From 2b35880d418a14dcc49d7f17ffe24d0d332c492d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 18 Oct 2021 17:05:06 +0200 Subject: [PATCH] Bind functions' availability for config options Signed-off-by: Gabor Mezei --- library/constant_time.c | 19 +++++++++++++++---- library/constant_time.h | 8 +++++--- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 0c82c0943..952528d98 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -108,6 +108,8 @@ mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ) #endif /* MBEDTLS_BIGNUM_C */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) + /** Constant-flow mask generation for "less than" comparison: * - if \p x < \p y, return all-bits 1, that is (size_t) -1 * - otherwise, return all bits 0, that is 0 @@ -141,6 +143,8 @@ size_t mbedtls_cf_size_mask_ge( size_t x, return( ~mbedtls_cf_size_mask_lt( x, y ) ); } +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ + unsigned mbedtls_cf_size_bool_eq( size_t x, size_t y ) { @@ -167,6 +171,8 @@ unsigned mbedtls_cf_size_bool_eq( size_t x, return( 1 ^ diff1 ); } +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) + /** Constant-flow "greater than" comparison: * return x > y * @@ -185,6 +191,8 @@ static unsigned mbedtls_cf_size_gt( size_t x, return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) ); } +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ + #if defined(MBEDTLS_BIGNUM_C) unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x, @@ -225,6 +233,7 @@ unsigned mbedtls_cf_uint_if( unsigned condition, return( ( mask & if1 ) | (~mask & if0 ) ); } +#if defined(MBEDTLS_BIGNUM_C) /** Select between two sign values witout branches. * @@ -260,8 +269,6 @@ static int mbedtls_cf_cond_select_sign( unsigned char condition, return( (int) ur - 1 ); } -#if defined(MBEDTLS_BIGNUM_C) - void mbedtls_cf_mpi_uint_cond_assign( size_t n, mbedtls_mpi_uint *dest, const mbedtls_mpi_uint *src, @@ -289,6 +296,8 @@ void mbedtls_cf_mpi_uint_cond_assign( size_t n, #endif /* MBEDTLS_BIGNUM_C */ +#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) + /** Shift some data towards the left inside a buffer. * * `mbedtls_cf_mem_move_to_left(start, total, offset)` is functionally @@ -329,6 +338,10 @@ static void mbedtls_cf_mem_move_to_left( void *start, } } +#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */ + +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) + void mbedtls_cf_memcpy_if_eq( unsigned char *dest, const unsigned char *src, size_t len, @@ -360,8 +373,6 @@ void mbedtls_cf_memcpy_offset( unsigned char *dest, } } -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) - int mbedtls_cf_hmac( mbedtls_md_context_t *ctx, const unsigned char *add_data, size_t add_data_len, diff --git a/library/constant_time.h b/library/constant_time.h index d2301aaa5..5796f120d 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -92,6 +92,8 @@ mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ); #endif /* MBEDTLS_BIGNUM_C */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) + /** Constant-flow mask generation for "greater or equal" comparison: * - if \p x >= \p y, return all-bits 1, that is (size_t) -1 * - otherwise, return all bits 0, that is 0 @@ -108,6 +110,8 @@ mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ); size_t mbedtls_cf_size_mask_ge( size_t x, size_t y ); +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ + /** Constant-flow boolean "equal" comparison: * return x == y * @@ -122,7 +126,6 @@ size_t mbedtls_cf_size_mask_ge( size_t x, unsigned mbedtls_cf_size_bool_eq( size_t x, size_t y ); - #if defined(MBEDTLS_BIGNUM_C) /** Decide if an integer is less than the other, without branches. @@ -176,6 +179,7 @@ void mbedtls_cf_mpi_uint_cond_assign( size_t n, #endif /* MBEDTLS_BIGNUM_C */ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) /** Conditional memcpy without branches. * @@ -219,8 +223,6 @@ void mbedtls_cf_memcpy_offset( unsigned char *dest, size_t offset_max, size_t len ); -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) - /** Compute the HMAC of variable-length data with constant flow. * * This function computes the HMAC of the concatenation of \p add_data and \p