Fix wolfSSL_CRYPTO_memcmp

LinuxJedi · LinuxJedi · commit 66de1d6cdb81 · 2026-02-19T11:01:52.000Z
This is used by the OpenSSL compatibility layer. If either parameter was
NULL, it would return as a match. We should return a non-match instead.

OpenSSL itself has no safety checks here.
diff --git a/src/ssl.c b/src/ssl.c
@@ -15671,7 +15671,7 @@ int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
 int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size)
 {
     if (!a || !b)
-        return 0;
+        return -1;
     return ConstantCompare((const byte*)a, (const byte*)b, (int)size);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -15671,7 +15671,7 @@ int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)`
`15671`	`15671`	`int wolfSSL_CRYPTO_memcmp(const void a, const void b, size_t size)`
`15672`	`15672`	`{`
`15673`	`15673`	`if (!a \|\| !b)`
`15674`		`- return 0;`
	`15674`	`+ return -1;`
`15675`	`15675`	`return ConstantCompare((const byte)a, (const byte)b, (int)size);`
`15676`	`15676`	`}`
`15677`	`15677`