From levitte at openssl.org Sun Dec 2 04:45:45 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 02 Dec 2018 04:45:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1543725945.975048.25971.nullmailer@dev.openssl.org> The branch master has been updated via 9b1c0e006b9e7fde14b6719b40853e5c3557ec98 (commit) from 603221407ddc6404f8c417c6beadebf84449074c (commit) - Log ----------------------------------------------------------------- commit 9b1c0e006b9e7fde14b6719b40853e5c3557ec98 Author: Antoine Salon Date: Fri Nov 30 16:50:29 2018 -0800 Fix usage of deprecated SSL_set_tmp_ecdh() Signed-off-by: Antoine Salon Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/7738) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_conf.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 9c20270..57f837d 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -225,7 +225,6 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; - EC_KEY *ecdh; int nid; /* Ignore values supported by 1.0.2 for the automatic selection */ @@ -242,14 +241,11 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) nid = OBJ_sn2nid(value); if (nid == 0) return 0; - ecdh = EC_KEY_new_by_curve_name(nid); - if (!ecdh) - return 0; + if (cctx->ctx) - rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh); + rv = SSL_CTX_set1_groups(cctx->ctx, &nid, 1); else if (cctx->ssl) - rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh); - EC_KEY_free(ecdh); + rv = SSL_set1_groups(cctx->ssl, &nid, 1); return rv > 0; } From no-reply at appveyor.com Sun Dec 2 13:07:48 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 02 Dec 2018 13:07:48 +0000 Subject: [openssl-commits] Build failed: openssl master.21251 Message-ID: <20181202130748.1.AA3899FFD9B2C9DF@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Dec 2 16:13:48 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 02 Dec 2018 16:13:48 +0000 Subject: [openssl-commits] Build completed: openssl master.21252 Message-ID: <20181202161348.1.285CAE23619A3299@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Sun Dec 2 22:33:17 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Sun, 02 Dec 2018 22:33:17 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1543789997.054861.15881.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 9b1c0e006b Fix usage of deprecated SSL_set_tmp_ecdh() 603221407d rsa/rsa_ssl.c: make RSA_padding_check_SSLv23 constant-time. 75f5e944be rsa/rsa_oaep.c: remove memcpy calls from RSA_padding_check_PKCS1_OAEP. e875b0cf2f rsa/rsa_pk1.c: remove memcpy calls from RSA_padding_check_PKCS1_type_2. 89072e0c2a rsa/rsa_ossl.c: make RSAerr call in rsa_ossl_private_decrypt unconditional. f658a3b64d err/err.c: add err_clear_last_constant_time. Build log ended with (last 100 lines): rm -f test/sslapitest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslapitest test/sslapitest-bin-sslapitest.o test/sslapitest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslbuffertest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslbuffertest test/sslbuffertest-bin-sslbuffertest.o test/sslbuffertest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslcorrupttest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslcorrupttest test/sslcorrupttest-bin-sslcorrupttest.o test/sslcorrupttest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssltest_old ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssltest_old test/ssltest_old-bin-ssltest_old.o \ -lssl -lcrypto -ldl -pthread rm -f test/stack_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/stack_test test/stack_test-bin-stack_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sysdefaulttest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sysdefaulttest test/sysdefaulttest-bin-sysdefaulttest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/test_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/test_test test/test_test-bin-test_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/threadstest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/threadstest test/threadstest-bin-threadstest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/time_offset_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/time_offset_test test/time_offset_test-bin-time_offset_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13ccstest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/tls13ccstest test/tls13ccstest-bin-ssltestlib.o test/tls13ccstest-bin-tls13ccstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13encryptiontest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/tls13encryptiontest test/tls13encryptiontest-bin-tls13encryptiontest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread rm -f test/uitest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/uitest test/uitest-bin-uitest.o \ apps/libapps.a -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/v3ext ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/v3ext test/v3ext-bin-v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/v3nametest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/v3nametest test/v3nametest-bin-v3nametest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/verify_extra_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/verify_extra_test test/verify_extra_test-bin-verify_extra_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/versions ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/versions test/versions-bin-versions.o \ -lcrypto -ldl -pthread rm -f test/wpackettest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/wpackettest test/wpackettest-bin-wpackettest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread rm -f test/x509_check_cert_pkey_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/x509_check_cert_pkey_test test/x509_check_cert_pkey_test-bin-x509_check_cert_pkey_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/x509_dup_cert_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/x509_dup_cert_test test/x509_dup_cert_test-bin-x509_dup_cert_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/x509_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/x509_internal_test test/x509_internal_test-bin-x509_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/x509_time_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/x509_time_test test/x509_time_test-bin-x509_time_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/x509aux ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/x509aux test/x509aux-bin-x509aux.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/ld: final link failed: No space left on device /usr/bin/ld: final link failed: No space left on device clang: error: linker command failed with exit code 1 (use -v to see invocation) clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:9703: recipe for target 'test/x509aux' failed make[1]: *** [test/x509aux] Error 1 make[1]: *** Waiting for unfinished jobs.... Makefile:9690: recipe for target 'test/x509_time_test' failed make[1]: *** [test/x509_time_test] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:172: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Mon Dec 3 09:39:21 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 03 Dec 2018 09:39:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1543829961.123412.22466.nullmailer@dev.openssl.org> The branch master has been updated via b608fabfcca597e66c2e115e902b56ed828e8bea (commit) via 547a3320fcaa971ab2e827a4cd6512199607c9e9 (commit) from 9b1c0e006b9e7fde14b6719b40853e5c3557ec98 (commit) - Log ----------------------------------------------------------------- commit b608fabfcca597e66c2e115e902b56ed828e8bea Author: Richard Levitte Date: Sun Dec 2 20:39:46 2018 +0100 util/process_docs.pl: handle multiple source directories for .pod files From now on, the default is to look in both the source directory and the build directory. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7742) commit 547a3320fcaa971ab2e827a4cd6512199607c9e9 Author: Richard Levitte Date: Sun Dec 2 20:37:30 2018 +0100 Doc: add doc/man7/openssl_user_macros.pod.in This manual is a start to describe macros that users can use to affect what symbols are exported by the public header files. Because the macro OPENSSL_API_COMPAT has a default that's affected by configuration choices, we must make it a generated manual. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7742) ----------------------------------------------------------------------- Summary of changes: build.info | 4 ++- doc/man7/openssl_user_macros.pod.in | 60 +++++++++++++++++++++++++++++++++++++ util/process_docs.pl | 16 +++++----- 3 files changed, 72 insertions(+), 8 deletions(-) create mode 100644 doc/man7/openssl_user_macros.pod.in diff --git a/build.info b/build.info index 53629c4..c2ed667 100644 --- a/build.info +++ b/build.info @@ -22,13 +22,15 @@ DEPEND[libssl]=libcrypto # Empty DEPEND "indices" means the dependencies are expected to be built # unconditionally before anything else. DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \ - crypto/include/internal/dso_conf.h + crypto/include/internal/dso_conf.h doc/man7/openssl_user_macros.pod DEPEND[include/openssl/opensslconf.h]=configdata.pm GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in +DEPEND[doc/man7/openssl_user_macros.pod]=configdata.pm +GENERATE[doc/man7/openssl_user_macros.pod]=doc/man7/openssl_user_macros.pod.in IF[{- defined $target{shared_defflag} -}] SHARED_SOURCE[libcrypto]=libcrypto.ld diff --git a/doc/man7/openssl_user_macros.pod.in b/doc/man7/openssl_user_macros.pod.in new file mode 100644 index 0000000..8af5aea --- /dev/null +++ b/doc/man7/openssl_user_macros.pod.in @@ -0,0 +1,60 @@ +=pod + +=head1 NAME + +openssl_user_macros, OPENSSL_API_COMPAT - User defined macros + +=head1 DESCRIPTION + +User defined macros allow the programmer to control certain aspects of +what is exposed by the OpenSSL headers. + +B to be effective, a user defined macro I, either in the +compilation command (C) or by defining the macro in +source before including any headers. + +Other manual pages may refer to this page when declarations depend on +user defined macros. + +=head2 The macros + +=over + +=item B + +The value is a version number similar to the +L macro. Any symbol that is deprecated in +versions up to and including the version given in this macro will not +be declared. Any version number may be given, but these numbers are +the current known major deprecation points, making them the most +meaningful: + +=over + +=item C<0x00908000L> (version 0.9.8) + +=item C<0x10000000L> (version 1.0.0) + +=item C<0x10100000L> (version 1.1.0) + +=back + +If not set, this macro will default to +C<{- join('', map { my @x = split /=/,$_; $x[1] } + grep /^OPENSSL_MIN_API=/, @{$config{openssl_api_defines} // []}) + || '0x00000000L' + -}>. + +=back + +=head1 COPYRIGHT + +Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/util/process_docs.pl b/util/process_docs.pl index 30b149e..fcce8d8 100755 --- a/util/process_docs.pl +++ b/util/process_docs.pl @@ -29,7 +29,7 @@ use OpenSSL::Util::Pod; my %options = (); GetOptions(\%options, - 'sourcedir=s', # Source directory + 'sourcedir=s@', # Source directories 'section=i@', # Subdirectories to look through, # with associated section numbers 'destdir=s', # Destination directory @@ -46,7 +46,8 @@ unless ($options{section}) { $options{section} = [ 1, 3, 5, 7 ]; } unless ($options{sourcedir}) { - $options{sourcedir} = catdir($config{sourcedir}, "doc"); + $options{sourcedir} = [ catdir($config{sourcedir}, "doc"), + catdir($config{builddir}, "doc") ]; } pod2usage(1) unless ( defined $options{section} && defined $options{sourcedir} @@ -59,8 +60,9 @@ pod2usage(1) if ( $options{type} eq 'html' if ($options{debug}) { print STDERR "DEBUG: options:\n"; - print STDERR "DEBUG: --sourcedir = $options{sourcedir}\n" - if defined $options{sourcedir}; + foreach (sort @{$options{sourcedir}}) { + print STDERR "DEBUG: --sourcedir = $_\n"; + } print STDERR "DEBUG: --destdir = $options{destdir}\n" if defined $options{destdir}; print STDERR "DEBUG: --type = $options{type}\n" @@ -82,10 +84,10 @@ my $symlink_exists = eval { symlink("",""); 1 }; foreach my $section (sort @{$options{section}}) { my $subdir = "man$section"; - my $podsourcedir = catfile($options{sourcedir}, $subdir); - my $podglob = catfile($podsourcedir, "*.pod"); + my @podsourcedirs = map { catfile($_, $subdir); } @{$options{sourcedir}}; + my @podglobs = map { catfile($_, "*.pod"); } @podsourcedirs; - foreach my $podfile (glob $podglob) { + foreach my $podfile (map { glob $_ } @podglobs) { my $podname = basename($podfile, ".pod"); my $podpath = catfile($podfile); my %podinfo = extract_pod_info($podpath, From levitte at openssl.org Mon Dec 3 10:47:07 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 03 Dec 2018 10:47:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1543834027.628041.31940.nullmailer@dev.openssl.org> The branch master has been updated via 7b4a3515a4ddb567d48000e61d7cb640d0c5f261 (commit) from b608fabfcca597e66c2e115e902b56ed828e8bea (commit) - Log ----------------------------------------------------------------- commit 7b4a3515a4ddb567d48000e61d7cb640d0c5f261 Author: Richard Levitte Date: Mon Dec 3 10:57:01 2018 +0100 Docs fixup: some man3 pages had unindented code in SYNOPSIS Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7744) ----------------------------------------------------------------------- Summary of changes: doc/man3/PKCS12_parse.pod | 3 ++- doc/man3/SSL_CTX_set_tmp_ecdh.pod | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index 747a36f..208644c 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION diff --git a/doc/man3/SSL_CTX_set_tmp_ecdh.pod b/doc/man3/SSL_CTX_set_tmp_ecdh.pod index 398fcbf..7f7d15a 100644 --- a/doc/man3/SSL_CTX_set_tmp_ecdh.pod +++ b/doc/man3/SSL_CTX_set_tmp_ecdh.pod @@ -7,13 +7,13 @@ SSL_CTX_set_tmp_ecdh, SSL_set_tmp_ecdh, SSL_CTX_set_ecdh_auto, SSL_set_ecdh_auto =head1 SYNOPSIS -#include + #include -long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh); -long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh); + long SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, const EC_KEY *ecdh); + long SSL_set_tmp_ecdh(SSL *ssl, const EC_KEY *ecdh); -long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); -long SSL_set_ecdh_auto(SSL *ssl, int state); + long SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state); + long SSL_set_ecdh_auto(SSL *ssl, int state); =head1 DESCRIPTION From levitte at openssl.org Mon Dec 3 10:49:16 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 03 Dec 2018 10:49:16 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_1-stable update Message-ID: <1543834156.247409.659.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 2561eeb6b9cea581d4bbbc0d2574998f0590f53c (commit) from f1d91b89701627cc39e98987bc344aaae64f64fb (commit) - Log ----------------------------------------------------------------- commit 2561eeb6b9cea581d4bbbc0d2574998f0590f53c Author: Richard Levitte Date: Mon Dec 3 10:57:01 2018 +0100 Docs fixup: some man3 pages had unindented code in SYNOPSIS Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7744) (cherry picked from commit 7b4a3515a4ddb567d48000e61d7cb640d0c5f261) ----------------------------------------------------------------------- Summary of changes: doc/man3/PKCS12_parse.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/man3/PKCS12_parse.pod b/doc/man3/PKCS12_parse.pod index 747a36f..208644c 100644 --- a/doc/man3/PKCS12_parse.pod +++ b/doc/man3/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION From levitte at openssl.org Mon Dec 3 10:51:03 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 03 Dec 2018 10:51:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1543834263.804807.1957.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 02354431e2a09d705082f986babf14c056f47b78 (commit) from 63262bd2768797e140f7d0328fb6ccf81aba87b0 (commit) - Log ----------------------------------------------------------------- commit 02354431e2a09d705082f986babf14c056f47b78 Author: Richard Levitte Date: Mon Dec 3 10:57:01 2018 +0100 Docs fixup: some man3 pages had unindented code in SYNOPSIS Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7744) (cherry picked from commit 7b4a3515a4ddb567d48000e61d7cb640d0c5f261) ----------------------------------------------------------------------- Summary of changes: doc/crypto/PKCS12_parse.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod index c54cf2a..cd648d3 100644 --- a/doc/crypto/PKCS12_parse.pod +++ b/doc/crypto/PKCS12_parse.pod @@ -8,7 +8,8 @@ PKCS12_parse - parse a PKCS#12 structure #include -int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca); =head1 DESCRIPTION From levitte at openssl.org Mon Dec 3 11:33:20 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 03 Dec 2018 11:33:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1543836800.823551.7326.nullmailer@dev.openssl.org> The branch master has been updated via be80b21d2a9c1e0d4fb920ca023e4ec225d878a7 (commit) from 7b4a3515a4ddb567d48000e61d7cb640d0c5f261 (commit) - Log ----------------------------------------------------------------- commit be80b21d2a9c1e0d4fb920ca023e4ec225d878a7 Author: Richard Levitte Date: Mon Dec 3 10:59:11 2018 +0100 Docs: better deprecation text Expand the text on deprecation to be more descriptive and to refer back to openssl_user_macros(7). Incidently, this required a small change in util/find-doc-nits, to have it skip over any line that isn't part of a block (i.e. that hasn't been indented with at least one space. That makes it skip over deprecation text. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7745) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_generate_prime.pod | 6 +++--- doc/man3/CONF_modules_free.pod | 6 +++--- doc/man3/DH_generate_parameters.pod | 6 +++--- doc/man3/DSA_generate_parameters.pod | 6 +++--- doc/man3/ENGINE_add.pod | 6 +++--- doc/man3/ERR_load_crypto_strings.pod | 8 +++----- doc/man3/ERR_remove_state.pod | 12 +++++++----- doc/man3/HMAC.pod | 6 +++--- doc/man3/OBJ_nid2obj.pod | 6 +++--- doc/man3/OpenSSL_add_all_algorithms.pod | 6 +++--- doc/man3/RAND_add.pod | 6 +++--- doc/man3/RAND_bytes.pod | 6 +++--- doc/man3/RSA_generate_key.pod | 6 +++--- doc/man3/SSL_COMP_add_compression_method.pod | 6 +++--- util/find-doc-nits | 1 + 15 files changed, 47 insertions(+), 46 deletions(-) diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index b505841..3ac65c3 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -33,9 +33,10 @@ for primality void *BN_GENCB_get_arg(BN_GENCB *cb); -Deprecated: +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x00908000L BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); @@ -46,7 +47,6 @@ Deprecated: int BN_is_prime_fasttest(const BIGNUM *a, int checks, void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg, int do_trial_division); - #endif =head1 DESCRIPTION diff --git a/doc/man3/CONF_modules_free.pod b/doc/man3/CONF_modules_free.pod index 5c3debb..452c295 100644 --- a/doc/man3/CONF_modules_free.pod +++ b/doc/man3/CONF_modules_free.pod @@ -12,11 +12,11 @@ OpenSSL configuration cleanup functions void CONF_modules_finish(void); void CONF_modules_unload(int all); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L void CONF_modules_free(void) - #endif =head1 DESCRIPTION diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod index 3c84710..a610d45 100644 --- a/doc/man3/DH_generate_parameters.pod +++ b/doc/man3/DH_generate_parameters.pod @@ -21,12 +21,12 @@ parameters int DH_check_params_ex(const DH *dh); int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key); -Deprecated: +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x00908000L DH *DH_generate_parameters(int prime_len, int generator, void (*callback)(int, int, void *), void *cb_arg); - #endif =head1 DESCRIPTION diff --git a/doc/man3/DSA_generate_parameters.pod b/doc/man3/DSA_generate_parameters.pod index 970f6a6..9cc25b9 100644 --- a/doc/man3/DSA_generate_parameters.pod +++ b/doc/man3/DSA_generate_parameters.pod @@ -13,13 +13,13 @@ DSA_generate_parameters_ex, DSA_generate_parameters - generate DSA parameters int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); -Deprecated: +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x00908000L DSA *DSA_generate_parameters(int bits, unsigned char *seed, int seed_len, int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), void *cb_arg); - #endif =head1 DESCRIPTION diff --git a/doc/man3/ENGINE_add.pod b/doc/man3/ENGINE_add.pod index a2fc299..1ded482 100644 --- a/doc/man3/ENGINE_add.pod +++ b/doc/man3/ENGINE_add.pod @@ -154,11 +154,11 @@ ENGINE_unregister_digests EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L void ENGINE_cleanup(void) - #endif =head1 DESCRIPTION diff --git a/doc/man3/ERR_load_crypto_strings.pod b/doc/man3/ERR_load_crypto_strings.pod index c503241..0af636b 100644 --- a/doc/man3/ERR_load_crypto_strings.pod +++ b/doc/man3/ERR_load_crypto_strings.pod @@ -7,20 +7,18 @@ load and free error strings =head1 SYNOPSIS -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: #include - #if OPENSSL_API_COMPAT < 0x10100000L void ERR_load_crypto_strings(void); void ERR_free_strings(void); - #endif #include - #if OPENSSL_API_COMPAT < 0x10100000L void SSL_load_error_strings(void); - #endif =head1 DESCRIPTION diff --git a/doc/man3/ERR_remove_state.pod b/doc/man3/ERR_remove_state.pod index 8f4d3fc..ab54a99 100644 --- a/doc/man3/ERR_remove_state.pod +++ b/doc/man3/ERR_remove_state.pod @@ -6,15 +6,17 @@ ERR_remove_thread_state, ERR_remove_state - DEPRECATED =head1 SYNOPSIS -Deprecated: +Deprecated since OpenSSL 1.0.