Revision - f2df488 - RT3425: constant-time evp_enc – ENEA Mirror of the Software Heritage archive

Revision f2df488a1c7402e48c21c83e937955dfe9f40bee authored by Emilia Kasper on 05 September 2014, 12:47:33 UTC, committed by Emilia Kasper on 24 September 2014, 14:25:54 UTC

RT3425: constant-time evp_enc

Do the final padding check in EVP_DecryptFinal_ex in constant time to
avoid a timing leak from padding failure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e)

Conflicts:
	crypto/evp/evp_enc.c

(cherry picked from commit 738911cde68b2b3706e502cf8daf5b14738f2f42)

1 parent 8d507ae

Files
Changes

Permalinks

ultrixcc.c

#include <stdio.h>

/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
 * What happens is that the compiler, due to the (a)&7,
 * does
 * i=a&7;
 * i--;
 * i*=4;
 * Then uses i as the offset into a jump table.
 * The problem is that a value of 0 generates an offset of
 * 0xfffffffc.
 */

main()
	{
	f(5);
	f(0);
	}

int f(a)
int a;
	{
	switch(a&7)
		{
	case 7:
		printf("7\n");
	case 6:
		printf("6\n");
	case 5:
		printf("5\n");
	case 4:
		printf("4\n");
	case 3:
		printf("3\n");
	case 2:
		printf("2\n");
	case 1:
		printf("1\n");
#ifdef FIX_BUG
	case 0:
		;
#endif
		}
	}

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...