Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-des Commit log since last time: e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code. 42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()` 732e24bb14 Fix simpledynamic test compilation when condigured without DSO support. 6d4313f03e replace 'unsigned const char' with 'const unsigned char' 1330093b9c [test][pkey_check] Add more invalid SM2 key tests 9e49aff2aa Add SM2 private key range validation 4554988e58 [test][pkey_check] Add invalid SM2 key test ed37336b63 [apps/pkey] Return error on failed `-[pub]check` c5bc5ec849 [test] Add `pkey -check` validation tests becbacd705 Adding TLS group name retrieval 22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys d0afb30ef3 Ensure DTLS free functions can handle NULL 3d0b6494d5 Remove extra space. 981b4b9572 Fixed error and return code. 1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites. c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers. a86add03ab Prepare for 3.0 alpha 11 cae118f938 Prepare for release of 3.0 alpha 10 bd0c71298a Update copyright year Build log ended with (last 100 lines): 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... skipped: The PKCS12 command line utility is not supported by this OpenSSL build 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz_asn1.t ok 99-test_fuzz_asn1parse.t ... ok 99-test_fuzz_bignum.t .. ok 99-test_fuzz_bndiv.t ... ok 99-test_fuzz_client.t .. ok 99-test_fuzz_cmp.t . ok 99-test_fuzz_cms.t . ok 99-test_fuzz_conf.t ok 99-test_fuzz_crl.t .
Build failed: openssl master.39067
Build openssl master.39067 failed Commit 2cc98d528d by Shane Lontis on 12/17/2020 6:42 AM: Replace provider digest flags with seperate param fields Configure your notification preferences
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit Commit log since last time: e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code. 42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()` 732e24bb14 Fix simpledynamic test compilation when condigured without DSO support. 6d4313f03e replace 'unsigned const char' with 'const unsigned char' 1330093b9c [test][pkey_check] Add more invalid SM2 key tests 9e49aff2aa Add SM2 private key range validation 4554988e58 [test][pkey_check] Add invalid SM2 key test ed37336b63 [apps/pkey] Return error on failed `-[pub]check` c5bc5ec849 [test] Add `pkey -check` validation tests becbacd705 Adding TLS group name retrieval 22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys d0afb30ef3 Ensure DTLS free functions can handle NULL 3d0b6494d5 Remove extra space. 981b4b9572 Fixed error and return code. 1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites. c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers. a86add03ab Prepare for 3.0 alpha 11 cae118f938 Prepare for release of 3.0 alpha 10 bd0c71298a Update copyright year Build log ended with (last 100 lines): 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t .. ok 90-test_includes.t . ok 90-test_memleak.t .. ok 90-test_overhead.t . ok 90-test_secmem.t ... ok 90-test_shlibload.t ok 90-test_srp.t .. ok 90-test_sslapi.t ... ok 90-test_sslbuffers.t ... ok 90-test_store.t ok 90-test_sysdefault.t ... ok 90-test_threads.t .. ok 90-test_time_offset.t .. ok 90-test_tls13ccs.t . ok 90-test_tls13encryption.t .. ok 90-test_tls13secrets.t . ok 90-test_v3name.t ... ok 91-test_pkey_check.t ... ok 95-test_external_boringssl.t ... skipped: No external tests in this configuration 95-test_external_gost_engine.t . skipped: No external tests in this configuration 95-test_external_krb5.t skipped: No external tests in this configuration 95-test_external_pyca.t skipped: No external tests in this configuration 99-test_ecstress.t . ok 99-test_fuzz_asn1.t ok 99-test_fuzz_asn1parse.t ... ok 99-test_fuzz_bignum.t .. ok 99-test_fuzz_bndiv.t ... ok 99-test_fuzz_client.t .. ok 99-test_fuzz_cmp.t . ok 99-test_fuzz_cms.t . ok 99-test_fuzz_conf.t
Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm
Platform and configuration command: $ uname -a Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-asm Commit log since last time: e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() respectively which are used mostly by the engine (legacy) code. 42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()` 732e24bb14 Fix simpledynamic test compilation when condigured without DSO support. 6d4313f03e replace 'unsigned const char' with 'const unsigned char' 1330093b9c [test][pkey_check] Add more invalid SM2 key tests 9e49aff2aa Add SM2 private key range validation 4554988e58 [test][pkey_check] Add invalid SM2 key test ed37336b63 [apps/pkey] Return error on failed `-[pub]check` c5bc5ec849 [test] Add `pkey -check` validation tests becbacd705 Adding TLS group name retrieval 22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys d0afb30ef3 Ensure DTLS free functions can handle NULL 3d0b6494d5 Remove extra space. 981b4b9572 Fixed error and return code. 1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites. c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers. a86add03ab Prepare for 3.0 alpha 11 cae118f938 Prepare for release of 3.0 alpha 10 bd0c71298a Update copyright year Build log ended with (last 100 lines): 30-test_evp_extra.t ok 30-test_evp_fetch_prov.t ... ok 30-test_evp_kdf.t .. ok 30-test_evp_libctx.t ... ok 30-test_evp_pkey_dparam.t .. ok 30-test_evp_pkey_provided.t ok 30-test_pbelu.t ok 30-test_pkey_meth.t ok 30-test_pkey_meth_kdf.t ok 30-test_provider_status.t .. ok 40-test_rehash.t ... ok 60-test_x509_check_cert_pkey.t . ok 60-test_x509_dup_cert.t ok 60-test_x509_store.t ... ok 60-test_x509_time.t ok 61-test_bio_prefix.t ... ok 65-test_cmp_asn.t .. ok 65-test_cmp_client.t ... ok 65-test_cmp_ctx.t .. ok 65-test_cmp_hdr.t .. ok 65-test_cmp_msg.t .. ok 65-test_cmp_protect.t .. ok 65-test_cmp_server.t ... ok 65-test_cmp_status.t ... ok 65-test_cmp_vfy.t .. ok 66-test_ossl_store.t ... ok 70-test_asyncio.t .. ok 70-test_bad_dtls.t . ok 70-test_clienthello.t .. ok 70-test_comp.t . ok 70-test_key_share.t ok 70-test_packet.t ... ok 70-test_recordlen.t ok 70-test_renegotiation.t ok 70-test_servername.t ... ok 70-test_sslcbcpadding.t ok 70-test_sslcertstatus.t ok 70-test_sslextension.t . ok 70-test_sslmessages.t .. ok 70-test_sslrecords.t ... ok 70-test_sslsessiontick.t ... ok 70-test_sslsigalgs.t ... ok 70-test_sslsignature.t . ok 70-test_sslskewith0p.t . ok 70-test_sslversions.t .. ok 70-test_sslvertol.t ok 70-test_tls13alerts.t .. ok 70-test_tls13cookie.t .. ok 70-test_tls13downgrade.t ... ok 70-test_tls13hrr.t . ok 70-test_tls13kexmodes.t ok 70-test_tls13messages.t ok 70-test_tls13psk.t . ok 70-test_tlsextms.t . ok 70-test_verify_extra.t . ok 70-test_wpacket.t .. ok 71-test_ssl_ctx.t .. ok 80-test_ca.t ... ok 80-test_cipherbytes.t .. ok 80-test_cipherlist.t ... ok 80-test_ciphername.t ... ok # 80-test_cms.t .. ok 80-test_cmsapi.t ... ok 80-test_ct.t ... ok 80-test_dane.t . ok 80-test_dtls.t . ok 80-test_dtls_mtu.t . ok 80-test_dtlsv1listen.t . ok 80-test_http.t . ok 80-test_ocsp.t . ok 80-test_pkcs12.t ... ok 80-test_ssl_new.t .. ok 80-test_ssl_old.t .. ok 80-test_ssl_test_ctx.t . ok 80-test_sslcorrupt.t ... ok 80-test_tsa.t .. ok 80-test_x509aux.t .. ok # 81-test_cmp_cli.t .. ok 90-test_asn1_time.t ok 90-test_async.t ok 90-test_bio_enc.t .. ok 90-test_bio_memleak.t .. ok 90-test_constant_time.t ok 90-test_fatalerr.t . ok 90-test_fipsload.t . ok 90-test_gmdiff.t ... ok 90-test_gost.t . ok 90-test_ige.t
[openssl] OpenSSL_1_1_1-stable update
The branch OpenSSL_1_1_1-stable has been updated via 6e3ba20dc49ccbf12ff4c27a4d8b84dcbeb71654 (commit) from 212d7118a788e332dae4123d40f65ea6e24044d2 (commit) - Log - commit 6e3ba20dc49ccbf12ff4c27a4d8b84dcbeb71654 Author: Billy Brumley Date: Fri Jan 8 13:45:49 2021 +0200 [crypto/dh] side channel hardening for computing DH shared keys (1.1.1) Reviewed-by: Tomas Mraz Reviewed-by: Nicola Tuveri (Merged from https://github.com/openssl/openssl/pull/13772) --- Summary of changes: crypto/dh/dh_key.c | 31 +-- doc/man3/DH_generate_key.pod | 25 + 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index daffdf74dd..ccf51b3546 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -25,18 +25,45 @@ int DH_generate_key(DH *dh) return dh->meth->generate_key(dh); } +/*- + * NB: This function is inherently not constant time due to the + * RFC 5246 (8.1.2) padding style that strips leading zero bytes. + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { -return dh->meth->compute_key(key, pub_key, dh); +int ret = 0, i; +volatile size_t npad = 0, mask = 1; + +/* compute the key; ret is constant unless compute_key is external */ +if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) +return ret; + +/* count leading zero bytes, yet still touch all bytes */ +for (i = 0; i < ret; i++) { +mask &= !key[i]; +npad += mask; +} + +/* unpad key */ +ret -= npad; +/* key-dependent memory access, potentially leaking npad / ret */ +memmove(key, key + npad, ret); +/* key-dependent memory access, potentially leaking npad / ret */ +memset(key + ret, 0, npad); + +return ret; } int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; + +/* rv is constant unless compute_key is external */ rv = dh->meth->compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; +/* pad is constant (zero) unless compute_key is external */ if (pad > 0) { memmove(key + pad, key, rv); memset(key, 0, pad); @@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } -ret = BN_bn2bin(tmp, key); +ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: BN_CTX_end(ctx); BN_CTX_free(ctx); diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod index 297e7fbf47..fab14d77e8 100644 --- a/doc/man3/DH_generate_key.pod +++ b/doc/man3/DH_generate_key.pod @@ -2,7 +2,8 @@ =head1 NAME -DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange +DH_generate_key, DH_compute_key, DH_compute_key_padded - perform +Diffie-Hellman key exchange =head1 SYNOPSIS @@ -10,14 +11,16 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange int DH_generate_key(DH *dh); - int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); + int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); + + int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh); =head1 DESCRIPTION DH_generate_key() performs the first step of a Diffie-Hellman key exchange by generating private and public DH values. By calling -DH_compute_key(), these are combined with the other party's public -value to compute the shared key. +DH_compute_key() or DH_compute_key_padded(), these are combined with +the other party's public value to compute the shared key. DH_generate_key() expects B to contain the shared parameters Bp> and Bg>. It generates a random private DH value @@ -28,6 +31,14 @@ published. DH_compute_key() computes the shared secret from the private DH value in B and the other party's public value in B and stores it in B. B must point to B bytes of memory. +The padding style is RFC 5246 (8.1.2) that strips leading zero bytes. +It is not constant time due to the leading zero bytes being stripped. +The return value should be considered public. + +DH_compute_key_padded() is similar but stores a fixed number of bytes. +The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes. +It is constant time due to the leading zero bytes being retained. +The return value should be considered public. =head1 RETURN VALUES @@ -36,12 +47,18 @@ DH_generate_key() returns 1 on success, 0 otherwise. DH_compute_key() returns the size of the shared secret on success, -1 on error. +DH_compute_key_padded() returns B on success, -1 on error. + The error codes can be obtained by L. =head1 SEE ALSO L, L, L, L +=head1 HISTORY + +DH_compute_key_padded() was added in OpenSSL 1.0.2. + =head1
Coverity Scan: Analysis completed for openssl/openssl
Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DVEWn_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE-2FLts1UuKG3YgAU4l0DWSxQgNC63xqIZKzB29uyx8oVFk8LcbMvOuKdWAKt-2BY-2F3x4tXjaQPYbVkDqDNyw-2BctpW0-2BIDUEqXgThsEK1t9es627mhHRSjyjrYJPV5-2FvOUgu5ENADBrv1DPrYrN6Z9HiJLj433tw0-2FldxKrPa6NDhWAkfzqij9YiJ-2B-2BYeH4j6UogY-3D Build ID: 362875 Analysis Summary: New defects found: 0 Defects eliminated: 0
Coverity Scan: Analysis completed for OpenSSL-1.0.2
Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DsGXX_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFujZ1lz0noQIDRODCPOfT2gslJFX5VTxA9O8tqtayO382k4vT-2B-2FJjz6r8oZdkZil2QpR10K9od-2BCVps4rQgXF08wgdOfiXw8cQ4cCa-2BNp9CmKm8sTOs1TNMNV3Rjn7dU6XmnY-2BbKxZvi3plSFWyEJu5FfCTKusbXxktLokOu8kRPoDzFtmgu-2BV5DCBQASm7lQ-3D Build ID: 362876 Analysis Summary: New defects found: 0 Defects eliminated: 0