Nope. One of those things is not like the other..
On Tue, Apr 22, 2014 at 7:05 PM, Michael W. Bombardieri <[email protected]> wrote:
> Hi tech@,
>
> Sending this patch for comment...
>
> CRYPTO_memcmp() is different to memcmp() because it can only check
> for equality, not greater-than/less-than.
> If we check the string in reverse order we can remove a variable
> from the comparison loop.
>
> Does this look ok?
>
> - Michael
>
>
>
> Index: cryptlib.c
> ===================================================================
> RCS file: /cvs/src/lib/libssl/src/crypto/cryptlib.c,v
> retrieving revision 1.23
> diff -u -r1.23 cryptlib.c
> --- cryptlib.c 21 Apr 2014 11:19:28 -0000 1.23
> +++ cryptlib.c 23 Apr 2014 01:19:39 -0000
> @@ -727,15 +727,13 @@
> }
>
> int
> -CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
> +CRYPTO_memcmp(const void *in_a, const void *in_b, size_t n)
> {
> - size_t i;
> const unsigned char *a = in_a;
> const unsigned char *b = in_b;
> unsigned char x = 0;
>
> - for (i = 0; i < len; i++)
> - x |= a[i] ^ b[i];
> -
> + while (n-- > 0)
> + x |= a[n] ^ b[n];
> return x;
> }
>
