Skip to content

Commit

Permalink
Remove last use of non-bit operations
Browse files Browse the repository at this point in the history
According to https://www.bearssl.org/ctmul.html even single-precision
multiplication is not constant-time on some older platforms.

An added benefit of the new code is that it removes the somewhat mysterious
constant 0x1ff - which was selected because at that point the maximum value of
padlen was 256. The new code is perhaps a bit more readable for that reason.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
  • Loading branch information
mpg committed Sep 18, 2020
1 parent 2a59fb4 commit 822b372
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion library/ssl_msg.c
Original file line number Diff line number Diff line change
Expand Up @@ -1679,7 +1679,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
if( padlen > 0 && correct == 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
#endif
padlen &= correct * 0x1FF;
padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
Expand Down

0 comments on commit 822b372

Please sign in to comment.