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10000000L void ERR_remove_state(unsigned long tid); - #endif - #if OPENSSL_API_COMPAT < 0x10100000L +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: + void ERR_remove_thread_state(void *tid); - #endif =head1 DESCRIPTION diff --git a/doc/man3/HMAC.pod b/doc/man3/HMAC.pod index c480a9c..5aed367 100644 --- a/doc/man3/HMAC.pod +++ b/doc/man3/HMAC.pod @@ -40,12 +40,12 @@ HMAC_size size_t HMAC_size(const HMAC_CTX *e); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L int HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md); - #endif =head1 DESCRIPTION diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index cbf889f..2b88ff1 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -35,11 +35,11 @@ OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup size_t OBJ_length(const ASN1_OBJECT *obj); const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L void OBJ_cleanup(void) - #endif =head1 DESCRIPTION diff --git a/doc/man3/OpenSSL_add_all_algorithms.pod b/doc/man3/OpenSSL_add_all_algorithms.pod index 0c086d1..bdb5b69 100644 --- a/doc/man3/OpenSSL_add_all_algorithms.pod +++ b/doc/man3/OpenSSL_add_all_algorithms.pod @@ -9,15 +9,15 @@ add algorithms to internal table #include -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - # if OPENSSL_API_COMPAT < 0x10100000L void OpenSSL_add_all_algorithms(void); void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); void EVP_cleanup(void) -# endif =head1 DESCRIPTION diff --git a/doc/man3/RAND_add.pod b/doc/man3/RAND_add.pod index b6753fd..79524d1 100644 --- a/doc/man3/RAND_add.pod +++ b/doc/man3/RAND_add.pod @@ -18,12 +18,12 @@ RAND_keep_random_devices_open void RAND_keep_random_devices_open(int keep); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); void RAND_screen(void); - #endif =head1 DESCRIPTION diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index fca1ad6..292d7d5 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -11,11 +11,11 @@ RAND_bytes, RAND_priv_bytes, RAND_pseudo_bytes - generate random data int RAND_bytes(unsigned char *buf, int num); int RAND_priv_bytes(unsigned char *buf, int num); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L int RAND_pseudo_bytes(unsigned char *buf, int num); - #endif =head1 DESCRIPTION diff --git a/doc/man3/RSA_generate_key.pod b/doc/man3/RSA_generate_key.pod index a4c078a..c4c74e1 100644 --- a/doc/man3/RSA_generate_key.pod +++ b/doc/man3/RSA_generate_key.pod @@ -12,12 +12,12 @@ RSA_generate_multi_prime_key - generate RSA key pair int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb); -Deprecated: +Deprecated since OpenSSL 0.9.8, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x00908000L RSA *RSA_generate_key(int num, unsigned long e, void (*callback)(int, int, void *), void *cb_arg); - #endif =head1 DESCRIPTION diff --git a/doc/man3/SSL_COMP_add_compression_method.pod b/doc/man3/SSL_COMP_add_compression_method.pod index 1dc8eb1..53b6fed 100644 --- a/doc/man3/SSL_COMP_add_compression_method.pod +++ b/doc/man3/SSL_COMP_add_compression_method.pod @@ -15,11 +15,11 @@ SSL_COMP_get0_name, SSL_COMP_get_id, SSL_COMP_free_compression_methods const char *SSL_COMP_get0_name(const SSL_COMP *comp); int SSL_COMP_get_id(const SSL_COMP *comp); -Deprecated: +Deprecated since OpenSSL 1.1.0, can be hidden entirely by defining +B with a suitable version value, see +L: - #if OPENSSL_API_COMPAT < 0x10100000L void SSL_COMP_free_compression_methods(void) - #endif =head1 DESCRIPTION diff --git a/util/find-doc-nits b/util/find-doc-nits index 860bb99..c041c1c 100755 --- a/util/find-doc-nits +++ b/util/find-doc-nits @@ -96,6 +96,7 @@ sub name_synopsis() return unless $contents =~ /=head1 SYNOPSIS(.*)=head1 DESCRIPTION/ms; my $syn = $1; foreach my $line ( split /\n+/, $syn ) { + next unless $line =~ /^\s/; my $sym; $line =~ s/STACK_OF\([^)]+\)/int/g; $line =~ s/__declspec\([^)]+\)//; From matt at openssl.org Mon Dec 3 14:29:37 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 03 Dec 2018 14:29:37 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1543847377.930716.28639.nullmailer@dev.openssl.org> The branch master has been updated via e65a79d2aae76c27d68587ff66cb6b65a3283e50 (commit) via 0ac8f35c04c4fcdee421170ae6351e42b9e84ce4 (commit) from be80b21d2a9c1e0d4fb920ca023e4ec225d878a7 (commit) - Log ----------------------------------------------------------------- commit e65a79d2aae76c27d68587ff66cb6b65a3283e50 Author: Matt Caswell Date: Fri Nov 23 14:24:17 2018 +0000 Add an Ed25519 signature maleability test Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7697) commit 0ac8f35c04c4fcdee421170ae6351e42b9e84ce4 Author: Matt Caswell Date: Fri Nov 23 13:50:43 2018 +0000 Disallow Ed25519 signature maleability Check that s is less than the order before attempting to verify the signature as per RFC8032 5.1.7 Fixes #7693 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7697) ----------------------------------------------------------------------- Summary of changes: crypto/ec/curve25519.c | 53 +++++++++++++++++++++++++------ test/recipes/30-test_evp_data/evppkey.txt | 8 +++++ 2 files changed, 51 insertions(+), 10 deletions(-) diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index abe9b9c..d6a2bb6 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -5371,40 +5371,73 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, return 1; } +static const char allzeroes[15]; + int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[64], const uint8_t public_key[32]) { + int i; ge_p3 A; - uint8_t rcopy[32]; - uint8_t scopy[32]; + const uint8_t *r, *s; SHA512_CTX hash_ctx; ge_p2 R; uint8_t rcheck[32]; uint8_t h[SHA512_DIGEST_LENGTH]; + /* 27742317777372353535851937790883648493 in little endian format */ + const uint8_t l_low[16] = { + 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, + 0xDE, 0xF9, 0xDE, 0x14 + }; + + r = signature; + s = signature + 32; - if ((signature[63] & 224) != 0 || - ge_frombytes_vartime(&A, public_key) != 0) { + /* + * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493 + * + * If not the signature is publicly invalid. Since it's public we can do the + * check in variable time. + * + * First check the most significant byte + */ + if (s[31] > 0x10) + return 0; + if (s[31] == 0x10) { + /* + * Most significant byte indicates a value close to 2^252 so check the + * rest + */ + if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0) + return 0; + for (i = 15; i >= 0; i--) { + if (s[i] < l_low[i]) + break; + if (s[i] > l_low[i]) + return 0; + } + if (i < 0) + return 0; + } + + if (ge_frombytes_vartime(&A, public_key) != 0) { return 0; } fe_neg(A.X, A.X); fe_neg(A.T, A.T); - memcpy(rcopy, signature, 32); - memcpy(scopy, signature + 32, 32); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, signature, 32); + SHA512_Update(&hash_ctx, r, 32); SHA512_Update(&hash_ctx, public_key, 32); SHA512_Update(&hash_ctx, message, message_len); SHA512_Final(h, &hash_ctx); x25519_sc_reduce(h); - ge_double_scalarmult_vartime(&R, h, &A, scopy); + ge_double_scalarmult_vartime(&R, h, &A, s); ge_tobytes(rcheck, &R); - return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; + return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; } void ED25519_public_from_private(uint8_t out_public_key[32], diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index f4470ff..dc50dc8 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -17601,6 +17601,14 @@ Key = ED25519-1-PUBLIC-Raw Input = "" Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b +#Signature maleability test. +#Same as the verify operation above but with the order added to s +OneShotDigestVerify = NULL +Key = ED25519-1-PUBLIC-Raw +Input = "" +Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901554c8c7872aa064e049dbb3013fbf29380d25bf5f0595bbe24655141438e7a101b +Result = VERIFY_ERROR + Title = ED448 tests from RFC8032 PrivateKey=ED448-1 From matt at openssl.org Mon Dec 3 14:29:50 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 03 Dec 2018 14:29:50 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_1-stable update Message-ID: <1543847390.130311.29446.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via cc4e37f1e4af060dc41a3c84041a183ecd7aa80e (commit) via f3243f22298045de3bd31bf47cdf0abe8394843a (commit) from 2561eeb6b9cea581d4bbbc0d2574998f0590f53c (commit) - Log ----------------------------------------------------------------- commit cc4e37f1e4af060dc41a3c84041a183ecd7aa80e Author: Matt Caswell Date: Fri Nov 23 14:24:17 2018 +0000 Add an Ed25519 signature maleability test Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7697) (cherry picked from commit e65a79d2aae76c27d68587ff66cb6b65a3283e50) commit f3243f22298045de3bd31bf47cdf0abe8394843a Author: Matt Caswell Date: Fri Nov 23 13:50:43 2018 +0000 Disallow Ed25519 signature maleability Check that s is less than the order before attempting to verify the signature as per RFC8032 5.1.7 Fixes #7693 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/7697) (cherry picked from commit 0ac8f35c04c4fcdee421170ae6351e42b9e84ce4) ----------------------------------------------------------------------- Summary of changes: crypto/ec/curve25519.c | 53 +++++++++++++++++++++++++------ test/recipes/30-test_evp_data/evppkey.txt | 8 +++++ 2 files changed, 51 insertions(+), 10 deletions(-) diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index abe9b9c..d6a2bb6 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -5371,40 +5371,73 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, return 1; } +static const char allzeroes[15]; + int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[64], const uint8_t public_key[32]) { + int i; ge_p3 A; - uint8_t rcopy[32]; - uint8_t scopy[32]; + const uint8_t *r, *s; SHA512_CTX hash_ctx; ge_p2 R; uint8_t rcheck[32]; uint8_t h[SHA512_DIGEST_LENGTH]; + /* 27742317777372353535851937790883648493 in little endian format */ + const uint8_t l_low[16] = { + 0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2, + 0xDE, 0xF9, 0xDE, 0x14 + }; + + r = signature; + s = signature + 32; - if ((signature[63] & 224) != 0 || - ge_frombytes_vartime(&A, public_key) != 0) { + /* + * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493 + * + * If not the signature is publicly invalid. Since it's public we can do the + * check in variable time. + * + * First check the most significant byte + */ + if (s[31] > 0x10) + return 0; + if (s[31] == 0x10) { + /* + * Most significant byte indicates a value close to 2^252 so check the + * rest + */ + if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0) + return 0; + for (i = 15; i >= 0; i--) { + if (s[i] < l_low[i]) + break; + if (s[i] > l_low[i]) + return 0; + } + if (i < 0) + return 0; + } + + if (ge_frombytes_vartime(&A, public_key) != 0) { return 0; } fe_neg(A.X, A.X); fe_neg(A.T, A.T); - memcpy(rcopy, signature, 32); - memcpy(scopy, signature + 32, 32); - SHA512_Init(&hash_ctx); - SHA512_Update(&hash_ctx, signature, 32); + SHA512_Update(&hash_ctx, r, 32); SHA512_Update(&hash_ctx, public_key, 32); SHA512_Update(&hash_ctx, message, message_len); SHA512_Final(h, &hash_ctx); x25519_sc_reduce(h); - ge_double_scalarmult_vartime(&R, h, &A, scopy); + ge_double_scalarmult_vartime(&R, h, &A, s); ge_tobytes(rcheck, &R); - return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; + return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0; } void ED25519_public_from_private(uint8_t out_public_key[32], diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index f4470ff..dc50dc8 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -17601,6 +17601,14 @@ Key = ED25519-1-PUBLIC-Raw Input = "" Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b +#Signature maleability test. +#Same as the verify operation above but with the order added to s +OneShotDigestVerify = NULL +Key = ED25519-1-PUBLIC-Raw +Input = "" +Output = e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901554c8c7872aa064e049dbb3013fbf29380d25bf5f0595bbe24655141438e7a101b +Result = VERIFY_ERROR + Title = ED448 tests from RFC8032 PrivateKey=ED448-1 From no-reply at appveyor.com Mon Dec 3 21:22:01 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 03 Dec 2018 21:22:01 +0000 Subject: [openssl-commits] Build failed: openssl master.21280 Message-ID: <20181203212201.1.DA242E82289ECCE0@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Dec 3 21:53:23 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 03 Dec 2018 21:53:23 +0000 Subject: [openssl-commits] Build failed: openssl master.21282 Message-ID: <20181203215323.1.5C7A38EC518D0E17@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Dec 3 22:06:57 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 03 Dec 2018 22:06:57 +0000 Subject: [openssl-commits] Build failed: openssl master.21284 Message-ID: <20181203220657.1.1AB7F1CD76921FBB@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Mon Dec 3 22:31:22 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 03 Dec 2018 22:31:22 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1543876282.912660.7126.