(p1 - p2 == 0) => (p1 == p2)

No binary changes on supported platforms except on gcc/armv7l where
the control flow remains identical but permutative statements get switched.
This commit is contained in:
Frank Denis 2015-01-31 12:18:51 +01:00
parent 4a0e7cfc57
commit f61e179d8e
4 changed files with 4 additions and 4 deletions

View File

@ -6,6 +6,6 @@ int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned l
{ {
unsigned char correct[32]; unsigned char correct[32];
crypto_auth(correct,in,inlen,k); crypto_auth(correct,in,inlen,k);
return crypto_verify_32(h,correct) | (-(h - correct == 0)) | return crypto_verify_32(h,correct) | (-(h == correct)) |
sodium_memcmp(correct,h,32); sodium_memcmp(correct,h,32);
} }

View File

@ -7,6 +7,6 @@ int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
{ {
unsigned char correct[64]; unsigned char correct[64];
crypto_auth(correct,in,inlen,k); crypto_auth(correct,in,inlen,k);
return crypto_verify_64(h,correct) | (-(h - correct == 0)) | return crypto_verify_64(h,correct) | (-(h == correct)) |
sodium_memcmp(correct,h,64); sodium_memcmp(correct,h,64);
} }

View File

@ -7,6 +7,6 @@ int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
{ {
unsigned char correct[32]; unsigned char correct[32];
crypto_auth(correct,in,inlen,k); crypto_auth(correct,in,inlen,k);
return crypto_verify_32(h,correct) | (-(h - correct == 0)) | return crypto_verify_32(h,correct) | (-(h == correct)) |
sodium_memcmp(correct,h,32); sodium_memcmp(correct,h,32);
} }

View File

@ -43,7 +43,7 @@ crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m,
ge_double_scalarmult_vartime(&R, h, &A, sig + 32); ge_double_scalarmult_vartime(&R, h, &A, sig + 32);
ge_tobytes(rcheck, &R); ge_tobytes(rcheck, &R);
return crypto_verify_32(rcheck, sig) | (-(rcheck - sig == 0)) | return crypto_verify_32(rcheck, sig) | (-(rcheck == sig)) |
sodium_memcmp(sig, rcheck, 32); sodium_memcmp(sig, rcheck, 32);
} }