From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Thu, 6 Oct 2016 10:17:00 +0000 (+0300)
Subject: Use CRYPTO_memcmp for comparing derived secrets
X-Git-Tag: OpenSSL_1_1_1-pre1~3013
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=9bffdebc38495f051b6e77ae7f6beda0da7635cb;p=oweals%2Fopenssl.git

Use CRYPTO_memcmp for comparing derived secrets

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1658)
---

diff --git a/apps/speed.c b/apps/speed.c
index c97c298564..80b26f4a3c 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -2653,11 +2653,11 @@ int speed_main(int argc, char **argv)
                 rsa_count = 1;
                 break;
             }
-            for (k = 0; (unsigned int)k < test_outlen && ecdh_checks == 1; k++) {
-                if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k])
-                    ecdh_checks = 0;
-            }
-            if (ecdh_checks == 0) {
+
+            /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
+            if (CRYPTO_memcmp(loopargs[i].secret_a,
+                              loopargs[i].secret_b, outlen)) {
+                ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH computations don't match.\n");
                 ERR_print_errors(bio_err);
                 rsa_count = 1;