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: e65a79d2aa Add an Ed25519 signature maleability test 0ac8f35c04 Disallow Ed25519 signature maleability be80b21d2a Docs: better deprecation text 7b4a3515a4 Docs fixup: some man3 pages had unindented code in SYNOPSIS b608fabfcc util/process_docs.pl: handle multiple source directories for .pod files 547a3320fc Doc: add doc/man7/openssl_user_macros.pod.in Build log ended with (last 100 lines): -o test/sanitytest test/sanitytest-bin-sanitytest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/secmemtest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/secmemtest test/secmemtest-bin-secmemtest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/servername_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/servername_test test/servername_test-bin-servername_test.o test/servername_test-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/siphash_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/siphash_internal_test test/siphash_internal_test-bin-siphash_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/sm2_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sm2_internal_test test/sm2_internal_test-bin-sm2_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/sm4_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sm4_internal_test test/sm4_internal_test-bin-sm4_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/srptest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/srptest test/srptest-bin-srptest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssl_cert_table_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssl_cert_table_internal_test test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssl_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssl_test test/ssl_test-bin-handshake_helper.o test/ssl_test-bin-ssl_test.o test/ssl_test-bin-ssl_test_ctx.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssl_test_ctx_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssl_test_ctx_test test/ssl_test_ctx_test-bin-ssl_test_ctx.o test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslapitest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslapitest test/sslapitest-bin-sslapitest.o test/sslapitest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslbuffertest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslbuffertest test/sslbuffertest-bin-sslbuffertest.o test/sslbuffertest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslcorrupttest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslcorrupttest test/sslcorrupttest-bin-sslcorrupttest.o test/sslcorrupttest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssltest_old ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssltest_old test/ssltest_old-bin-ssltest_old.o \ -lssl -lcrypto -ldl -pthread rm -f test/stack_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/stack_test test/stack_test-bin-stack_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sysdefaulttest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sysdefaulttest test/sysdefaulttest-bin-sysdefaulttest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/test_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/test_test test/test_test-bin-test_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/threadstest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/threadstest test/threadstest-bin-threadstest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/time_offset_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/time_offset_test test/time_offset_test-bin-time_offset_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13ccstest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/tls13ccstest test/tls13ccstest-bin-ssltestlib.o test/tls13ccstest-bin-tls13ccstest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/tls13encryptiontest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/tls13encryptiontest test/tls13encryptiontest-bin-tls13encryptiontest.o \ libssl.a test/libtestutil.a -lcrypto -ldl -pthread rm -f test/uitest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/uitest test/uitest-bin-uitest.o \ apps/libapps.a -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/v3ext ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/v3ext test/v3ext-bin-v3ext.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/ld: final link failed: No space lclang: error: linker command failed with exit code 1 (use -v to see invocation) clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:9576: recipe for target 'test/uitest' failed make[1]: *** [test/uitest] Error 1 make[1]: *** Waiting for unfinished jobs.... Makefile:9542: recipe for target 'test/tls13ccstest' failed make[1]: *** [test/tls13ccstest] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:172: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Mon Dec 3 22:39:40 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 03 Dec 2018 22:39:40 +0000 Subject: [openssl-commits] Build failed: openssl master.21285 Message-ID: <20181203223940.1.BC823A85255CC6D9@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Dec 3 23:11:15 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 03 Dec 2018 23:11:15 +0000 Subject: [openssl-commits] Build completed: openssl master.21286 Message-ID: <20181203231115.1.05714408168B317F@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Tue Dec 4 08:39:11 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 04 Dec 2018 08:39:11 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1543912751.551189.18259.nullmailer@dev.openssl.org> The branch master has been updated via 871493a2bed80310169ec4ba7cc428bc194623bf (commit) from e65a79d2aae76c27d68587ff66cb6b65a3283e50 (commit) - Log ----------------------------------------------------------------- commit 871493a2bed80310169ec4ba7cc428bc194623bf Author: Matt Caswell Date: Mon Dec 3 14:37:07 2018 +0000 Ignore an auto-generated documentation file Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7746) ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 30068e0..61c68f4 100644 --- a/.gitignore +++ b/.gitignore @@ -76,6 +76,7 @@ Makefile !/fuzz/*.* # Misc auto generated files +/doc/man7/openssl_user_macros.pod /include/openssl/opensslconf.h /tools/c_rehash /tools/c_rehash.pl From builds at travis-ci.org Tue Dec 4 08:57:07 2018 From: builds at travis-ci.org (Travis CI) Date: Tue, 04 Dec 2018 08:57:07 +0000 Subject: [openssl-commits] Broken: openssl/openssl#22017 (master - 871493a) In-Reply-To: Message-ID: <5c06416390e88_43f7eca39c08c3068b@d05acc55-20fd-4c59-af26-9d68fe9fff5c.mail> Build Update for openssl/openssl ------------------------------------- Build: #22017 Status: Broken Duration: 17 mins and 5 secs Commit: 871493a (master) Author: Matt Caswell Message: Ignore an auto-generated documentation file Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/7746) View the changeset: https://github.com/openssl/openssl/compare/e65a79d2aae7...871493a2bed8 View the full build log and details: https://travis-ci.org/openssl/openssl/builds/463211674?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=5849220&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 4 11:56:36 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 04 Dec 2018 11:56:36 +0000 Subject: [openssl-commits] Build failed: openssl master.21290 Message-ID: <20181204115636.1.58A00E98F7D80013@appveyor.com> An HTML attachment was scrubbed... URL: From builds at travis-ci.org Tue Dec 4 16:17:52 2018 From: builds at travis-ci.org (Travis CI) Date: Tue, 04 Dec 2018 16:17:52 +0000 Subject: [openssl-commits] Failed: buckaroo-pm/openssl#16 (1.0.2j - e616712) In-Reply-To: Message-ID: <5c06a8b08b3af_43ff211e99c90142385@c24071d2-a7db-4b99-b84c-f8a594cf897f.mail> Build Update for buckaroo-pm/openssl ------------------------------------- Build: #16 Status: Failed Duration: 14 mins and 59 secs Commit: e616712 (1.0.2j) Author: njlr Message: * Adds Buckaroo manifest View the changeset: https://github.com/buckaroo-pm/openssl/compare/2843605d9b98^...e61671249ee5 View the full build log and details: https://travis-ci.org/buckaroo-pm/openssl/builds/463416895?utm_medium=notification&utm_source=email -- You can unsubscribe from build emails from the buckaroo-pm/openssl repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=21712551&utm_medium=notification&utm_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. -------------- next part -------------- An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Dec 4 20:40:37 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 04 Dec 2018 20:40:37 +0000 Subject: [openssl-commits] Build failed: openssl master.21302 Message-ID: <20181204204037.1.77C37675F24DF2FA@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Tue Dec 4 22:29:31 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 04 Dec 2018 22:29:31 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1543962571.551104.3703.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 871493a2be Ignore an auto-generated documentation file Build log ended with (last 100 lines): rm -f test/rsa_mp_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/rsa_mp_test test/rsa_mp_test-bin-rsa_mp_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/rsa_test rm -f test/sanitytest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/rsa_test test/rsa_test-bin-rsa_test.o \ test/libtestutil.a -lcrypto -ldl -pthread ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sanitytest test/sanitytest-bin-sanitytest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/secmemtest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/secmemtest test/secmemtest-bin-secmemtest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/servername_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/servername_test test/servername_test-bin-servername_test.o test/servername_test-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/siphash_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/siphash_internal_test test/siphash_internal_test-bin-siphash_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/sm2_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sm2_internal_test test/sm2_internal_test-bin-sm2_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/sm4_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sm4_internal_test test/sm4_internal_test-bin-sm4_internal_test.o \ test/libtestutil.a libcrypto.a -ldl -pthread rm -f test/srptest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/srptest test/srptest-bin-srptest.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssl_cert_table_internal_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssl_cert_table_internal_test test/ssl_cert_table_internal_test-bin-ssl_cert_table_internal_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssl_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssl_test test/ssl_test-bin-handshake_helper.o test/ssl_test-bin-ssl_test.o test/ssl_test-bin-ssl_test_ctx.