"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "ssl/record/ssl3_record.c" between
openssl-1.1.1o.tar.gz and openssl-1.1.1p.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) protocols (including SSLv3) as well as a full-strength general purpose cryptographic library. Long Term Support (LTS) version (includes support for TLSv1.3).

[ To the main openssl source changes report ]

ssl3_record.c  (openssl-1.1.1o):ssl3_record.c  (openssl-1.1.1p)
/* /*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at * in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html * https://www.openssl.org/source/license.html
*/ */
#include "../ssl_local.h" #include "../ssl_local.h"
#include "internal/constant_time.h" #include "internal/constant_time.h"
#include <openssl/rand.h> #include <openssl/rand.h>
skipping to change at line 1535 skipping to change at line 1535
* not multi-core and are not considered vulnerable to cache-timing attacks. * not multi-core and are not considered vulnerable to cache-timing attacks.
*/ */
#define CBC_MAC_ROTATE_IN_PLACE #define CBC_MAC_ROTATE_IN_PLACE
int ssl3_cbc_copy_mac(unsigned char *out, int ssl3_cbc_copy_mac(unsigned char *out,
const SSL3_RECORD *rec, size_t md_size) const SSL3_RECORD *rec, size_t md_size)
{ {
#if defined(CBC_MAC_ROTATE_IN_PLACE) #if defined(CBC_MAC_ROTATE_IN_PLACE)
unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
unsigned char *rotated_mac; unsigned char *rotated_mac;
char aux1, aux2, aux3, mask;
#else #else
unsigned char rotated_mac[EVP_MAX_MD_SIZE]; unsigned char rotated_mac[EVP_MAX_MD_SIZE];
#endif #endif
/* /*
* mac_end is the index of |rec->data| just after the end of the MAC. * mac_end is the index of |rec->data| just after the end of the MAC.
*/ */
size_t mac_end = rec->length; size_t mac_end = rec->length;
size_t mac_start = mac_end - md_size; size_t mac_start = mac_end - md_size;
size_t in_mac; size_t in_mac;
skipping to change at line 1584 skipping to change at line 1585
in_mac &= mac_ended; in_mac &= mac_ended;
rotate_offset |= j & mac_started; rotate_offset |= j & mac_started;
rotated_mac[j++] |= b & in_mac; rotated_mac[j++] |= b & in_mac;
j &= constant_time_lt_s(j, md_size); j &= constant_time_lt_s(j, md_size);
} }
/* Now rotate the MAC */ /* Now rotate the MAC */
#if defined(CBC_MAC_ROTATE_IN_PLACE) #if defined(CBC_MAC_ROTATE_IN_PLACE)
j = 0; j = 0;
for (i = 0; i < md_size; i++) { for (i = 0; i < md_size; i++) {
/* in case cache-line is 32 bytes, touch second line */ /*
((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; * in case cache-line is 32 bytes,
out[j++] = rotated_mac[rotate_offset++]; * load from both lines and select appropriately
*/
aux1 = rotated_mac[rotate_offset & ~32];
aux2 = rotated_mac[rotate_offset | 32];
mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset);
aux3 = constant_time_select_8(mask, aux1, aux2);
out[j++] = aux3;
rotate_offset++;
rotate_offset &= constant_time_lt_s(rotate_offset, md_size); rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
} }
#else #else
memset(out, 0, md_size); memset(out, 0, md_size);
rotate_offset = md_size - rotate_offset; rotate_offset = md_size - rotate_offset;
rotate_offset &= constant_time_lt_s(rotate_offset, md_size); rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
for (i = 0; i < md_size; i++) { for (i = 0; i < md_size; i++) {
for (j = 0; j < md_size; j++) for (j = 0; j < md_size; j++)
out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset); out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset);
rotate_offset++; rotate_offset++;
 End of changes. 3 change blocks. 
4 lines changed or deleted 12 lines changed or added
To the C Programs section of the openssl source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)