From 359643af24848eaaf6f0b9c433b67b595277b201 Mon Sep 17 00:00:00 2001
From: UnknownShadow200 <unknownshadow200@gmail.com>
Date: Wed, 27 Aug 2025 18:02:39 +1000
Subject: [PATCH] And don't forget memcmp

---
 third_party/bearssl/bearssl_stdlib.h      | 13 +++++++++++++
 third_party/bearssl/rsa_pkcs1_sig_unpad.c |  4 ++--
 third_party/bearssl/ssl_hs_client.c       |  8 ++++----
 third_party/bearssl/x509_minimal.c        | 16 ++++++++--------
 4 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/third_party/bearssl/bearssl_stdlib.h b/third_party/bearssl/bearssl_stdlib.h
index 7f9f0316f..77a5998be 100644
--- a/third_party/bearssl/bearssl_stdlib.h
+++ b/third_party/bearssl/bearssl_stdlib.h
@@ -7,6 +7,19 @@ static size_t br_strlen(const char* a) {
 	return i;
 }
 
+static size_t br_memcmp(const void* a, const void* b, size_t len) {
+	unsigned char* p1 = (unsigned char*)a;
+	unsigned char* p2 = (unsigned char*)b;
+	size_t i;
+
+	for (i = 0; i < len; i++) 
+	{
+		if (p1[i] < p2[i]) return -1;
+		if (p1[i] > p2[i]) return  1;
+	}
+	return 0;
+}
+
 #ifdef CC_BUILD_NOSTDLIB
 	extern void* Mem_Copy(void* dst, const void* src,  unsigned size);
 	extern void* Mem_Move(void* dst, const void* src,  unsigned size);
diff --git a/third_party/bearssl/rsa_pkcs1_sig_unpad.c b/third_party/bearssl/rsa_pkcs1_sig_unpad.c
index e740ce405..aac4998e0 100644
--- a/third_party/bearssl/rsa_pkcs1_sig_unpad.c
+++ b/third_party/bearssl/rsa_pkcs1_sig_unpad.c
@@ -71,7 +71,7 @@ br_rsa_pkcs1_sig_unpad(const unsigned char *sig, size_t sig_len,
 	 * The comparison is valid because we made sure that the signature
 	 * is at least 11 bytes long.
 	 */
-	if (memcmp(sig, pad1, sizeof pad1) != 0) {
+	if (br_memcmp(sig, pad1, sizeof pad1) != 0) {
 		return 0;
 	}
 	for (u = sizeof pad1; u < sig_len; u ++) {
@@ -112,7 +112,7 @@ br_rsa_pkcs1_sig_unpad(const unsigned char *sig, size_t sig_len,
 		br_memcpy(pad2 + 6, hash_oid, x3 + 1);
 		pad2[pad_len - 2] = 0x04;
 		pad2[pad_len - 1] = hash_len;
-		if (memcmp(pad2, sig + u, pad_len) != 0) {
+		if (br_memcmp(pad2, sig + u, pad_len) != 0) {
 			return 0;
 		}
 	}
diff --git a/third_party/bearssl/ssl_hs_client.c b/third_party/bearssl/ssl_hs_client.c
index b3353a94a..bd396965b 100644
--- a/third_party/bearssl/ssl_hs_client.c
+++ b/third_party/bearssl/ssl_hs_client.c
@@ -241,7 +241,7 @@ verify_SKE_sig(br_ssl_client_context *ctx,
 		}
 		if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
 			hash_oid, hv_len, &pk->key.rsa, tmp)
-			|| memcmp(tmp, hv, hv_len) != 0)
+			|| br_memcmp(tmp, hv, hv_len) != 0)
 		{
 			return BR_ERR_BAD_SIGNATURE;
 		}
@@ -1438,12 +1438,12 @@ br_ssl_hs_client_run(void *t0ctx)
 				}
 				break;
 			case 48: {
-				/* memcmp */
+				/* br_memcmp */
 
 	size_t len = (size_t)T0_POP();
 	void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
 	void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
-	int x = memcmp(addr1, addr2, len);
+	int x = br_memcmp(addr1, addr2, len);
 	T0_PUSH((uint32_t)-(x == 0));
 
 				}
@@ -1766,7 +1766,7 @@ br_ssl_hs_client_run(void *t0ctx)
 		const char *name;
 
 		name = ENG->protocol_names[u];
-		if (len == br_strlen(name) && memcmp(ENG->pad, name, len) == 0) {
+		if (len == br_strlen(name) && br_memcmp(ENG->pad, name, len) == 0) {
 			T0_PUSH(u);
 			T0_RET();
 		}
diff --git a/third_party/bearssl/x509_minimal.c b/third_party/bearssl/x509_minimal.c
index ad4578da9..78d82777b 100644
--- a/third_party/bearssl/x509_minimal.c
+++ b/third_party/bearssl/x509_minimal.c
@@ -372,7 +372,7 @@ eqbigint(const unsigned char *b1, size_t len1,
 	if (len1 != len2) {
 		return 0;
 	}
-	return memcmp(b1, b2, len1) == 0;
+	return br_memcmp(b1, b2, len1) == 0;
 }
 
 /*
@@ -1118,7 +1118,7 @@ br_x509_minimal_run(void *t0ctx)
 			continue;
 		}
 		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
-		if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
+		if (br_memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) {
 			continue;
 		}
 		kt = CTX->pkey.key_type;
@@ -1144,7 +1144,7 @@ br_x509_minimal_run(void *t0ctx)
 		case BR_KEYTYPE_EC:
 			if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve
 				|| CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen
-				|| memcmp(CTX->pkey.key.ec.q,
+				|| br_memcmp(CTX->pkey.key.ec.q,
 					ta->pkey.key.ec.q,
 					ta->pkey.key.ec.qlen) != 0)
 			{
@@ -1179,7 +1179,7 @@ br_x509_minimal_run(void *t0ctx)
 			continue;
 		}
 		hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN);
-		if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
+		if (br_memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) {
 			continue;
 		}
 		if (verify_signature(CTX, &ta->pkey) == 0) {
@@ -1389,7 +1389,7 @@ br_x509_minimal_run(void *t0ctx)
 	size_t len = a1[0];
 	int x;
 	if (len == a2[0]) {
-		x = -(memcmp(a1 + 1, a2 + 1, len) == 0);
+		x = -(br_memcmp(a1 + 1, a2 + 1, len) == 0);
 	} else {
 		x = 0;
 	}
@@ -1403,7 +1403,7 @@ br_x509_minimal_run(void *t0ctx)
 	size_t len = T0_POP();
 	const unsigned char *a2 = (const unsigned char *)CTX + T0_POP();
 	const unsigned char *a1 = (const unsigned char *)CTX + T0_POP();
-	T0_PUSHi(-(memcmp(a1, a2, len) == 0));
+	T0_PUSHi(-(br_memcmp(a1, a2, len) == 0));
 
 				}
 				break;
@@ -1496,7 +1496,7 @@ br_x509_minimal_run(void *t0ctx)
 			}
 			len = oid[off];
 			if (len != 0 && len == CTX->pad[0]
-				&& memcmp(oid + off + 1,
+				&& br_memcmp(oid + off + 1,
 					CTX->pad + 1, len) == 0)
 			{
 				T0_PUSH(u);
@@ -1672,7 +1672,7 @@ verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk)
 		{
 			return BR_ERR_X509_BAD_SIGNATURE;
 		}
-		if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
+		if (br_memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) {
 			return BR_ERR_X509_BAD_SIGNATURE;
 		}
 		return 0;