[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-poly1305
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-poly1305 Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_constant_time.t ok ../../openssl/test/recipes/90-test_fatalerr.t . ok ../../openssl/test/recipes/90-test_gmdiff.t ... ok ../../openssl/test/recipes/90-test_ige.t .. ok ../../openssl/test/recipes/90-test_includes.t .
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdh > test/buildtest_ecdh.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ecdsa > test/buildtest_ecdsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl engine > test/buildtest_engine.c /usr/bin/perl ../openssl/test/generate_buildtest.pl evp > test/buildtest_evp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl hmac > test/buildtest_hmac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl idea > test/buildtest_idea.c /usr/bin/perl ../openssl/test/generate_buildtest.pl kdf > test/buildtest_kdf.c /usr/bin/perl ../openssl/test/generate_buildtest.pl lhash > test/buildtest_lhash.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md4 > test/buildtest_md4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl md5 > test/buildtest_md5.c /usr/bin/perl ../openssl/test/generate_buildtest.pl mdc2 > test/buildtest_mdc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl modes > test/buildtest_modes.c /usr/bin/perl ../openssl/test/generate_buildtest.pl obj_mac > test/buildtest_obj_mac.c /usr/bin/perl ../openssl/test/generate_buildtest.pl objects > test/buildtest_objects.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ocsp > test/buildtest_ocsp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl opensslv > test/buildtest_opensslv.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ossl_typ > test/buildtest_ossl_typ.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem > test/buildtest_pem.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pem2 > test/buildtest_pem2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs12 > test/buildtest_pkcs12.c /usr/bin/perl ../openssl/test/generate_buildtest.pl pkcs7 > test/buildtest_pkcs7.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand > test/buildtest_rand.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rand_drbg > test/buildtest_rand_drbg.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc2 > test/buildtest_rc2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rc4 > test/buildtest_rc4.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ripemd > test/buildtest_ripemd.c /usr/bin/perl ../openssl/test/generate_buildtest.pl rsa > test/buildtest_rsa.c /usr/bin/perl ../openssl/test/generate_buildtest.pl safestack > test/buildtest_safestack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl seed > test/buildtest_seed.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sha > test/buildtest_sha.c /usr/bin/perl ../openssl/test/generate_buildtest.pl sm2 > test/buildtest_sm2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srp > test/buildtest_srp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl srtp > test/buildtest_srtp.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl > test/buildtest_ssl.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ssl2 > test/buildtest_ssl2.c /usr/bin/perl ../openssl/test/generate_buildtest.pl stack > test/buildtest_stack.c /usr/bin/perl ../openssl/test/generate_buildtest.pl store > test/buildtest_store.c /usr/bin/perl ../openssl/test/generate_buildtest.pl symhacks > test/buildtest_symhacks.c /usr/bin/perl ../openssl/test/generate_buildtest.pl tls1 > test/buildtest_tls1.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ts > test/buildtest_ts.c /usr/bin/perl ../openssl/test/generate_buildtest.pl txt_db > test/buildtest_txt_db.c /usr/bin/perl ../openssl/test/generate_buildtest.pl ui > test/buildtest_ui.c /usr/bin/perl ../openssl/test/generate_buildtest.pl whrlpool > test/buildtest_whrlpool.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509 > test/buildtest_x509.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509_vfy > test/buildtest_x509_vfy.c /usr/bin/perl ../openssl/test/generate_buildtest.pl x509v3 > test/buildtest_x509v3.c clang -Iinclude -I../openssl/include -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -MMD -MF test/casttest.d.tmp -MT test/casttest.o
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-chacha
