[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via e29dcc3794bdc3928942ffb38ee383328b0d6dc1 (commit) from 6d405b64b77f29241b680f7edadd14d5dc0a8522 (commit) - Log - commit e29dcc3794bdc3928942ffb38ee383328b0d6dc1 Author: Andy Polyakov Date: Fri Dec 7 22:19:57 2018 +0100 err/err.c: improve err_clear_last_constant_time's portability. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7850) (cherry picked from commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4) --- Summary of changes: crypto/err/err.c | 23 +-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 638cbf2..ba7577b 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -824,6 +824,25 @@ int ERR_pop_to_mark(void) return 1; } +#ifdef UINTPTR_T +# undef UINTPTR_T +#endif +/* + * uintptr_t is the answer, but unfortunately C89, current "least common + * denominator" doesn't define it. Most legacy platforms typedef it anyway, + * so that attempt to fill the gaps means that one would have to identify + * that track these gaps, which would be undesirable. Macro it is... + */ +#if defined(__VMS) && __INITIAL_POINTER_SIZE==64 +/* + * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4 + * even in 64-bit builds, which means that it won't work as mask. + */ +# define UINTPTR_T unsigned long long +#else +# define UINTPTR_T size_t +#endif + void err_clear_last_constant_time(int clear) { ERR_STATE *es; @@ -837,8 +856,8 @@ void err_clear_last_constant_time(int clear) es->err_flags[top] &= ~(0 - clear); es->err_buffer[top] &= ~(0UL - clear); -es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] & - ~((uintptr_t)0 - clear)); +es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] & + ~((UINTPTR_T)0 - clear)); es->err_line[top] |= 0 - clear; es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
The branch OpenSSL_1_1_0-stable has been updated via 6d405b64b77f29241b680f7edadd14d5dc0a8522 (commit) via 437b7f059304f59a0fa96d329ca62cd8d748cbc8 (commit) via 43d53fa19da6809e458ebdadba6016d5fbc780a2 (commit) via b58c44a8c1b6c7354c9c8ce4631e27f9eb977b60 (commit) via 0ba39c87aa386db3a97be9e11c77aac94176a2fa (commit) from 7cbff94dff0b927e95be6fed991579ce8e98aa65 (commit) - Log - commit 6d405b64b77f29241b680f7edadd14d5dc0a8522 Author: Andy Polyakov Date: Fri Sep 14 17:24:13 2018 +0200 rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time. Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding if nul delimiter is preceded by 8 consecutive 0x03 bytes. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 603221407ddc6404f8c417c6beadebf84449074c) Resolved conflicts: crypto/rsa/rsa_ssl.c (Merged from https://github.com/openssl/openssl/pull/7735) commit 437b7f059304f59a0fa96d329ca62cd8d748cbc8 Author: Andy Polyakov Date: Thu Sep 6 21:54:23 2018 +0200 rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP. And make RSAErr call unconditional. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 75f5e944be97f28867e7c489823c889d89d0bd06) (Merged from https://github.com/openssl/openssl/pull/7735) commit 43d53fa19da6809e458ebdadba6016d5fbc780a2 Author: Andy Polyakov Date: Sat Sep 1 12:00:33 2018 +0200 rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2. And make RSAErr call unconditional. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit e875b0cf2f10bf2adf73e0c2ec81428290f4660c) (Merged from https://github.com/openssl/openssl/pull/7735) commit b58c44a8c1b6c7354c9c8ce4631e27f9eb977b60 Author: Andy Polyakov Date: Fri Sep 14 12:17:43 2018 +0200 rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 89072e0c2a483f2ad678e723e112712567b0ceb1) (Merged from https://github.com/openssl/openssl/pull/7735) commit 0ba39c87aa386db3a97be9e11c77aac94176a2fa Author: Andy Polyakov Date: Sat Sep 1 12:19:30 2018 +0200 err/err.c: add err_clear_last_constant_time. Expected usage pattern is to unconditionally set error and then wipe it if there was no actual error. Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit f658a3b64d8750642f4975090740865f770c2a1b) Resolved conflicts: crypto/err/err.c (Merged from https://github.com/openssl/openssl/pull/7735) --- Summary of changes: crypto/err/err.c| 21 + crypto/rsa/rsa_oaep.c | 82 ++--- crypto/rsa/rsa_ossl.c | 5 +- crypto/rsa/rsa_pk1.c| 93 ++- crypto/rsa/rsa_ssl.c| 133 doc/crypto/RSA_padding_add_PKCS1_type_1.pod | 7 +- include/internal/constant_time_locl.h | 6 ++ 7 files changed, 234 insertions(+), 113 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 08c27a3..638cbf2 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -19,6 +19,7 @@ #include #include #include +#include "internal/constant_time_locl.h" static void err_load_strings(int lib, ERR_STRING_DATA *str); @@ -822,3 +823,23 @@ int ERR_pop_to_mark(void) es->err_flags[es->top] &= ~ERR_FLAG_MARK; return 1; } + +void err_clear_last_constant_time(int clear) +{ +ERR_STATE *es; +int top; + +es = ERR_get_state(); +if (es == NULL) +return; + +top = es->top; + +es->err_flags[top] &= ~(0 - clear); +es->err_buffer[top] &= ~(0UL - clear); +es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] & + ~((uintptr_t)0 - clear)); +es->err_line[top] |= 0 - clear; + +es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; +} diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index df08a2f..4958212 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -126,7 +126,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, const EVP_MD *mgf1md) { int i, dblen = 0, mlen = -1, one_index = 0, msg_index; -unsigned int good, found_one_byte; +unsigned int good = 0, found_one_byte, mask; const unsigned char *maskedseed, *maskeddb; /* * |em| is the encoded message, zero-padded to exactly |num| bytes: em = @@ -153,8 +153,11
