* bugfix #51: Heap Out-of-bound Read vulnerability in
ldns_nsec3_salt_data reported by pokerfacett.
* Fix memory leak in examples/ldns-testns handle_tcp routine.
+ * Detect fixed time memory compare for openssl 0.9.8.
1.7.1 2019-07-26
* bugfix: Manage verification paths for OpenSSL >= 1.1.0
else
AC_MSG_RESULT([no])
fi
-AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings])
+AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp])
# for macosx, see if glibtool exists and use that
# BSD's need to know the version...
return false;
}
/* use time insensitive memory compare */
- if(CRYPTO_memcmp(ldns_rdf_data(pkt_mac_rdf), ldns_rdf_data(my_mac_rdf),
+ if(
+#ifdef HAVE_CRYPTO_MEMCMP
+ CRYPTO_memcmp
+#else
+ memcmp
+#endif
+ (ldns_rdf_data(pkt_mac_rdf), ldns_rdf_data(my_mac_rdf),
ldns_rdf_size(my_mac_rdf)) == 0) {
ldns_rdf_deep_free(my_mac_rdf);
return true;
projects / thirdparty / ldns.git / commitdiff
