AES CTR-DRGB: do not leak timing information

Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11147) (cherry picked from commit 069165d10646a22000c596095cc04d43bbf1f807)
author: Patrick Steuer <patrick.steuer@de.ibm.com> 2020-02-22 01:20:09 +0100
committer: Pauli <paul.dale@oracle.com> 2020-04-08 10:58:07 +1000
commit: 9cc834d966ea5afc38fb829bfe498aed4c5d498d (patch)
tree: f6c75fe3fc2b9c3a0b81288cac5c1662e2132c59 /crypto
parent: 163897267fab6d29dff1a4bf8247f8e02e158be8 (diff)
1 files changed, 9 insertions, 13 deletions
diff --git a/crypto/rand/drbg_ctr.c b/crypto/rand/drbg_ctr.c
index 93b82f34ce..f41484e9d5 100644
--- a/crypto/rand/drbg_ctr.c
+++ b/crypto/rand/drbg_ctr.c
@@ -21,19 +21,15 @@
 
 static void inc_128(RAND_DRBG_CTR *ctr)
 {
-    int i;
-    unsigned char c;
-    unsigned char *p = &ctr->V[15];
-
-    for (i = 0; i < 16; i++, p--) {
-        c = *p;
-        c++;
-        *p = c;
-        if (c != 0) {
-            /* If we didn't wrap around, we're done. */
-            break;
-        }
-    }
+    unsigned char *p = &ctr->V[0];
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += p[n];
+        p[n] = (u8)c;
+        c >>= 8;
+    } while (n);
 }
 
 static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
author	Patrick Steuer <patrick.steuer@de.ibm.com>	2020-02-22 01:20:09 +0100
committer	Pauli <paul.dale@oracle.com>	2020-04-08 10:58:07 +1000
commit	9cc834d966ea5afc38fb829bfe498aed4c5d498d (patch)
tree	f6c75fe3fc2b9c3a0b81288cac5c1662e2132c59 /crypto
parent	163897267fab6d29dff1a4bf8247f8e02e158be8 (diff)