[openssl-commits] [openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 3c1b8562360cff9b2abf954554208565c08176a1 (commit) from 673273c43e853188d6abcffaf76d0f432f13e8c6 (commit) - Log - commit 3c1b8562360cff9b2abf954554208565c08176a1 Author: Andy Polyakov Date: Fri Dec 7 22:19:57 2018 +0100 err/err.c: improve err_clear_last_constant_time's portability. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7850) (cherry picked from commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4) --- Summary of changes: crypto/err/err.c | 23 +-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index 66a60e9..1ad18b1 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -880,6 +880,25 @@ int ERR_clear_last_mark(void) return 1; } +#ifdef UINTPTR_T +# undef UINTPTR_T +#endif +/* + * uintptr_t is the answer, but unfortunately C89, current "least common + * denominator" doesn't define it. Most legacy platforms typedef it anyway, + * so that attempt to fill the gaps means that one would have to identify + * that track these gaps, which would be undesirable. Macro it is... + */ +#if defined(__VMS) && __INITIAL_POINTER_SIZE==64 +/* + * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4 + * even in 64-bit builds, which means that it won't work as mask. + */ +# define UINTPTR_T unsigned long long +#else +# define UINTPTR_T size_t +#endif + void err_clear_last_constant_time(int clear) { ERR_STATE *es; @@ -893,8 +912,8 @@ void err_clear_last_constant_time(int clear) es->err_flags[top] &= ~(0 - clear); es->err_buffer[top] &= ~(0UL - clear); -es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] & - ~((uintptr_t)0 - clear)); +es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] & + ~((UINTPTR_T)0 - clear)); es->err_line[top] |= 0 - clear; es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4 (commit) from 97c213814b2b70ea9158b9bb715213a71ab4e659 (commit) - Log - commit 91d0fd1c2753f0f7d6e0953eed3cfb6eb96d8ff4 Author: Andy Polyakov Date: Fri Dec 7 22:19:57 2018 +0100 err/err.c: improve err_clear_last_constant_time's portability. Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7850) --- Summary of changes: crypto/err/err.c | 23 +-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/crypto/err/err.c b/crypto/err/err.c index aea97a0..11994c3 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -880,6 +880,25 @@ int ERR_clear_last_mark(void) return 1; } +#ifdef UINTPTR_T +# undef UINTPTR_T +#endif +/* + * uintptr_t is the answer, but unfortunately C89, current "least common + * denominator" doesn't define it. Most legacy platforms typedef it anyway, + * so that attempt to fill the gaps means that one would have to identify + * that track these gaps, which would be undesirable. Macro it is... + */ +#if defined(__VMS) && __INITIAL_POINTER_SIZE==64 +/* + * But we can't use size_t on VMS, because it adheres to sizeof(size_t)==4 + * even in 64-bit builds, which means that it won't work as mask. + */ +# define UINTPTR_T unsigned long long +#else +# define UINTPTR_T size_t +#endif + void err_clear_last_constant_time(int clear) { ERR_STATE *es; @@ -893,8 +912,8 @@ void err_clear_last_constant_time(int clear) es->err_flags[top] &= ~(0 - clear); es->err_buffer[top] &= ~(0UL - clear); -es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] & - ~((uintptr_t)0 - clear)); +es->err_file[top] = (const char *)((UINTPTR_T)es->err_file[top] & + ~((UINTPTR_T)0 - clear)); es->err_line[top] |= 0 - clear; es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS; _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 97c213814b2b70ea9158b9bb715213a71ab4e659 (commit) from 16942e081e8d28fa57d1874abff7fefd53d5e75e (commit) - Log - commit 97c213814b2b70ea9158b9bb715213a71ab4e659 Author: terry zhao Date: Fri Dec 7 11:13:49 2018 +0800 Update kmac.c fix nmake compiler error ``` crypto\kmac\kmac.c : warning treated as error - no object file generated crypto\kmac\kmac.c : warning C4819: The file contains a character that cannot be represented in the current code page (936). Save the file in Unicode format to prevent data loss ``` CLA: trivial Reviewed-by: Kurt Roeckx Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7846) --- Summary of changes: crypto/kmac/kmac.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/kmac/kmac.c b/crypto/kmac/kmac.c index 01a4b6a..76e75c1 100644 --- a/crypto/kmac/kmac.c +++ b/crypto/kmac/kmac.c @@ -19,28 +19,28 @@ * KMAC128(K, X, L, S) * { * newX = bytepad(encode_string(K), 168) || X || right_encode(L). - * T = bytepad(encode_string(“KMAC”) || encode_string(S), 168). + * T = bytepad(encode_string("KMAC") || encode_string(S), 168). * return KECCAK[256](T || newX || 00, L). * } * * KMAC256(K, X, L, S) * { * newX = bytepad(encode_string(K), 136) || X || right_encode(L). - * T = bytepad(encode_string(“KMAC”) || encode_string(S), 136). + * T = bytepad(encode_string("KMAC") || encode_string(S), 136). * return KECCAK[512](T || newX || 00, L). * } * * KMAC128XOF(K, X, L, S) * { * newX = bytepad(encode_string(K), 168) || X || right_encode(0). - * T = bytepad(encode_string(“KMAC”) || encode_string(S), 168). + * T = bytepad(encode_string("KMAC") || encode_string(S), 168). * return KECCAK[256](T || newX || 00, L). * } * * KMAC256XOF(K, X, L, S) * { * newX = bytepad(encode_string(K), 136) || X || right_encode(0). - * T = bytepad(encode_string(“KMAC”) || encode_string(S), 136). + * T = bytepad(encode_string("KMAC") || encode_string(S), 136). * return KECCAK[512](T || newX || 00, L). * } * _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits