Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-des

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-des

Commit log since last time:

e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and 
EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() 
respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO 
support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year

Build log ended with (last 100 lines):

70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... skipped: The PKCS12 command line utility 
is not supported by this OpenSSL build
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
91-test_pkey_check.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz_asn1.t  ok
99-test_fuzz_asn1parse.t ... ok
99-test_fuzz_bignum.t .. ok
99-test_fuzz_bndiv.t ... ok
99-test_fuzz_client.t .. ok
99-test_fuzz_cmp.t . ok
99-test_fuzz_cms.t . ok
99-test_fuzz_conf.t  ok
99-test_fuzz_crl.t . 

Build failed: openssl master.39067

[AppVeyor]

Build openssl master.39067 failed


Commit 2cc98d528d by Shane Lontis on 12/17/2020 6:42 AM:

Replace provider digest flags with seperate param fields


Configure your notification preferences

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-autoerrinit

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-autoerrinit

Commit log since last time:

e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and 
EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() 
respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO 
support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year

Build log ended with (last 100 lines):

70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t .. ok
90-test_includes.t . ok
90-test_memleak.t .. ok
90-test_overhead.t . ok
90-test_secmem.t ... ok
90-test_shlibload.t  ok
90-test_srp.t .. ok
90-test_sslapi.t ... ok
90-test_sslbuffers.t ... ok
90-test_store.t  ok
90-test_sysdefault.t ... ok
90-test_threads.t .. ok
90-test_time_offset.t .. ok
90-test_tls13ccs.t . ok
90-test_tls13encryption.t .. ok
90-test_tls13secrets.t . ok
90-test_v3name.t ... ok
91-test_pkey_check.t ... ok
95-test_external_boringssl.t ... skipped: No external tests in this 
configuration
95-test_external_gost_engine.t . skipped: No external tests in this 
configuration
95-test_external_krb5.t  skipped: No external tests in this 
configuration
95-test_external_pyca.t  skipped: No external tests in this 
configuration
99-test_ecstress.t . ok
99-test_fuzz_asn1.t  ok
99-test_fuzz_asn1parse.t ... ok
99-test_fuzz_bignum.t .. ok
99-test_fuzz_bndiv.t ... ok
99-test_fuzz_client.t .. ok
99-test_fuzz_cmp.t . ok
99-test_fuzz_cms.t . ok
99-test_fuzz_conf.t 

Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-asm

[OpenSSL run-checker]

Platform and configuration command:

$ uname -a
Linux run 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 
x86_64 x86_64 GNU/Linux
$ CC=clang ../openssl/config -d --strict-warnings no-asm

Commit log since last time:

e211d949cd doc/man7/provider.pod: updates providers to use EVP_MD_free() and 
EVP_CIPHER_free() instead of EVP_MD_meth_free() and EVP_CIPHER_meth_free() 
respectively which are used mostly by the engine (legacy) code.
42141197a1 Fix for negative return value from `SSL_CTX_sess_accept()`
732e24bb14 Fix simpledynamic test compilation when condigured without DSO 
support.
6d4313f03e replace 'unsigned const char' with 'const unsigned char'
1330093b9c [test][pkey_check] Add more invalid SM2 key tests
9e49aff2aa Add SM2 private key range validation
4554988e58 [test][pkey_check] Add invalid SM2 key test
ed37336b63 [apps/pkey] Return error on failed `-[pub]check`
c5bc5ec849 [test] Add `pkey -check` validation tests
becbacd705 Adding TLS group name retrieval
22aa4a3afb [crypto/dh] side channel hardening for computing DH shared keys
d0afb30ef3 Ensure DTLS free functions can handle NULL
3d0b6494d5 Remove extra space.
981b4b9572 Fixed error and return code.
1c47539a23 Add a CHANGES entry for ignore unknown ciphers in set_ciphersuites.
c1e8a0c66e Fix set_ciphersuites ignore unknown ciphers.
a86add03ab Prepare for 3.0 alpha 11
cae118f938 Prepare for release of 3.0 alpha 10
bd0c71298a Update copyright year

Build log ended with (last 100 lines):