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssl_test_ctx_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssl_test_ctx_test test/ssl_test_ctx_test-bin-ssl_test_ctx.o test/ssl_test_ctx_test-bin-ssl_test_ctx_test.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslapitest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslapitest test/sslapitest-bin-sslapitest.o test/sslapitest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslbuffertest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslbuffertest test/sslbuffertest-bin-sslbuffertest.o test/sslbuffertest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sslcorrupttest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sslcorrupttest test/sslcorrupttest-bin-sslcorrupttest.o test/sslcorrupttest-bin-ssltestlib.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/ssltest_old ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/ssltest_old test/ssltest_old-bin-ssltest_old.o \ -lssl -lcrypto -ldl -pthread rm -f test/stack_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/stack_test test/stack_test-bin-stack_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/sysdefaulttest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/sysdefaulttest test/sysdefaulttest-bin-sysdefaulttest.o \ -lssl test/libtestutil.a -lcrypto -ldl -pthread rm -f test/test_test ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/test_test test/test_test-bin-test_test.o \ test/libtestutil.a -lcrypto -ldl -pthread rm -f test/threadstest ${LDCMD:-clang} -pthread -m64 -fsanitize=address -fno-omit-frame-pointer -g -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -L. \ -o test/threadstest test/threadstest-bin-threadstest.o \ test/libtestutil.a -lcrypto -ldl -pthread /usr/bin/ld: final link failed: No space left on device clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:9464: recipe for target 'test/ssltest_old' failed make[1]: *** [test/ssltest_old] Error 1 make[1]: *** Waiting for unfinished jobs.... /usr/bin/ld: final link failed: No space left on device clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:9503: recipe for target 'test/test_test' failed make[1]: *** [test/test_test] Error 1 /usr/bin/ld: final link failed: No space left on device /usr/bin/ld: final link failed: No space left on device clang: error: linker command failed with exit code 1 (use -v to see invocation) clang: error: linker command failed with exit code 1 (use -v to see invocation) Makefile:9516: recipe for target 'test/threadstest' failed make[1]: *** [test/threadstest] Error 1 Makefile:9490: recipe for target 'test/sysdefaulttest' failed make[1]: *** [test/sysdefaulttest] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:172: recipe for target 'all' failed make: *** [all] Error 2 From no-reply at appveyor.com Wed Dec 5 00:33:31 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 05 Dec 2018 00:33:31 +0000 Subject: [openssl-commits] Build failed: openssl master.21307 Message-ID: <20181205003331.1.1EDA4A743A285EB6@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Dec 5 00:58:02 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 05 Dec 2018 00:58:02 +0000 Subject: [openssl-commits] Build completed: openssl master.21308 Message-ID: <20181205005802.1.54C2647D57782FA8@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Wed Dec 5 10:42:14 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 05 Dec 2018 10:42:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1544006534.498406.22318.nullmailer@dev.openssl.org> The branch master has been updated via 3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690 (commit) via 3da2e9c4ee45989a426ff513dc6c6250d1e460de (commit) via 31703da3b8e743c07a9fdb6025aa526594c2a319 (commit) via b34446cca2b1814fa674adc8076707d2b65a697f (commit) from 871493a2bed80310169ec4ba7cc428bc194623bf (commit) - Log ----------------------------------------------------------------- commit 3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690 Author: Andy Polyakov Date: Fri Nov 23 17:23:31 2018 +0100 bn/bn_{div|shift}.c: introduce fixed-top interfaces. Fixed-top interfaces tolerate zero-padded inputs and facilitate constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend, but not divisor. It's argued that divisor's length is public even when value is secret. [extended tests] Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de Author: Andy Polyakov Date: Wed Nov 7 22:18:33 2018 +0100 bn/bn_div.c: make conditional addition unconditional and add template for constant-time bn_div_3_words. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) commit 31703da3b8e743c07a9fdb6025aa526594c2a319 Author: Andy Polyakov Date: Mon Nov 12 15:13:48 2018 +0100 Configure: recognize div3w modules and add -DBN_DIV3W. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) commit b34446cca2b1814fa674adc8076707d2b65a697f Author: Andy Polyakov Date: Mon Nov 12 15:03:39 2018 +0100 Configurations/10-main.conf: remove MIPS bn_div_3_words. It's being replaced with constant-time alternative. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 5 +- Configure | 1 + crypto/bn/asm/mips.pl | 6 + crypto/bn/bn_div.c | 319 ++++++++++++++++++++++----------------- crypto/bn/bn_shift.c | 130 +++++++++++++--- crypto/include/internal/bn_int.h | 9 +- 6 files changed, 301 insertions(+), 169 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index d86691c..6506203 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -360,7 +360,7 @@ my %targets = ( inherit_from => [ "BASE_unix" ], template => 1, cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", + lib_cppflags => "-DB_ENDIAN", ex_libs => add(threads("-lpthread")), thread_scheme => "pthreads", dso_scheme => "dlfcn", @@ -733,7 +733,6 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips32_asm") ], cflags => add("-mabi=32"), cxxflags => add("-mabi=32"), - lib_cppflags => add("-DBN_DIV3W"), perlasm_scheme => "o32", }, # mips32 and mips64 below refer to contemporary MIPS Architecture @@ -742,7 +741,6 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips64_asm") ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - lib_cppflags => add("-DBN_DIV3W"), bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", perlasm_scheme => "n32", multilib => "32", @@ -751,7 +749,6 @@ my %targets = ( inherit_from => [ "linux-generic64", asm("mips64_asm") ], cflags => add("-mabi=64"), cxxflags => add("-mabi=64"), - lib_cppflags => add("-DBN_DIV3W"), perlasm_scheme => "64", multilib => "64", }, diff --git a/Configure b/Configure index cc061dc..65bbec1 100755 --- a/Configure +++ b/Configure @@ -1354,6 +1354,7 @@ unless ($disabled{asm}) { push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); + push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/); if ($target{sha1_asm_src}) { push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index da35ec1..3875132 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -798,6 +798,11 @@ $code.=<<___; move $a0,$v0 .end bn_sub_words_internal +#if 0 +/* + * The bn_div_3_words entry point is re-used for constant-time interface. + * Implementation is retained as hystorical reference. + */ .align 5 .globl bn_div_3_words .ent bn_div_3_words @@ -877,6 +882,7 @@ $code.=<<___; jr $ra move $a0,$v0 .end bn_div_3_words_internal +#endif .align 5 .globl bn_div_words diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 70add10..3a6fa0a 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include "internal/cryptlib.h" #include "bn_lcl.h" @@ -86,6 +87,77 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #else +# if defined(BN_DIV3W) +BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0); +# elif 0 +/* + * This is #if-ed away, because it's a reference for assembly implementations, + * where it can and should be made constant-time. But if you want to test it, + * just replace 0 with 1. + */ +# if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 +# undef BN_ULLONG +# define BN_ULLONG __uint128_t +# define BN_LLONG +# endif + +# ifdef BN_LLONG +# define BN_DIV3W +/* + * Interface is somewhat quirky, |m| is pointer to most significant limb, + * and less significant limb is referred at |m[-1]|. This means that caller + * is responsible for ensuring that |m[-1]| is valid. Second condition that + * has to be met is that |d0|'s most significant bit has to be set. Or in + * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top + * does all this. The subroutine considers four limbs, two of which are + * "overlapping," hence the name... + */ +static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0) +{ + BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1]; + BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1; + BN_ULONG Q = 0, mask; + int i; + + for (i = 0; i < BN_BITS2; i++) { + Q <<= 1; + if (R >= D) { + Q |= 1; + R -= D; + } + D >>= 1; + } + + mask = 0 - (Q >> (BN_BITS2 - 1)); /* does it overflow? */ + + Q <<= 1; + Q |= (R >= D); + + return (Q | mask) & BN_MASK2; +} +# endif +# endif + +static int bn_left_align(BIGNUM *num) +{ + BN_ULONG *d = num->d, n, m, rmask; + int top = num->top; + int rshift = BN_num_bits_word(d[top - 1]), lshift, i; + + lshift = BN_BITS2 - rshift; + rshift %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */ + rmask |= rmask >> 8; + + for (i = 0, m = 0; i < top; i++) { + n = d[i]; + d[i] = ((n << lshift) | m) & BN_MASK2; + m = (n >> rshift) & rmask; + } + + return lshift; +} + # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ && !defined(PEDANTIC) && !defined(BN_DIV3W) # if defined(__GNUC__) && __GNUC__>=2 @@ -137,55 +209,73 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift, i, loop; - BIGNUM *tmp, wnum, *snum, *sdiv, *res; - BN_ULONG *resp, *wnump; - BN_ULONG d0, d1; - int num_n, div_n; - int no_branch = 0; + int ret; + + if (BN_is_zero(divisor)) { + BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); + return 0; + } /* * Invalid zero-padding would have particularly bad consequences so don't * just rely on bn_check_top() here (bn_check_top() works only for * BN_DEBUG builds) */ - if ((num->top > 0 && num->d[num->top - 1] == 0) || - (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) { + if (divisor->d[divisor->top - 1] == 0) { BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); return 0; } - bn_check_top(num); - bn_check_top(divisor); + ret = bn_div_fixed_top(dv, rm, num, divisor, ctx); - if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { - no_branch = 1; + if (ret) { + if (dv != NULL) + bn_correct_top(dv); + if (rm != NULL) + bn_correct_top(rm); } - bn_check_top(dv); - bn_check_top(rm); - /*- bn_check_top(num); *//* - * 'num' has been checked already - */ - /*- bn_check_top(divisor); *//* - * 'divisor' has been checked already - */ + return ret; +} - if (BN_is_zero(divisor)) { - BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return 0; - } +/* + * It's argued that *length* of *significant* part of divisor is public. + * Even if it's private modulus that is. Again, *length* is assumed + * public, but not *value*. Former is likely to be pre-defined by + * algorithm with bit granularity, though below subroutine is invariant + * of limb length. Thanks to this assumption we can require that |divisor| + * may not be zero-padded, yet claim this subroutine "constant-time"(*). + * This is because zero-padded dividend, |num|, is tolerated, so that + * caller can pass dividend of public length(*), but with smaller amount + * of significant limbs. This naturally means that quotient, |dv|, would + * contain correspongly less significant limbs as well, and will be zero- + * padded accordingly. Returned remainder, |rm|, will have same bit length + * as divisor, also zero-padded if needed. These actually leave sign bits + * in ambiguous state. In sense that we try to avoid negative zeros, while + * zero-padded zeros would retain sign. + * + * (*) "Constant-time-ness" has two pre-conditions: + * + * - availability of constant-time bn_div_3_words; + * - dividend is at least as "wide" as divisor, limb-wise, zero-padded + * if so requied, which shouldn't be a privacy problem, because + * divisor's length is considered public; + */ +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, + const BIGNUM *divisor, BN_CTX *ctx) +{ + int norm_shift, i, j, loop; + BIGNUM *tmp, *snum, *sdiv, *res; + BN_ULONG *resp, *wnum, *wnumtop; + BN_ULONG d0, d1; + int num_n, div_n; - if (!no_branch && BN_ucmp(num, divisor) < 0) { - if (rm != NULL) { - if (BN_copy(rm, num) == NULL) - return 0; - } - if (dv != NULL) - BN_zero(dv); - return 1; - } + assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0); + + bn_check_top(num); + bn_check_top(divisor); + bn_check_top(dv); + bn_check_top(rm); BN_CTX_start(ctx); res = (dv == NULL) ? BN_CTX_get(ctx) : dv; @@ -196,113 +286,72 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, goto err; /* First we normalise the numbers */ - norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); - if (!