Merge branch 'iotssl-1419-safermemcmp-volatile' into development-restricted

This commit is contained in:
Gilles Peskine 2017-11-28 13:52:33 +01:00
commit 80441c666f
2 changed files with 4 additions and 3 deletions

View file

@ -18,6 +18,7 @@ Security
application layer can be forced into sending such large packets. The issue
was independently reported by Tim Nordell via e-mail and by Florin Petriuc
and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707.
* Tighten should-be-constant-time memcmp against compiler optimizations.
Features
* Allow comments in test data files.

View file

@ -600,9 +600,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
{
size_t i;
const unsigned char *A = (const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b;
unsigned char diff = 0;
volatile const unsigned char *A = (volatile const unsigned char *) a;
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i];