commit 707ceb88f042570e655e906218b3dd1d944ed333
author Teppo Järvelin <teppo.jarvelin@arm.com> Fri Oct 04 07:49:39 2019 +0300
committer Teppo Järvelin <teppo.jarvelin@arm.com> Fri Oct 04 08:52:00 2019 +0300
tree c4db7178273a03a202759d4c9b40e50b1d06cfa1
parent 650343cdcd3e93b00b1f4ad58045728ce7ab8bfe

Replaced mbedtls_ssl_safer_memcmp with mbedtls_platform_memcmp

Saves some bytes and mbedtls_platform_memcmp is a bit safer for side channel
attacks.

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index c9b03f5..b41ba32 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -160,7 +160,7 @@
         /* Check verify-data in constant-time. The length OTOH is no secret */
         if( len    != 1 + ssl->verify_data_len ||
             buf[0] !=     ssl->verify_data_len ||
-            mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
+            mbedtls_platform_memcmp( buf + 1, ssl->peer_verify_data,
                           ssl->verify_data_len ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
@@ -4089,7 +4089,7 @@
         /* Identity is not a big secret since clients send it in the clear,
          * but treat it carefully anyway, just in case */
         if( n != ssl->conf->psk_identity_len ||
-            mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
+            mbedtls_platform_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
         {
             ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
         }