commit a81373f80e82cca9f6e4b4cfe3f8a01a14d8e1f9
author Dave Rodgman <dave.rodgman@arm.com> Wed May 17 12:36:01 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Fri May 26 12:42:48 2023 +0100
tree e327ceb4ef873c2b99f4fac5552d30d735d3bce2
parent 7fe6e6fb2bafbd4386316d1fc5a80a05a270c384

Use new CT interface in ssl_msg.c

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 69706cf..b5019ef 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -148,8 +148,8 @@
         PSA_CHK(psa_hash_finish(&aux_operation, aux_out,
                                 PSA_HASH_MAX_SIZE, &hash_length));
         /* Keep only the correct inner_hash in the output buffer */
-        mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
-                                offset, data_len_secret);
+        mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret),
+                             output, aux_out, NULL, hash_size);
 
         if (offset < max_data_len) {
             PSA_CHK(psa_hash_update(&operation, data + offset, 1));
@@ -251,8 +251,8 @@
         MD_CHK(mbedtls_md_clone(&aux, ctx));
         MD_CHK(mbedtls_md_finish(&aux, aux_out));
         /* Keep only the correct inner_hash in the output buffer */
-        mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
-                                offset, data_len_secret);
+        mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret),
+                             output, aux_out, NULL, hash_size);
 
         if (offset < max_data_len) {
             MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
@@ -1912,11 +1912,11 @@
         padlen = data[rec->data_len - 1];
 
         if (auth_done == 1) {
-            const size_t mask = mbedtls_ct_size_mask_ge(
+            const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge(
                 rec->data_len,
                 padlen + 1);
-            correct &= mask;
-            padlen  &= mask;
+            correct = mbedtls_ct_size_if0(ge, correct);
+            padlen  = mbedtls_ct_size_if0(ge, padlen);
         } else {
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
             if (rec->data_len < transform->maclen + padlen + 1) {
@@ -1928,12 +1928,11 @@
                                           padlen + 1));
             }
 #endif
-
-            const size_t mask = mbedtls_ct_size_mask_ge(
+            const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge(
                 rec->data_len,
                 transform->maclen + padlen + 1);
-            correct &= mask;
-            padlen  &= mask;
+            correct = mbedtls_ct_size_if0(ge, correct);
+            padlen  = mbedtls_ct_size_if0(ge, padlen);
         }
 
         padlen++;
@@ -1962,19 +1961,20 @@
             /* pad_count += (idx >= padding_idx) &&
              *              (check[idx] == padlen - 1);
              */
-            const size_t mask = mbedtls_ct_size_mask_ge(idx, padding_idx);
-            const size_t equal = mbedtls_ct_size_bool_eq(check[idx],
-                                                         padlen - 1);
-            pad_count += mask & equal;
+            const mbedtls_ct_condition_t a = mbedtls_ct_bool_ge(idx, padding_idx);
+            size_t increment = mbedtls_ct_size_if0(a, 1);
+            const mbedtls_ct_condition_t b = mbedtls_ct_bool_eq(check[idx], padlen - 1);
+            increment = mbedtls_ct_size_if0(b, increment);
+            pad_count += increment;
         }
-        correct &= mbedtls_ct_size_bool_eq(pad_count, padlen);
+        correct = mbedtls_ct_size_if0(mbedtls_ct_bool_eq(pad_count, padlen), padlen);
 
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
         if (padlen > 0 && correct == 0) {
             MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected"));
         }
 #endif
-        padlen &= mbedtls_ct_size_mask(correct);
+        padlen = mbedtls_ct_size_if0(mbedtls_ct_bool(correct), padlen);
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */