From 9cb55698aa557caa441cfa6d115fa0b51a669221 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 11 Aug 2021 15:07:02 +0200 Subject: [PATCH] Propagate usage of mask generation functions Signed-off-by: gabor-mezei-arm --- library/constant_time.c | 48 +++++++++++++++++------------------------ library/constant_time.h | 6 ++++++ library/ssl_srv.c | 11 +--------- 3 files changed, 27 insertions(+), 38 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index a407c798bb..76cab097ae 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -96,6 +96,24 @@ size_t mbedtls_cf_size_mask( size_t value ) #endif } +#if defined(MBEDTLS_BIGNUM_C) + +mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ) +{ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif +} + +#endif /* MBEDTLS_BIGNUM_C */ + /* * Constant-flow mask generation for "less than" comparison: * - if x < y, return all bits 1, that is (size_t) -1 @@ -526,21 +544,8 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( Y != NULL ); - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* make sure assign is 0 or 1 in a time-constant manner */ - assign = (assign | (unsigned char)-assign) >> (sizeof( assign ) * 8 - 1); /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */ - limb_mask = -assign; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif + limb_mask = mbedtls_cf_mpi_uint_mask( assign );; MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); @@ -575,21 +580,8 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, if( X == Y ) return( 0 ); - /* MSVC has a warning about unary minus on unsigned integer types, - * but this is well-defined and precisely what we want to do here. */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - - /* make sure swap is 0 or 1 in a time-constant manner */ - swap = (swap | (unsigned char)-swap) >> (sizeof( swap ) * 8 - 1); /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */ - limb_mask = -swap; - -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif + limb_mask = mbedtls_cf_mpi_uint_mask( swap ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) ); diff --git a/library/constant_time.h b/library/constant_time.h index 80e59dac6e..ce2a9ef57b 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -38,6 +38,12 @@ unsigned mbedtls_cf_uint_mask( unsigned value ); size_t mbedtls_cf_size_mask( size_t value ); +#if defined(MBEDTLS_BIGNUM_C) + +mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ); + +#endif /* MBEDTLS_BIGNUM_C */ + size_t mbedtls_cf_size_mask_lt( size_t x, size_t y ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c4be1970e7..989cfe07b4 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3581,16 +3581,7 @@ static int ssl_parse_encrypted_pms( mbedtls_ssl_context *ssl, diff |= peer_pms[1] ^ ver[1]; /* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */ - /* MSVC has a warning about unary minus on unsigned, but this is - * well-defined and precisely what we want to do here */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - mask = - ( ( diff | - diff ) >> ( sizeof( unsigned int ) * 8 - 1 ) ); -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif + mask = mbedtls_cf_uint_mask( diff ); /* * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding