Date: Sun, 14 Oct 2018 23:10:06 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r482122 - head/devel/android-tools-adb/files Message-ID: <201810142310.w9ENA6fj019775@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Sun Oct 14 23:10:06 2018 New Revision: 482122 URL: https://svnweb.freebsd.org/changeset/ports/482122 Log: devel/android-tools-adb: apply boringssl style fixes http://github.com/google/boringssl/commit/54091230cda4 http://github.com/google/boringssl/commit/808f8329177f Modified: head/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c (contents, props changed) Modified: head/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c ============================================================================== --- head/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c Sun Oct 14 22:11:32 2018 (r482121) +++ head/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c Sun Oct 14 23:10:06 2018 (r482122) @@ -77,7 +77,7 @@ *key = new_key; ret = true; -@@ -110,6 +150,86 @@ cleanup: +@@ -110,6 +150,83 @@ cleanup: return ret; } @@ -87,15 +87,15 @@ +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks in little-endian + order. */ -+ int top; /* Index of last used element in |d|, plus one. */ -+ int dmax; /* Size of |d|, in words. */ -+ int neg; /* one if the number is negative */ -+ int flags; /* bitmask of BN_FLG_* values */ ++ int top; // Index of last used element in |d|, plus one. ++ int dmax; // Size of |d|, in words. ++ int neg; // one if the number is negative ++ int flags; // bitmask of BN_FLG_* values +}; +#endif + -+/* constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its -+ * behavior is undefined if |v| takes any other value. */ ++// constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its ++// behavior is undefined if |v| takes any other value. +static BN_ULONG constant_time_select_ulong(int v, BN_ULONG x, BN_ULONG y) { + BN_ULONG mask = v; + mask--; @@ -103,58 +103,55 @@ + return (~mask & x) | (mask & y); +} + -+/* constant_time_le_size_t returns 1 if |x| <= |y| and 0 otherwise. |x| and |y| -+ * must not have their MSBs set. */ ++// constant_time_le_size_t returns 1 if |x| <= |y| and 0 otherwise. |x| and |y| ++// must not have their MSBs set. +static int constant_time_le_size_t(size_t x, size_t y) { + return ((x - y - 1) >> (sizeof(size_t) * 8 - 1)) & 1; +} + -+/* read_word_padded returns the |i|'th word of |in|, if it is not out of -+ * bounds. Otherwise, it returns 0. It does so without branches on the size of -+ * |in|, however it necessarily does not have the same memory access pattern. If -+ * the access would be out of bounds, it reads the last word of |in|. |in| must -+ * not be zero. */ ++// read_word_padded returns the |i|'th word of |in|, if it is not out of ++// bounds. Otherwise, it returns 0. It does so without branches on the size of ++// |in|, however it necessarily does not have the same memory access pattern. If ++// the access would be out of bounds, it reads the last word of |in|. |in| must ++// not be zero. +static BN_ULONG read_word_padded(const BIGNUM *in, size_t i) { -+ /* Read |in->d[i]| if valid. Otherwise, read the last word. */ ++ // Read |in->d[i]| if valid. Otherwise, read the last word. + BN_ULONG l = in->d[constant_time_select_ulong( + constant_time_le_size_t(in->dmax, i), in->dmax - 1, i)]; + -+ /* Clamp to zero if above |d->top|. */ ++ // Clamp to zero if above |d->top|. + return constant_time_select_ulong(constant_time_le_size_t(in->top, i), 0, l); +} + -+static int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { -+ size_t i; -+ BN_ULONG l; -+ -+ /* Special case for |in| = 0. Just branch as the probability is negligible. */ ++int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { ++ // Special case for |in| = 0. Just branch as the probability is negligible. + if (BN_is_zero(in)) { + memset(out, 0, len); + return 1; + } + -+ /* Check if the integer is too big. This case can exit early in non-constant -+ * time. */ ++ // Check if the integer is too big. This case can exit early in non-constant ++ // time. + if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) { + return 0; + } + if ((len % BN_BYTES) != 0) { -+ l = read_word_padded(in, len / BN_BYTES); ++ BN_ULONG l = read_word_padded(in, len / BN_BYTES); + if (l >> (8 * (len % BN_BYTES)) != 0) { + return 0; + } + } + -+ /* Write the bytes out one by one. Serialization is done without branching on -+ * the bits of |in| or on |in->top|, but if the routine would otherwise read -+ * out of bounds, the memory access pattern can't be fixed. However, for an -+ * RSA key of size a multiple of the word size, the probability of BN_BYTES -+ * leading zero octets is low. -+ * -+ * See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. */ -+ i = len; ++ // Write the bytes out one by one. Serialization is done without branching on ++ // the bits of |in| or on |in->top|, but if the routine would otherwise read ++ // out of bounds, the memory access pattern can't be fixed. However, for an ++ // RSA key of size a multiple of the word size, the probability of BN_BYTES ++ // leading zero octets is low. ++ // ++ // See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. ++ size_t i = len; + while (i--) { -+ l = read_word_padded(in, i / BN_BYTES); ++ BN_ULONG l = read_word_padded(in, i / BN_BYTES); + *(out++) = (uint8_t)(l >> (8 * (i % BN_BYTES))) & 0xff; + } + return 1; @@ -164,7 +161,7 @@ static bool android_pubkey_encode_bignum(const BIGNUM* num, uint8_t* buffer) { if (!BN_bn2bin_padded(buffer, ANDROID_PUBKEY_MODULUS_SIZE, num)) { return false; -@@ -120,6 +240,7 @@ static bool android_pubkey_encode_bignum(const BIGNUM* +@@ -120,6 +237,7 @@ static bool android_pubkey_encode_bignum(const BIGNUM* } bool android_pubkey_encode(const RSA* key, uint8_t* key_buffer, size_t size) { @@ -172,7 +169,7 @@ RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer; bool ret = false; BN_CTX* ctx = BN_CTX_new(); -@@ -136,27 +257,28 @@ bool android_pubkey_encode(const RSA* key, uint8_t* ke +@@ -136,27 +254,28 @@ bool android_pubkey_encode(const RSA* key, uint8_t* ke key_struct->modulus_size_words = ANDROID_PUBKEY_MODULUS_SIZE_WORDS; // Compute and store n0inv = -1 / N[0] mod 2^32.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810142310.w9ENA6fj019775>