Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs
authorDeian Stefan <deian@cs.ucsd.edu>
Fri, 01 Nov 2019 22:24:05 +0000
changeset 15369 7f578a829b29a2d63383ff7cf36ba778235ab77e
parent 15368 c8b490583b86a752b585fd11c20fcea05a8a7878
child 15370 27a29997f59819d712e2ccdd9d529f6dad99ca2d
push id3562
push userjjones@mozilla.com
push dateFri, 01 Nov 2019 22:24:14 +0000
reviewerskjacobs
bugs1591315
Bug 1591315 - Update NSC_Decrypt length in constant time r=kjacobs Update NSC_Decrypt length in constant time Differential Revision: https://phabricator.services.mozilla.com/D51224
lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -1754,20 +1754,22 @@ NSC_Decrypt(CK_SESSION_HANDLE hSession,
         crv = NSC_DecryptUpdate(hSession, pEncryptedData, ulEncryptedDataLen,
                                 pData, &updateLen);
         if (crv == CKR_OK) {
             maxoutlen -= updateLen;
             pData += updateLen;
         }
         finalLen = maxoutlen;
         crv2 = NSC_DecryptFinal(hSession, pData, &finalLen);
-        if (crv == CKR_OK && crv2 == CKR_OK) {
-            *pulDataLen = updateLen + finalLen;
+        if (crv == CKR_OK) {
+            *pulDataLen = CT_SEL(CK_RVToMask(crv2), updateLen + finalLen, *pulDataLen);
+            return crv2;
+        } else {
+            return crv;
         }
-        return crv == CKR_OK ? crv2 : crv;
     }
 
     rv = (*context->update)(context->cipherInfo, pData, &outlen, maxoutlen,
                             pEncryptedData, ulEncryptedDataLen);
     /* XXX need to do MUCH better error mapping than this. */
     crv = (rv == SECSuccess) ? CKR_OK : sftk_MapDecryptError(PORT_GetError());
     if (rv == SECSuccess) {
         if (context->doPad) {