Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/bignum.c b/library/bignum.c
index a15c6f1..846f5a3 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1951,7 +1951,7 @@
* so d[n] == 1 and we want to set A to the result of the subtraction
* which is d - (2^biL)^n, i.e. the n least significant limbs of d.
* This exactly corresponds to a conditional assignment. */
- mbedtls_cf_mpi_uint_cond_assign( n, A->p, d, (unsigned char) d[n] );
+ mbedtls_ct_mpi_uint_cond_assign( n, A->p, d, (unsigned char) d[n] );
}
/*
@@ -1993,7 +1993,7 @@
for( size_t i = 0; i < T_size; i++ )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
- (unsigned char) mbedtls_cf_size_bool_eq( i, idx ) ) );
+ (unsigned char) mbedtls_ct_size_bool_eq( i, idx ) ) );
}
cleanup:
diff --git a/library/cipher.c b/library/cipher.c
index a0354d6..d51ccd7 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1139,7 +1139,7 @@
}
/* Check the tag in "constant-time" */
- if( mbedtls_cf_memcmp( tag, check_tag, tag_len ) != 0 )
+ if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
@@ -1161,7 +1161,7 @@
}
/* Check the tag in "constant-time" */
- if( mbedtls_cf_memcmp( tag, check_tag, tag_len ) != 0 )
+ if( mbedtls_ct_memcmp( tag, check_tag, tag_len ) != 0 )
return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
return( 0 );
diff --git a/library/constant_time.c b/library/constant_time.c
index 5bbdf1c..3836d54 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -42,7 +42,7 @@
#include <string.h>
-int mbedtls_cf_memcmp( const void *a,
+int mbedtls_ct_memcmp( const void *a,
const void *b,
size_t n )
{
@@ -63,7 +63,7 @@
return( (int)diff );
}
-unsigned mbedtls_cf_uint_mask( unsigned value )
+unsigned mbedtls_ct_uint_mask( unsigned value )
{
/* MSVC has a warning about unary minus on unsigned, but this is
* well-defined and precisely what we want to do here */
@@ -79,7 +79,7 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-size_t mbedtls_cf_size_mask( size_t value )
+size_t mbedtls_ct_size_mask( size_t value )
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
@@ -97,7 +97,7 @@
#if defined(MBEDTLS_BIGNUM_C)
-mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value )
+mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
{
/* MSVC has a warning about unary minus on unsigned, but this is
* well-defined and precisely what we want to do here */
@@ -127,7 +127,7 @@
*
* \return All-bits-one if \p x is less than \p y, otherwise zero.
*/
-static size_t mbedtls_cf_size_mask_lt( size_t x,
+static size_t mbedtls_ct_size_mask_lt( size_t x,
size_t y )
{
/* This has the most significant bit set if and only if x < y */
@@ -137,20 +137,20 @@
const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
/* mask = (x < y) ? 0xff... : 0x00... */
- const size_t mask = mbedtls_cf_size_mask( sub1 );
+ const size_t mask = mbedtls_ct_size_mask( sub1 );
return( mask );
}
-size_t mbedtls_cf_size_mask_ge( size_t x,
+size_t mbedtls_ct_size_mask_ge( size_t x,
size_t y )
{
- return( ~mbedtls_cf_size_mask_lt( x, y ) );
+ return( ~mbedtls_ct_size_mask_lt( x, y ) );
}
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
-unsigned mbedtls_cf_size_bool_eq( size_t x,
+unsigned mbedtls_ct_size_bool_eq( size_t x,
size_t y )
{
/* diff = 0 if x == y, non-zero otherwise */
@@ -189,7 +189,7 @@
*
* \return 1 if \p x greater than \p y, otherwise 0.
*/
-static unsigned mbedtls_cf_size_gt( size_t x,
+static unsigned mbedtls_ct_size_gt( size_t x,
size_t y )
{
/* Return the sign bit (1 for negative) of (y - x). */
@@ -200,7 +200,7 @@
#if defined(MBEDTLS_BIGNUM_C)
-unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x,
+unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
const mbedtls_mpi_uint y )
{
mbedtls_mpi_uint ret;
@@ -230,11 +230,11 @@
#endif /* MBEDTLS_BIGNUM_C */
-unsigned mbedtls_cf_uint_if( unsigned condition,
+unsigned mbedtls_ct_uint_if( unsigned condition,
unsigned if1,
unsigned if0 )
{
- unsigned mask = mbedtls_cf_uint_mask( condition );
+ unsigned mask = mbedtls_ct_uint_mask( condition );
return( ( mask & if1 ) | (~mask & if0 ) );
}
@@ -254,7 +254,7 @@
*
* \return \c if1 if \p condition is nonzero, otherwise \c if0.
