commit b7825ceb3edcfed059ff8ccbff01d0086263b217
author Dave Rodgman <dave.rodgman@arm.com> Thu Aug 10 11:58:18 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Thu Aug 10 11:58:18 2023 +0100
tree 25b59d18e1f8855d89b07afb919e3cd9d167948a
parent 4dd89310e96817f6e6a67cbec99395db7074d1f6

Rename uint->bool operators to reflect input types

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/bignum.c

diff --git a/library/bignum.c b/library/bignum.c
index 8a061df..2a7786f 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1728,7 +1728,7 @@
 
     for (size_t i = 0; i < T_size; i++) {
         MBEDTLS_MPI_CHK(mbedtls_mpi_safe_cond_assign(R, &T[i],
-                                                     (unsigned char) mbedtls_ct_bool_eq(i, idx)));
+                                                     (unsigned char) mbedtls_ct_uint_eq(i, idx)));
     }
 cleanup:
     return ret;

library/bignum_core.c

diff --git a/library/bignum_core.c b/library/bignum_core.c
index cae8905..157ac07 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -149,7 +149,7 @@
                                                     size_t A_limbs)
 {
     /* min <= least significant limb? */
-    mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_bool_ge(A[0], min);
+    mbedtls_ct_condition_t min_le_lsl = mbedtls_ct_uint_ge(A[0], min);
 
     /* limbs other than the least significant one are all zero? */
     mbedtls_ct_condition_t msll_mask = MBEDTLS_CT_FALSE;
@@ -176,7 +176,7 @@
          * Again even if we can make a decision, we just mark the result and
          * the fact that we are done and continue looping.
          */
-        cond = mbedtls_ct_bool_lt(B[i - 1], A[i - 1]);
+        cond = mbedtls_ct_uint_lt(B[i - 1], A[i - 1]);
         done = mbedtls_ct_bool_or(done, cond);
 
         /*
@@ -185,7 +185,7 @@
          * Again even if we can make a decision, we just mark the result and
          * the fact that we are done and continue looping.
          */
-        cond = mbedtls_ct_bool_lt(A[i - 1], B[i - 1]);
+        cond = mbedtls_ct_uint_lt(A[i - 1], B[i - 1]);
         ret  = mbedtls_ct_bool_or(ret, mbedtls_ct_bool_and(cond, mbedtls_ct_bool_not(done)));
         done = mbedtls_ct_bool_or(done, cond);
     }
@@ -634,7 +634,7 @@
                                            size_t index)
 {
     for (size_t i = 0; i < count; i++, table += limbs) {
-        mbedtls_ct_condition_t assign = mbedtls_ct_bool_eq(i, index);
+        mbedtls_ct_condition_t assign = mbedtls_ct_uint_eq(i, index);
         mbedtls_mpi_core_cond_assign(dest, table, limbs, assign);
     }
 }

library/constant_time.c

diff --git a/library/constant_time.c b/library/constant_time.c
index d4bd331..20e215a 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -131,7 +131,7 @@
 {
     volatile unsigned char *buf = start;
     for (size_t i = 0; i < total; i++) {
-        mbedtls_ct_condition_t no_op = mbedtls_ct_bool_gt(total - offset, i);
+        mbedtls_ct_condition_t no_op = mbedtls_ct_uint_gt(total - offset, i);
         /* The first `total - offset` passes are a no-op. The last
          * `offset` passes shift the data one byte to the left and
          * zero out the last byte. */
@@ -188,7 +188,7 @@
     size_t offsetval;
 
     for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
-        mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offsetval, offset), dest, src + offsetval, NULL,
+        mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offsetval, offset), dest, src + offsetval, NULL,
                              len);
     }
 }

library/constant_time_impl.h

diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h
index 1fa655d..1660c12 100644
--- a/library/constant_time_impl.h
+++ b/library/constant_time_impl.h
@@ -143,7 +143,7 @@
     return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0));
 }
 
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
 {
     /* Ensure that the compiler cannot optimise the following operations over x and y,
      * even if it knows the value of x and y.
@@ -175,7 +175,7 @@
     return mbedtls_ct_bool(ret);
 }
 
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y)
 {
     /* diff = 0 if x == y, non-zero otherwise */
     const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y);
@@ -252,28 +252,28 @@
 
 #endif /* MBEDTLS_BIGNUM_C */
 
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y)
 {
-    return ~mbedtls_ct_bool_ne(x, y);
+    return ~mbedtls_ct_uint_ne(x, y);
 }
 
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y)
 {
-    return mbedtls_ct_bool_lt(y, x);
+    return mbedtls_ct_uint_lt(y, x);
 }
 
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y)
 {
-    return ~mbedtls_ct_bool_lt(x, y);
+    return ~mbedtls_ct_uint_lt(x, y);
 }
 
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y)
 {
-    return ~mbedtls_ct_bool_gt(x, y);
+    return ~mbedtls_ct_uint_gt(x, y);
 }
 
 static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x,

library/constant_time_internal.h

diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 6d549f1..dc4c5f9 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -37,10 +37,11 @@
  * It has three main parts:
  *
  * - boolean operations
- *   These are all named mbedtls_ct_bool_<operation>, and operate over
+ *   These are all named mbedtls_ct_<type>_<operation>, and operate over
  *   mbedtls_ct_condition_t.
  *   All arguments are considered secret.
  *   example: bool x = y | z          =>    x = mbedtls_ct_bool_or(y, z)
+ *   example: bool x = y == z         =>    x = mbedtls_ct_uint_eq(y, z)
  *
  * - conditional data selection
  *   These are all named mbedtls_ct_<type>_if and mbedtls_ct_<type>_if0
@@ -118,7 +119,7 @@
  *
  * \return      MBEDTLS_CT_TRUE if \p x != \p y, otherwise MBEDTLS_CT_FALSE.
  */
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
 
 /** Boolean "equals" operation.
  *
@@ -131,7 +132,7 @@
  *
  * \return      MBEDTLS_CT_TRUE if \p x == \p y, otherwise MBEDTLS_CT_FALSE.
  */
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_eq(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y);
 
 /** Boolean "less than" operation.
@@ -145,7 +146,7 @@
  *
  * \return      MBEDTLS_CT_TRUE if \p x < \p y, otherwise MBEDTLS_CT_FALSE.
  */
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y);
 
 /** Boolean "greater than" operation.
  *
@@ -158,7 +159,7 @@
  *
  * \return      MBEDTLS_CT_TRUE if \p x > \p y, otherwise MBEDTLS_CT_FALSE.
  */
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_gt(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y);
 
 /** Boolean "greater or equal" operation.
@@ -173,7 +174,7 @@
  * \return      MBEDTLS_CT_TRUE if \p x >= \p y,
  *              otherwise MBEDTLS_CT_FALSE.
  */
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_ge(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y);
 
 /** Boolean "less than or equal" operation.
@@ -188,7 +189,7 @@
  * \return      MBEDTLS_CT_TRUE if \p x <= \p y,
  *              otherwise MBEDTLS_CT_FALSE.
  */
-static inline mbedtls_ct_condition_t mbedtls_ct_bool_le(mbedtls_ct_uint_t x,
+static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x,
                                                         mbedtls_ct_uint_t y);
 
 /** Boolean "xor" operation.

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index 182ab21..65caf90 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -120,13 +120,13 @@
 
     /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00
      * where PS must be at least 8 nonzero bytes. */
-    bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_ne(input[1], MBEDTLS_RSA_CRYPT));
+    bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_ne(input[1], MBEDTLS_RSA_CRYPT));
 
