Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DZbbA_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE57pgMPjC6Kx1hBLwHUvp1iSJwH5v3TLusHzUbXC-2FOWVhPnfnax8eBFbazxFpga5t3TDYaJAX55VtItDTu1T0ZpCQx9QI9BMJLM24ia6oM9lpgL2xmtZ8r5CJkzXSZHWpGP-2Foa4e1zaCh-2BvaGjhBKUWEAsMthy8GlSogpHQmy7yhaxjuTdwk3qI-2FspfDdswYk-3D Build ID: 433841 Analysis Summary: New defects found: 0 Defects eliminated: 0
[openssl] openssl-3.0 update
The branch openssl-3.0 has been updated via 1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1 (commit) from cb7e50ba3f250a9c9978a964e98a8c8940833595 (commit) - Log - commit 1f7c5c56c7365fefd9cff9bea4d3d27346ca44d1 Author: Pauli Date: Thu Jan 27 15:05:48 2022 +1100 aes: make the no-asm constant time code path not the default After OMC and OTC discussions, the 95% performance loss resulting from the constant time code was deemed excessive for something outside of our security policy. The option to use the constant time code exists as it was in OpenSSL 1.1.1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/17600) --- Summary of changes: CHANGES.md| 7 +++ crypto/aes/aes_core.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index 50002e0af6..a7980daaeb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,13 @@ breaking changes, and mappings for the large list of deprecated functions. ### Changes between 3.0.1 and 3.0.2 [xx XXX ] + * Made the AES constant time code for no-asm configurations + optional due to the resulting 95% performance degradation. + The AES constant time code can be enabled, for no assembly + builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME + + *Paul Dale* + * Fixed PEM_write_bio_PKCS8PrivateKey() to make it possible to use empty passphrase strings. diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 7b9989fd47..d3eaab349f 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -50,7 +50,7 @@ #include #include "aes_local.h" -#if !defined(OPENSSL_NO_AES_CONST_TIME) && !defined(AES_ASM) +#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define U64(C) C##UI64
[openssl] master update
The branch master has been updated via e180bf641ed23010073b0882d63d5dfd48409602 (commit) from 7fde39de848f062d6db45bf9e69439db2100b9bb (commit) - Log - commit e180bf641ed23010073b0882d63d5dfd48409602 Author: Pauli Date: Thu Jan 27 15:05:48 2022 +1100 aes: make the no-asm constant time code path not the default After OMC and OTC discussions, the 95% performance loss resulting from the constant time code was deemed excessive for something outside of our security policy. The option to use the constant time code exists as it was in OpenSSL 1.1.1. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/17600) --- Summary of changes: CHANGES.md| 9 + crypto/aes/aes_core.c | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/CHANGES.md b/CHANGES.md index a542e25374..3799c28c97 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -90,6 +90,15 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.1 and 3.0.2 [xx XXX ] + + * Made the AES constant time code for no-asm configurations + optional due to the resulting 95% performance degradation. + The AES constant time code can be enabled, for no assembly + builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME + + *Paul Dale* + ### Changes between 3.0.0 and 3.0.1 [14 dec 2021] * Fixed invalid handling of X509_verify_cert() internal errors in libssl diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index 7b9989fd47..d3eaab349f 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -50,7 +50,7 @@ #include #include "aes_local.h" -#if !defined(OPENSSL_NO_AES_CONST_TIME) && !defined(AES_ASM) +#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM) # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define U64(C) C##UI64
