remove code instead of VERIFIER_assume

aws · Apr 4, 2024 · de22b27 · de22b27
1 parent 4d33a01
commit de22b27
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/tests/sidetrail/working/s2n-record-read-stream/s2n_record_read_stream.patch b/tests/sidetrail/working/s2n-record-read-stream/s2n_record_read_stream.patch
@@ -1,14 +1,29 @@
 diff --git a/tls/s2n_record_read_stream.c b/tls/s2n_record_read_stream.c
-index f40621b..06871ed 100644
+index f40621b2..c4c7fcf6 100644
 --- a/tls/s2n_record_read_stream.c
 +++ b/tls/s2n_record_read_stream.c
-@@ -80,6 +80,9 @@ int s2n_record_parse_stream(
+@@ -80,15 +80,20 @@ int s2n_record_parse_stream(
          POSIX_BAIL(S2N_ERR_BAD_MESSAGE);
      }
-
-+    /* All information is declassified after the MAC is successfully verified. */
-+    __VERIFIER_assume(0);
+
++    /* All information is declassified after the MAC is successfully verified since the record has
++     * been successfully decrypted and authenticated. Code that's executed post MAC validation need
++     * not be constant time, so it's removed from SideTrail's analysis.
++     */
 +
      /* O.k., we've successfully read and decrypted the record, now we need to align the stuffer
       * for reading the plaintext data.
       */
+-    POSIX_GUARD(s2n_stuffer_reread(&conn->in));
+-    POSIX_GUARD(s2n_stuffer_reread(&conn->header_in));
++//    POSIX_GUARD(s2n_stuffer_reread(&conn->in));
++//    POSIX_GUARD(s2n_stuffer_reread(&conn->header_in));
+
+     /* Truncate and wipe the MAC and any padding */
+-    POSIX_GUARD(s2n_stuffer_wipe_n(&conn->in, s2n_stuffer_data_available(&conn->in) - payload_length));
+-    conn->in_status = PLAINTEXT;
++//    POSIX_GUARD(s2n_stuffer_wipe_n(&conn->in, s2n_stuffer_data_available(&conn->in) - payload_length));
++//    conn->in_status = PLAINTEXT;
+
+     return 0;
+ }