax = limit - ret - 6;
 
                s2n(TLSEXT_TYPE_server_authz, ret);
                 /* Extension length: 2 bytes */
@@ -3125,7 +3123,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        HMAC_Update(&hctx, etick, eticklen);
        HMAC_Final(&hctx, tick_hmac, NULL);
        HMAC_CTX_cleanup(&hctx);
-       if (memcmp(tick_hmac, etick + eticklen, mlen))
+       if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
                return 2;
        /* Attempt to decrypt session data */
        /* Move p after IV to start of encrypted ticket, update length */