mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 15:41:06 +00:00
Evolve choose_int_from_mask to if_int
Make the function more robust by taking an arbitrary zero/nonzero argument instead of insisting on zero/all-bits-one. Update and fix its documentation.
This commit is contained in:
parent
b0034327cb
commit
9f11f21a26
|
@ -958,9 +958,9 @@ cleanup:
|
||||||
/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches.
|
/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches.
|
||||||
*
|
*
|
||||||
* \param value The value to analyze.
|
* \param value The value to analyze.
|
||||||
* \return \c 0 if \p value is zero, otherwise \c 0xff.
|
* \return Zero if \p value is zero, otherwise all-bits-one.
|
||||||
*/
|
*/
|
||||||
static unsigned unsigned_all_or_nothing( unsigned value )
|
static unsigned all_or_nothing_int( unsigned value )
|
||||||
{
|
{
|
||||||
/* MSVC has a warning about unary minus on unsigned, but this is
|
/* MSVC has a warning about unary minus on unsigned, but this is
|
||||||
* well-defined and precisely what we want to do here */
|
* well-defined and precisely what we want to do here */
|
||||||
|
@ -976,13 +976,17 @@ static unsigned unsigned_all_or_nothing( unsigned value )
|
||||||
|
|
||||||
/** Choose between two integer values, without branches.
|
/** Choose between two integer values, without branches.
|
||||||
*
|
*
|
||||||
* \param mask Either \c 0 or \c ~0.
|
* This is equivalent to `cond ? if1 : if0`, but is likely to be compiled
|
||||||
* \param if0 Value to use if \p mask = \c 0.
|
* to code using bitwise operation rather than a branch.
|
||||||
* \param if1 Value to use if \p mask = \c ~0.
|
*
|
||||||
* \return \c if1 if \p value is zero, otherwise \c if0.
|
* \param cond Condition to test.
|
||||||
|
* \param if1 Value to use if \p cond is nonzero.
|
||||||
|
* \param if0 Value to use if \p cond is zero.
|
||||||
|
* \return \c if1 if \p cond is nonzero, otherwise \c if0.
|
||||||
*/
|
*/
|
||||||
static unsigned choose_int_from_mask( unsigned mask, unsigned if1, unsigned if0 )
|
static unsigned if_int( unsigned cond, unsigned if1, unsigned if0 )
|
||||||
{
|
{
|
||||||
|
unsigned mask = all_or_nothing_int( cond );
|
||||||
return( ( mask & if1 ) | (~mask & if0 ) );
|
return( ( mask & if1 ) | (~mask & if0 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1066,7 +1070,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
/* Set bad to zero if the padding is valid and
|
/* Set bad to zero if the padding is valid and
|
||||||
* all-bits-one otherwise. The whole calculation of bad
|
* all-bits-one otherwise. The whole calculation of bad
|
||||||
* is done in such a way to avoid branches. */
|
* is done in such a way to avoid branches. */
|
||||||
bad = unsigned_all_or_nothing( bad );
|
bad = all_or_nothing_int( bad );
|
||||||
|
|
||||||
/* If the padding is valid, set plaintext_size to the number of
|
/* If the padding is valid, set plaintext_size to the number of
|
||||||
* remaining bytes after stripping the padding. If the padding
|
* remaining bytes after stripping the padding. If the padding
|
||||||
|
@ -1075,9 +1079,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
||||||
* buffer. Do it without branches to avoid leaking the padding
|
* buffer. Do it without branches to avoid leaking the padding
|
||||||
* validity through timing. RSA keys are small enough that all the
|
* validity through timing. RSA keys are small enough that all the
|
||||||
* size_t values involved fit in unsigned int. */
|
* size_t values involved fit in unsigned int. */
|
||||||
plaintext_size = choose_int_from_mask( bad,
|
plaintext_size = if_int( bad,
|
||||||
(unsigned) plaintext_max_size,
|
(unsigned) plaintext_max_size,
|
||||||
(unsigned) ( ilen - ( p - buf ) ) );
|
(unsigned) ( ilen - ( p - buf ) ) );
|
||||||
|
|
||||||
/* Check if the decrypted plaintext fits in the output buffer.
|
/* Check if the decrypted plaintext fits in the output buffer.
|
||||||
* If the padding is bad, this will always be the case,
|
* If the padding is bad, this will always be the case,
|
||||||
|
|
Loading…
Reference in a new issue