30-test_evp_extra.t  ok
30-test_evp_fetch_prov.t ... ok
30-test_evp_kdf.t .. ok
30-test_evp_libctx.t ... ok
30-test_evp_pkey_dparam.t .. ok
30-test_evp_pkey_provided.t  ok
30-test_pbelu.t  ok
30-test_pkey_meth.t  ok
30-test_pkey_meth_kdf.t  ok
30-test_provider_status.t .. ok
40-test_rehash.t ... ok
60-test_x509_check_cert_pkey.t . ok
60-test_x509_dup_cert.t  ok
60-test_x509_store.t ... ok
60-test_x509_time.t  ok
61-test_bio_prefix.t ... ok
65-test_cmp_asn.t .. ok
65-test_cmp_client.t ... ok
65-test_cmp_ctx.t .. ok
65-test_cmp_hdr.t .. ok
65-test_cmp_msg.t .. ok
65-test_cmp_protect.t .. ok
65-test_cmp_server.t ... ok
65-test_cmp_status.t ... ok
65-test_cmp_vfy.t .. ok
66-test_ossl_store.t ... ok
70-test_asyncio.t .. ok
70-test_bad_dtls.t . ok
70-test_clienthello.t .. ok
70-test_comp.t . ok
70-test_key_share.t  ok
70-test_packet.t ... ok
70-test_recordlen.t  ok
70-test_renegotiation.t  ok
70-test_servername.t ... ok
70-test_sslcbcpadding.t  ok
70-test_sslcertstatus.t  ok
70-test_sslextension.t . ok
70-test_sslmessages.t .. ok
70-test_sslrecords.t ... ok
70-test_sslsessiontick.t ... ok
70-test_sslsigalgs.t ... ok
70-test_sslsignature.t . ok
70-test_sslskewith0p.t . ok
70-test_sslversions.t .. ok
70-test_sslvertol.t  ok
70-test_tls13alerts.t .. ok
70-test_tls13cookie.t .. ok
70-test_tls13downgrade.t ... ok
70-test_tls13hrr.t . ok
70-test_tls13kexmodes.t  ok
70-test_tls13messages.t  ok
70-test_tls13psk.t . ok
70-test_tlsextms.t . ok
70-test_verify_extra.t . ok
70-test_wpacket.t .. ok
71-test_ssl_ctx.t .. ok
80-test_ca.t ... ok
80-test_cipherbytes.t .. ok
80-test_cipherlist.t ... ok
80-test_ciphername.t ... ok

# 80-test_cms.t .. ok
80-test_cmsapi.t ... ok
80-test_ct.t ... ok
80-test_dane.t . ok
80-test_dtls.t . ok
80-test_dtls_mtu.t . ok
80-test_dtlsv1listen.t . ok
80-test_http.t . ok
80-test_ocsp.t . ok
80-test_pkcs12.t ... ok
80-test_ssl_new.t .. ok
80-test_ssl_old.t .. ok
80-test_ssl_test_ctx.t . ok
80-test_sslcorrupt.t ... ok
80-test_tsa.t .. ok
80-test_x509aux.t .. ok

# 81-test_cmp_cli.t .. ok
90-test_asn1_time.t  ok
90-test_async.t  ok
90-test_bio_enc.t .. ok
90-test_bio_memleak.t .. ok
90-test_constant_time.t  ok
90-test_fatalerr.t . ok
90-test_fipsload.t . ok
90-test_gmdiff.t ... ok
90-test_gost.t . ok
90-test_ige.t 

[openssl] OpenSSL_1_1_1-stable update

[nic . tuv]

The branch OpenSSL_1_1_1-stable has been updated
   via  6e3ba20dc49ccbf12ff4c27a4d8b84dcbeb71654 (commit)
  from  212d7118a788e332dae4123d40f65ea6e24044d2 (commit)


- Log -
commit 6e3ba20dc49ccbf12ff4c27a4d8b84dcbeb71654
Author: Billy Brumley 
Date:   Fri Jan 8 13:45:49 2021 +0200

[crypto/dh] side channel hardening for computing DH shared keys (1.1.1)

Reviewed-by: Tomas Mraz 
Reviewed-by: Nicola Tuveri 
(Merged from https://github.com/openssl/openssl/pull/13772)

---

Summary of changes:
 crypto/dh/dh_key.c   | 31 +--
 doc/man3/DH_generate_key.pod | 25 +
 2 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index daffdf74dd..ccf51b3546 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
 return dh->meth->generate_key(dh);
 }
 
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
-return dh->meth->compute_key(key, pub_key, dh);
+int ret = 0, i;
+volatile size_t npad = 0, mask = 1;
+
+/* compute the key; ret is constant unless compute_key is external */
+if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+return ret;
+
+/* count leading zero bytes, yet still touch all bytes */
+for (i = 0; i < ret; i++) {
+mask &= !key[i];
+npad += mask;
+}
+
+/* unpad key */
+ret -= npad;
+/* key-dependent memory access, potentially leaking npad / ret */
+memmove(key, key + npad, ret);
+/* key-dependent memory access, potentially leaking npad / ret */
+memset(key + ret, 0, npad);
+
+return ret;
 }
 
 int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
 int rv, pad;
+
+/* rv is constant unless compute_key is external */
 rv = dh->meth->compute_key(key, pub_key, dh);
 if (rv <= 0)
 return rv;
 pad = BN_num_bytes(dh->p) - rv;
+/* pad is constant (zero) unless compute_key is external */
 if (pad > 0) {
 memmove(key + pad, key, rv);
 memset(key, 0, pad);
@@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM 
*pub_key, DH *dh)
 goto err;
 }
 
