cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-17 19:15:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

CT fix for get_zeros_and_len_padding

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2023-09-20 14:51:21 +01:00
parent df254f6bb6
commit 51773aa68b
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
library/cipher.c
View File

@ -837,16 +837,17 @@ static int get_zeros_and_len_padding(unsigned char *input, size_t input_len,
*data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */
bad |= padding_len > input_len;
bad |= padding_len == 0;
bad |= mbedtls_ct_size_mask_ge(padding_len, input_len + 1);
bad |= mbedtls_ct_size_bool_eq(padding_len, 0);
/* The number of bytes checked must be independent of padding_len */
pad_idx = input_len - padding_len;
for (i = 0; i < input_len - 1; i++) {
bad |= input[i] * (i >= pad_idx);
unsigned int mask = mbedtls_ct_size_mask_ge(i, pad_idx);
bad |= input[i] & mask;
}
return MBEDTLS_ERR_CIPHER_INVALID_PADDING * (bad != 0);
return (int) mbedtls_ct_uint_if(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
}
#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */