[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Andy Polyakov appro at openssl.org
Fri Nov 25 16:24:01 UTC 2016


The branch OpenSSL_1_1_0-stable has been updated
       via  025697a94678005df28055913d0df5d122acecfe (commit)
       via  04bec2a3a2f83e03c8eb2b7472ace8ec94396d7f (commit)
      from  e15c45fb22eca69d0faffb91d4c501e11837d376 (commit)


- Log -----------------------------------------------------------------
commit 025697a94678005df28055913d0df5d122acecfe
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Nov 20 23:38:12 2016 +0100

    modes/ctr128.c: fix false carry in counter increment procedure.
    
    GH issue #1916 affects only big-endian platforms. TLS is not affected,
    because TLS fragment is never big enough.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit 76f572ed0469a277d92378848250b7a9705d3071)

commit 04bec2a3a2f83e03c8eb2b7472ace8ec94396d7f
Author: Andy Polyakov <appro at openssl.org>
Date:   Sun Nov 20 23:32:24 2016 +0100

    test/evptests.txt: add regression test for false carry in ctr128.c.
    
    GH issue #1916 affects only big-endian platforms. TLS is not affected,
    because TLS fragment is never big enough.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (cherry picked from commit b47f116b1e02d20b1f8a7488be5a04f7cf5bc712)

-----------------------------------------------------------------------

Summary of changes:
 crypto/modes/ctr128.c | 2 +-
 test/evptests.txt     | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/crypto/modes/ctr128.c b/crypto/modes/ctr128.c
index b7ffb73..03920b4 100644
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@@ -52,7 +52,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
         --n;
         d = data[n] += c;
         /* did addition carry? */
-        c = ((d - c) ^ d) >> (sizeof(size_t) * 8 - 1);
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
     } while (n);
 }
 #endif
diff --git a/test/evptests.txt b/test/evptests.txt
index f358ddb..36697f1 100644
--- a/test/evptests.txt
+++ b/test/evptests.txt
@@ -842,6 +842,14 @@ Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021
 Ciphertext = EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8
 
 
+# Self-generated vector to trigger false carry on big-endian platforms
+Cipher = aes-128-ctr
+Key = 7E24067817FAE0D743D6CE1F32539163
+IV = 00000000000000007FFFFFFFFFFFFFFF
+Operation = ENCRYPT
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
+Ciphertext = A2D459477E6432BD74184B1B5370D2243CDC202BC43583B2A55D288CDBBD1E03
+
 # DES ECB tests (from destest)
 
 Cipher = DES-ECB


More information about the openssl-commits mailing list