diff options
| author | Jack Lloyd <[email protected]> | 2015-10-25 22:25:40 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2015-10-25 22:25:40 -0400 |
| commit | b2da74ca508745f00bb3d6b35cbe34d5031e27e7 (patch) | |
| tree | 032fafd34f178af3b66877d52897f2e14359adaf /src/lib/utils | |
| parent | 2d078053b1ac7c1e2316892d8634c386288ee159 (diff) | |
TLS improvements
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
Diffstat (limited to 'src/lib/utils')
| -rw-r--r-- | src/lib/utils/ct_utils.h | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/lib/utils/ct_utils.h b/src/lib/utils/ct_utils.h index 52a3bc388..2ea07b382 100644 --- a/src/lib/utils/ct_utils.h +++ b/src/lib/utils/ct_utils.h @@ -51,6 +51,12 @@ inline void unpoison(T* p, size_t n) #endif } +template<typename T> +inline void unpoison(T& p) + { + unpoison(&p, 1); + } + /* * T should be an unsigned machine integer type * Expand to a mask used for other operations @@ -90,6 +96,16 @@ inline T is_equal(T x, T y) } template<typename T> +inline T is_less(T x, T y) + { + /* + This expands to a constant time sequence with GCC 5.2.0 on x86-64 + but something more complicated may be needed for portable const time. + */ + return expand_mask<T>(x < y); + } + +template<typename T> inline void conditional_copy_mem(T value, T* to, const T* from0, @@ -102,6 +118,26 @@ inline void conditional_copy_mem(T value, to[i] = CT::select(mask, from0[i], from1[i]); } +template<typename T> +inline T expand_top_bit(T a) + { + return expand_mask<T>(a >> (sizeof(T)*8-1)); + } + +template<typename T> +inline T max(T a, T b) + { + const T a_larger = b - a; // negative if a is larger + return select(expand_top_bit(a), a, b); + } + +template<typename T> +inline T min(T a, T b) + { + const T a_larger = b - a; // negative if a is larger + return select(expand_top_bit(b), b, a); + } + } } |