Merge branch 'iotssl-1419-safermemcmp-volatile' into development-restricted

This commit is contained in:
Gilles Peskine 2017-11-28 13:52:33 +01:00
commit 80441c666f
2 changed files with 4 additions and 3 deletions

View file

@ -18,6 +18,7 @@ Security
application layer can be forced into sending such large packets. The issue application layer can be forced into sending such large packets. The issue
was independently reported by Tim Nordell via e-mail and by Florin Petriuc was independently reported by Tim Nordell via e-mail and by Florin Petriuc
and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707. and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707.
* Tighten should-be-constant-time memcmp against compiler optimizations.
Features Features
* Allow comments in test data files. * Allow comments in test data files.

View file

@ -600,9 +600,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n ) static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
{ {
size_t i; size_t i;
const unsigned char *A = (const unsigned char *) a; volatile const unsigned char *A = (volatile const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b; volatile const unsigned char *B = (volatile const unsigned char *) b;
unsigned char diff = 0; volatile unsigned char diff = 0;
for( i = 0; i < n; i++ ) for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i]; diff |= A[i] ^ B[i];