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-chacha Commit log since last time: 7f35627 Fix typos in x509 documentation 60845a0 Add CHANGES entry for PR#6009 0dae8ba Add blinding in BN_GF2m_mod_inv for binary field inversions a7b0b69 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c fe2d397 ECDSA: remove nonce padding (delegated to EC_POINT_mul) Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test/recipes/90-test_bio_enc.t .. ok ../../openssl/test/recipes/90-test_constant_time.t ok ../../openssl/test/recipes/90-test_fatalerr.t . ok ../../openssl/test/recipes/90-test_gmdiff.t ... ok ../../openssl/test/recipes/90-test_ige.t .. ok ../../openssl/test/recipes/90-test_includes.t . o
[openssl-commits] [openssl] master update
The branch master has been updated via a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f (commit) via 60155b9ae1bcf8490a193b2c1cf8ae57f8746321 (commit) from 7f35627c7943c213f7f8555d13b83288cccd5fc9 (commit) - Log - commit a01b9cd5a76ea45e083dbf2ca002ca44ce3f525f Author: Matt Caswell Date: Wed May 9 12:05:39 2018 +0100 Fix no-cms Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6205) commit 60155b9ae1bcf8490a193b2c1cf8ae57f8746321 Author: Matt Caswell Date: Wed May 9 11:49:02 2018 +0100 Fix no-tls1_2, no-tls1_2-method, no-chacha and no-poly1305 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6205) --- Summary of changes: test/build.info | 11 +++ test/sslapitest.c | 15 ++- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/test/build.info b/test/build.info index 535c5aa..c3a0904 100644 --- a/test/build.info +++ b/test/build.info @@ -51,7 +51,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest cmsapitest + sysdefaulttest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -373,9 +373,12 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[servername_test]=../include DEPEND[servername_test]=../libcrypto ../libssl libtestutil.a - SOURCE[cmsapitest]=cmsapitest.c - INCLUDE[cmsapitest]=../include - DEPEND[cmsapitest]=../libcrypto libtestutil.a + IF[{- !$disabled{cms} -}] +PROGRAMS_NO_INST=cmsapitest +SOURCE[cmsapitest]=cmsapitest.c +INCLUDE[cmsapitest]=../include +DEPEND[cmsapitest]=../libcrypto libtestutil.a + ENDIF IF[{- !$disabled{psk} -}] PROGRAMS_NO_INST=dtls_mtu_test diff --git a/test/sslapitest.c b/test/sslapitest.c index 0aac80b..0a3d515 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -4460,6 +4460,11 @@ static struct { const char *srvrtls13ciphers; const char *shared; } shared_ciphers_data[] = { +/* + * We can't establish a connection (even in TLSv1.1) with these ciphersuites if + * TLSv1.3 is enabled but TLSv1.2 is disabled. + */ +#if defined(OPENSSL_NO_TLS1_3) || !defined(OPENSSL_NO_TLS1_2) { TLS1_2_VERSION, "AES128-SHA:AES256-SHA", @@ -4484,7 +4489,13 @@ static struct { NULL, "AES128-SHA" }, -#ifndef OPENSSL_NO_TLS1_3 +#endif +/* + * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be + * enabled. + */ +#if !defined(OPENSSL_NO_TLS1_3) && !defined(OPENSSL_NO_TLS1_2) \ +&& !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) { TLS1_3_VERSION, "AES128-SHA:AES256-SHA", @@ -4494,6 +4505,8 @@ static struct { "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:" "TLS_AES_128_GCM_SHA256:AES256-SHA" }, +#endif +#ifndef OPENSSL_NO_TLS1_3 { TLS1_3_VERSION, "AES128-SHA", _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 7f35627c7943c213f7f8555d13b83288cccd5fc9 (commit) from 60845a0aa4e54f2973bc178daa5ed475ea4e148d (commit) - Log - commit 7f35627c7943c213f7f8555d13b83288cccd5fc9 Author: Dr. Matthias St. Pierre Date: Tue May 8 12:32:12 2018 +0200 Fix typos in x509 documentation Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6207) --- Summary of changes: doc/man3/X509_NAME_get_index_by_NID.pod | 2 +- doc/man3/X509_cmp_time.pod | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/X509_NAME_get_index_by_NID.pod b/doc/man3/X509_NAME_get_index_by_NID.pod index 5579dab..283d0f2 100644 --- a/doc/man3/X509_NAME_get_index_by_NID.pod +++ b/doc/man3/X509_NAME_get_index_by_NID.pod @@ -49,7 +49,7 @@ of space needed in B (excluding the final null) is returned. =head1 NOTES X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() should be -considered deprecaated because they +considered deprecated because they have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can diff --git a/doc/man3/X509_cmp_time.pod b/doc/man3/X509_cmp_time.pod index 911814e..4b5cb67 100644 --- a/doc/man3/X509_cmp_time.pod +++ b/doc/man3/X509_cmp_time.pod @@ -46,7 +46,7 @@ X509_cmp_time() and X509_cmp_current_time() return -1 if B is earlier than, or equal to, B (resp. current time), and 1 otherwise. These methods return 0 on error. -X509_time_ad() and X509_time_adj_ex() return a pointer to the updated +X509_time_adj() and X509_time_adj_ex() return a pointer to the updated ASN1_TIME structure, and NULL on error. =head1 COPYRIGHT _ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits
