briansmith · ctz · Oct 28, 2025 · Oct 28, 2025
diff --git a/crypto/constant_time_test.c b/crypto/constant_time_test.c
@@ -103,8 +103,8 @@ void bssl_constant_time_test_conditional_memcpy(uint8_t dst[256], const uint8_t
  }
 
 // Exposes `constant_time_conditional_memxor` to Rust for tests only.
-void bssl_constant_time_test_conditional_memxor(uint8_t dst[256],
-                                               const uint8_t src[256],
+void bssl_constant_time_test_conditional_memxor(uint8_t dst[255],
+                                               const uint8_t src[255],
                                                crypto_word_t b) {
-  constant_time_conditional_memxor(dst, src, 256, b);
+  constant_time_conditional_memxor(dst, src, 255, b);
 }
diff --git a/crypto/internal.h b/crypto/internal.h
@@ -272,6 +272,7 @@ static inline void constant_time_conditional_memxor(void *dst, const void *src,
     *(v32u8*)&out[i] ^= masks & *(v32u8 const*)&in[i];
   }
   out += n_vec;
+  in += n_vec;
   n -= n_vec;
 #endif
   for (size_t i = 0; i < n; i++) {

diff --git a/src/tests/bb_bytes_tests.rs b/src/tests/bb_bytes_tests.rs
@@ -53,8 +53,8 @@ fn constant_time_conditional_memcpy() -> Result<(), error::Unspecified> {
 fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> {
     let rng = rand::SystemRandom::new();
     for _ in 0..256 {
-        let mut out = rand::generate::<[u8; 256]>(&rng)?.expose();
-        let input = rand::generate::<[u8; 256]>(&rng)?.expose();
+        let mut out = rand::generate::<[u8; 255]>(&rng)?.expose();
+        let input = rand::generate::<[u8; 255]>(&rng)?.expose();
 
         // Mask to 16 bits to make zero more likely than it would otherwise be.
         let b = (rand::generate::<[u8; 1]>(&rng)?.expose()[0] & 0x0f) != 0;
@@ -66,7 +66,7 @@ fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> {
         };
 
         prefixed_extern! {
-            fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 256], src: &[u8; 256], b: BoolMask);
+            fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 255], src: &[u8; 255], b: BoolMask);
         }
         unsafe {
             bssl_constant_time_test_conditional_memxor(

diff --git a/src/tests/c_constant_time_tests.rs b/src/tests/c_constant_time_tests.rs
@@ -65,8 +65,8 @@ fn constant_time_conditional_memcpy() -> Result<(), error::Unspecified> {
 fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> {
     let rng = rand::SystemRandom::new();
     for _ in 0..256 {
-        let mut out = rand::generate::<[u8; 256]>(&rng)?.expose();
-        let input = rand::generate::<[u8; 256]>(&rng)?.expose();
+        let mut out = rand::generate::<[u8; 255]>(&rng)?.expose();
+        let input = rand::generate::<[u8; 255]>(&rng)?.expose();
 
         // Mask to 16 bits to make zero more likely than it would otherwise be.
         let b = (rand::generate::<[u8; 1]>(&rng)?.expose()[0] & 0x0f) != 0;
@@ -78,7 +78,7 @@ fn constant_time_conditional_memxor() -> Result<(), error::Unspecified> {
         };
 
         prefixed_extern! {
-            fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 256], src: &[u8; 256], b: BoolMask);
+            fn bssl_constant_time_test_conditional_memxor(dst: &mut [u8; 255], src: &[u8; 255], b: BoolMask);
         }
         unsafe {
             bssl_constant_time_test_conditional_memxor(