From scan-admin at coverity.com Sun Jul 1 08:15:50 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 01 Jul 2018 08:15:50 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b388db4c40b4_46742ab1dd750f5871495@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2JKbSCntxjhvQ7VFhOugr2CeTZuTSRUt8zV1ZCo3yzmhBlAFGw43cxm4xhURdR-2F2D-2FPbB7u4MOD8qA7pUoye9K4xJQTOhD-2B8W6JwHIqgn8DJVcUtiIklvOzM8qv0Pfz1-2FRmceZKEKamSH7lma3YFrhFvGF4AVOTobLv91IEjnKYHT8ujC5lXaiDh1j2rK2q6U-3D Build ID: 218198 Analysis Summary: New defects found: 2 Defects eliminated: 0 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2JKbSCntxjhvQ7VFhOugr2CeTZuTSRUt8zV1ZCo3yzmhWzF9KvXQL0DlXoVdJyn8nyLn5a9B9H4bIWiD9bBrIVGwBldZZAwJ1f520aKWJ4shtXYXOgAXly7GlZ-2FTqVq-2B8sN6lRyzz71-2FHYpu1WKrgTJmQCpRhUiA-2FW8grQmyCc9VqwtmcmRhQLkpwzt98CW8w-3D From scan-admin at coverity.com Sun Jul 1 08:41:39 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 01 Jul 2018 08:41:39 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b3893c3397de_55ac2ab1dd750f5871472@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3eOIrQpD6AZNVQbw3R366NKW0j01KXEY-2F-2Bmm53La-2Fc2k0fSD1icf9Oq9JCMG4WyaGthIx431M7tSqgvedm7zNci4UKLtUyKT9pizaWjd3z7wpzvULnvXInW0dWChMtm0-2F7sG-2B-2FpUxVwIxsfTVNq2Gfb5qBNaBhFc6RdSF0zGjjLSGj8GFW3yshb1W7Ly8LoIo-3D Build ID: 218204 Analysis Summary: New defects found: 0 Defects eliminated: 0 From appro at openssl.org Sun Jul 1 09:52:58 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 01 Jul 2018 09:52:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530438778.742147.11288.nullmailer@dev.openssl.org> The branch master has been updated via ce5eb5e8149d8d03660575f4b8504c993851988a (commit) from a091e212fc55244fe03a4c7db7d8978c5b5014cb (commit) - Log ----------------------------------------------------------------- commit ce5eb5e8149d8d03660575f4b8504c993851988a Author: Andy Polyakov Date: Fri Jun 29 17:48:54 2018 +0200 modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6615) ----------------------------------------------------------------------- Summary of changes: crypto/modes/asm/ghash-armv4.pl | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 9cc072e..9d8c988 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -145,6 +145,8 @@ $code=<<___; .text #if defined(__thumb2__) || defined(__clang__) .syntax unified +#define ldrplb ldrbpl +#define ldrneb ldrbne #endif #if defined(__thumb2__) .thumb @@ -152,11 +154,6 @@ $code=<<___; .code 32 #endif -#ifdef __clang__ -#define ldrplb ldrbpl -#define ldrneb ldrbne -#endif - .type rem_4bit,%object .align 5 rem_4bit: From appro at openssl.org Sun Jul 1 09:54:12 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 01 Jul 2018 09:54:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530438852.376230.12493.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via a80f76aff4e0be3f5738cf9b292f940dc06a0e2a (commit) from c7b9e7be89c987fbf065852d846ac4982a32941b (commit) - Log ----------------------------------------------------------------- commit a80f76aff4e0be3f5738cf9b292f940dc06a0e2a Author: Andy Polyakov Date: Fri Jun 29 17:48:54 2018 +0200 modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6615) (cherry picked from commit ce5eb5e8149d8d03660575f4b8504c993851988a) ----------------------------------------------------------------------- Summary of changes: crypto/modes/asm/ghash-armv4.pl | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 7d880c9..426ef30 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -145,6 +145,8 @@ $code=<<___; .text #if defined(__thumb2__) || defined(__clang__) .syntax unified +#define ldrplb ldrbpl +#define ldrneb ldrbne #endif #if defined(__thumb2__) .thumb @@ -152,11 +154,6 @@ $code=<<___; .code 32 #endif -#ifdef __clang__ -#define ldrplb ldrbpl -#define ldrneb ldrbne -#endif - .type rem_4bit,%object .align 5 rem_4bit: From appro at openssl.org Sun Jul 1 10:06:29 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 01 Jul 2018 10:06:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530439589.651805.18020.nullmailer@dev.openssl.org> The branch master has been updated via a0e53000a8d2f464c5a49e93abaa606e67d7558e (commit) from ce5eb5e8149d8d03660575f4b8504c993851988a (commit) - Log ----------------------------------------------------------------- commit a0e53000a8d2f464c5a49e93abaa606e67d7558e Author: Andy Polyakov Date: Fri Jun 29 18:46:57 2018 +0200 rand/rand_unix.c: address macro redifinition warning. Occasionally, e.g. when compiling for elderly glibc, you end up passing -D_GNU_SOURCE on command line, and doing so triggered warning... Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6616) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_unix.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index b64cf27..f482de0 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -7,7 +7,9 @@ * https://www.openssl.org/source/license.html */ -#define _GNU_SOURCE +#ifndef _GNU_SOURCE +# define _GNU_SOURCE +#endif #include "e_os.h" #include #include "internal/cryptlib.h" From no-reply at appveyor.com Sun Jul 1 10:35:22 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 01 Jul 2018 10:35:22 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_1_0-stable.18780 Message-ID: <20180701103522.1.5F63002DEB025C26@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 1 11:20:00 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 01 Jul 2018 11:20:00 +0000 Subject: [openssl-commits] Build completed: openssl master.18781 Message-ID: <20180701112000.1.932544866A4018AF@appveyor.com> An HTML attachment was scrubbed... URL: From paul.dale at oracle.com Sun Jul 1 21:22:06 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Sun, 01 Jul 2018 21:22:06 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530480126.950506.17317.nullmailer@dev.openssl.org> The branch master has been updated via 8794be2ed8d2e044d8b0135ddb7e903e81335c94 (commit) from a0e53000a8d2f464c5a49e93abaa606e67d7558e (commit) - Log ----------------------------------------------------------------- commit 8794be2ed8d2e044d8b0135ddb7e903e81335c94 Author: Pauli Date: Wed Jun 27 11:34:54 2018 +1000 Remove development artifacts. The issue was discovered on the x86/64 when attempting to include libcrypto inside another shared library. A relocation of type R_X86_64_PC32 was generated which causes a linker error. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6595) ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/keccak1600-s390x.pl | 1 - crypto/sha/asm/keccak1600-x86_64.pl | 1 - 2 files changed, 2 deletions(-) diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl index 4bd3619..58c44d8 100755 --- a/crypto/sha/asm/keccak1600-s390x.pl +++ b/crypto/sha/asm/keccak1600-s390x.pl @@ -335,7 +335,6 @@ ___ } { $code.=<<___; -.globl KeccakF1600 .type KeccakF1600,\@function .align 32 KeccakF1600: diff --git a/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/sha/asm/keccak1600-x86_64.pl index d3f4c10..42de5bf 100755 --- a/crypto/sha/asm/keccak1600-x86_64.pl +++ b/crypto/sha/asm/keccak1600-x86_64.pl @@ -344,7 +344,6 @@ $code.=<<___; ret .size __KeccakF1600,.-__KeccakF1600 -.globl KeccakF1600 .type KeccakF1600,\@abi-omnipotent .align 32 KeccakF1600: From kaduk at mit.edu Sun Jul 1 23:20:51 2018 From: kaduk at mit.edu (kaduk at mit.edu) Date: Sun, 01 Jul 2018 23:20:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530487251.837135.854.nullmailer@dev.openssl.org> The branch master has been updated via 5281bb2252be6575ebb7a8b683e6bd160476fa2a (commit) from 8794be2ed8d2e044d8b0135ddb7e903e81335c94 (commit) - Log ----------------------------------------------------------------- commit 5281bb2252be6575ebb7a8b683e6bd160476fa2a Author: Benjamin Kaduk Date: Sun Jul 1 12:49:24 2018 -0500 Address coverity-reported NULL dereference in SSL_SESSION_print() We need to check the provided SSL_SESSION* for NULL before attempting to derference it to see if it's a TLS 1.3 session. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6622) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_txt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 3856491..cf6e4c3 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -33,10 +33,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) { size_t i; const char *s; - int istls13 = (x->ssl_version == TLS1_3_VERSION); + int istls13; if (x == NULL) goto err; + istls13 = (x->ssl_version == TLS1_3_VERSION); if (BIO_puts(bp, "SSL-Session:\n") <= 0) goto err; s = ssl_protocol_to_string(x->ssl_version); From appro at openssl.org Mon Jul 2 08:49:17 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 02 Jul 2018 08:49:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530521357.628688.1507.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via e35e5941e0b2f7af1cd56f07ee8d4eaf2b445132 (commit) from a80f76aff4e0be3f5738cf9b292f940dc06a0e2a (commit) - Log ----------------------------------------------------------------- commit e35e5941e0b2f7af1cd56f07ee8d4eaf2b445132 Author: Andy Polyakov Date: Sat Jun 30 12:52:10 2018 +0200 test/evp_test.c: address sanitizer errors in pderive_test_run. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6614) ----------------------------------------------------------------------- Summary of changes: test/evp_test.