[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via e29dcc3794bdc3928942ffb38ee383328b0d6dc1 (commit)
from 6d405b64b77f29241b680f7edadd14d5dc0a8522 (commit)
- Log -
commit e29dcc3794bdc3928942ffb38ee383328b0d6dc1
Author: Andy Polyakov
Date: Fri Dec 7 22:19:57 2018 +0100
err/err.c: improve err_clear_last_constant_time's portability.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7850)
(cherry picked from commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4)
---
Summary of changes:
crypto/err/err.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 638cbf2..ba7577b 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -824,6 +824,25 @@ int ERR_pop_to_mark(void)
return 1;
}
+#ifdef UINTPTR_T
+# undef UINTPTR_T
+#endif
+/*
+ * uintptr_t is the answer, but unfortunately C89, current "least common
+ * denominator" doesn't define it. Most legacy platforms typedef it anyway,
+ * so that attempt to fill the gaps means that one would have to identify
+ * that track these gaps, which would be undesirable. Macro it is...
+ */
+#if defined(__VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
+ * even in 64-bit builds, which means that it won't work as mask.
+ */
+# define UINTPTR_T unsigned long long
+#else
+# define UINTPTR_T size_t
+#endif
+
void err_clear_last_constant_time(int clear)
{
ERR_STATE *es;
@@ -837,8 +856,8 @@ void err_clear_last_constant_time(int clear)
es->err_flags[top] &= ~(0 - clear);
es->err_buffer[top] &= ~(0UL - clear);
-es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] &
- ~((uintptr_t)0 - clear));
+es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
+ ~((UINTPTR_T)0 - clear));
es->err_line[top] |= 0 - clear;
es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated
via 6d405b64b77f29241b680f7edadd14d5dc0a8522 (commit)
via 437b7f059304f59a0fa96d329ca62cd8d748cbc8 (commit)
via 43d53fa19da6809e458ebdadba6016d5fbc780a2 (commit)
via b58c44a8c1b6c7354c9c8ce4631e27f9eb977b60 (commit)
via 0ba39c87aa386db3a97be9e11c77aac94176a2fa (commit)
from 7cbff94dff0b927e95be6fed991579ce8e98aa65 (commit)
- Log -
commit 6d405b64b77f29241b680f7edadd14d5dc0a8522
Author: Andy Polyakov
Date: Fri Sep 14 17:24:13 2018 +0200
rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time.
Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
if nul delimiter is preceded by 8 consecutive 0x03 bytes.
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(cherry picked from commit 603221407ddc6404f8c417c6beadebf84449074c)
Resolved conflicts:
crypto/rsa/rsa_ssl.c
(Merged from https://github.com/openssl/openssl/pull/7735)
commit 437b7f059304f59a0fa96d329ca62cd8d748cbc8
Author: Andy Polyakov
Date: Thu Sep 6 21:54:23 2018 +0200
rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP.
And make RSAErr call unconditional.
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(cherry picked from commit 75f5e944be97f28867e7c489823c889d89d0bd06)
(Merged from https://github.com/openssl/openssl/pull/7735)
commit 43d53fa19da6809e458ebdadba6016d5fbc780a2
Author: Andy Polyakov
Date: Sat Sep 1 12:00:33 2018 +0200
rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2.
And make RSAErr call unconditional.
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(cherry picked from commit e875b0cf2f10bf2adf73e0c2ec81428290f4660c)
(Merged from https://github.com/openssl/openssl/pull/7735)
commit b58c44a8c1b6c7354c9c8ce4631e27f9eb977b60
Author: Andy Polyakov
Date: Fri Sep 14 12:17:43 2018 +0200
rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional.
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(cherry picked from commit 89072e0c2a483f2ad678e723e112712567b0ceb1)
(Merged from https://github.com/openssl/openssl/pull/7735)
commit 0ba39c87aa386db3a97be9e11c77aac94176a2fa
Author: Andy Polyakov
Date: Sat Sep 1 12:19:30 2018 +0200
err/err.c: add err_clear_last_constant_time.