(BN_lshift(sdiv, divisor, norm_shift))) + if (!BN_copy(sdiv, divisor)) goto err; + norm_shift = bn_left_align(sdiv); sdiv->neg = 0; - norm_shift += BN_BITS2; - if (!(BN_lshift(snum, num, norm_shift))) + /* + * Note that bn_lshift_fixed_top's output is always one limb longer + * than input, even when norm_shift is zero. This means that amount of + * inner loop iterations is invariant of dividend value, and that one + * doesn't need to compare dividend and divisor if they were originally + * of the same bit length. + */ + if (!(bn_lshift_fixed_top(snum, num, norm_shift))) goto err; - snum->neg = 0; - - if (no_branch) { - /* - * Since we don't know whether snum is larger than sdiv, we pad snum - * with enough zeroes without changing its value. - */ - if (snum->top <= sdiv->top + 1) { - if (bn_wexpand(snum, sdiv->top + 2) == NULL) - goto err; - for (i = snum->top; i < sdiv->top + 2; i++) - snum->d[i] = 0; - snum->top = sdiv->top + 2; - } else { - if (bn_wexpand(snum, snum->top + 1) == NULL) - goto err; - snum->d[snum->top] = 0; - snum->top++; - } - } div_n = sdiv->top; num_n = snum->top; + + if (num_n <= div_n) { + /* caller didn't pad dividend -> no constant-time guarantee... */ + if (bn_wexpand(snum, div_n + 1) == NULL) + goto err; + memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG)); + snum->top = num_n = div_n + 1; + } + loop = num_n - div_n; /* * Lets setup a 'window' into snum This is the part that corresponds to * the current 'area' being divided */ - wnum.neg = 0; - wnum.d = &(snum->d[loop]); - wnum.top = div_n; - wnum.flags = BN_FLG_STATIC_DATA; - /* - * only needed when BN_ucmp messes up the values between top and max - */ - wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ + wnum = &(snum->d[loop]); + wnumtop = &(snum->d[num_n - 1]); /* Get the top 2 words of sdiv */ - /* div_n=sdiv->top; */ d0 = sdiv->d[div_n - 1]; d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; - /* pointer to the 'top' of snum */ - wnump = &(snum->d[num_n - 1]); - - /* Setup to 'res' */ - if (!bn_wexpand(res, (loop + 1))) + /* Setup quotient */ + if (!bn_wexpand(res, loop)) goto err; res->neg = (num->neg ^ divisor->neg); - res->top = loop - no_branch; - resp = &(res->d[loop - 1]); + res->top = loop; + res->flags |= BN_FLG_FIXED_TOP; + resp = &(res->d[loop]); /* space for temp */ if (!bn_wexpand(tmp, (div_n + 1))) goto err; - if (!no_branch) { - if (BN_ucmp(&wnum, sdiv) >= 0) { - /* - * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) - * the const bignum arguments => clean the values between top and - * max again - */ - bn_clear_top2max(&wnum); - bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); - *resp = 1; - } else - res->top--; - } - - /* Increase the resp pointer so that we never create an invalid pointer. */ - resp++; - - /* - * if res->top == 0 then clear the neg value otherwise decrease the resp - * pointer - */ - if (res->top == 0) - res->neg = 0; - else - resp--; - - for (i = 0; i < loop - 1; i++, wnump--) { + for (i = 0; i < loop; i++, wnumtop--) { BN_ULONG q, l0; /* * the first part of the loop uses the top two words of snum and sdiv * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv */ -# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) - BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); - q = bn_div_3_words(wnump, d1, d0); +# if defined(BN_DIV3W) + q = bn_div_3_words(wnumtop, d1, d0); # else BN_ULONG n0, n1, rem = 0; - n0 = wnump[0]; - n1 = wnump[-1]; + n0 = wnumtop[0]; + n1 = wnumtop[-1]; if (n0 == d0) q = BN_MASK2; else { /* n0 < d0 */ - + BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2]; # ifdef BN_LLONG BN_ULLONG t2; @@ -322,7 +371,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, t2 = (BN_ULLONG) d1 *q; for (;;) { - if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) + if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2)) break; q--; rem += d0; @@ -355,7 +404,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, # endif for (;;) { - if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) + if ((t2h < rem) || ((t2h == rem) && (t2l <= n2))) break; q--; rem += d0; @@ -371,43 +420,33 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); tmp->d[div_n] = l0; - wnum.d--; + wnum--; /* - * ingore top values of the bignums just sub the two BN_ULONG arrays + * ignore top values of the bignums just sub the two BN_ULONG arrays * with bn_sub_words */ - if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { - /* - * Note: As we have considered only the leading two BN_ULONGs in - * the calculation of q, sdiv * q might be greater than wnum (but - * then (q-1) * sdiv is less or equal than wnum) - */ - q--; - if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) - /* - * we can't have an overflow here (assuming that q != 0, but - * if q == 0 then tmp is zero anyway) - */ - (*wnump)++; - } - /* store part of the result */ - resp--; - *resp = q; - } - bn_correct_top(snum); - if (rm != NULL) { + l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1); + q -= l0; /* - * Keep a copy of the neg flag in num because if rm==num BN_rshift() - * will overwrite it. + * Note: As we have considered only the leading two BN_ULONGs in + * the calculation of q, sdiv * q might be greater than wnum (but + * then (q-1) * sdiv is less or equal than wnum) */ - int neg = num->neg; - BN_rshift(rm, snum, norm_shift); - if (!BN_is_zero(rm)) - rm->neg = neg; - bn_check_top(rm); + for (l0 = 0 - l0, j = 0; j < div_n; j++) + tmp->d[j] = sdiv->d[j] & l0; + l0 = bn_add_words(wnum, wnum, tmp->d, div_n); + (*wnumtop) += l0; + assert((*wnumtop) == 0); + + /* store part of the result */ + *--resp = q; } - if (no_branch) - bn_correct_top(res); + /* snum holds remainder, it's as wide as divisor */ + snum->neg = num->neg; + snum->top = div_n; + snum->flags |= BN_FLG_FIXED_TOP; + if (rm != NULL) + bn_rshift_fixed_top(rm, snum, norm_shift); BN_CTX_end(ctx); return 1; err: diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 15d4b32..b7a1e0f 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include "internal/cryptlib.h" #include "bn_lcl.h" @@ -82,40 +83,70 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { - int i, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l; - - bn_check_top(r); - bn_check_top(a); + int ret; if (n < 0) { BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); return 0; } + ret = bn_lshift_fixed_top(r, a, n); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +/* + * In respect to shift factor the execution time is invariant of + * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition + * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being + * non-secret. + */ +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, nw; + unsigned int lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, m, rmask = 0; + + assert(n >= 0); + + bn_check_top(r); + bn_check_top(a); + nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) return 0; - r->neg = a->neg; - lb = n % BN_BITS2; - rb = BN_BITS2 - lb; - f = a->d; - t = r->d; - t[a->top + nw] = 0; - if (lb == 0) - for (i = a->top - 1; i >= 0; i--) - t[nw + i] = f[i]; - else - for (i = a->top - 1; i >= 0; i--) { - l = f[i]; - t[nw + i + 1] |= (l >> rb) & BN_MASK2; - t[nw + i] = (l << lb) & BN_MASK2; + + if (a->top != 0) { + lb = (unsigned int)n % BN_BITS2; + rb = BN_BITS2 - lb; + rb %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */ + rmask |= rmask >> 8; + f = &(a->d[0]); + t = &(r->d[nw]); + l = f[a->top - 1]; + t[a->top] = (l >> rb) & rmask; + for (i = a->top - 1; i > 0; i--) { + m = l << lb; + l = f[i - 1]; + t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2; } - memset(t, 0, sizeof(*t) * nw); + t[0] = (l << lb) & BN_MASK2; + } else { + /* shouldn't happen, but formally required */ + r->d[nw] = 0; + } + if (nw != 0) + memset(r->d, 0, sizeof(*t) * nw); + + r->neg = a->neg; r->top = a->top + nw + 1; - bn_correct_top(r); - bn_check_top(r); + r->flags |= BN_FLG_FIXED_TOP; + return 1; } @@ -173,3 +204,54 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); return 1; } + +/* + * In respect to shift factor the execution time is invariant of + * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition + * for constant-time-ness for sufficiently[!] zero-padded inputs is + * |n < BN_BITS2| or |n / BN_BITS2| being non-secret. + */ +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, top, nw; + unsigned int lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, m, mask; + + bn_check_top(r); + bn_check_top(a); + + assert(n >= 0); + + nw = n / BN_BITS2; + if (nw >= a->top) { + /* shouldn't happen, but formally required */ + BN_zero(r); + return 1; + } + + rb = (unsigned int)n % BN_BITS2; + lb = BN_BITS2 - rb; + lb %= BN_BITS2; /* say no to undefined behaviour */ + mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */ + mask |= mask >> 8; + top = a->top - nw; + if (r != a && bn_wexpand(r, top) == NULL) + return 0; + + t = &(r->d[0]); + f = &(a->d[nw]); + l = f[0]; + for (i = 0; i < top - 1; i++) { + m = f[i + 1]; + t[i] = (l >> rb) | ((m << lb) & mask); + l = m; + } + t[i] = l >> rb; + + r->neg = a->neg; + r->top = top; + r->flags |= BN_FLG_FIXED_TOP; + + return 1; +} diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index cffe5cf..30be7ef 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -65,7 +65,10 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); * is customarily arranged by bn_correct_top. Output from below functions * is not processed with bn_correct_top, and for this reason it may not be * returned out of public API. It may only be passed internally into other - * functions known to support non-minimal or zero-padded BIGNUMs. + * functions known to support non-minimal or zero-padded BIGNUMs. Even + * though the goal is to facilitate constant-time-ness, not each subroutine + * is constant-time by itself. They all have pre-conditions, consult source + * code... */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); @@ -79,5 +82,9 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + const BIGNUM *d, BN_CTX *ctx); #endif From matt at openssl.org Wed Dec 5 10:42:24 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 05 Dec 2018 10:42:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_1-stable update Message-ID: <1544006544.692948.23145.