[openssl-commits] [openssl] master update
The branch master has been updated via 60845a0aa4e54f2973bc178daa5ed475ea4e148d (commit) via 0dae8bafceabc8966383aa1f11ee8622f7dbde2f (commit) via a7b0b69c6e9fa172aeb1ac0ede5ef306315dd80c (commit) via fe2d3975880e6a89702f18ec58881307bf862542 (commit) from 06e0950d20d3110849dea28eb78cac4127618b48 (commit) - Log - commit 60845a0aa4e54f2973bc178daa5ed475ea4e148d Author: Nicola Tuveri Date: Wed Apr 25 15:27:59 2018 +0300 Add CHANGES entry for PR#6009 Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) commit 0dae8bafceabc8966383aa1f11ee8622f7dbde2f Author: Billy Brumley Date: Tue Apr 24 16:03:42 2018 +0300 Add blinding in BN_GF2m_mod_inv for binary field inversions Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) commit a7b0b69c6e9fa172aeb1ac0ede5ef306315dd80c Author: Billy Brumley Date: Tue Apr 24 16:01:53 2018 +0300 ECC: unify generic ec2 and ecp scalar multiplication, deprecate ec2_mult.c Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) commit fe2d3975880e6a89702f18ec58881307bf862542 Author: Billy Brumley Date: Tue Apr 24 16:00:08 2018 +0300 ECDSA: remove nonce padding (delegated to EC_POINT_mul) * EC_POINT_mul is now responsible for constant time point multiplication (for single fixed or variable point multiplication, when the scalar is in the range [0,group_order), so we need to strip the nonce padding from ECDSA. * Entry added to CHANGES * Updated EC_POINT_mul documentation - Integrate existing EC_POINT_mul and EC_POINTs_mul entries in the manpage to reflect the shift in constant-time expectations when performing a single fixed or variable point multiplication; - Add documentation to ec_method_st to reflect the updated "contract" between callers and implementations of ec_method_st.mul. Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6070) --- Summary of changes: CHANGES | 20 +++ crypto/bn/bn_gf2m.c | 132 +-- crypto/ec/build.info | 2 +- crypto/ec/ec2_mult.c | 404 -- crypto/ec/ec2_smpl.c | 11 +- crypto/ec/ec_lcl.h| 25 ++- crypto/ec/ec_mult.c | 4 +- crypto/ec/ecdsa_ossl.c| 17 -- doc/man3/EC_POINT_add.pod | 8 +- 9 files changed, 90 insertions(+), 533 deletions(-) delete mode 100644 crypto/ec/ec2_mult.c diff --git a/CHANGES b/CHANGES index a13183f..e8b92cc 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,26 @@ Changes between 1.1.0h and 1.1.1 [xx XXX ] + *) Apply blinding to binary field modular inversion and remove patent + pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation. + [Billy Bob Brumley] + + *) Deprecate ec2_mult.c and unify scalar multiplication code paths for + binary and prime elliptic curves. + [Billy Bob Brumley] + + *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for + constant time fixed point multiplication. + [Billy Bob Brumley] + + *) Revise elliptic curve scalar multiplication with timing attack + defenses: ec_wNAF_mul redirects to a constant time implementation + when computing fixed point and variable point multiplication (which + in OpenSSL are mostly used with secret scalars in keygen, sign, + ECDH derive operations). + [Billy Bob Brumley, Nicola Tuveri, Cesar Pereida GarcĂa, + Sohaib ul Hassan] + *) Updated CONTRIBUTING [Rich Salz] diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 16868f7..287adf3 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -547,7 +547,8 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * Hernandez, J.L., and Menezes, A. "Software Implementation of Elliptic * Curve Cryptography Over Binary Fields". */ -int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, BN_CTX *ctx) { BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; int ret = 0; @@ -713,6 +714,46 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) return ret; } +/*- + * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling. + * This is not constant time. + * But it does eliminate first order deduction on
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t .
[openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . ok ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t
[openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment
Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-ubsan -DPEDANTIC -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment Commit log since last time: 06e0950 VMS rand: assign before check, not the other way around 8c8fbca Fix --strict-warnings build of ppc-linux target 7d859d1 ec/ec_mult.c: get BN_CTX_start,end sequence right. 61e9655 Add a DTLS test for dropped records f750641 Keep the DTLS timer running after the end of the handshake if appropriate ad96225 Only auto-retry for DTLS if configured to do so 6f6da2f Fix s_client and s_server so that they correctly handle the DTLS timer f20404f Don't fail on an out-of-order CCS in DTLS e15e92d Add a CMS API test 3d551b2 Fix a mem leak in CMS Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ok ../../openssl/test/recipes/30-test_pbelu.t ok ../../openssl/test/recipes/30-test_pkey_meth.t ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ok ../../openssl/test/recipes/40-test_rehash.t ... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t . ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ok ../../openssl/test/recipes/60-test_x509_store.t ... ok ../../openssl/test/recipes/60-test_x509_time.t ok ../../openssl/test/recipes/70-test_asyncio.t .. ok ../../openssl/test/recipes/70-test_bad_dtls.t . ok ../../openssl/test/recipes/70-test_clienthello.t .. ok ../../openssl/test/recipes/70-test_comp.t . ok ../../openssl/test/recipes/70-test_key_share.t ok ../../openssl/test/recipes/70-test_packet.t ... ok ../../openssl/test/recipes/70-test_recordlen.t ok ../../openssl/test/recipes/70-test_renegotiation.t ok ../../openssl/test/recipes/70-test_servername.t ... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ok ../../openssl/test/recipes/70-test_sslcertstatus.t ok ../../openssl/test/recipes/70-test_sslextension.t . ok ../../openssl/test/recipes/70-test_sslmessages.t .. ok ../../openssl/test/recipes/70-test_sslrecords.t ... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ... ok ../../openssl/test/recipes/70-test_sslsignature.t . ok ../../openssl/test/recipes/70-test_sslskewith0p.t . ok ../../openssl/test/recipes/70-test_sslversions.t .. ok ../../openssl/test/recipes/70-test_sslvertol.t ok ../../openssl/test/recipes/70-test_tls13cookie.t .. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t . ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ok ../../openssl/test/recipes/70-test_tls13messages.t ok ../../openssl/test/recipes/70-test_tls13psk.t . ok ../../openssl/test/recipes/70-test_tlsextms.t . ok ../../openssl/test/recipes/70-test_verify_extra.t . ok ../../openssl/test/recipes/70-test_wpacket.t .. ok ../../openssl/test/recipes/80-test_ca.t ... ok ../../openssl/test/recipes/80-test_cipherbytes.t .. ok ../../openssl/test/recipes/80-test_cipherlist.t ... ok ../../openssl/test/recipes/80-test_ciphername.t ... ok ../../openssl/test/recipes/80-test_cms.t .. ok ../../openssl/test/recipes/80-test_cmsapi.t ... ok ../../openssl/test/recipes/80-test_ct.t ... ok ../../openssl/test/recipes/80-test_dane.t . ok ../../openssl/test/recipes/80-test_dtls.t . Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/80-test_dtls_mtu.t . ok ../../openssl/test/recipes/80-test_dtlsv1listen.t . ok ../../openssl/test/recipes/80-test_ocsp.t . ok ../../openssl/test/recipes/80-test_pkcs12.t ... ok ../../openssl/test/recipes/80-test_ssl_new.t .. ok ../../openssl/test/recipes/80-test_ssl_old.t .. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t . ok ../../openssl/test/recipes/80-test_sslcorrupt.t ... ok ../../openssl/test/recipes/80-test_tsa.t .. ok ../../openssl/test/recipes/80-test_x509aux.t .. ok ../../openssl/test/recipes/90-test_asn1_time.t ok ../../openssl/test/recipes/90-test_async.t ok ../../openssl/test