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/evp_test.c b/test/evp_test.c index fb2ca27..c2434db 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1592,19 +1592,19 @@ static int pderive_test_run(struct evp_test *t) struct pkey_data *kdata = t->data; unsigned char *out = NULL; size_t out_len; - const char *err = "INTERNAL_ERROR"; + const char *err = "DERIVE_ERROR"; - out_len = kdata->output_len; + if (EVP_PKEY_derive(kdata->ctx, NULL, &out_len) <= 0) + goto err; out = OPENSSL_malloc(out_len); if (!out) { fprintf(stderr, "Error allocating output buffer!\n"); exit(1); } - err = "DERIVE_ERROR"; if (EVP_PKEY_derive(kdata->ctx, out, &out_len) <= 0) goto err; err = "SHARED_SECRET_LENGTH_MISMATCH"; - if (out_len != kdata->output_len) + if (kdata->output == NULL || out_len != kdata->output_len) goto err; err = "SHARED_SECRET_MISMATCH"; if (check_output(t, kdata->output, out, out_len)) From openssl at openssl.org Mon Jul 2 11:14:18 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 02 Jul 2018 11:14:18 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1530530058.509384.24331.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 8794be2 Remove development artifacts. a0e5300 rand/rand_unix.c: address macro redifinition warning. ce5eb5e modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings. a091e21 evp/e_chacha20_poly1305.c: improve performance for short TLS records. 249330d More EVP ECC testing: positive and negative 8eab767 Check return from BN_set_word. In ssl/t1_lib.c. 10c3c1c Zero-fill IV by default. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1267, 239 wallclock secs ( 1.64 usr 0.27 sys + 208.15 cusr 9.20 csys = 219.26 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 2 11:52:18 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 02 Jul 2018 11:52:18 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1530532338.298684.12882.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 8794be2 Remove development artifacts. a0e5300 rand/rand_unix.c: address macro redifinition warning. ce5eb5e modes/asm/ghash-armv4.pl: address "infixes are deprecated" warnings. a091e21 evp/e_chacha20_poly1305.c: improve performance for short TLS records. 249330d More EVP ECC testing: positive and negative 8eab767 Check return from BN_set_word. In ssl/t1_lib.c. 10c3c1c Zero-fill IV by default. Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1267, 218 wallclock secs ( 1.63 usr 0.34 sys + 195.72 cusr 8.62 csys = 206.31 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Mon Jul 2 13:47:49 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Jul 2018 13:47:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530539269.456180.3079.nullmailer@dev.openssl.org> The branch master has been updated via b6ff436fcb597663ffcfe6d724d207cf120e7250 (commit) from 5281bb2252be6575ebb7a8b683e6bd160476fa2a (commit) - Log ----------------------------------------------------------------- commit b6ff436fcb597663ffcfe6d724d207cf120e7250 Author: Matt Caswell Date: Tue Jun 26 15:40:54 2018 +0100 Fix a NULL ptr deref in error path in tls_process_cke_dhe() Fixes #6574 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6593) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 9c44be0..26cd850 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3129,14 +3129,13 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt) SSL_R_BN_LIB); goto err; } + cdh = EVP_PKEY_get0_DH(ckey); pub_key = BN_bin2bn(data, i, NULL); - - if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) { + if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR); - if (pub_key != NULL) - BN_free(pub_key); + BN_free(pub_key); goto err; } From matt at openssl.org Mon Jul 2 13:54:54 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Jul 2018 13:54:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530539694.021689.7478.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1e8cb18d499604c1766bfcec23a358888eaf6551 (commit) from e35e5941e0b2f7af1cd56f07ee8d4eaf2b445132 (commit) - Log ----------------------------------------------------------------- commit 1e8cb18d499604c1766bfcec23a358888eaf6551 Author: Matt Caswell Date: Tue Jun 26 15:40:54 2018 +0100 Fix a NULL ptr deref in error path in tls_process_cke_dhe() Fixes #6574 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6594) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_srvr.