Provide err_clear_last_constant_time() as a way of clearing an error from

the top of the error stack in constant time.

This will be used by upcoming RSA changes.

From OpenSSL 1.1.1d.

ok inoguchi@ tb@

2 files changed, 24 insertions, 1 deletions

diff --git a/src/lib/libcrypto/constant_time_locl.h b/src/lib/libcrypto/constant_time_locl.h
index 2cabfb460e..2d511cc0bf 100644
--- a/src/lib/libcrypto/constant_time_locl.h
+++ b/src/lib/libcrypto/constant_time_locl.h
@@ -200,6 +200,8 @@ static inline int constant_time_select_int(unsigned int mask, int a, int b)
     return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
 }
 
+void err_clear_last_constant_time(int clear);
+
 __END_HIDDEN_DECLS
 
 #endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c
index caabfe01d6..f05567e173 100644
--- a/src/lib/libcrypto/err/err.c
+++ b/src/lib/libcrypto/err/err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: err.c,v 1.47 2018/04/03 21:59:37 tb Exp $ */
+/* $OpenBSD: err.c,v 1.48 2019/10/17 14:28:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1184,3 +1184,24 @@ ERR_pop_to_mark(void)
         es->err_flags[es->top]&=~ERR_FLAG_MARK;
         return 1;
 }
+
+void
+err_clear_last_constant_time(int clear)
+{
+        ERR_STATE *es;
+        int top;
+
+        es = ERR_get_state();
+        if (es == NULL)
+        return;
+
+        top = es->top;
+
+        es->err_flags[top] &= ~(0 - clear);
+        es->err_buffer[top] &= ~(0UL - clear);
+        es->err_file[top] = (const char *)((uintptr_t)es->err_file[top] &
+            ~((uintptr_t)0 - clear));
+        es->err_line[top] |= 0 - clear;
+
+        es->top = (top + ERR_NUM_ERRORS - clear) % ERR_NUM_ERRORS;
+}