[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Sun Mar 19 13:34:39 UTC 2017
The branch master has been updated
via 43c564170c7300092fa1627b961480c708d6fc01 (commit)
via 497910833e6992b4b8645900f2086a56f5557424 (commit)
from 39176d44248ed5581ecd1e05bb9385e28a3d803b (commit)
- Log -----------------------------------------------------------------
commit 43c564170c7300092fa1627b961480c708d6fc01
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Wed Feb 15 00:36:46 2017 +0100
Use memcmp() instead of CRYPTO_memcmp() when fuzzing
Reviewed-by: Andy Polyakov <appro at openssl.org>
GH: #2633
commit 497910833e6992b4b8645900f2086a56f5557424
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Tue Feb 21 22:20:34 2017 +0100
Make the CRYPTO_memcmp() prototype match memcmp()
Reviewed-by: Andy Polyakov <appro at openssl.org>
GH: #2633
-----------------------------------------------------------------------
Summary of changes:
crypto/cryptlib.c | 28 +++++++++-------------------
e_os.h | 4 ++++
include/openssl/crypto.h | 4 +---
3 files changed, 14 insertions(+), 22 deletions(-)
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index b022365..3151e1a 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -313,26 +313,16 @@ void OPENSSL_die(const char *message, const char *file, int line)
}
#if !defined(OPENSSL_CPUID_OBJ)
-/* volatile unsigned char* pointers are there because
- * 1. Accessing a variable declared volatile via a pointer
- * that lacks a volatile qualifier causes undefined behavior.
- * 2. When the variable itself is not volatile the compiler is
- * not required to keep all those reads and can convert
- * this into canonical memcmp() which doesn't read the whole block.
- * Pointers to volatile resolve the first problem fully. The second
- * problem cannot be resolved in any Standard-compliant way but this
- * works the problem around. Compilers typically react to
- * pointers to volatile by preserving the reads and writes through them.
- * The latter is not required by the Standard if the memory pointed to
- * is not volatile.
- * Pointers themselves are volatile in the function signature to work
- * around a subtle bug in gcc 4.6+ which causes writes through
- * pointers to volatile to not be emitted in some rare,
- * never needed in real life, pieces of code.
+/*
+ * The volatile is used to to ensure that the compiler generates code that reads
+ * all values from the array and doesn't try to optimize this away. The standard
+ * doesn't actually require this behavior if the original data pointed to is
+ * not volatile, but compilers do this in practice anyway.
+ *
+ * There are also assembler versions of this function.
*/
-int CRYPTO_memcmp(const volatile void * volatile in_a,
- const volatile void * volatile in_b,
- size_t len)
+# undef CRYPTO_memcmp
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
{
size_t i;
const volatile unsigned char *a = in_a;
diff --git a/e_os.h b/e_os.h
index eafa862..d2f4d3f 100644
--- a/e_os.h
+++ b/e_os.h
@@ -513,6 +513,10 @@ struct servent *getservbyname(const char *name, const char *proto);
#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0]))
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define CRYPTO_memcmp memcmp
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h
index 8ee3e8a..3b75dbe 100644
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -347,9 +347,7 @@ int OPENSSL_gmtime_diff(int *pday, int *psec,
* into a defined order as the return value when a != b is undefined, other
* than to be non-zero.
*/
-int CRYPTO_memcmp(const volatile void * volatile in_a,
- const volatile void * volatile in_b,
- size_t len);
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
/* Standard initialisation options */
# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
More information about the openssl-commits
mailing list