[openssl/openssl] 990d9f: bn_nist: Fix strict-aliasing violations in little-...

Xi Ruoyao noreply at github.com
Thu Nov 30 17:45:11 UTC 2023


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 990d9ff508070757912c000f0c4132dbb5a0bb0a
      https://github.com/openssl/openssl/commit/990d9ff508070757912c000f0c4132dbb5a0bb0a
  Author: Xi Ruoyao <xry111 at xry111.site>
  Date:   2023-11-30 (Thu, 30 Nov 2023)

  Changed paths:
    M crypto/bn/bn_nist.c

  Log Message:
  -----------
  bn_nist: Fix strict-aliasing violations in little-endian optimizations

The little-endian optimization is doing some type-punning in a way
violating the C standard aliasing rule by loading or storing through a
lvalue with type "unsigned int" but the memory location has effective
type "unsigned long" or "unsigned long long" (BN_ULONG).  Convert these
accesses to use memcpy instead, as memcpy is defined as-is "accessing
through the lvalues with type char" and char is aliasing with all types.

GCC does a good job to optimize away the temporary copies introduced
with the change.  Ideally copying to a temporary unsigned int array,
doing the calculation, and then copying back to `r_d` will make the code
look better, but unfortunately GCC would fail to optimize away this
temporary array then.

I've not touched the LE optimization in BN_nist_mod_224 because it's
guarded by BN_BITS2!=64, then BN_BITS2 must be 32 and BN_ULONG must be
unsigned int, thus there is no aliasing issue in BN_nist_mod_224.

Fixes #12247.

Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22816)




More information about the openssl-commits mailing list