* */
-static int mbedtls_cf_cond_select_sign( unsigned char condition,
+static int mbedtls_ct_cond_select_sign( unsigned char condition,
int if1,
int if0 )
{
@@ -274,7 +274,7 @@
return( (int) ur - 1 );
}
-void mbedtls_cf_mpi_uint_cond_assign( size_t n,
+void mbedtls_ct_mpi_uint_cond_assign( size_t n,
mbedtls_mpi_uint *dest,
const mbedtls_mpi_uint *src,
unsigned char condition )
@@ -305,7 +305,7 @@
/** Shift some data towards the left inside a buffer.
*
- * `mbedtls_cf_mem_move_to_left(start, total, offset)` is functionally
+ * `mbedtls_ct_mem_move_to_left(start, total, offset)` is functionally
* equivalent to
* ```
* memmove(start, start + offset, total - offset);
@@ -319,7 +319,7 @@
* \param total Total size of the buffer.
* \param offset Offset from which to copy \p total - \p offset bytes.
*/
-static void mbedtls_cf_mem_move_to_left( void *start,
+static void mbedtls_ct_mem_move_to_left( void *start,
size_t total,
size_t offset )
{
@@ -329,7 +329,7 @@
return;
for( i = 0; i < total; i++ )
{
- unsigned no_op = mbedtls_cf_size_gt( total - offset, i );
+ unsigned no_op = mbedtls_ct_size_gt( total - offset, i );
/* The first `total - offset` passes are a no-op. The last
* `offset` passes shift the data one byte to the left and
* zero out the last byte. */
@@ -337,9 +337,9 @@
{
unsigned char current = buf[n];
unsigned char next = buf[n+1];
- buf[n] = mbedtls_cf_uint_if( no_op, current, next );
+ buf[n] = mbedtls_ct_uint_if( no_op, current, next );
}
- buf[total-1] = mbedtls_cf_uint_if( no_op, buf[total-1], 0 );
+ buf[total-1] = mbedtls_ct_uint_if( no_op, buf[total-1], 0 );
}
}
@@ -347,22 +347,22 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-void mbedtls_cf_memcpy_if_eq( unsigned char *dest,
+void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
const unsigned char *src,
size_t len,
size_t c1,
size_t c2 )
{
/* mask = c1 == c2 ? 0xff : 0x00 */
- const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
- const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
+ const size_t equal = mbedtls_ct_size_bool_eq( c1, c2 );
+ const unsigned char mask = (unsigned char) mbedtls_ct_size_mask( equal );
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
for( size_t i = 0; i < len; i++ )
dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
}
-void mbedtls_cf_memcpy_offset( unsigned char *dest,
+void mbedtls_ct_memcpy_offset( unsigned char *dest,
const unsigned char *src,
size_t offset,
size_t offset_min,
@@ -373,12 +373,12 @@
for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
{
- mbedtls_cf_memcpy_if_eq( dest, src + offsetval, len,
+ mbedtls_ct_memcpy_if_eq( dest, src + offsetval, len,
offsetval, offset );
}
}
-int mbedtls_cf_hmac( mbedtls_md_context_t *ctx,
+int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
const unsigned char *add_data,
size_t add_data_len,
const unsigned char *data,
@@ -436,7 +436,7 @@
MD_CHK( mbedtls_md_clone( &aux, ctx ) );
MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
/* Keep only the correct inner_hash in the output buffer */
- mbedtls_cf_memcpy_if_eq( output, aux_out, hash_size,
+ mbedtls_ct_memcpy_if_eq( output, aux_out, hash_size,
offset, data_len_secret );
if( offset < max_data_len )
@@ -485,13 +485,13 @@
MPI_VALIDATE_RET( Y != NULL );
/* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
- limb_mask = mbedtls_cf_mpi_uint_mask( assign );;
