Hi tech@, Sending this patch for comment...
CRYPTO_memcmp() is different to memcmp() because it can only check for equality, not greater-than/less-than. If we check the string in reverse order we can remove a variable from the comparison loop. Does this look ok? - Michael Index: cryptlib.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/cryptlib.c,v retrieving revision 1.23 diff -u -r1.23 cryptlib.c --- cryptlib.c 21 Apr 2014 11:19:28 -0000 1.23 +++ cryptlib.c 23 Apr 2014 01:19:39 -0000 @@ -727,15 +727,13 @@ } int -CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) +CRYPTO_memcmp(const void *in_a, const void *in_b, size_t n) { - size_t i; const unsigned char *a = in_a; const unsigned char *b = in_b; unsigned char x = 0; - for (i = 0; i < len; i++) - x |= a[i] ^ b[i]; - + while (n-- > 0) + x |= a[n] ^ b[n]; return x; }