feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

wolfcrypt/src/aes.c: fix shiftTooManyBitsSigned in AES_GCM_decrypt_C().

Browse Source
This commit is contained in:
Daniel Pouzzner
2022-05-05 15:54:31 -05:00
parent 6e880495dc
commit 19e8bb05f3
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
wolfcrypt/src/aes.c
View File

@ -8246,9 +8246,15 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
XMEMCPY(p, scratch, partial); XMEMCPY(p, scratch, partial);
} }
/* ConstantCompare returns XOR of bytes. */ /* ConstantCompare returns cumulative or of the bytewise XOR. */
res = ConstantCompare(authTag, Tprime, authTagSz); res = ConstantCompare(authTag, Tprime, authTagSz);
res = (0 - res) >> 31; /* convert positive retval from ConstantCompare() to all-1s word, in
* constant time.
*/
res = 0 - (sword32)(((word32)(0 - res)) >> 31U);
/* now use res as a mask for constant time return of ret, unless tag
* mismatch, whereupon AES_GCM_AUTH_E is returned.
*/
ret = (ret & ~res) | (res & AES_GCM_AUTH_E); ret = (ret & ~res) | (res & AES_GCM_AUTH_E);
return ret; return ret;