From 9bffdebc38495f051b6e77ae7f6beda0da7635cb Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Thu, 6 Oct 2016 13:17:00 +0300 Subject: [PATCH] Use CRYPTO_memcmp for comparing derived secrets Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1658) --- apps/speed.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index c97c298564..80b26f4a3c 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2653,11 +2653,11 @@ int speed_main(int argc, char **argv) rsa_count = 1; break; } - for (k = 0; (unsigned int)k < test_outlen && ecdh_checks == 1; k++) { - if (loopargs[i].secret_a[k] != loopargs[i].secret_b[k]) - ecdh_checks = 0; - } - if (ecdh_checks == 0) { + + /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */ + if (CRYPTO_memcmp(loopargs[i].secret_a, + loopargs[i].secret_b, outlen)) { + ecdh_checks = 0; BIO_printf(bio_err, "ECDH computations don't match.\n"); ERR_print_errors(bio_err); rsa_count = 1; -- 2.25.1