[openssl-commits] [openssl] master update
Andy Polyakov
appro at openssl.org
Thu Mar 2 15:26:15 UTC 2017
The branch master has been updated
via ea750b59297a7be5ed23d9ae579a3d69b6491c2c (commit)
via 5908555c961ae5d3fc265e0961997fbe14a02091 (commit)
from 36907eaef534fa3a164c57fab802fc1f3932dc5c (commit)
- Log -----------------------------------------------------------------
commit ea750b59297a7be5ed23d9ae579a3d69b6491c2c
Author: Andy Polyakov <appro at openssl.org>
Date: Wed Mar 1 11:41:09 2017 +0100
aes/aes_x86core.c: clarify reference implementation status.
Reviewed-by: Richard Levitte <levitte at openssl.org>
commit 5908555c961ae5d3fc265e0961997fbe14a02091
Author: Andy Polyakov <appro at openssl.org>
Date: Wed Mar 1 11:40:41 2017 +0100
evp/e_aes_cbc_hmac_{sha1|sha256}.c: tag reference code.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/aes/aes_x86core.c | 17 ++++++++---------
crypto/evp/e_aes_cbc_hmac_sha1.c | 8 ++++----
crypto/evp/e_aes_cbc_hmac_sha256.c | 8 ++++----
3 files changed, 16 insertions(+), 17 deletions(-)
diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c
index 95b49bb..21dca9e 100644
--- a/crypto/aes/aes_x86core.c
+++ b/crypto/aes/aes_x86core.c
@@ -7,6 +7,14 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * This is experimental x86[_64] derivative. It assumes little-endian
+ * byte order and expects CPU to sustain unaligned memory references.
+ * It is used as playground for cache-time attack mitigations and
+ * serves as reference C implementation for x86[_64] as well as some
+ * other assembly modules.
+ */
+
/**
* rijndael-alg-fst.c
*
@@ -33,15 +41,6 @@
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/*
- * This is experimental x86[_64] derivative. It assumes little-endian
- * byte order and expects CPU to sustain unaligned memory references.
- * It is used as playground for cache-time attack mitigations and
- * serves as reference C implementation for x86[_64] assembler.
- *
- * <appro at fy.chalmers.se>
- */
-
#include <assert.h>
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
index 52c7c74..a3c8951 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -565,7 +565,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
# endif
-# if 1
+# if 1 /* see original reference version in #else */
len -= SHA_DIGEST_LENGTH; /* amend mac */
if (len >= (256 + SHA_CBLOCK)) {
j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
@@ -659,7 +659,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
}
# endif
len += SHA_DIGEST_LENGTH;
-# else
+# else /* pre-lucky-13 reference version of above */
SHA1_Update(&key->md, out, inp_len);
res = key->md.num;
SHA1_Final(pmac->c, &key->md);
@@ -686,7 +686,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
/* verify HMAC */
out += inp_len;
len -= inp_len;
-# if 1
+# if 1 /* see original reference version in #else */
{
unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
size_t off = out - p;
@@ -708,7 +708,7 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
ret &= (int)~res;
}
-# else
+# else /* pre-lucky-13 reference version of above */
for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
res |= out[i] ^ pmac->c[i];
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c
index 5a92e0b..4830c00 100644
--- a/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -552,7 +552,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
key->md = key->head;
SHA256_Update(&key->md, key->aux.tls_aad, plen);
-# if 1
+# if 1 /* see original reference version in #else */
len -= SHA256_DIGEST_LENGTH; /* amend mac */
if (len >= (256 + SHA256_CBLOCK)) {
j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
@@ -680,7 +680,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
for (; inp_blocks < pad_blocks; inp_blocks++)
sha1_block_data_order(&key->md, data, 1);
}
-# endif
+# endif /* pre-lucky-13 reference version of above */
key->md = key->tail;
SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
SHA256_Final(pmac->c, &key->md);
@@ -688,7 +688,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
/* verify HMAC */
out += inp_len;
len -= inp_len;
-# if 1
+# if 1 /* see original reference version in #else */
{
unsigned char *p =
out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
@@ -711,7 +711,7 @@ static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
ret &= (int)~res;
}
-# else
+# else /* pre-lucky-13 reference version of above */
for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
res |= out[i] ^ pmac->c[i];
res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
More information about the openssl-commits
mailing list