compare memcmp with 0

Thu, 19 Jun 2014 14:36:27 -0700 

Always explicitly compare memcmp with 0. I find this adds clarity.

Index: s3_clnt.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/s3_clnt.c,v
retrieving revision 1.71
diff -u -p -r1.71 s3_clnt.c
--- s3_clnt.c   19 Jun 2014 21:29:51 -0000      1.71
+++ s3_clnt.c   19 Jun 2014 21:33:47 -0000
@@ -886,7 +886,7 @@ ssl3_get_server_hello(SSL *s)
            timingsafe_memcmp(p, s->session->session_id, j) == 0) {
                if (s->sid_ctx_length != s->session->sid_ctx_length ||
                    timingsafe_memcmp(s->session->sid_ctx,
-                   s->sid_ctx, s->sid_ctx_length)) {
+                   s->sid_ctx, s->sid_ctx_length) != 0) {
                        /* actually a client application bug */
                        al = SSL_AD_ILLEGAL_PARAMETER;
                        SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
Index: ssl_sess.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/ssl_sess.c,v
retrieving revision 1.33
diff -u -p -r1.33 ssl_sess.c
--- ssl_sess.c  19 Jun 2014 21:29:51 -0000      1.33
+++ ssl_sess.c  19 Jun 2014 21:33:47 -0000
@@ -498,7 +498,7 @@ ssl_get_prev_session(SSL *s, unsigned ch
        /* Now ret is non-NULL and we own one of its reference counts. */
 
        if (ret->sid_ctx_length != s->sid_ctx_length
-           || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, 
ret->sid_ctx_length)) {
+           || timingsafe_memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length) 
!= 0) {
                /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
                goto err; /* treat like cache miss */
Index: t1_reneg.c
===================================================================
RCS file: /cvs/src/lib/libssl/src/ssl/t1_reneg.c,v
retrieving revision 1.7
diff -u -p -r1.7 t1_reneg.c
--- t1_reneg.c  19 Jun 2014 21:29:51 -0000      1.7
+++ t1_reneg.c  19 Jun 2014 21:33:47 -0000
@@ -173,7 +173,7 @@ ssl_parse_clienthello_renegotiate_ext(SS
        }
 
        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
-           s->s3->previous_client_finished_len)) {
+           s->s3->previous_client_finished_len) != 0) {
                SSLerr(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;
@@ -260,7 +260,7 @@ ssl_parse_serverhello_renegotiate_ext(SS
        }
 
        if (timingsafe_memcmp(d, s->s3->previous_client_finished,
-           s->s3->previous_client_finished_len)) {
+           s->s3->previous_client_finished_len) != 0) {
                SSLerr(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT,
                    SSL_R_RENEGOTIATION_MISMATCH);
                *al = SSL_AD_HANDSHAKE_FAILURE;

Reply via email to