[openssl] master update

Dr. Paul Dale pauli at openssl.org
Mon Jan 31 00:39:10 UTC 2022


The branch master has been updated
       via  e180bf641ed23010073b0882d63d5dfd48409602 (commit)
      from  7fde39de848f062d6db45bf9e69439db2100b9bb (commit)


- Log -----------------------------------------------------------------
commit e180bf641ed23010073b0882d63d5dfd48409602
Author: Pauli <pauli at openssl.org>
Date:   Thu Jan 27 15:05:48 2022 +1100

    aes: make the no-asm constant time code path not the default
    
    After OMC and OTC discussions, the 95% performance loss resulting from
    the constant time code was deemed excessive for something outside of
    our security policy.
    
    The option to use the constant time code exists as it was in OpenSSL 1.1.1.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17600)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md            | 9 +++++++++
 crypto/aes/aes_core.c | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index a542e25374..3799c28c97 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -90,6 +90,15 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 
+### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx]
+
+ * Made the AES constant time code for no-asm configurations
+   optional due to the resulting 95% performance degradation.
+   The AES constant time code can be enabled, for no assembly
+   builds, with: ./config no-asm -DOPENSSL_AES_CONST_TIME
+
+   *Paul Dale*
+
 ### Changes between 3.0.0 and 3.0.1 [14 dec 2021]
 
  * Fixed invalid handling of X509_verify_cert() internal errors in libssl
diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
index 7b9989fd47..d3eaab349f 100644
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@@ -50,7 +50,7 @@
 #include <openssl/aes.h>
 #include "aes_local.h"
 
-#if !defined(OPENSSL_NO_AES_CONST_TIME) && !defined(AES_ASM)
+#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM)
 
 # if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
 #  define U64(C) C##UI64


More information about the openssl-commits mailing list