From b3fdf0fdec8bdaa68a2992a2d696d47a822b588c Mon Sep 17 00:00:00 2001 From: Jai S Date: Wed, 7 May 2025 23:31:06 +0530 Subject: [PATCH] Use value barrier for constant_time_cond_swap_* Resolves #27497 Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/27581) (cherry picked from commit 8a9e0d0f499a288cf3363668870806d5e7be3924) --- include/internal/constant_time.h | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/include/internal/constant_time.h b/include/internal/constant_time.h index 4a2df34da9f..73219759e0c 100644 --- a/include/internal/constant_time.h +++ b/include/internal/constant_time.h @@ -322,6 +322,18 @@ static ossl_inline size_t value_barrier_s(size_t a) return r; } +/* Convenience method for unsigned char. */ +static ossl_inline unsigned char value_barrier_8(unsigned char a) +{ +#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__) + unsigned char r; + __asm__("" : "=r"(r) : "0"(a)); +#else + volatile unsigned char r = a; +#endif + return r; +} + static ossl_inline unsigned int constant_time_select(unsigned int mask, unsigned int a, unsigned int b) @@ -382,7 +394,7 @@ static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a, { uint32_t xor = *a ^ *b; - xor &= mask; + xor &= value_barrier_32(mask); *a ^= xor; *b ^= xor; } @@ -402,7 +414,7 @@ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, { uint64_t xor = *a ^ *b; - xor &= mask; + xor &= value_barrier_64(mask); *a ^= xor; *b ^= xor; } @@ -429,7 +441,7 @@ static ossl_inline void constant_time_cond_swap_buff(unsigned char mask, for (i = 0; i < len; i++) { tmp = a[i] ^ b[i]; - tmp &= mask; + tmp &= value_barrier_8(mask); a[i] ^= tmp; b[i] ^= tmp; } -- 2.47.2