+ limb_mask = mbedtls_ct_mpi_uint_mask( assign );;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
- X->s = mbedtls_cf_cond_select_sign( assign, Y->s, X->s );
+ X->s = mbedtls_ct_cond_select_sign( assign, Y->s, X->s );
- mbedtls_cf_mpi_uint_cond_assign( Y->n, X->p, Y->p, assign );
+ mbedtls_ct_mpi_uint_cond_assign( Y->n, X->p, Y->p, assign );
for( i = Y->n; i < X->n; i++ )
X->p[i] &= ~limb_mask;
@@ -521,14 +521,14 @@
return( 0 );
/* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
- limb_mask = mbedtls_cf_mpi_uint_mask( swap );
+ limb_mask = mbedtls_ct_mpi_uint_mask( swap );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
s = X->s;
- X->s = mbedtls_cf_cond_select_sign( swap, Y->s, X->s );
- Y->s = mbedtls_cf_cond_select_sign( swap, s, Y->s );
+ X->s = mbedtls_ct_cond_select_sign( swap, Y->s, X->s );
+ Y->s = mbedtls_ct_cond_select_sign( swap, s, Y->s );
for( i = 0; i < X->n; i++ )
@@ -590,7 +590,7 @@
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
- cond = mbedtls_cf_mpi_uint_lt( Y->p[i - 1], X->p[i - 1] );
+ cond = mbedtls_ct_mpi_uint_lt( Y->p[i - 1], X->p[i - 1] );
*ret |= cond & ( 1 - done ) & X_is_negative;
done |= cond;
@@ -601,7 +601,7 @@
* Again even if we can make a decision, we just mark the result and
* the fact that we are done and continue looping.
*/
- cond = mbedtls_cf_mpi_uint_lt( X->p[i - 1], Y->p[i - 1] );
+ cond = mbedtls_ct_mpi_uint_lt( X->p[i - 1], Y->p[i - 1] );
*ret |= cond & ( 1 - done ) & ( 1 - X_is_negative );
done |= cond;
}
@@ -613,7 +613,7 @@
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
-int mbedtls_cf_rsaes_pkcs1_v15_unpadding( int mode,
+int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
unsigned char *input,
size_t ilen,
unsigned char *output,
@@ -671,17 +671,17 @@
* If there's a non-0xff byte in the padding, the padding is bad. */
for( i = 2; i < ilen; i++ )
{
- pad_done |= mbedtls_cf_uint_if( input[i], 0, 1 );
- pad_count += mbedtls_cf_uint_if( pad_done, 0, 1 );
- bad |= mbedtls_cf_uint_if( pad_done, 0, input[i] ^ 0xFF );
+ pad_done |= mbedtls_ct_uint_if( input[i], 0, 1 );
+ pad_count += mbedtls_ct_uint_if( pad_done, 0, 1 );
+ bad |= mbedtls_ct_uint_if( pad_done, 0, input[i] ^ 0xFF );
}
}
/* If pad_done is still zero, there's no data, only unfinished padding. */
- bad |= mbedtls_cf_uint_if( pad_done, 0, 1 );
+ bad |= mbedtls_ct_uint_if( pad_done, 0, 1 );
/* There must be at least 8 bytes of padding. */
- bad |= mbedtls_cf_size_gt( 8, pad_count );
+ bad |= mbedtls_ct_size_gt( 8, pad_count );
/* If the padding is valid, set plaintext_size to the number of
* remaining bytes after stripping the padding. If the padding
@@ -690,13 +690,13 @@
* buffer. Do it without branches to avoid leaking the padding
* validity through timing. RSA keys are small enough that all the
* size_t values involved fit in unsigned int. */
- plaintext_size = mbedtls_cf_uint_if(
+ plaintext_size = mbedtls_ct_uint_if(
bad, (unsigned) plaintext_max_size,
(unsigned) ( ilen - pad_count - 3 ) );
/* Set output_too_large to 0 if the plaintext fits in the output
* buffer and to 1 otherwise. */
- output_too_large = mbedtls_cf_size_gt( plaintext_size,
+ output_too_large = mbedtls_ct_size_gt( plaintext_size,
plaintext_max_size );
/* Set ret without branches to avoid timing attacks. Return:
@@ -704,9 +704,9 @@
* - OUTPUT_TOO_LARGE if the padding is good but the decrypted
* plaintext does not fit in the output buffer.