Expected usage pattern is to unconditionally set error and then
wipe it if there was no actual error.
Reviewed-by: Richard Levitte
Reviewed-by: Matt Caswell
(cherry picked from commit f658a3b64d8750642f4975090740865f770c2a1b)
Resolved conflicts:
crypto/err/err.c
(Merged from https://github.com/openssl/openssl/pull/7735)
---
Summary of changes:
crypto/err/err.c| 21 +
crypto/rsa/rsa_oaep.c | 82 ++---
crypto/rsa/rsa_ossl.c | 5 +-
crypto/rsa/rsa_pk1.c| 93 ++-
crypto/rsa/rsa_ssl.c| 133
doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 7 +-
include/internal/constant_time_locl.h | 6 ++
7 files changed, 234 insertions(+), 113 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 08c27a3..638cbf2 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -19,6 +19,7 @@
#include
#include
#include
+#include "internal/constant_time_locl.h"
static void err_load_strings(int lib, ERR_STRING_DATA *str);
@@ -822,3 +823,23 @@ int ERR_pop_to_mark(void)
es->err_flags[es->top] &= ~ERR_FLAG_MARK;
return 1;
}
+
+void err_clear_last_constant_time(int clear)
+{
+ERR_STATE *es;
+int top;
+
+es = ERR_get_state();
+if (es == NULL)
+return;
+
+top = es->top;
+
+es->err_flags[top] &= ~(0 - clear);
+es->err_buffer[top] &= ~(0UL - clear);
+es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] &
+ ~((uintptr_t)0 - clear));
+es->err_line[top] |= 0 - clear;
+
+es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
+}
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index df08a2f..4958212 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -126,7 +126,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to,
int tlen,
const EVP_MD *mgf1md)
{
int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
-unsigned int good, found_one_byte;
+unsigned int good = 0, found_one_byte, mask;
const unsigned char *maskedseed, *maskeddb;
/*
* |em| is the encoded message, zero-padded to exactly |num| bytes: em =
@@ -153,8 +153,11
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated
via 3c1b8562360cff9b2abf954554208565c08176a1 (commit)
from 673273c43e853188d6abcffaf76d0f432f13e8c6 (commit)
- Log -
commit 3c1b8562360cff9b2abf954554208565c08176a1
Author: Andy Polyakov
Date: Fri Dec 7 22:19:57 2018 +0100
err/err.c: improve err_clear_last_constant_time's portability.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7850)
(cherry picked from commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4)
---
Summary of changes:
crypto/err/err.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 66a60e9..1ad18b1 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -880,6 +880,25 @@ int ERR_clear_last_mark(void)
return 1;
}
+#ifdef UINTPTR_T
+# undef UINTPTR_T
+#endif
+/*
+ * uintptr_t is the answer, but unfortunately C89, current "least common
+ * denominator" doesn't define it. Most legacy platforms typedef it anyway,
+ * so that attempt to fill the gaps means that one would have to identify
+ * that track these gaps, which would be undesirable. Macro it is...
+ */
+#if defined(__VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
+ * even in 64-bit builds, which means that it won't work as mask.
+ */
+# define UINTPTR_T unsigned long long
+#else
+# define UINTPTR_T size_t
+#endif
+
void err_clear_last_constant_time(int clear)
{
ERR_STATE *es;
@@ -893,8 +912,8 @@ void err_clear_last_constant_time(int clear)
es->err_flags[top] &= ~(0 - clear);
es->err_buffer[top] &= ~(0UL - clear);
-es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] &
- ~((uintptr_t)0 - clear));
+es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
+ ~((UINTPTR_T)0 - clear));
es->err_line[top] |= 0 - clear;
es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4 (commit)
from 97c213814b2b70ea9158b9bb715213a71ab4e659 (commit)
- Log -
commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4
Author: Andy Polyakov
Date: Fri Dec 7 22:19:57 2018 +0100
err/err.c: improve err_clear_last_constant_time's portability.
