cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-10 15:50:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

Misc CT robustness improvements

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman 2023-09-20 19:23:58 +01:00
parent 1924adbf99
commit e0ad9a4707
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/cipher.c
View File

@ -749,8 +749,8 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len,
*data_len = input_len - padding_len; *data_len = input_len - padding_len;
/* Avoid logical || since it results in a branch */ /* Avoid logical || since it results in a branch */
bad |= padding_len > input_len; bad |= ~mbedtls_ct_size_mask_ge(input_len, padding_len);
bad |= padding_len == 0; bad |= mbedtls_ct_size_bool_eq(padding_len, 0);
/* The number of bytes checked must be independent of padding_len, /* The number of bytes checked must be independent of padding_len,
* so pick input_len, which is usually 8 or 16 (one block) */ * so pick input_len, which is usually 8 or 16 (one block) */
@ -879,7 +879,7 @@ static int get_zeros_padding(unsigned char *input, size_t input_len,
*data_len = 0; *data_len = 0;
for (i = input_len; i > 0; i--) { for (i = input_len; i > 0; i--) {
prev_done = done; prev_done = done;
done |= (input[i-1] != 0); done |= !mbedtls_ct_size_bool_eq(input[i-1], 0);
size_t mask = mbedtls_ct_size_mask(done ^ prev_done); size_t mask = mbedtls_ct_size_mask(done ^ prev_done);
*data_len |= i & mask; *data_len |= i & mask;
} }