mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 21:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prevent clever optimization to prematurely quit loop in safe memcmp

Browse Source 
The previous version of `mbedtls_ssl_safer_memcmp` did not qualify the
pointers to the arrays to be compared as volatile, theoretically
opening the possibility for the compiler to notice that the loop
operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This
commit changes this. It also declares the stack variable `diff` as
volatile, to force read and write in every loop; omitting that, the
compiler would still be allowed to get away with reading `A[i]` and
`B[i]` but not doing the XOR and not updating `diff`.
This commit is contained in:
Hanno Becker 2017-06-26 13:26:58 +01:00
parent 5a1c0e7162
commit 59e6963a37
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/mbedtls/ssl_internal.h
View File

@ -600,9 +600,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
{ {
size_t i; size_t i;
const unsigned char *A = (const unsigned char *) a; volatile const unsigned char *A = (volatile const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b; volatile const unsigned char *B = (volatile const unsigned char *) b;
unsigned char diff = 0; volatile unsigned char diff = 0;
for( i = 0; i < n; i++ ) for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i]; diff |= A[i] ^ B[i];