yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Prevent clever optimization to prematurely quit loop in safe memcmp

Browse source 
The previous version of `mbedtls_ssl_safer_memcmp` did not qualify the
pointers to the arrays to be compared as volatile, theoretically
opening the possibility for the compiler to notice that the loop
operation `diff |= A[i] ^ B[i]` is pointless if `diff = -1`. This
commit changes this. It also declares the stack variable `diff` as
volatile, to force read and write in every loop; omitting that, the
compiler would still be allowed to get away with reading `A[i]` and
`B[i]` but not doing the XOR and not updating `diff`.
This commit is contained in:
Hanno Becker 2017-06-26 13:26:58 +01:00
parent 5a1c0e7162
commit 59e6963a37
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/mbedtls/ssl_internal.h
View file

@ -600,9 +600,9 @@ void mbedtls_ssl_dtls_replay_update( mbedtls_ssl_context *ssl );
static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t n )
{
size_t i;
const unsigned char *A = (const unsigned char *) a;
const unsigned char *B = (const unsigned char *) b;
unsigned char diff = 0;
volatile const unsigned char *A = (volatile const unsigned char *) a;
volatile const unsigned char *B = (volatile const unsigned char *) b;
volatile unsigned char diff = 0;
for( i = 0; i < n; i++ )
diff |= A[i] ^ B[i];