-ret = BN_bn2bin(tmp, key);
+ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
  err:
 BN_CTX_end(ctx);
 BN_CTX_free(ctx);
diff --git a/doc/man3/DH_generate_key.pod b/doc/man3/DH_generate_key.pod
index 297e7fbf47..fab14d77e8 100644
--- a/doc/man3/DH_generate_key.pod
+++ b/doc/man3/DH_generate_key.pod
@@ -2,7 +2,8 @@
 
 =head1 NAME
 
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+DH_generate_key, DH_compute_key, DH_compute_key_padded - perform
+Diffie-Hellman key exchange
 
 =head1 SYNOPSIS
 
@@ -10,14 +11,16 @@ DH_generate_key, DH_compute_key - perform Diffie-Hellman 
key exchange
 
  int DH_generate_key(DH *dh);
 
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+ int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 
 =head1 DESCRIPTION
 
 DH_generate_key() performs the first step of a Diffie-Hellman key
 exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
+DH_compute_key() or DH_compute_key_padded(), these are combined with
+the other party's public value to compute the shared key.
 
 DH_generate_key() expects B to contain the shared parameters
 Bp> and Bg>. It generates a random private DH value
@@ -28,6 +31,14 @@ published.
 DH_compute_key() computes the shared secret from the private DH value
 in B and the other party's public value in B and stores
 it in B. B must point to B bytes of memory.
+The padding style is RFC 5246 (8.1.2) that strips leading zero bytes.
+It is not constant time due to the leading zero bytes being stripped.
+The return value should be considered public.
+
+DH_compute_key_padded() is similar but stores a fixed number of bytes.
+The padding style is NIST SP 800-56A (C.1) that retains leading zero bytes.
+It is constant time due to the leading zero bytes being retained.
+The return value should be considered public.
 
 =head1 RETURN VALUES
 
@@ -36,12 +47,18 @@ DH_generate_key() returns 1 on success, 0 otherwise.
 DH_compute_key() returns the size of the shared secret on success, -1
 on error.
 
+DH_compute_key_padded() returns B on success, -1 on error.
+
 The error codes can be obtained by L.
 
 =head1 SEE ALSO
 
 L, L, L, L
 
+=head1 HISTORY
+
+DH_compute_key_padded() was added in OpenSSL 1.0.2.
+
 =head1 

Coverity Scan: Analysis completed for openssl/openssl

[scan-admin]

Your request for analysis of openssl/openssl has been completed 
successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7HlekBtV1P4YRtWclMVkCdvAA-3D-3DVEWn_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeE-2FLts1UuKG3YgAU4l0DWSxQgNC63xqIZKzB29uyx8oVFk8LcbMvOuKdWAKt-2BY-2F3x4tXjaQPYbVkDqDNyw-2BctpW0-2BIDUEqXgThsEK1t9es627mhHRSjyjrYJPV5-2FvOUgu5ENADBrv1DPrYrN6Z9HiJLj433tw0-2FldxKrPa6NDhWAkfzqij9YiJ-2B-2BYeH4j6UogY-3D

Build ID: 362875

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0

Coverity Scan: Analysis completed for OpenSSL-1.0.2

[scan-admin]

Your request for analysis of OpenSSL-1.0.2 has been completed successfully.
The results are available at 
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yoN-2BQSVjTtaSz8wS4wOr7Hlun-2FGpeF2rhqKLKnzox0Gkw-3D-3DsGXX_MulOTlHne1IxTRELXXnGni8d68xSVF-2BUCe3a7Ux-2BjeFujZ1lz0noQIDRODCPOfT2gslJFX5VTxA9O8tqtayO382k4vT-2B-2FJjz6r8oZdkZil2QpR10K9od-2BCVps4rQgXF08wgdOfiXw8cQ4cCa-2BNp9CmKm8sTOs1TNMNV3Rjn7dU6XmnY-2BbKxZvi3plSFWyEJu5FfCTKusbXxktLokOu8kRPoDzFtmgu-2BV5DCBQASm7lQ-3D

Build ID: 362876

Analysis Summary:
   New defects found: 0
   Defects eliminated: 0