From 6b623276e403a4389ea0a50af6fe0fad68903652 Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 28 Oct 2025 10:26:42 +0000 Subject: [PATCH 1/2] Fix correctness of `constant_time_conditional_memxor` on GCC --- crypto/internal.h | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/internal.h b/crypto/internal.h index be12a1cc01..253eec66e8 100644 --- a/crypto/internal.h +++ b/crypto/internal.h @@ -272,6 +272,7 @@ static inline void constant_time_conditional_memxor(void *dst, const void *src, *(v32u8*)&out[i] ^= masks & *(v32u8 const*)&in[i]; } out += n_vec; + in += n_vec; n -= n_vec; #endif for (size_t i = 0; i < n; i++) { From b9af09d211d28777b9f75cefb14e905024b0657d Mon Sep 17 00:00:00 2001 From: Joe Birr-Pixton Date: Tue, 28 Oct 2025 10:29:15 +0000 Subject: [PATCH 2/2] Adjust length of `constant_time_conditional_memxor` tests --- crypto/constant_time_test.c | 6 +++--- src/tests/bb_bytes_tests.rs | 6 +++--- src/tests/c_constant_time_tests.rs | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/crypto/constant_time_test.c b/crypto/constant_time_test.c index ed079f6a23..18f7dce9d4 100644 --- a/crypto/constant_time_test.c +++ b/crypto/constant_time_test.c @@ -103,8 +103,8 @@ void bssl_constant_time_test_conditional_memcpy(uint8_t dst[256], const uint8_t } // Exposes `constant_time_conditional_memxor` to Rust for tests only. -void bssl_constant_time_test_conditional_memxor(uint8_t dst[256], - const uint8_t src[256], +void bssl_constant_time_test_conditional_memxor(uint8_t dst[255], + const uint8_t src[255], crypto_word_t b) { - constant_time_conditional_memxor(dst, src, 256, b); + constant_time_conditional_memxor(dst, src, 255, b); } diff --git a/src/tests/bb_bytes_tests.rs b/src/tests/bb_bytes_tests.rs index 8ea91c8fa8..a7f7dae0e4 100644 --- a/src/tests/bb_bytes_tests.rs +++ b/src/tests/bb_bytes_tests.rs @@ -53,8 +53,8 @@ fn constant_time_conditional_memcpy() -> Result<(), error::Unspecified> { fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> { let rng = rand::SystemRandom::new(); for _ in 0..256 { - let mut out = rand::generate::<[u8; 256]>(&rng)?.expose(); - let input = rand::generate::<[u8; 256]>(&rng)?.expose(); + let mut out = rand::generate::<[u8; 255]>(&rng)?.expose(); + let input = rand::generate::<[u8; 255]>(&rng)?.expose(); // Mask to 16 bits to make zero more likely than it would otherwise be. let b = (rand::generate::<[u8; 1]>(&rng)?.expose()[0] & 0x0f) != 0; @@ -66,7 +66,7 @@ fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> { }; prefixed_extern! { - fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 256], src: &[u8; 256], b: BoolMask); + fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 255], src: &[u8; 255], b: BoolMask); } unsafe { bssl_constant_time_test_conditional_memxor( diff --git a/src/tests/c_constant_time_tests.rs b/src/tests/c_constant_time_tests.rs index 91864c5707..a023ea6acd 100644 --- a/src/tests/c_constant_time_tests.rs +++ b/src/tests/c_constant_time_tests.rs @@ -65,8 +65,8 @@ fn constant_time_conditional_memcpy() -> Result<(), error::Unspecified> { fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> { let rng = rand::SystemRandom::new(); for _ in 0..256 { - let mut out = rand::generate::<[u8; 256]>(&rng)?.expose(); - let input = rand::generate::<[u8; 256]>(&rng)?.expose(); + let mut out = rand::generate::<[u8; 255]>(&rng)?.expose(); + let input = rand::generate::<[u8; 255]>(&rng)?.expose(); // Mask to 16 bits to make zero more likely than it would otherwise be. let b = (rand::generate::<[u8; 1]>(&rng)?.expose()[0] & 0x0f) != 0; @@ -78,7 +78,7 @@ fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> { }; prefixed_extern! { - fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 256], src: &[u8; 256], b: BoolMask); + fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 255], src: &[u8; 255], b: BoolMask); } unsafe { bssl_constant_time_test_conditional_memxor(