Remove last use of non-bit operations According to https://www.bearssl.org/ctmul.html even single-precision multiplication is not constant-time on some older platforms. An added benefit of the new code is that it removes the somewhat mysterious constant 0x1ff - which was selected because at that point the maximum value of padlen was 256. The new code is perhaps a bit more readable for that reason. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: 822b3729e74580e19d8979e7026f8aefade93e1e [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Sep 18 09:54:01 2020 +0200
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Sep 18 12:11:22 2020 +0200
tree: fd007bc843eceac164abc6786f75459ec12613eb
parent: 2a59fb45b545bd8bbe86a4e8de966bb54233a0ac [diff] [blame]
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 6091834..e5def64 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -1679,7 +1679,7 @@
             if( padlen > 0 && correct == 0 )
                 MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding byte detected" ) );
 #endif
-            padlen &= correct * 0x1FF;
+            padlen &= mbedtls_ssl_cf_mask_from_bit( correct );
         }
         else
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
commit	822b3729e74580e19d8979e7026f8aefade93e1e	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Sep 18 09:54:01 2020 +0200
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Sep 18 12:11:22 2020 +0200
tree	fd007bc843eceac164abc6786f75459ec12613eb
parent	2a59fb45b545bd8bbe86a4e8de966bb54233a0ac [diff] [blame]