Unify memcmp functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
diff --git a/library/cipher.c b/library/cipher.c
index a53609e..ce5179c 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1159,7 +1159,7 @@
}
/* Check the tag in "constant-time" */
- if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
+ if( mbedtls_cf_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
@@ -1181,7 +1181,7 @@
}
/* Check the tag in "constant-time" */
- if( mbedtls_constant_time_memcmp( tag, check_tag, tag_len ) != 0 )
+ if( mbedtls_cf_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
diff --git a/library/constant_time.c b/library/constant_time.c
index 9783215..2388cab 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -31,10 +31,9 @@
#include <string.h>
-/* constant-time buffer comparison */
-int mbedtls_ssl_safer_memcmp( const void *a,
- const void *b,
- size_t n )
+int mbedtls_cf_memcmp( const void *a,
+ const void *b,
+ size_t n )
{
size_t i;
volatile const unsigned char *A = (volatile const unsigned char *) a;
@@ -50,67 +49,9 @@
diff |= x ^ y;
}
- return( diff );
-}
-
-/* Compare the contents of two buffers in constant time.
- * Returns 0 if the contents are bitwise identical, otherwise returns
- * a non-zero value.
- * This is currently only used by GCM and ChaCha20+Poly1305.
- */
-int mbedtls_constant_time_memcmp( const void *v1,
- const void *v2,
- size_t len )
-{
- const unsigned char *p1 = (const unsigned char*) v1;
- const unsigned char *p2 = (const unsigned char*) v2;
- size_t i;
- unsigned char diff;
-
- for( diff = 0, i = 0; i < len; i++ )
- diff |= p1[i] ^ p2[i];
-
return( (int)diff );
}
-/* constant-time buffer comparison */
-unsigned char mbedtls_nist_kw_safer_memcmp( const void *a,
- const void *b,
- size_t n )
-{
- size_t i;
- volatile const unsigned char *A = (volatile const unsigned char *) a;
- volatile const unsigned char *B = (volatile const unsigned char *) b;
- volatile unsigned char diff = 0;
-
- for( i = 0; i < n; i++ )
- {
- /* Read volatile data in order before computing diff.
- * This avoids IAR compiler warning:
- * 'the order of volatile accesses is undefined ..' */
- unsigned char x = A[i], y = B[i];
- diff |= x ^ y;
- }
-
- return( diff );
-}
-
-/* constant-time buffer comparison */
-int mbedtls_safer_memcmp( const void *a,
- const void *b,
- size_t n )
-{
- size_t i;
- const unsigned char *A = (const unsigned char *) a;
- const unsigned char *B = (const unsigned char *) b;
- unsigned char diff = 0;
-
- for( i = 0; i < n; i++ )
- diff |= A[i] ^ B[i];
-
- return( diff );
-}
-
/** Turn zero-or-nonzero into zero-or-all-bits-one, without branches.
*
* \param value The value to analyze.
diff --git a/library/constant_time.h b/library/constant_time.h
index f890a3d..08e831f 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -29,22 +29,10 @@
#include <stddef.h>
-int mbedtls_ssl_safer_memcmp( const void *a,
- const void *b,
- size_t n );
-int mbedtls_constant_time_memcmp( const void *v1,
- const void *v2,
- size_t len );
-
-unsigned char mbedtls_nist_kw_safer_memcmp( const void *a,
- const void *b,
- size_t n );
-
-int mbedtls_safer_memcmp( const void *a,
- const void *b,
- size_t n );
-
+int mbedtls_cf_memcmp( const void *a,
+ const void *b,
+ size_t n );
unsigned mbedtls_cf_uint_mask( unsigned value );
diff --git a/library/nist_kw.c b/library/nist_kw.c
index aaed42a..b71befd 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -399,7 +399,7 @@
goto cleanup;
/* Check ICV in "constant-time" */
- diff = mbedtls_nist_kw_safer_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
+ diff = mbedtls_cf_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
if( diff != 0 )
{
@@ -448,7 +448,7 @@
}
/* Check ICV in "constant-time" */
- diff = mbedtls_nist_kw_safer_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
+ diff = mbedtls_cf_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
if( diff != 0 )
{
diff --git a/library/rsa.c b/library/rsa.c
index f4131fd..edc8ecc 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1887,7 +1887,7 @@
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
- if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 )
+ if( mbedtls_cf_memcmp( verif, sig, ctx->len ) != 0 )
{
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
goto cleanup;
@@ -2159,8 +2159,8 @@
* Compare
*/
- if( ( ret = mbedtls_safer_memcmp( encoded, encoded_expected,
- sig_len ) ) != 0 )
+ if( ( ret = mbedtls_cf_memcmp( encoded, encoded_expected,
+ sig_len ) ) != 0 )
{
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
goto cleanup;
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 3ef318c..8fd28cf 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1381,9 +1381,9 @@
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len * 2 ||
buf[0] != ssl->verify_data_len * 2 ||
- mbedtls_ssl_safer_memcmp( buf + 1,
+ mbedtls_cf_memcmp( buf + 1,
ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
- mbedtls_ssl_safer_memcmp( buf + 1 + ssl->verify_data_len,
+ mbedtls_cf_memcmp( buf + 1 + ssl->verify_data_len,
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 5936d35..6ed3f2b 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -227,7 +227,7 @@
if( ret != 0 )
return( ret );
- if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
+ if( mbedtls_cf_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
return( -1 );
#if defined(MBEDTLS_HAVE_TIME)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f8f3660..55be047 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1172,7 +1172,7 @@
*
* Afterwards, we know that data + data_len is followed by at
* least maclen Bytes, which justifies the call to
- * mbedtls_ssl_safer_memcmp() below.
+ * mbedtls_cf_memcmp() below.
*
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
@@ -1195,8 +1195,8 @@
transform->maclen );
/* Compare expected MAC with MAC at the end of the record. */
- if( mbedtls_ssl_safer_memcmp( data + rec->data_len, mac_expect,
- transform->maclen ) != 0 )
+ if( mbedtls_cf_memcmp( data + rec->data_len, mac_expect,
+ transform->maclen ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
return( MBEDTLS_ERR_SSL_INVALID_MAC );
@@ -1406,8 +1406,8 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, transform->maclen );
#endif
- if( mbedtls_ssl_safer_memcmp( mac_peer, mac_expect,
- transform->maclen ) != 0 )
+ if( mbedtls_cf_memcmp( mac_peer, mac_expect,
+ transform->maclen ) != 0 )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 716fa7d..c4be197 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -197,7 +197,7 @@
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len ||
buf[0] != ssl->verify_data_len ||
- mbedtls_ssl_safer_memcmp( buf + 1, ssl->peer_verify_data,
+ mbedtls_cf_memcmp( buf + 1, ssl->peer_verify_data,
ssl->verify_data_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
@@ -3673,7 +3673,7 @@
/* Identity is not a big secret since clients send it in the clear,
* but treat it carefully anyway, just in case */
if( n != ssl->conf->psk_identity_len ||
- mbedtls_ssl_safer_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
+ mbedtls_cf_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
{
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c5ffa4d..d6f0385 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2915,7 +2915,7 @@
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
- if( mbedtls_ssl_safer_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
+ if( mbedtls_cf_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
buf, hash_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );