lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Eliminate duplicate ct memcmp

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
2023-09-11 18:25:16 +01:00
parent f4cf4a6e25
commit c280520999
3 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/ccm.c
View File

@@ -33,6 +33,7 @@
#include "mbedtls/ccm.h" #include "mbedtls/ccm.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
#include <string.h> #include <string.h>
@@ -362,7 +363,6 @@ int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16]; unsigned char check_tag[16];
unsigned char i;
int diff; int diff;
CCM_VALIDATE_RET(ctx != NULL); CCM_VALIDATE_RET(ctx != NULL);
@@ -379,9 +379,7 @@ int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
} }
/* Check tag in "constant-time" */ /* Check tag in "constant-time" */
for (diff = 0, i = 0; i < tag_len; i++) { diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
diff |= tag[i] ^ check_tag[i];
}
if (diff != 0) { if (diff != 0) {
mbedtls_platform_zeroize(output, length); mbedtls_platform_zeroize(output, length);

6
library/chachapoly.c
View File

@@ -25,6 +25,7 @@
#include "mbedtls/chachapoly.h" #include "mbedtls/chachapoly.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
#include <string.h> #include <string.h>
@@ -337,7 +338,6 @@ int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16]; unsigned char check_tag[16];
size_t i;
int diff; int diff;
CHACHAPOLY_VALIDATE_RET(ctx != NULL); CHACHAPOLY_VALIDATE_RET(ctx != NULL);
CHACHAPOLY_VALIDATE_RET(nonce != NULL); CHACHAPOLY_VALIDATE_RET(nonce != NULL);
@@ -353,9 +353,7 @@ int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
} }
/* Check tag in "constant-time" */ /* Check tag in "constant-time" */
for (diff = 0, i = 0; i < sizeof(check_tag); i++) { diff = mbedtls_ct_memcmp(tag, check_tag, sizeof(check_tag));
diff |= tag[i] ^ check_tag[i];
}
if (diff != 0) { if (diff != 0) {
mbedtls_platform_zeroize(output, length); mbedtls_platform_zeroize(output, length);

6
library/gcm.c
View File

@@ -35,6 +35,7 @@
#include "mbedtls/platform.h" #include "mbedtls/platform.h"
#include "mbedtls/platform_util.h" #include "mbedtls/platform_util.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/constant_time.h"
#include <string.h> #include <string.h>
@@ -478,7 +479,6 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char check_tag[16]; unsigned char check_tag[16];
size_t i;
int diff; int diff;
GCM_VALIDATE_RET(ctx != NULL); GCM_VALIDATE_RET(ctx != NULL);
@@ -495,9 +495,7 @@ int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
} }
/* Check tag in "constant-time" */ /* Check tag in "constant-time" */
for (diff = 0, i = 0; i < tag_len; i++) { diff = mbedtls_ct_memcmp(tag, check_tag, tag_len);
diff |= tag[i] ^ check_tag[i];
}
if (diff != 0) { if (diff != 0) {
mbedtls_platform_zeroize(output, length); mbedtls_platform_zeroize(output, length);