diff options
author | nagendra modadugu <ngm@google.com> | 2017-05-11 15:17:16 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-05-11 17:28:49 -0700 |
commit | e760ff57b9414578d8b29a328a02beb580fcbb63 (patch) | |
tree | f85ba61bda97e8b3c6bf5f57756c61c1a2e35dbe | |
parent | 1a68fe6fa860f563e8b45e3826110ceec75d61a8 (diff) | |
download | tpm2-e760ff57b9414578d8b29a328a02beb580fcbb63.tar.gz |
Rewrite MemoryEqual() to be constant-time.
The current implementation of MemoryEqual
will not necessarily compile to a constant-time
instruction sequence. This change ensures that
every byte of the input must be inspected.
BRANCH=none
BUG=none
TEST=TCG tests pass
Change-Id: Ide83bce6cafea2d48c03e5116e97a6dd23419134
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/503478
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
-rw-r--r-- | MemoryLib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/MemoryLib.c b/MemoryLib.c index 7beac63..178848e 100644 --- a/MemoryLib.c +++ b/MemoryLib.c @@ -75,15 +75,15 @@ MemoryEqual( UINT32 size // IN: size of bytes being compared ) { - BOOL equal = TRUE; + BOOL diff = FALSE; const BYTE *b1, *b2; b1 = (BYTE *)buffer1; b2 = (BYTE *)buffer2; // Compare all bytes so that there is no leakage of information // due to timing differences. for(; size > 0; size--) - equal = (*b1++ == *b2++) && equal; - return equal; + diff |= *b1++ ^ *b2++; + return !diff; } // // |