     /* Read the whole buffer. Set pad_done to nonzero if we find
      * the 0x00 byte and remember the padding length in pad_count. */
     pad_done = MBEDTLS_CT_FALSE;
     for (i = 2; i < ilen; i++) {
-        mbedtls_ct_condition_t found = mbedtls_ct_bool_eq(input[i], 0);
+        mbedtls_ct_condition_t found = mbedtls_ct_uint_eq(input[i], 0);
         pad_done   = mbedtls_ct_bool_or(pad_done, found);
         pad_count += mbedtls_ct_uint_if0(mbedtls_ct_bool_not(pad_done), 1);
     }
@@ -135,7 +135,7 @@
     bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_not(pad_done));
 
     /* There must be at least 8 bytes of padding. */
-    bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_gt(8, pad_count));
+    bad = mbedtls_ct_bool_or(bad, mbedtls_ct_uint_gt(8, pad_count));
 
     /* If the padding is valid, set plaintext_size to the number of
      * remaining bytes after stripping the padding. If the padding
@@ -150,7 +150,7 @@
 
     /* Set output_too_large to 0 if the plaintext fits in the output
      * buffer and to 1 otherwise. */
-    output_too_large = mbedtls_ct_bool_gt(plaintext_size,
+    output_too_large = mbedtls_ct_uint_gt(plaintext_size,
                                           plaintext_max_size);
 
     /* Set ret without branches to avoid timing attacks. Return:

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 72d5f32..a725002 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -257,7 +257,7 @@
         MD_CHK(mbedtls_md_clone(&aux, ctx));
         MD_CHK(mbedtls_md_finish(&aux, aux_out));
         /* Keep only the correct inner_hash in the output buffer */
-        mbedtls_ct_memcpy_if(mbedtls_ct_bool_eq(offset, data_len_secret),
+        mbedtls_ct_memcpy_if(mbedtls_ct_uint_eq(offset, data_len_secret),
                              output, aux_out, NULL, hash_size);
 
         if (offset < max_data_len) {
@@ -1918,7 +1918,7 @@
         padlen = data[rec->data_len - 1];
 
         if (auth_done == 1) {
-            const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge(
+            const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
                 rec->data_len,
                 padlen + 1);
             correct = mbedtls_ct_size_if0(ge, correct);
@@ -1934,7 +1934,7 @@
                                           padlen + 1));
             }
 #endif
-            const mbedtls_ct_condition_t ge = mbedtls_ct_bool_ge(
+            const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge(
                 rec->data_len,
                 transform->maclen + padlen + 1);
             correct = mbedtls_ct_size_if0(ge, correct);
@@ -1967,13 +1967,13 @@
             /* pad_count += (idx >= padding_idx) &&
              *              (check[idx] == padlen - 1);
              */
-            const mbedtls_ct_condition_t a = mbedtls_ct_bool_ge(idx, padding_idx);
+            const mbedtls_ct_condition_t a = mbedtls_ct_uint_ge(idx, padding_idx);
             size_t increment = mbedtls_ct_size_if0(a, 1);
-            const mbedtls_ct_condition_t b = mbedtls_ct_bool_eq(check[idx], padlen - 1);
+            const mbedtls_ct_condition_t b = mbedtls_ct_uint_eq(check[idx], padlen - 1);
             increment = mbedtls_ct_size_if0(b, increment);
             pad_count += increment;
         }
-        correct = mbedtls_ct_size_if0(mbedtls_ct_bool_eq(pad_count, padlen), padlen);
+        correct = mbedtls_ct_size_if0(mbedtls_ct_uint_eq(pad_count, padlen), padlen);
 
 #if defined(MBEDTLS_SSL_DEBUG_ALL)
         if (padlen > 0 && correct == 0) {

library/ssl_tls12_server.c

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 8d0129b..34ac091 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3537,9 +3537,9 @@
      * padding, to protect against timing-based Bleichenbacher-type
      * attacks. */
     diff = mbedtls_ct_bool(ret);
-    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pmslen, 48));
-    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[0], ver[0]));
-    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_bool_ne(peer_pms[1], ver[1]));
+    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pmslen, 48));
+    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[0], ver[0]));
+    diff = mbedtls_ct_bool_or(diff, mbedtls_ct_uint_ne(peer_pms[1], ver[1]));
 
     /*
      * Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding