diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2013-11-18 09:39:33 -0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2013-11-18 09:39:33 -0800 |
| commit | c925b10c9a1638240a3be833d9e7271d4e3767ed (patch) | |
| tree | 7ba8aa21a04974c1511d5a901bf76b1addda133e | |
| parent | 0c679c64241d74dd02bda891c9f04508cd535535 (diff) | |
| download | cryptography-c925b10c9a1638240a3be833d9e7271d4e3767ed.tar.gz cryptography-c925b10c9a1638240a3be833d9e7271d4e3767ed.tar.bz2 cryptography-c925b10c9a1638240a3be833d9e7271d4e3767ed.zip | |
Even more constant time
| -rw-r--r-- | cryptography/hazmat/primitives/padding.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py index 926a4bbd..03c03e37 100644 --- a/cryptography/hazmat/primitives/padding.py +++ b/cryptography/hazmat/primitives/padding.py @@ -24,6 +24,7 @@ bool Cryptography_check_padding(const uint8_t *, unsigned int); """) _lib = _ffi.verify(""" #include <stdbool.h> +#include <stdio.h> /* Returns the value of the input with the most-significant-bit copied to all of the bits. This relies on implementation details of computers with 2's @@ -49,7 +50,13 @@ bool Cryptography_check_padding(const uint8_t *data, unsigned int block_len) { uint8_t b = data[block_len - 1 - i]; mismatch |= (mask & (pad_size ^ b)); } - return mismatch == 0; + + /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 4; + mismatch |= mismatch >> 2; + mismatch |= mismatch >> 1; + /* Now check the low bit to see if it's set */ + return (mismatch & 1) == 0; } """) |