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_1-stable has been updated via 8df98cd98812dff67aa93a3f760860ac91f7f24a (commit) via a7e8ab41fd6d53abba3f63cb34c9bcccb31efda7 (commit) via 2007474f19fa434e669b944895b22af32f934933 (commit) via 9b2a219caeff0522995e5453dedf729bba666ffa (commit) from cc4e37f1e4af060dc41a3c84041a183ecd7aa80e (commit) - Log ----------------------------------------------------------------- commit 8df98cd98812dff67aa93a3f760860ac91f7f24a Author: Andy Polyakov Date: Fri Nov 23 17:23:31 2018 +0100 bn/bn_{div|shift}.c: introduce fixed-top interfaces. Fixed-top interfaces tolerate zero-padded inputs and facilitate constant-time-ness. bn_div_fixed_top tolerates zero-padded dividend, but not divisor. It's argued that divisor's length is public even when value is secret. [extended tests] Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit 3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690) commit a7e8ab41fd6d53abba3f63cb34c9bcccb31efda7 Author: Andy Polyakov Date: Wed Nov 7 22:18:33 2018 +0100 bn/bn_div.c: make conditional addition unconditional and add template for constant-time bn_div_3_words. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit 3da2e9c4ee45989a426ff513dc6c6250d1e460de) commit 2007474f19fa434e669b944895b22af32f934933 Author: Andy Polyakov Date: Mon Nov 12 15:13:48 2018 +0100 Configure: recognize div3w modules and add -DBN_DIV3W. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit 31703da3b8e743c07a9fdb6025aa526594c2a319) commit 9b2a219caeff0522995e5453dedf729bba666ffa Author: Andy Polyakov Date: Mon Nov 12 15:03:39 2018 +0100 Configurations/10-main.conf: remove MIPS bn_div_3_words. It's being replaced with constant-time alternative. Reviewed-by: Paul Dale Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/7589) (cherry picked from commit b34446cca2b1814fa674adc8076707d2b65a697f) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 5 +- Configure | 1 + crypto/bn/asm/mips.pl | 6 + crypto/bn/bn_div.c | 319 ++++++++++++++++++++++----------------- crypto/bn/bn_shift.c | 130 +++++++++++++--- crypto/include/internal/bn_int.h | 9 +- 6 files changed, 301 insertions(+), 169 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index f0cf6c1..ac8828e 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -360,7 +360,7 @@ my %targets = ( inherit_from => [ "BASE_unix" ], template => 1, cppflags => threads("-D_SGI_MP_SOURCE"), - lib_cppflags => "-DB_ENDIAN -DBN_DIV3W", + lib_cppflags => "-DB_ENDIAN", ex_libs => add(threads("-lpthread")), thread_scheme => "pthreads", dso_scheme => "dlfcn", @@ -733,7 +733,6 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips32_asm") ], cflags => add("-mabi=32"), cxxflags => add("-mabi=32"), - lib_cppflags => add("-DBN_DIV3W"), perlasm_scheme => "o32", }, # mips32 and mips64 below refer to contemporary MIPS Architecture @@ -742,7 +741,6 @@ my %targets = ( inherit_from => [ "linux-generic32", asm("mips64_asm") ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - lib_cppflags => add("-DBN_DIV3W"), bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", perlasm_scheme => "n32", multilib => "32", @@ -751,7 +749,6 @@ my %targets = ( inherit_from => [ "linux-generic64", asm("mips64_asm") ], cflags => add("-mabi=64"), cxxflags => add("-mabi=64"), - lib_cppflags => add("-DBN_DIV3W"), perlasm_scheme => "64", multilib => "64", }, diff --git a/Configure b/Configure index d5dc36c..28f6eb7 100755 --- a/Configure +++ b/Configure @@ -1370,6 +1370,7 @@ unless ($disabled{asm}) { push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT" if ($target{bn_asm_src} =~ /-mont/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/); push @{$config{lib_defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/); + push @{$config{lib_defines}}, "BN_DIV3W" if ($target{bn_asm_src} =~ /-div3w/); if ($target{sha1_asm_src}) { push @{$config{lib_defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/); diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index da35ec1..3875132 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -798,6 +798,11 @@ $code.=<<___; move $a0,$v0 .end bn_sub_words_internal +#if 0 +/* + * The bn_div_3_words entry point is re-used for constant-time interface. + * Implementation is retained as hystorical reference. + */ .align 5 .globl bn_div_3_words .ent bn_div_3_words @@ -877,6 +882,7 @@ $code.=<<___; jr $ra move $a0,$v0 .end bn_div_3_words_internal +#endif .align 5 .globl bn_div_words diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 70add10..3a6fa0a 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include #include "internal/cryptlib.h" #include "bn_lcl.h" @@ -86,6 +87,77 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, #else +# if defined(BN_DIV3W) +BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0); +# elif 0 +/* + * This is #if-ed away, because it's a reference for assembly implementations, + * where it can and should be made constant-time. But if you want to test it, + * just replace 0 with 1. + */ +# if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 +# undef BN_ULLONG +# define BN_ULLONG __uint128_t +# define BN_LLONG +# endif + +# ifdef BN_LLONG +# define BN_DIV3W +/* + * Interface is somewhat quirky, |m| is pointer to most significant limb, + * and less significant limb is referred at |m[-1]|. This means that caller + * is responsible for ensuring that |m[-1]| is valid. Second condition that + * has to be met is that |d0|'s most significant bit has to be set. Or in + * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top + * does all this. The subroutine considers four limbs, two of which are + * "overlapping," hence the name... + */ +static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0) +{ + BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1]; + BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1; + BN_ULONG Q = 0, mask; + int i; + + for (i = 0; i < BN_BITS2; i++) { + Q <<= 1; + if (R >= D) { + Q |= 1; + R -= D; + } + D >>= 1; + } + + mask = 0 - (Q >> (BN_BITS2 - 1)); /* does it overflow? */ + + Q <<= 1; + Q |= (R >= D); + + return (Q | mask) & BN_MASK2; +} +# endif +# endif + +static int bn_left_align(BIGNUM *num) +{ + BN_ULONG *d = num->d, n, m, rmask; + int top = num->top; + int rshift = BN_num_bits_word(d[top - 1]), lshift, i; + + lshift = BN_BITS2 - rshift; + rshift %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rshift; /* rmask = 0 - (rshift != 0) */ + rmask |= rmask >> 8; + + for (i = 0, m = 0; i < top; i++) { + n = d[i]; + d[i] = ((n << lshift) | m) & BN_MASK2; + m = (n >> rshift) & rmask; + } + + return lshift; +} + # if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ && !defined(PEDANTIC) && !defined(BN_DIV3W) # if defined(__GNUC__) && __GNUC__>=2 @@ -137,55 +209,73 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, BN_CTX *ctx) { - int norm_shift, i, loop; - BIGNUM *tmp, wnum, *snum, *sdiv, *res; - BN_ULONG *resp, *wnump; - BN_ULONG d0, d1; - int num_n, div_n; - int no_branch = 0; + int ret; + + if (BN_is_zero(divisor)) { + BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); + return 0; + } /* * Invalid zero-padding would have particularly bad consequences so don't * just rely on bn_check_top() here (bn_check_top() works only for * BN_DEBUG builds) */ - if ((num->top > 0 && num->d[num->top - 1] == 0) || - (divisor->top > 0 && divisor->d[divisor->top - 1] == 0)) { + if (divisor->d[divisor->top - 1] == 0) { BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED); return 0; } - bn_check_top(num); - bn_check_top(divisor); + ret = bn_div_fixed_top(dv, rm, num, divisor, ctx); - if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) - || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { - no_branch = 1; + if (ret) { + if (dv != NULL) + bn_correct_top(dv); + if (rm != NULL) + bn_correct_top(rm); } - bn_check_top(dv); - bn_check_top(rm); - /*- bn_check_top(num); *//* - * 'num' has been checked already - */ - /*- bn_check_top(divisor); *//* - * 'divisor' has been checked already - */ + return ret; +} - if (BN_is_zero(divisor)) { - BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO); - return 0; - } +/* + * It's argued that *length* of *significant* part of divisor is public. + * Even if it's private modulus that is. Again, *length* is assumed + * public, but not *value*. Former is likely to be pre-defined by + * algorithm with bit granularity, though below subroutine is invariant + * of limb length. Thanks to this assumption we can require that |divisor| + * may not be zero-padded, yet claim this subroutine "constant-time"(*). + * This is because zero-padded dividend, |num|, is tolerated, so that + * caller can pass dividend of public length(*), but with smaller amount + * of significant limbs. This naturally means that quotient, |dv|, would + * contain correspongly less significant limbs as well, and will be zero- + * padded accordingly. Returned remainder, |rm|, will have same bit length + * as divisor, also zero-padded if needed. These actually leave sign bits + * in ambiguous state. In sense that we try to avoid negative zeros, while + * zero-padded zeros would retain sign. + * + * (*) "Constant-time-ness" has two pre-conditions: + * + * - availability of constant-time bn_div_3_words; + * - dividend is at least as "wide" as divisor, limb-wise, zero-padded + * if so requied, which shouldn't be a privacy problem, because + * divisor's length is considered public; + */ +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, + const BIGNUM *divisor, BN_CTX *ctx) +{ + int norm_shift, i, j, loop; + BIGNUM *tmp, *snum, *sdiv, *res; + BN_ULONG *resp, *wnum, *wnumtop; + BN_ULONG d0, d1; + int num_n, div_n; - if (!no_branch && BN_ucmp(num, divisor) < 0) { - if (rm != NULL) { - if (BN_copy(rm, num) == NULL) - return 0; - } - if (dv != NULL) - BN_zero(dv); - return 1; - } + assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0); + + bn_check_top(num); + bn_check_top(divisor); + bn_check_top(dv); + bn_check_top(rm); BN_CTX_start(ctx); res = (dv == NULL) ? BN_CTX_get(ctx) : dv; @@ -196,113 +286,72 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, goto err; /* First we normalise the numbers */ - norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); - if (!(BN_lshift(sdiv, divisor, norm_shift))) + if (!BN_copy(sdiv, divisor)) goto err; + norm_shift = bn_left_align(sdiv); sdiv->neg = 0; - norm_shift += BN_BITS2; - if (!(BN_lshift(snum, num, norm_shift))) + /* + * Note that bn_lshift_fixed_top's output is always one limb longer + * than input, even when norm_shift is zero. This means that amount of + * inner loop iterations is invariant of dividend value, and that one + * doesn't need to compare dividend and divisor if they were originally + * of the same bit length. + */ + if (!