diff options
| author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2017-11-03 00:22:35 +0900 |
|---|---|---|
| committer | Myles Borins <mylesborins@google.com> | 2017-11-03 12:22:29 -0500 |
| commit | e7fff9c4435f9f5ef8069217d2a0093c81a8c78b (patch) | |
| tree | 45fbbf4aae64902b831501231d16b7a0af2aeb53 /deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | |
| parent | 3d4d5e0c60f00693947c940b09249f3952bb0cdc (diff) | |
| download | android-node-v8-e7fff9c4435f9f5ef8069217d2a0093c81a8c78b.tar.gz android-node-v8-e7fff9c4435f9f5ef8069217d2a0093c81a8c78b.tar.bz2 android-node-v8-e7fff9c4435f9f5ef8069217d2a0093c81a8c78b.zip | |
deps: upgrade openssl sources to 1.0.2m
This replaces all sources of openssl-1.0.2m.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/16691
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c')
| -rw-r--r-- | deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c index d114710e98..b25fc6d541 100644 --- a/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/deps/openssl/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -579,12 +579,17 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); maxpad &= 255; - ret &= constant_time_ge(maxpad, pad); + mask = constant_time_ge(maxpad, pad); + ret &= mask; + /* + * If pad is invalid then we will fail the above test but we must + * continue anyway because we are in constant time code. However, + * we'll use the maxpad value instead of the supplied pad to make + * sure we perform well defined pointer arithmetic. + */ + pad = constant_time_select(mask, pad, maxpad); inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); - mask = (0 - ((inp_len - len) >> (sizeof(inp_len) * 8 - 1))); - inp_len &= mask; - ret &= (int)mask; key->aux.tls_aad[plen - 2] = inp_len >> 8; key->aux.tls_aad[plen - 1] = inp_len; |