make ConstantCompare available outside of internal.c
This commit is contained in:
toddouska
parent
6cced22256
commit
b7db43a189
@ -217,7 +217,6 @@ static INLINE void c16toa(word16 u16, byte* c)
|
||||
c[1] = u16 & 0xff;
|
||||
}
|
||||
|
||||
static int ConstantCompare(const byte* a, const byte* b, int length);
|
||||
|
||||
#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
|
||||
|| defined(HAVE_AESGCM)
|
||||
@ -6138,20 +6137,6 @@ static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
|
||||
}
|
||||
|
||||
|
||||
/* check all length bytes for equality, return 0 on success */
|
||||
static int ConstantCompare(const byte* a, const byte* b, int length)
|
||||
{
|
||||
int i;
|
||||
int compareSum = 0;
|
||||
|
||||
for (i = 0; i < length; i++) {
|
||||
compareSum |= a[i] ^ b[i];
|
||||
}
|
||||
|
||||
return compareSum;
|
||||
}
|
||||
|
||||
|
||||
/* check all length bytes for the pad value, return 0 on success */
|
||||
static int PadCheck(const byte* input, byte pad, int length)
|
||||
{
|
||||
|
||||
@ -3408,7 +3408,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
||||
#endif
|
||||
xorbuf(Tprime, EKY0, sizeof(Tprime));
|
||||
|
||||
if (XMEMCMP(authTag, Tprime, authTagSz) != 0) {
|
||||
if (ConstantCompare(authTag, Tprime, authTagSz) != 0) {
|
||||
return AES_GCM_AUTH_E;
|
||||
}
|
||||
}
|
||||
@ -3744,7 +3744,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
||||
#endif
|
||||
xorbuf(A, B, authTagSz);
|
||||
|
||||
if (XMEMCMP(A, authTag, authTagSz) != 0) {
|
||||
if (ConstantCompare(A, authTag, authTagSz) != 0) {
|
||||
/* If the authTag check fails, don't keep the decrypted data.
|
||||
* Unfortunately, you need the decrypted data to calculate the
|
||||
* check value. */
|
||||
|
||||
@ -53,7 +53,6 @@ static int calculateAuthTag(
|
||||
const byte* inAAD, const word32 inAADLen,
|
||||
const byte *inCiphertext, const word32 inCiphertextLen,
|
||||
byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]);
|
||||
static int constantTimeCompare(const byte *a, const byte *b, word32 len);
|
||||
|
||||
int wc_ChaCha20Poly1305_Encrypt(
|
||||
const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE],
|
||||
@ -151,8 +150,8 @@ int wc_ChaCha20Poly1305_Decrypt(
|
||||
calculatedAuthTag);
|
||||
|
||||
/* Compare the calculated auth tag with the received one */
|
||||
if (err == 0 && constantTimeCompare(inAuthTag, calculatedAuthTag,
|
||||
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) != 0)
|
||||
if (err == 0 && ConstantCompare(inAuthTag, calculatedAuthTag,
|
||||
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) != 0)
|
||||
{
|
||||
err = MAC_CMP_FAILED_E;
|
||||
}
|
||||
@ -272,17 +271,4 @@ static void word32ToLittle64(const word32 inLittle32, byte outLittle64[8])
|
||||
}
|
||||
|
||||
|
||||
static int constantTimeCompare(const byte *a, const byte *b, word32 len)
|
||||
{
|
||||
word32 i;
|
||||
byte result = 0;
|
||||
|
||||
for (i = 0; i < len; i++)
|
||||
{
|
||||
result |= a[i] ^ b[i];
|
||||
}
|
||||
|
||||
return (int)result;
|
||||
}
|
||||
|
||||
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
|
||||
|
||||
@ -179,4 +179,18 @@ STATIC INLINE void ForceZero(const void* mem, word32 len)
|
||||
while (len--) *z++ = 0;
|
||||
}
|
||||
|
||||
|
||||
/* check all length bytes for equality, return 0 on success */
|
||||
STATIC INLINE int ConstantCompare(const byte* a, const byte* b, int length)
|
||||
{
|
||||
int i;
|
||||
int compareSum = 0;
|
||||
|
||||
for (i = 0; i < length; i++) {
|
||||
compareSum |= a[i] ^ b[i];
|
||||
}
|
||||
|
||||
return compareSum;
|
||||
}
|
||||
|
||||
#undef STATIC
|
||||
|
||||
@ -51,6 +51,9 @@ void xorbuf(void*, const void*, word32);
|
||||
WOLFSSL_LOCAL
|
||||
void ForceZero(const void*, word32);
|
||||
|
||||
WOLFSSL_LOCAL
|
||||
int ConstantCompare(const byte*, const byte*, int);
|
||||
|
||||
#ifdef WORD64_AVAILABLE
|
||||
WOLFSSL_LOCAL
|
||||
word64 rotlFixed64(word64, word64);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user