(bn_lshift_fixed_top(snum, num, norm_shift))) goto err; - snum->neg = 0; - - if (no_branch) { - /* - * Since we don't know whether snum is larger than sdiv, we pad snum - * with enough zeroes without changing its value. - */ - if (snum->top <= sdiv->top + 1) { - if (bn_wexpand(snum, sdiv->top + 2) == NULL) - goto err; - for (i = snum->top; i < sdiv->top + 2; i++) - snum->d[i] = 0; - snum->top = sdiv->top + 2; - } else { - if (bn_wexpand(snum, snum->top + 1) == NULL) - goto err; - snum->d[snum->top] = 0; - snum->top++; - } - } div_n = sdiv->top; num_n = snum->top; + + if (num_n <= div_n) { + /* caller didn't pad dividend -> no constant-time guarantee... */ + if (bn_wexpand(snum, div_n + 1) == NULL) + goto err; + memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG)); + snum->top = num_n = div_n + 1; + } + loop = num_n - div_n; /* * Lets setup a 'window' into snum This is the part that corresponds to * the current 'area' being divided */ - wnum.neg = 0; - wnum.d = &(snum->d[loop]); - wnum.top = div_n; - wnum.flags = BN_FLG_STATIC_DATA; - /* - * only needed when BN_ucmp messes up the values between top and max - */ - wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ + wnum = &(snum->d[loop]); + wnumtop = &(snum->d[num_n - 1]); /* Get the top 2 words of sdiv */ - /* div_n=sdiv->top; */ d0 = sdiv->d[div_n - 1]; d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; - /* pointer to the 'top' of snum */ - wnump = &(snum->d[num_n - 1]); - - /* Setup to 'res' */ - if (!bn_wexpand(res, (loop + 1))) + /* Setup quotient */ + if (!bn_wexpand(res, loop)) goto err; res->neg = (num->neg ^ divisor->neg); - res->top = loop - no_branch; - resp = &(res->d[loop - 1]); + res->top = loop; + res->flags |= BN_FLG_FIXED_TOP; + resp = &(res->d[loop]); /* space for temp */ if (!bn_wexpand(tmp, (div_n + 1))) goto err; - if (!no_branch) { - if (BN_ucmp(&wnum, sdiv) >= 0) { - /* - * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) - * the const bignum arguments => clean the values between top and - * max again - */ - bn_clear_top2max(&wnum); - bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); - *resp = 1; - } else - res->top--; - } - - /* Increase the resp pointer so that we never create an invalid pointer. */ - resp++; - - /* - * if res->top == 0 then clear the neg value otherwise decrease the resp - * pointer - */ - if (res->top == 0) - res->neg = 0; - else - resp--; - - for (i = 0; i < loop - 1; i++, wnump--) { + for (i = 0; i < loop; i++, wnumtop--) { BN_ULONG q, l0; /* * the first part of the loop uses the top two words of snum and sdiv * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv */ -# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) - BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG); - q = bn_div_3_words(wnump, d1, d0); +# if defined(BN_DIV3W) + q = bn_div_3_words(wnumtop, d1, d0); # else BN_ULONG n0, n1, rem = 0; - n0 = wnump[0]; - n1 = wnump[-1]; + n0 = wnumtop[0]; + n1 = wnumtop[-1]; if (n0 == d0) q = BN_MASK2; else { /* n0 < d0 */ - + BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2]; # ifdef BN_LLONG BN_ULLONG t2; @@ -322,7 +371,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, t2 = (BN_ULLONG) d1 *q; for (;;) { - if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2])) + if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2)) break; q--; rem += d0; @@ -355,7 +404,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, # endif for (;;) { - if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2]))) + if ((t2h < rem) || ((t2h == rem) && (t2l <= n2))) break; q--; rem += d0; @@ -371,43 +420,33 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); tmp->d[div_n] = l0; - wnum.d--; + wnum--; /* - * ingore top values of the bignums just sub the two BN_ULONG arrays + * ignore top values of the bignums just sub the two BN_ULONG arrays * with bn_sub_words */ - if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { - /* - * Note: As we have considered only the leading two BN_ULONGs in - * the calculation of q, sdiv * q might be greater than wnum (but - * then (q-1) * sdiv is less or equal than wnum) - */ - q--; - if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) - /* - * we can't have an overflow here (assuming that q != 0, but - * if q == 0 then tmp is zero anyway) - */ - (*wnump)++; - } - /* store part of the result */ - resp--; - *resp = q; - } - bn_correct_top(snum); - if (rm != NULL) { + l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1); + q -= l0; /* - * Keep a copy of the neg flag in num because if rm==num BN_rshift() - * will overwrite it. + * Note: As we have considered only the leading two BN_ULONGs in + * the calculation of q, sdiv * q might be greater than wnum (but + * then (q-1) * sdiv is less or equal than wnum) */ - int neg = num->neg; - BN_rshift(rm, snum, norm_shift); - if (!BN_is_zero(rm)) - rm->neg = neg; - bn_check_top(rm); + for (l0 = 0 - l0, j = 0; j < div_n; j++) + tmp->d[j] = sdiv->d[j] & l0; + l0 = bn_add_words(wnum, wnum, tmp->d, div_n); + (*wnumtop) += l0; + assert((*wnumtop) == 0); + + /* store part of the result */ + *--resp = q; } - if (no_branch) - bn_correct_top(res); + /* snum holds remainder, it's as wide as divisor */ + snum->neg = num->neg; + snum->top = div_n; + snum->flags |= BN_FLG_FIXED_TOP; + if (rm != NULL) + bn_rshift_fixed_top(rm, snum, norm_shift); BN_CTX_end(ctx); return 1; err: diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 15d4b32..b7a1e0f 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -7,6 +7,7 @@ * https://www.openssl.org/source/license.html */ +#include #include "internal/cryptlib.h" #include "bn_lcl.h" @@ -82,40 +83,70 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a) int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) { - int i, nw, lb, rb; - BN_ULONG *t, *f; - BN_ULONG l; - - bn_check_top(r); - bn_check_top(a); + int ret; if (n < 0) { BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); return 0; } + ret = bn_lshift_fixed_top(r, a, n); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +/* + * In respect to shift factor the execution time is invariant of + * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition + * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being + * non-secret. + */ +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, nw; + unsigned int lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, m, rmask = 0; + + assert(n >= 0); + + bn_check_top(r); + bn_check_top(a); + nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) return 0; - r->neg = a->neg; - lb = n % BN_BITS2; - rb = BN_BITS2 - lb; - f = a->d; - t = r->d; - t[a->top + nw] = 0; - if (lb == 0) - for (i = a->top - 1; i >= 0; i--) - t[nw + i] = f[i]; - else - for (i = a->top - 1; i >= 0; i--) { - l = f[i]; - t[nw + i + 1] |= (l >> rb) & BN_MASK2; - t[nw + i] = (l << lb) & BN_MASK2; + + if (a->top != 0) { + lb = (unsigned int)n % BN_BITS2; + rb = BN_BITS2 - lb; + rb %= BN_BITS2; /* say no to undefined behaviour */ + rmask = (BN_ULONG)0 - rb; /* rmask = 0 - (rb != 0) */ + rmask |= rmask >> 8; + f = &(a->d[0]); + t = &(r->d[nw]); + l = f[a->top - 1]; + t[a->top] = (l >> rb) & rmask; + for (i = a->top - 1; i > 0; i--) { + m = l << lb; + l = f[i - 1]; + t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2; } - memset(t, 0, sizeof(*t) * nw); + t[0] = (l << lb) & BN_MASK2; + } else { + /* shouldn't happen, but formally required */ + r->d[nw] = 0; + } + if (nw != 0) + memset(r->d, 0, sizeof(*t) * nw); + + r->neg = a->neg; r->top = a->top + nw + 1; - bn_correct_top(r); - bn_check_top(r); + r->flags |= BN_FLG_FIXED_TOP; + return 1; } @@ -173,3 +204,54 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); return 1; } + +/* + * In respect to shift factor the execution time is invariant of + * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition + * for constant-time-ness for sufficiently[!] zero-padded inputs is + * |n < BN_BITS2| or |n / BN_BITS2| being non-secret. + */ +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, top, nw; + unsigned int lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, m, mask; + + bn_check_top(r); + bn_check_top(a); + + assert(n >= 0); + + nw = n / BN_BITS2; + if (nw >= a->top) { + /* shouldn't happen, but formally required */ + BN_zero(r); + return 1; + } + + rb = (unsigned int)n % BN_BITS2; + lb = BN_BITS2 - rb; + lb %= BN_BITS2; /* say no to undefined behaviour */ + mask = (BN_ULONG)0 - lb; /* mask = 0 - (lb != 0) */ + mask |= mask >> 8; + top = a->top - nw; + if (r != a && bn_wexpand(r, top) == NULL) + return 0; + + t = &(r->d[0]); + f = &(a->d[nw]); + l = f[0]; + for (i = 0; i < top - 1; i++) { + m = f[i + 1]; + t[i] = (l >> rb) | ((m << lb) & mask); + l = m; + } + t[i] = l >> rb; + + r->neg = a->neg; + r->top = top; + r->flags |= BN_FLG_FIXED_TOP; + + return 1; +} diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index cffe5cf..30be7ef 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -65,7 +65,10 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); * is customarily arranged by bn_correct_top. Output from below functions * is not processed with bn_correct_top, and for this reason it may not be * returned out of public API. It may only be passed internally into other - * functions known to support non-minimal or zero-padded BIGNUMs. + * functions known to support non-minimal or zero-padded BIGNUMs. Even + * though the goal is to facilitate constant-time-ness, not each subroutine + * is constant-time by itself. They all have pre-conditions, consult source + * code... */ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); @@ -79,5 +82,9 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); +int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + const BIGNUM *d, BN_CTX *ctx); #endif From matt at openssl.org Wed Dec 5 11:02:27 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 05 Dec 2018 11:02:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1544007747.755249.28361.nullmailer@dev.openssl.org> The branch master has been updated via 0fb2815b873304d145ed00283454fc9f3bd35e6b (commit) via ed371b8cbac0d0349667558c061c1ae380cf75eb (commit) from 3a4a88f436ed1dd1165e0b59c1ca4a25e9e1d690 (commit) - Log ----------------------------------------------------------------- commit 0fb2815b873304d145ed00283454fc9f3bd35e6b Author: Matt Caswell Date: Tue Dec 4 08:37:04 2018 +0000 Fix some SSL_export_keying_material() issues Fix some issues in tls13_hkdf_expand() which impact the above function for TLSv1.3. In particular test that we can use the maximum label length in TLSv1.3. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7755) commit ed371b8cbac0d0349667558c061c1ae380cf75eb Author: Matt Caswell Date: Mon Dec 3 18:14:57 2018 +0000 Revert "Reduce stack usage in tls13_hkdf_expand" This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d. SSL_export_keying_material() may use longer label lengths. Fixes #7712 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/7755) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_export_keying_material.pod | 3 +- ssl/ssl_locl.h | 2 +- ssl/statem/extensions.c | 2 +- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_srvr.c | 2 +- ssl/tls13_enc.c | 73 ++++++++++++++++++++------------- test/sslapitest.c | 48 ++++++++++++++++------ test/tls13secretstest.c | 2 +- 8 files changed, 88 insertions(+), 46 deletions(-) diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod index abebf91..4c81a60 100644 --- a/doc/man3/SSL_export_keying_material.pod +++ b/doc/man3/SSL_export_keying_material.pod @@ -59,7 +59,8 @@ B