diff --git a/library/constant_time.c b/library/constant_time.c index cb156bc9b..0c5c04c1f 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -92,3 +92,22 @@ int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) return( diff ); } + +/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches. + * + * \param value The value to analyze. + * \return Zero if \p value is zero, otherwise all-bits-one. + */ +unsigned mbedtls_cf_uint_mask( unsigned value ) +{ + /* MSVC has a warning about unary minus on unsigned, but this is + * well-defined and precisely what we want to do here */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif +} diff --git a/library/constant_time.h b/library/constant_time.h index e14232b8b..0d6c0fdfc 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -28,3 +28,6 @@ int mbedtls_constant_time_memcmp( const void *v1, const void *v2, size_t len ); unsigned char mbedtls_nist_kw_safer_memcmp( const void *a, const void *b, size_t n ); int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ); + + +unsigned mbedtls_cf_uint_mask( unsigned value ); diff --git a/library/rsa.c b/library/rsa.c index 06653a582..d5151a5e0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1479,25 +1479,6 @@ cleanup: #endif /* MBEDTLS_PKCS1_V21 */ #if defined(MBEDTLS_PKCS1_V15) -/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches. - * - * \param value The value to analyze. - * \return Zero if \p value is zero, otherwise all-bits-one. - */ -static unsigned mbedtls_cf_uint_mask( unsigned value ) -{ - /* MSVC has a warning about unary minus on unsigned, but this is - * well-defined and precisely what we want to do here */ -#if defined(_MSC_VER) -#pragma warning( push ) -#pragma warning( disable : 4146 ) -#endif - return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) ); -#if defined(_MSC_VER) -#pragma warning( pop ) -#endif -} - /** Check whether a size is out of bounds, without branches. * * This is equivalent to `size > max`, but is likely to be compiled to