llcrypto: add another warning to ct_lookup.

2023-06-14 12:23:42 -04:00 · 2023-06-14 12:23:42 -04:00 · 2eba3d213e
parent 25db56777c
commit 2eba3d213e
1 changed files with 3 additions and 2 deletions
--- a/crates/tor-llcrypto/src/util/ct.rs
+++ b/crates/tor-llcrypto/src/util/ct.rs
@ -97,10 +97,11 @@ impl<const N: usize> AsMut<[u8; N]> for CtByteArray<N> {
 /// Otherwise, this function returns none.
 ///
 /// We evaluate `matches` on every item of the array, and try not to
-/// leak by timing which element (if any) matched.
+/// leak by timing which element (if any) matched.  Note that if
+/// `matches` itself has side channels, this function can't hide them.
 ///
 /// Note that this doesn't necessarily do a constant-time comparison,
-/// and that it is not constant-time for found/not-found case.
+/// and that it is not constant-time for the found/not-found case.
 pub fn ct_lookup<T, F>(array: &[T], matches: F) -> Option<&T>
 where
    F: Fn(&T) -> Choice,