Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reimplement non-asm OPENSSL_cleanse() #455

Closed
wants to merge 2 commits into
base: master
from
Closed
Changes from all commits
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.
+19 −534
Diff settings

Always

Just for now

Copy path View file
@@ -429,7 +429,7 @@ my %table=(
},
aarch64_asm => {
template => 1,
cpuid_obj => "armcap.o arm64cpuid.o mem_clr.o",
cpuid_obj => "armcap.o arm64cpuid.o",
ec_obj => "ecp_nistz256.o ecp_nistz256-armv8.o",
bn_obj => "bn_asm.o armv8-mont.o",
aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o",
@@ -1660,7 +1660,6 @@ if ($fips)
$openssl_other_defines.="#define OPENSSL_FIPS\n";
}

$cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
@@ -2016,7 +2015,7 @@ print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
print OUT $openssl_algorithm_defines_trans;
print OUT "#endif\n\n";

print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");
print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj);

while (<IN>)
{
Copy path View file
@@ -26,15 +26,15 @@ EX_LIBS=
CFLAGS= $(INCLUDE) $(CFLAG)
ASFLAGS= $(INCLUDE) $(ASFLAG)
AFLAGS=$(ASFLAGS)
CPUID_OBJ=mem_clr.o
CPUID_OBJ=

LIBS=

GENERAL=Makefile README crypto-lib.com install.com

LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
LIBSRC= cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
ebcdic.c uid.c o_time.c o_str.c o_dir.c thr_id.c lock.c fips_ers.c \
o_init.c o_fips.c mem_sec.c
LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \
@@ -176,10 +176,6 @@ mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
mem.o: include/internal/cryptlib.h mem.c
mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
mem_clr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h mem_clr.c
mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
Copy path View file
@@ -86,43 +86,6 @@
rpcc $0
ret ($26)
.end OPENSSL_rdtsc
.globl OPENSSL_cleanse
.ent OPENSSL_cleanse
OPENSSL_cleanse:
.frame $30,0,$26
.prologue 0
beq $17,.Ldone
and $16,7,$0
bic $17,7,$at
beq $at,.Little
beq $0,.Laligned
.Little:
subq $0,8,$0
ldq_u $1,0($16)
mov $16,$2
.Lalign:
mskbl $1,$16,$1
lda $16,1($16)
subq $17,1,$17
addq $0,1,$0
beq $17,.Lout
bne $0,.Lalign
.Lout: stq_u $1,0($2)
beq $17,.Ldone
bic $17,7,$at
beq $at,.Little
.Laligned:
stq $31,0($16)
subq $17,8,$17
lda $16,8($16)
bic $17,7,$at
bne $at,.Laligned
bne $17,.Little
.Ldone: ret ($26)
.end OPENSSL_cleanse
___
{
my ($out,$cnt,$max)=("\$16","\$17","\$18");
Copy path View file
@@ -59,45 +59,6 @@
#endif
.size OPENSSL_atomic_add,.-OPENSSL_atomic_add
.global OPENSSL_cleanse
.type OPENSSL_cleanse,%function
OPENSSL_cleanse:
eor ip,ip,ip
cmp r1,#7
#ifdef __thumb2__
itt hs
#endif
subhs r1,r1,#4
bhs .Lot
cmp r1,#0
beq .Lcleanse_done
.Little:
strb ip,[r0],#1
subs r1,r1,#1
bhi .Little
b .Lcleanse_done
.Lot: tst r0,#3
beq .Laligned
strb ip,[r0],#1
sub r1,r1,#1
b .Lot
.Laligned:
str ip,[r0],#4
subs r1,r1,#4
bhs .Laligned
adds r1,r1,#4
bne .Little
.Lcleanse_done:
#if __ARM_ARCH__>=5
bx lr
#else
tst lr,#1
moveq pc,lr
.word 0xe12fff1e @ bx lr
#endif
.size OPENSSL_cleanse,.-OPENSSL_cleanse
#if __ARM_MAX_ARCH__>=7
.arch armv7-a
.fpu neon
Copy path View file
@@ -12,7 +12,6 @@
.endif
.if __TI_EABI__
.asg OPENSSL_rdtsc,_OPENSSL_rdtsc
.asg OPENSSL_cleanse,_OPENSSL_cleanse
.asg OPENSSL_atomic_add,_OPENSSL_atomic_add
.asg OPENSSL_wipe_cpu,_OPENSSL_wipe_cpu
.asg OPENSSL_instrument_bus,_OPENSSL_instrument_bus
@@ -32,56 +31,6 @@
MV B1,A5
.endasmfunc
.global _OPENSSL_cleanse
_OPENSSL_cleanse:
.asmfunc
ZERO A3:A2
|| ZERO B2
|| SHRU B4,3,B0 ; is length >= 8
|| ADD 1,A4,B6
[!B0] BNOP RA
|| ZERO A1
|| ZERO B1
[B0] MVC B0,ILC
||[!B0] CMPLT 0,B4,A1
||[!B0] CMPLT 1,B4,B1
[A1] STB A2,*A4++[2]
|| [B1] STB B2,*B6++[2]
||[!B0] CMPLT 2,B4,A1
||[!B0] CMPLT 3,B4,B1
[A1] STB A2,*A4++[2]
|| [B1] STB B2,*B6++[2]
||[!B0] CMPLT 4,B4,A1
||[!B0] CMPLT 5,B4,B1
[A1] STB A2,*A4++[2]
|| [B1] STB B2,*B6++[2]
||[!B0] CMPLT 6,B4,A1
[A1] STB A2,*A4++[2]
SPLOOP 1
STNDW A3:A2,*A4++
|| SUB B4,8,B4
SPKERNEL
MV B4,B0 ; remaining bytes
|| ADD 1,A4,B6
|| BNOP RA
[B0] CMPLT 0,B0,A1
|| [B0] CMPLT 1,B0,B1
[A1] STB A2,*A4++[2]
|| [B1] STB B2,*B6++[2]
|| [B0] CMPLT 2,B0,A1
|| [B0] CMPLT 3,B0,B1
[A1] STB A2,*A4++[2]
|| [B1] STB B2,*B6++[2]
|| [B0] CMPLT 4,B0,A1
|| [B0] CMPLT 5,B0,B1
[A1] STB A2,*A4++[2]
|| [B1] STB B2,*B6++[2]
|| [B0] CMPLT 6,B0,A1
[A1] STB A2,*A4++[2]
.endasmfunc
.global _OPENSSL_atomic_add
_OPENSSL_atomic_add:
.asmfunc
Copy path View file
@@ -216,7 +216,7 @@ $ GOSUB CHECK_OPT_FILE
$!
$! Define The Different Encryption "library" Strings.
$!
$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,cpt_err,"+ -
"ebcdic,uid,o_time,o_str,o_dir,thr_id,lock,fips_ers,"+ -
"o_init,o_fips"
$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
Copy path View file
@@ -127,45 +127,6 @@ OPENSSL_wipe_cpu:
br.ret.sptk b0 };;
.endp OPENSSL_wipe_cpu#