* - 0 if the padding is correct. */
- ret = - (int) mbedtls_cf_uint_if(
+ ret = - (int) mbedtls_ct_uint_if(
bad, - MBEDTLS_ERR_RSA_INVALID_PADDING,
- mbedtls_cf_uint_if( output_too_large,
+ mbedtls_ct_uint_if( output_too_large,
- MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE,
0 ) );
@@ -716,7 +716,7 @@
* from the same buffer whether the padding is good or not to
* avoid leaking the padding validity through overall timing or
* through memory or cache access patterns. */
- bad = mbedtls_cf_uint_mask( bad | output_too_large );
+ bad = mbedtls_ct_uint_mask( bad | output_too_large );
for( i = 11; i < ilen; i++ )
input[i] &= ~bad;
@@ -724,7 +724,7 @@
* Copy anyway to avoid revealing the length through timing, because
* revealing the length is as bad as revealing the padding validity
* for a Bleichenbacher attack. */
- plaintext_size = mbedtls_cf_uint_if( output_too_large,
+ plaintext_size = mbedtls_ct_uint_if( output_too_large,
(unsigned) plaintext_max_size,
(unsigned) plaintext_size );
@@ -734,7 +734,7 @@
* does not depend on the plaintext size. After this move, the
* starting location of the plaintext is no longer sensitive
* information. */
- mbedtls_cf_mem_move_to_left( input + ilen - plaintext_max_size,
+ mbedtls_ct_mem_move_to_left( input + ilen - plaintext_max_size,
plaintext_max_size,
plaintext_max_size - plaintext_size );
diff --git a/library/constant_time.h b/library/constant_time.h
index 6fd23c9..6168108 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -44,7 +44,7 @@
*
* \return Zero if \p value is zero, otherwise all-bits-one.
*/
-unsigned mbedtls_cf_uint_mask( unsigned value );
+unsigned mbedtls_ct_uint_mask( unsigned value );
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
@@ -59,7 +59,7 @@
*
* \return Zero if \p value is zero, otherwise all-bits-one.
*/
-size_t mbedtls_cf_size_mask( size_t value );
+size_t mbedtls_ct_size_mask( size_t value );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -76,7 +76,7 @@
*
* \return Zero if \p value is zero, otherwise all-bits-one.
*/
-mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value );
+mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value );
#endif /* MBEDTLS_BIGNUM_C */
@@ -95,7 +95,7 @@
* \return All-bits-one if \p x is greater or equal than \p y,
* otherwise zero.
*/
-size_t mbedtls_cf_size_mask_ge( size_t x,
+size_t mbedtls_ct_size_mask_ge( size_t x,
size_t y );
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -111,7 +111,7 @@
*
* \return 1 if \p x equals to \p y, otherwise 0.
*/
-unsigned mbedtls_cf_size_bool_eq( size_t x,
+unsigned mbedtls_ct_size_bool_eq( size_t x,
size_t y );
#if defined(MBEDTLS_BIGNUM_C)
@@ -126,7 +126,7 @@
*
* \return 1 if \p x is less than \p y, otherwise 0.
*/
-unsigned mbedtls_cf_mpi_uint_lt( const mbedtls_mpi_uint x,
+unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
const mbedtls_mpi_uint y );
#endif /* MBEDTLS_BIGNUM_C */
@@ -142,7 +142,7 @@
*
* \return \c if1 if \p condition is nonzero, otherwise \c if0.
*/
-unsigned mbedtls_cf_uint_if( unsigned condition,
+unsigned mbedtls_ct_uint_if( unsigned condition,
unsigned if1,
unsigned if0 );
@@ -160,7 +160,7 @@
* initialized MPI.
* \param condition Condition to test, must be 0 or 1.
*/
-void mbedtls_cf_mpi_uint_cond_assign( size_t n,
+void mbedtls_ct_mpi_uint_cond_assign( size_t n,
mbedtls_mpi_uint *dest,
const mbedtls_mpi_uint *src,
unsigned char condition );
@@ -180,7 +180,7 @@
* \param c1 The first value to analyze in the condition.
* \param c2 The second value to analyze in the condition.
*/
-void mbedtls_cf_memcpy_if_eq( unsigned char *dest,
+void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
const unsigned char *src,
size_t len,
size_t c1, size_t c2 );
@@ -204,7 +204,7 @@
* \param offset_max The maximal value of \p offset.
* \param len The number of bytes to copy.
*/
-void mbedtls_cf_memcpy_offset( unsigned char *dest,
+void mbedtls_ct_memcpy_offset( unsigned char *dest,
const unsigned char *src,
size_t offset,
size_t offset_min,
@@ -247,7 +247,7 @@
* \retval #MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
* The hardware accelerator failed.
*/
-int mbedtls_cf_hmac( mbedtls_md_context_t *ctx,
+int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
const unsigned char *add_data,
size_t add_data_len,
const unsigned char *data,
@@ -288,7 +288,7 @@
* \return #MBEDTLS_ERR_RSA_INVALID_PADDING
* The input doesn't contain properly formatted padding.
*/
-int mbedtls_cf_rsaes_pkcs1_v15_unpadding( int mode,
+int mbedtls_ct_rsaes_pkcs1_v15_unpadding( int mode,
unsigned char *input,
size_t ilen,
unsigned char *output,
diff --git a/library/nist_kw.c b/library/nist_kw.c
index e5d7fcd..1aea0b6 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -379,7 +379,7 @@
goto cleanup;
/* Check ICV in "constant-time" */
- diff = mbedtls_cf_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
+ diff = mbedtls_ct_memcmp( NIST_KW_ICV1, A, KW_SEMIBLOCK_LENGTH );
if( diff != 0 )
{
@@ -428,7 +428,7 @@
}
/* Check ICV in "constant-time" */
- diff = mbedtls_cf_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
+ diff = mbedtls_ct_memcmp( NIST_KW_ICV2, A, KW_SEMIBLOCK_LENGTH / 2 );
if( diff != 0 )
{
diff --git a/library/rsa.c b/library/rsa.c
index 351f4af..3866b73 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1518,7 +1518,7 @@
if( ret != 0 )
goto cleanup;
- ret = mbedtls_cf_rsaes_pkcs1_v15_unpadding( mode, buf, ilen,
+ ret = mbedtls_ct_rsaes_pkcs1_v15_unpadding( mode, buf, ilen,
output, output_max_len, olen );
cleanup:
@@ -1933,7 +1933,7 @@
MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) );
MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) );
- if( mbedtls_cf_memcmp( verif, sig, ctx->len ) != 0 )
+ if( mbedtls_ct_memcmp( verif, sig, ctx->len ) != 0 )
{
ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED;
goto cleanup;
@@ -2231,7 +2231,7 @@
* Compare
*/
- if( ( ret = mbedtls_cf_memcmp( encoded, encoded_expected,
+ if( ( ret = mbedtls_ct_memcmp( encoded, encoded_expected,
sig_len ) ) != 0 )
{
ret = MBEDTLS_ERR_RSA_VERIFY_FAILED;
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index def6c7b..0e802e9 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1459,9 +1459,9 @@
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len * 2 ||
buf[0] != ssl->verify_data_len * 2 ||
- mbedtls_cf_memcmp( buf + 1,
+ mbedtls_ct_memcmp( buf + 1,
ssl->own_verify_data, ssl->verify_data_len ) != 0 ||
- mbedtls_cf_memcmp( buf + 1 + ssl->verify_data_len,
+ mbedtls_ct_memcmp( buf + 1 + ssl->verify_data_len,
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index cdc2364..faf92e7 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -225,7 +225,7 @@
if( ret != 0 )
return( ret );
- if( mbedtls_cf_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
+ if( mbedtls_ct_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
return( -1 );
#if defined(MBEDTLS_HAVE_TIME)
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 83c4a4b..58f41be 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1282,7 +1282,7 @@
*
* Afterwards, we know that data + data_len is followed by at
* least maclen Bytes, which justifies the call to
- * mbedtls_cf_memcmp() below.
+ * mbedtls_ct_memcmp() below.
