mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 01:05:40 +01:00
Removed possible cache-timing difference for pad check
This commit is contained in:
parent
8b817dc47e
commit
ca9c87ed2b
@ -1510,17 +1510,17 @@ static int ssl_decrypt_buf( ssl_context *ssl )
|
||||
* TLSv1+: always check the padding up to the first failure
|
||||
* and fake check up to 256 bytes of padding
|
||||
*/
|
||||
size_t pad_count = 0, fake_pad_count = 0;
|
||||
size_t pad_count = 0, real_count = 1;
|
||||
size_t padding_idx = ssl->in_msglen - padlen - 1;
|
||||
|
||||
for( i = 1; i <= padlen; i++ )
|
||||
pad_count += ( ssl->in_msg[padding_idx + i] == padlen - 1 );
|
||||
|
||||
for( ; i <= 256; i++ )
|
||||
fake_pad_count += ( ssl->in_msg[padding_idx + i] == padlen - 1 );
|
||||
for( i = 1; i <= 256; i++ )
|
||||
{
|
||||
real_count &= ( i <= padlen );
|
||||
pad_count += real_count *
|
||||
( ssl->in_msg[padding_idx + i] == padlen - 1 );
|
||||
}
|
||||
|
||||
correct &= ( pad_count == padlen ); /* Only 1 on correct padding */
|
||||
correct &= ( pad_count + fake_pad_count < 512 ); /* Always 1 */
|
||||
|
||||
#if defined(POLARSSL_SSL_DEBUG_ALL)
|
||||
if( padlen > 0 && correct == 0)
|
||||
|
Loading…
Reference in New Issue
Block a user