.global OPENSSL_cleanse#
.proc OPENSSL_cleanse#
OPENSSL_cleanse:
{ .mib; cmp.eq p6,p0=0,r33 // len==0
#if defined(_HPUX_SOURCE) && !defined(_LP64)
addp4 r32=0,r32
#endif
(p6) br.ret.spnt b0 };;
{ .mib; and r2=7,r32
cmp.leu p6,p0=15,r33 // len>=15
(p6) br.cond.dptk .Lot };;

.Little:
{ .mib; st1 [r32]=r0,1
cmp.ltu p6,p7=1,r33 } // len>1
{ .mbb; add r33=-1,r33 // len--
(p6) br.cond.dptk .Little
(p7) br.ret.sptk.many b0 };;

.Lot:
{ .mib; cmp.eq p6,p0=0,r2
(p6) br.cond.dptk .Laligned };;
{ .mmi; st1 [r32]=r0,1;;
and r2=7,r32 }
{ .mib; add r33=-1,r33
br .Lot };;

.Laligned:
{ .mmi; st8 [r32]=r0,8
and r2=-8,r33 // len&~7
add r33=-8,r33 };; // len-=8
{ .mib; cmp.ltu p6,p0=8,r2 // ((len+8)&~7)>8
(p6) br.cond.dptk .Laligned };;

{ .mbb; cmp.eq p6,p7=r0,r33
(p7) br.cond.dpnt .Little
(p6) br.ret.sptk.many b0 };;
.endp OPENSSL_cleanse#

.global OPENSSL_instrument_bus#
.proc OPENSSL_instrument_bus#
OPENSSL_instrument_bus:
Copy path View file
@@ -59,6 +59,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"

@@ -139,18 +140,6 @@ void *CRYPTO_malloc(size_t num, const char *file, int line)
ret = malloc(num);
#endif

#ifndef OPENSSL_CPUID_OBJ
/*
* Create a dependency on the value of 'cleanse_ctr' so our memory
* sanitisation function can't be optimised out. NB: We only do this for
* >2Kb so the overhead doesn't bother us.
*/
if (ret && (num > 2048)) {
extern unsigned char cleanse_ctr;
((unsigned char *)ret)[0] = cleanse_ctr;
}
#endif

return ret;
}

@@ -254,3 +243,16 @@ void CRYPTO_clear_free(void *str, size_t num)
OPENSSL_cleanse(str, num);
CRYPTO_free(str);
}

static void *(*const volatile __memset_vp)(void *, int, size_t) = (memset);
void OPENSSL_cleanse(void *ptr, size_t len)
{
#if defined(OPENSSL_USE_MEMSET_S)
memset_s(ptr, 0, len);
#elif defined(OPENSSL_WINDOWS)
SecureZeroMemory(ptr, len);
#else
/* Calling a function using a volatile pointer should never be optimised */
(*__memset_vp)(ptr, 0, len);
#endif
}
Copy path View file

This file was deleted.

Oops, something went wrong.
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.