*
* Further, we still know that data_len > minlen */
rec->data_len -= transform->maclen;
@@ -1305,7 +1305,7 @@
transform->maclen );
/* Compare expected MAC with MAC at the end of the record. */
- if( mbedtls_cf_memcmp( data + rec->data_len, mac_expect,
+ if( mbedtls_ct_memcmp( data + rec->data_len, mac_expect,
transform->maclen ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "message mac does not match" ) );
@@ -1384,7 +1384,7 @@
if( auth_done == 1 )
{
- const size_t mask = mbedtls_cf_size_mask_ge(
+ const size_t mask = mbedtls_ct_size_mask_ge(
rec->data_len,
padlen + 1 );
correct &= mask;
@@ -1404,7 +1404,7 @@
}
#endif
- const size_t mask = mbedtls_cf_size_mask_ge(
+ const size_t mask = mbedtls_ct_size_mask_ge(
rec->data_len,
transform->maclen + padlen + 1 );
correct &= mask;
@@ -1460,18 +1460,18 @@
/* pad_count += (idx >= padding_idx) &&
* (check[idx] == padlen - 1);
*/
- const size_t mask = mbedtls_cf_size_mask_ge( idx, padding_idx );
- const size_t equal = mbedtls_cf_size_bool_eq( check[idx],
+ const size_t mask = mbedtls_ct_size_mask_ge( idx, padding_idx );
+ const size_t equal = mbedtls_ct_size_bool_eq( check[idx],
padlen - 1 );
pad_count += mask & equal;
}
- correct &= mbedtls_cf_size_bool_eq( pad_count, padlen );
+ correct &= mbedtls_ct_size_bool_eq( pad_count, padlen );
#if defined(MBEDTLS_SSL_DEBUG_ALL)
if( padlen > 0 && correct == 0 )
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
#endif
- padlen &= mbedtls_cf_size_mask( correct );
+ padlen &= mbedtls_ct_size_mask( correct );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
@@ -1555,7 +1555,7 @@
const size_t max_len = rec->data_len + padlen;
const size_t min_len = ( max_len > 256 ) ? max_len - 256 : 0;
- ret = mbedtls_cf_hmac( &transform->md_ctx_dec,
+ ret = mbedtls_ct_hmac( &transform->md_ctx_dec,
add_data, add_data_len,
data, rec->data_len, min_len, max_len,
mac_expect );
@@ -1565,7 +1565,7 @@
return( ret );
}
- mbedtls_cf_memcpy_offset( mac_peer, data,
+ mbedtls_ct_memcpy_offset( mac_peer, data,
rec->data_len,
min_len, max_len,
transform->maclen );
@@ -1583,7 +1583,7 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "message mac", mac_peer, transform->maclen );
#endif
- if( mbedtls_cf_memcmp( mac_peer, mac_expect,
+ if( mbedtls_ct_memcmp( mac_peer, mac_expect,
transform->maclen ) != 0 )
{
#if defined(MBEDTLS_SSL_DEBUG_ALL)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index d9d49a2..8ef8e90 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -198,7 +198,7 @@
/* Check verify-data in constant-time. The length OTOH is no secret */
if( len != 1 + ssl->verify_data_len ||
buf[0] != ssl->verify_data_len ||
- mbedtls_cf_memcmp( buf + 1, ssl->peer_verify_data,
+ mbedtls_ct_memcmp( buf + 1, ssl->peer_verify_data,
ssl->verify_data_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
@@ -3973,7 +3973,7 @@
diff |= peer_pms[1] ^ ver[1];
/* mask = diff ? 0xff : 0x00 using bit operations to avoid branches */
- mask = mbedtls_cf_uint_mask( diff );
+ mask = mbedtls_ct_uint_mask( diff );
/*
* Protection against Bleichenbacher's attack: invalid PKCS#1 v1.5 padding
@@ -4056,7 +4056,7 @@
/* Identity is not a big secret since clients send it in the clear,
* but treat it carefully anyway, just in case */
if( n != ssl->conf->psk_identity_len ||
- mbedtls_cf_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
+ mbedtls_ct_memcmp( ssl->conf->psk_identity, *p, n ) != 0 )
{
ret = MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
}
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f6c593d..8195af2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3604,7 +3604,7 @@
return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
}
- if( mbedtls_cf_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
+ if( mbedtls_ct_memcmp( ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl ),
buf, hash_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );