lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Rename function to have suitable name

Browse Source 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This commit is contained in:
gabor-mezei-arm
2021-09-28 16:14:47 +02:00
committed by Gabor Mezei
parent 9055972227
commit e41e3e8a8b
5 changed files with 96 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
library/ssl_msg.c
View File

@ -1055,7 +1055,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit )
static size_t mbedtls_cf_size_mask( size_t bit )
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
@ -1080,7 +1080,7 @@ static size_t mbedtls_ssl_cf_mask_from_bit( size_t bit )
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y )
static size_t mbedtls_cf_size_mask_lt( size_t x, size_t y )
{
/* This has the most significant bit set if and only if x < y */
const size_t sub = x - y;
@ -1089,7 +1089,7 @@ static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y )
const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
/* mask = (x < y) ? 0xff... : 0x00... */
const size_t mask = mbedtls_ssl_cf_mask_from_bit( sub1 );
const size_t mask = mbedtls_cf_size_mask( sub1 );
return( mask );
}
@ -1105,9 +1105,9 @@ static size_t mbedtls_ssl_cf_mask_lt( size_t x, size_t y )
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y )
static size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
{
return( ~mbedtls_ssl_cf_mask_lt( x, y ) );
return( ~mbedtls_cf_size_mask_lt( x, y ) );
}
/*
@ -1116,12 +1116,12 @@ static size_t mbedtls_ssl_cf_mask_ge( size_t x, size_t y )
*
* This function can be used to write constant-time code by replacing branches
* with bit operations - it can be used in conjunction with
* mbedtls_ssl_cf_mask_from_bit().
* mbedtls_cf_size_mask().
*
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y )
static size_t mbedtls_cf_size_bool_eq( size_t x, size_t y )
{
/* diff = 0 if x == y, non-zero otherwise */
const size_t diff = x ^ y;
@ -1155,14 +1155,14 @@ static size_t mbedtls_ssl_cf_bool_eq( size_t x, size_t y )
* This function is implemented without using comparison operators, as those
* might be translated to branches by some compilers on some platforms.
*/
static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst,
const unsigned char *src,
size_t len,
size_t c1, size_t c2 )
static void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
const unsigned char *src,
size_t len,
size_t c1, size_t c2 )
{
/* mask = c1 == c2 ? 0xff : 0x00 */
const size_t equal = mbedtls_ssl_cf_bool_eq( c1, c2 );
const unsigned char mask = (unsigned char) mbedtls_ssl_cf_mask_from_bit( equal );
const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
/* dst[i] = c1 == c2 ? src[i] : dst[i] */
for( size_t i = 0; i < len; i++ )
@ -1175,7 +1175,7 @@ static void mbedtls_ssl_cf_memcpy_if_eq( unsigned char *dst,
* Only works with MD-5, SHA-1, SHA-256 and SHA-384.
* (Otherwise, computation of block_size needs to be adapted.)
*/
MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
MBEDTLS_STATIC_TESTABLE int mbedtls_cf_hmac(
mbedtls_md_context_t *ctx,
const unsigned char *add_data, size_t add_data_len,
const unsigned char *data, size_t data_len_secret,
@ -1231,8 +1231,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
MD_CHK( mbedtls_md_clone( &aux, ctx ) );
MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
/* Keep only the correct inner_hash in the output buffer */
mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size,
offset, data_len_secret );
mbedtls_cf_memcpy_if_eq( output, aux_out, hash_size,
offset, data_len_secret );
if( offset < max_data_len )
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
@ -1262,7 +1262,7 @@ cleanup:
* - functionally equivalent to memcpy(dst, src + offset_secret, len)
* - but with execution flow independent from the value of offset_secret.
*/
MBEDTLS_STATIC_TESTABLE void mbedtls_ssl_cf_memcpy_offset(
MBEDTLS_STATIC_TESTABLE void mbedtls_cf_memcpy_offset(
unsigned char *dst,
const unsigned char *src_base,
size_t offset_secret,
@ -1273,8 +1273,8 @@ MBEDTLS_STATIC_TESTABLE void mbedtls_ssl_cf_memcpy_offset(
for( offset = offset_min; offset <= offset_max; offset++ )
{
mbedtls_ssl_cf_memcpy_if_eq( dst, src_base + offset, len,
offset, offset_secret );
mbedtls_cf_memcpy_if_eq( dst, src_base + offset, len,
offset, offset_secret );
}
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@ -1620,7 +1620,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
if( auth_done == 1 )
{
const size_t mask = mbedtls_ssl_cf_mask_ge(
const size_t mask = mbedtls_cf_size_mask_ge(
rec->data_len,
padlen + 1 );
correct &= mask;
@ -1640,7 +1640,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
}
#endif
const size_t mask = mbedtls_ssl_cf_mask_ge(
const size_t mask = mbedtls_cf_size_mask_ge(
rec->data_len,
transform->maclen + padlen + 1 );
correct &= mask;
@ -1696,18 +1696,18 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
/* pad_count += (idx >= padding_idx) &&
* (check[idx] == padlen - 1);
*/
const size_t mask = mbedtls_ssl_cf_mask_ge( idx, padding_idx );
const size_t equal = mbedtls_ssl_cf_bool_eq( check[idx],
padlen - 1 );
const size_t mask = mbedtls_cf_size_mask_ge( idx, padding_idx );
const size_t equal = mbedtls_cf_size_bool_eq( check[idx],
padlen - 1 );
pad_count += mask & equal;
}
correct &= mbedtls_ssl_cf_bool_eq( pad_count, padlen );
correct &= mbedtls_cf_size_bool_eq( pad_count, padlen );
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
#endif
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
padlen &= mbedtls_cf_size_mask( correct );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@ -1791,20 +1791,20 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
ret = mbedtls_ssl_cf_hmac( &transform->md_ctx_dec,
add_data, add_data_len,
data, rec->data_len, min_len, max_len,
mac_expect );
ret = mbedtls_cf_hmac( &transform->md_ctx_dec,
add_data, add_data_len,
data, rec->data_len, min_len, max_len,
mac_expect );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_cf_hmac", ret );
return( ret );
}
mbedtls_ssl_cf_memcpy_offset( mac_peer, data,
rec->data_len,
min_len, max_len,
transform->maclen );
mbedtls_cf_memcpy_offset( mac_peer, data,
rec->data_len,
min_len, max_len,
transform->maclen );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \