Bug 1582343 - Use constant time memcmp in more places r=kjacobs,jcj

2 files changed, 4 insertions, 4 deletions

diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
index a249d679e..4f53cca61 100644
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1931,7 +1931,7 @@ static SECStatus
 sftk_HMACCmp(CK_ULONG *copyLen, unsigned char *sig, unsigned int sigLen,
              unsigned char *hash, unsigned int hashLen)
 {
-    return (PORT_Memcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
+    return (NSS_SecureMemcmp(sig, hash, *copyLen) == 0) ? SECSuccess : SECFailure;
 }
 
 /*
@@ -2125,7 +2125,7 @@ sftk_SSLMACVerify(SFTKSSLMACInfo *info, unsigned char *sig, unsigned int sigLen,
     info->update(info->hashContext, ssl_pad_2, info->padSize);
     info->update(info->hashContext, hash, hashLen);
     info->end(info->hashContext, tmpBuf, &out, SFTK_MAX_MAC_LENGTH);
-    return (PORT_Memcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
+    return (NSS_SecureMemcmp(sig, tmpBuf, info->macSize) == 0) ? SECSuccess : SECFailure;
 }
 
 /*
@@ -3647,7 +3647,7 @@ NSC_VerifyFinal(CK_SESSION_HANDLE hSession,
         /* must be block cipher MACing */
         crv = CKR_SIGNATURE_LEN_RANGE;
     } else if (CKR_OK == (crv = sftk_MACFinal(context))) {
-        if (PORT_Memcmp(pSignature, context->macBuf, ulSignatureLen))
+        if (NSS_SecureMemcmp(pSignature, context->macBuf, ulSignatureLen))
             crv = CKR_SIGNATURE_INVALID;
     }
 
diff --git a/lib/softoken/tlsprf.c b/lib/softoken/tlsprf.c
index 05e246887..b96733b1f 100644
--- a/lib/softoken/tlsprf.c
+++ b/lib/softoken/tlsprf.c
@@ -129,7 +129,7 @@ sftk_TLSPRFVerify(TLSPRFContext *cx,
     }
     rv = sftk_TLSPRFUpdate(cx, tmp, &tmpLen, sigLen, NULL, 0);
     if (rv == SECSuccess) {
-        rv = (SECStatus)(1 - !PORT_Memcmp(tmp, sig, sigLen));
+        rv = (SECStatus)(1 - !NSS_SecureMemcmp(tmp, sig, sigLen));
     }
     PORT_ZFree(tmp, sigLen);
     return rv;