Merge BoringSSL 'bd20800': Add a comment for what compiler_test.cc is…

… about Try to support more than what BoringSSL does w.r.t. aliasing pointers.
briansmith · Sep 30, 2023 · 4581b6f · 4581b6f
2 parents 7c823f1 + bd20800
commit 4581b6f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 8 deletions.
diff --git a/crypto/internal.h b/crypto/internal.h
@@ -140,6 +140,10 @@
 #define RING_CORE_POINTLESS_ARRAY_CONST_CAST(cast) cast
 #endif
 
+// `uint8_t` isn't guaranteed to be 'unsigned char' and only 'char' and
+// 'unsigned char' are allowed to alias according to ISO C.
+typedef unsigned char aliasing_uint8_t;
+
 #if (!defined(_MSC_VER) || defined(__clang__)) && defined(OPENSSL_64_BIT)
 #define BORINGSSL_HAS_UINT128
 typedef __int128_t int128_t;
@@ -280,8 +284,8 @@ static inline void constant_time_conditional_memxor(void *dst, const void *src,
                                                     const size_t n,
                                                     const crypto_word_t mask) {
   debug_assert_nonsecret(!buffers_alias(dst, n, src, n));
-  uint8_t *out = (uint8_t *)dst;
-  const uint8_t *in = (const uint8_t *)src;
+  aliasing_uint8_t *out = dst;
+  const aliasing_uint8_t *in = src;
   for (size_t i = 0; i < n; i++) {
     out[i] ^= value_barrier_w(mask) & in[i];
   }
@@ -366,8 +370,8 @@ static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) {
   }
   return memcpy(dst, src, n);
 #else
-  unsigned char *d = dst;
-  const unsigned char *s = src;
+  aliasing_uint8_t *d = dst;
+  const aliasing_uint8_t *s = src;
   for (size_t i = 0; i < n; ++i) {
     d[i] = s[i];
   }
@@ -382,9 +386,9 @@ static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
   }
   return memset(dst, c, n);
 #else
-  unsigned char *d = dst;
+  aliasing_uint8_t *d = dst;
   for (size_t i = 0; i < n; ++i) {
-    d[i] = (unsigned char)c;
+    d[i] = (aliasing_uint8_t)c;
   }
   return dst;
 #endif

diff --git a/crypto/mem.c b/crypto/mem.c
@@ -55,9 +55,12 @@
  * [including the GNU Public Licence.] */
 
 #include <ring-core/mem.h>
+#include "internal.h"
 
-int OPENSSL_memcmp(const uint8_t *a, const uint8_t *b, size_t len) {
+int OPENSSL_memcmp(const void *av, const void *bv, size_t len) {
   uint8_t x = 0;
+  const aliasing_uint8_t *a = av;
+  const aliasing_uint8_t *b = bv;
   for (size_t i = 0; i < len; i++) {
     x |= a[i] ^ b[i];
   }

diff --git a/include/ring-core/mem.h b/include/ring-core/mem.h
@@ -64,6 +64,6 @@
 // of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
 // defined order as the return value when a != b is undefined, other than to be
 // non-zero.
-OPENSSL_EXPORT int OPENSSL_memcmp(const uint8_t *a, const uint8_t *b, size_t len);
+OPENSSL_EXPORT int OPENSSL_memcmp(const void *a, const void *b, size_t len);
 
 #endif  // OPENSSL_HEADER_MEM_H