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7850)
---
Summary of changes:
crypto/err/err.c | 23 +--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/crypto/err/err.c b/crypto/err/err.c
index aea97a0..11994c3 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -880,6 +880,25 @@ int ERR_clear_last_mark(void)
return 1;
}
+#ifdef UINTPTR_T
+# undef UINTPTR_T
+#endif
+/*
+ * uintptr_t is the answer, but unfortunately C89, current "least common
+ * denominator" doesn't define it. Most legacy platforms typedef it anyway,
+ * so that attempt to fill the gaps means that one would have to identify
+ * that track these gaps, which would be undesirable. Macro it is...
+ */
+#if defined(__VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4
+ * even in 64-bit builds, which means that it won't work as mask.
+ */
+# define UINTPTR_T unsigned long long
+#else
+# define UINTPTR_T size_t
+#endif
+
void err_clear_last_constant_time(int clear)
{
ERR_STATE *es;
@@ -893,8 +912,8 @@ void err_clear_last_constant_time(int clear)
es->err_flags[top] &= ~(0 - clear);
es->err_buffer[top] &= ~(0UL - clear);
-es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] &
- ~((uintptr_t)0 - clear));
+es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] &
+ ~((UINTPTR_T)0 - clear));
es->err_line[top] |= 0 - clear;
es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated
via 97c213814b2b70ea9158b9bb715213a71ab4e659 (commit)
from 16942e081e8d28fa57d1874abff7fefd53d5e75e (commit)
- Log -
commit 97c213814b2b70ea9158b9bb715213a71ab4e659
Author: terry zhao
Date: Fri Dec 7 11:13:49 2018 +0800
Update kmac.c
fix nmake compiler error
```
crypto\kmac\kmac.c : warning treated as error - no object file generated
crypto\kmac\kmac.c : warning C4819: The file contains a character that
cannot be represented in the current code page (936). Save the file in Unicode
format to prevent data loss
```
CLA: trivial
Reviewed-by: Kurt Roeckx
Reviewed-by: Richard Levitte
(Merged from https://github.com/openssl/openssl/pull/7846)
---
Summary of changes:
crypto/kmac/kmac.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/crypto/kmac/kmac.c b/crypto/kmac/kmac.c
index 01a4b6a..76e75c1 100644
--- a/crypto/kmac/kmac.c
+++ b/crypto/kmac/kmac.c
@@ -19,28 +19,28 @@
* KMAC128(K, X, L, S)
* {
* newX = bytepad(encode_string(K), 168) || X || right_encode(L).
- * T = bytepad(encode_string(“KMAC”) || encode_string(S), 168).
+ * T = bytepad(encode_string("KMAC") || encode_string(S), 168).
* return KECCAK[256](T || newX || 00, L).
* }
*
* KMAC256(K, X, L, S)
* {
* newX = bytepad(encode_string(K), 136) || X || right_encode(L).
- * T = bytepad(encode_string(“KMAC”) || encode_string(S), 136).
+ * T = bytepad(encode_string("KMAC") || encode_string(S), 136).
* return KECCAK[512](T || newX || 00, L).
* }
*
* KMAC128XOF(K, X, L, S)
* {
* newX = bytepad(encode_string(K), 168) || X || right_encode(0).
- * T = bytepad(encode_string(“KMAC”) || encode_string(S), 168).
+ * T = bytepad(encode_string("KMAC") || encode_string(S), 168).
* return KECCAK[256](T || newX || 00, L).
* }
*
* KMAC256XOF(K, X, L, S)
* {
* newX = bytepad(encode_string(K), 136) || X || right_encode(0).
- * T = bytepad(encode_string(“KMAC”) || encode_string(S), 136).
+ * T = bytepad(encode_string("KMAC") || encode_string(S), 136).
* return KECCAK[512](T || newX || 00, L).
* }
*
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
