Rewrite MemoryEqual() to be constant-time.

The current implementation of MemoryEqual will not necessarily compile to a constant-time instruction sequence. This change ensures that every byte of the input must be inspected. BRANCH=none BUG=none TEST=TCG tests pass Change-Id: Ide83bce6cafea2d48c03e5116e97a6dd23419134 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/503478 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org>
author: nagendra modadugu <ngm@google.com> 2017-05-11 15:17:16 -0700
committer: chrome-bot <chrome-bot@chromium.org> 2017-05-11 17:28:49 -0700
commit: e760ff57b9414578d8b29a328a02beb580fcbb63 (patch)
tree: f85ba61bda97e8b3c6bf5f57756c61c1a2e35dbe
parent: 1a68fe6fa860f563e8b45e3826110ceec75d61a8 (diff)
download: tpm2-e760ff57b9414578d8b29a328a02beb580fcbb63.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/MemoryLib.c b/MemoryLib.c
index 7beac63..178848e 100644
--- a/MemoryLib.c
+++ b/MemoryLib.c
@@ -75,15 +75,15 @@ MemoryEqual(
       UINT32            size                 // IN: size of bytes being compared
       )
 {
-      BOOL          equal = TRUE;
+      BOOL          diff = FALSE;
       const BYTE   *b1, *b2;
       b1 = (BYTE *)buffer1;
       b2 = (BYTE *)buffer2;
       // Compare all bytes so that there is no leakage of information
       // due to timing differences.
       for(; size > 0; size--)
-          equal = (*b1++ == *b2++) && equal;
-      return equal;
+          diff |= *b1++ ^ *b2++;
+      return !diff;
 }
 //
 //
author	nagendra modadugu <ngm@google.com>	2017-05-11 15:17:16 -0700
committer	chrome-bot <chrome-bot@chromium.org>	2017-05-11 17:28:49 -0700
commit	e760ff57b9414578d8b29a328a02beb580fcbb63 (patch)
tree	f85ba61bda97e8b3c6bf5f57756c61c1a2e35dbe
parent	1a68fe6fa860f563e8b45e3826110ceec75d61a8 (diff)
download	tpm2-e760ff57b9414578d8b29a328a02beb580fcbb63.tar.gz