kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove unnecessary constant-time operation.

Browse Source 
j and md_size are public values, so this can just be done directly. (If
they weren't, we'd have worse problems.) This makes the loop look the
same as the rotation loop below.

Change-Id: Ic75550ad4e40b2015668cb12c26ca2d20bd285b6
Reviewed-on: https://boringssl-review.googlesource.com/12474
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2016-11-30 10:16:04 -05:00 committed by Adam Langley
parent 029cce5cfd
commit a4ddb6e212
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/cipher/tls_cbc.c
View File

@ -226,11 +226,13 @@ void EVP_tls_cbc_copy_mac(uint8_t *out, unsigned md_size,
} }
memset(rotated_mac, 0, md_size); memset(rotated_mac, 0, md_size);
for (unsigned i = scan_start, j = 0; i < orig_len; i++) { for (unsigned i = scan_start, j = 0; i < orig_len; i++, j++) {
if (j >= md_size) {
j -= md_size;
}
uint8_t mac_started = constant_time_ge_8(i, mac_start); uint8_t mac_started = constant_time_ge_8(i, mac_start);
uint8_t mac_ended = constant_time_ge_8(i, mac_end); uint8_t mac_ended = constant_time_ge_8(i, mac_end);
rotated_mac[j++] |= in[i] & mac_started & ~mac_ended; rotated_mac[j] |= in[i] & mac_started & ~mac_ended;
j &= constant_time_lt(j, md_size);
} }
/* Now rotate the MAC. We rotate in log(md_size) steps, one for each bit /* Now rotate the MAC. We rotate in log(md_size) steps, one for each bit