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5591e1e..10301f1 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2324,13 +2324,12 @@ static int tls_process_cke_dhe(SSL *s, PACKET *pkt, int *al) SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, SSL_R_BN_LIB); goto err; } + cdh = EVP_PKEY_get0_DH(ckey); pub_key = BN_bin2bn(data, i, NULL); - - if (pub_key == NULL || !DH_set0_key(cdh, pub_key, NULL)) { + if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) { SSLerr(SSL_F_TLS_PROCESS_CKE_DHE, ERR_R_INTERNAL_ERROR); - if (pub_key != NULL) - BN_free(pub_key); + BN_free(pub_key); goto err; } From matt at openssl.org Mon Jul 2 14:11:23 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 02 Jul 2018 14:11:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530540683.851738.18205.nullmailer@dev.openssl.org> The branch master has been updated via 3bb5e5b09e32defefda2b61087c113203005ffa0 (commit) via 5a42141565a4074167b006e7a28a822176b40f86 (commit) via dc7a3543e0244bfdb9cbca1408fb7a6aa5da34b5 (commit) via c9598459b6c797bd316e44834f5129bdf28add2b (commit) via 5d263fb78b51f96753056f21abc4d992d0219df2 (commit) from b6ff436fcb597663ffcfe6d724d207cf120e7250 (commit) - Log ----------------------------------------------------------------- commit 3bb5e5b09e32defefda2b61087c113203005ffa0 Author: Matt Caswell Date: Fri Jun 15 14:55:06 2018 +0100 Add the ability to configure anti-replay via SSL_CONF This also adds the ability to control this through s_server Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6469) commit 5a42141565a4074167b006e7a28a822176b40f86 Author: Matt Caswell Date: Fri Jun 8 10:03:19 2018 +0100 Add a test for the new early data callback Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6469) commit dc7a3543e0244bfdb9cbca1408fb7a6aa5da34b5 Author: Matt Caswell Date: Thu Jun 7 16:32:19 2018 +0100 Document the new early data callback and option Document SSL_OP_NO_ANTI_REPLAY and SSL_CTX_set_allow_early_data_cb() Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6469) commit c9598459b6c797bd316e44834f5129bdf28add2b Author: Matt Caswell Date: Thu Jun 7 15:14:36 2018 +0100 Add setters to set the early_data callback Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6469) commit 5d263fb78b51f96753056f21abc4d992d0219df2 Author: Matt Caswell Date: Thu Jun 7 09:11:05 2018 +0100 Make the anti-replay feature optional Fixes #6389 Reviewed-by: Viktor Dukhovni Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6469) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 5 ++ doc/man1/s_server.pod | 11 ++++ doc/man3/SSL_CONF_cmd.pod | 21 +++++++ doc/man3/SSL_CTX_set_options.pod | 11 ++++ doc/man3/SSL_read_early_data.pod | 35 ++++++++++- include/openssl/ssl.h | 16 ++++- ssl/ssl_conf.c | 11 +++- ssl/ssl_lib.c | 22 ++++++- ssl/ssl_locl.h | 9 +++ ssl/statem/extensions.c | 5 +- ssl/statem/extensions_srvr.c | 4 +- ssl/statem/statem_srvr.c | 6 +- test/sslapitest.c | 131 ++++++++++++++++++++++++++++++++++----- util/libssl.num | 2 + util/private.num | 2 + 15 files changed, 267 insertions(+), 24 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index df2bf02..b050200 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -749,6 +749,7 @@ typedef enum OPTION_choice { OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, + OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -958,6 +959,8 @@ const OPTIONS s_server_options[] = { {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, {"num_tickets", OPT_S_NUM_TICKETS, 'n', "The number of TLSv1.3 session tickets that a server will automatically issue" }, + {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"}, + {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"}, {NULL, OPT_EOF, 0, NULL} }; @@ -1258,6 +1261,8 @@ int s_server_main(int argc, char *argv[]) break; case OPT_S_CASES: case OPT_S_NUM_TICKETS: + case OPT_ANTI_REPLAY: + case OPT_NO_ANTI_REPLAY: if (ssl_args == NULL) ssl_args = sk_OPENSSL_STRING_new_null(); if (ssl_args == NULL diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 2b7db63..f601794 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -180,6 +180,8 @@ B B [B<-keylogfile outfile>] [B<-max_early_data int>] [B<-early_data>] +[B<-anti_replay>] +[B<-no_anti_replay>] =head1 DESCRIPTION @@ -709,6 +711,15 @@ greater than or equal to 0. Accept early data where possible. +=item B<-anti_replay>, B<-no_anti_replay> + +Switches replay protection on or off, respectively. Replay protection is on by +default unless overridden by a configuration file. When it is on, OpenSSL will +automatically detect if a session ticket has been used more than once, TLSv1.3 +has been negotiated, and early data is enabled on the server. A full handshake +is forced if a session ticket is used a second or subsequent time. Any early +data that was sent will be rejected. + =back =head1 CONNECTED COMMANDS diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 4d3e9c2..4edd49c 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -211,6 +211,18 @@ that there will be no forward secrecy for the resumed session. enables strict mode protocol handling. Equivalent to setting B. +=item B<-anti_replay>, B<-no_anti_replay> + +Switches replay protection, on or off respectively. With replay protection on, +OpenSSL will automatically detect if a session ticket has been used more than +once, TLSv1.3 has been negotiated, and early data is enabled on the server. A +full handshake is forced if a session ticket is used a second or subsequent +time. Anti-Replay is on by default unless overridden by a configuration file and +is only used by servers. Anti-replay measures are required for compliance with +the TLSv1.3 specification. Some applications may be able to mitigate the replay +risks in other ways and in such cases the built-in OpenSSL functionality is not +required. Switching off anti-replay is equivalent to B. + =back =head1 SUPPORTED CONFIGURATION FILE COMMANDS @@ -441,6 +453,15 @@ middleboxes that do not understand TLSv1.3 will not drop the connection. This option is set by default. A future version of OpenSSL may not set this by default. Equivalent to B. +B: If set then OpenSSL will automatically detect if a session ticket +has been used more than once, TLSv1.3 has been negotiated, and early data is +enabled on the server. A full handshake is forced if a session ticket is used a +second or subsequent time. This option is set by default and is only used by +servers. Anti-replay measures are required to comply with the TLSv1.3 +specification. Some applications may be able to mitigate the replay risks in +other ways and in such cases the built-in OpenSSL functionality is not required. +Disabling anti-replay is equivalent to setting B. + =item B The B argument is a comma separated list of flags to set. diff --git a/doc/man3/SSL_CTX_set_options.pod b/doc/man3/SSL_CTX_set_options.pod index f04de32..ae5ca1b 100644 --- a/doc/man3/SSL_CTX_set_options.pod +++ b/doc/man3/SSL_CTX_set_options.pod @@ -226,6 +226,17 @@ this option is set or not CCS messages received from the peer will always be ignored in TLSv1.3. This option is set by default. To switch it off use SSL_clear_options(). A future version of OpenSSL may not set this by default. +=item SSL_OP_NO_ANTI_REPLAY + +By default, when a server is configured for early data (i.e., max_early_data > 0), +OpenSSL will switch on replay protection. See L for a +description of the replay protection feature. Anti-replay measures are required +to comply with the TLSv1.3 specification. Some applications may be able to +mitigate the replay risks in other ways and in such cases the built in OpenSSL +functionality is not required. Those applications can turn this feature off by +setting this option. This is a server-side opton only. It is ignored by +clients. + =back The following options no longer have any effect but their identifiers are diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 6a76ec2..cf6f757 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -10,7 +10,10 @@ SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, SSL_read_early_data, -SSL_get_early_data_status +SSL_get_early_data_status, +SSL_allow_early_data_cb_fn, +SSL_CTX_set_allow_early_data_cb, +SSL_set_allow_early_data_cb - functions for sending and receiving early data =head1 SYNOPSIS @@ -30,6 +33,16 @@ SSL_get_early_data_status int SSL_get_early_data_status(const SSL *s); + + typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); + + void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); + void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + =head1 DESCRIPTION These functions are used to send and receive early data where TLSv1.3 has been @@ -186,6 +199,20 @@ In the event that the current maximum early data setting for the server is different to that originally specified in a session that a client is resuming with then the lower of the two values will apply. +Some server applications may wish to have more control over whether early data +is accepted or not, for example to mitigate replay risks (see L +below) or to decline early_data when the server is heavily loaded. The functions +SSL_CTX_set_allow_early_data_cb() and SSL_set_allow_early_data_cb() set a +callback which is called at a point in the handshake immediately before a +decision is made to accept or reject early data. The callback is provided with a +pointer to the user data argument that was provided when the callback was first +set. Returning 1 from the callback will allow early data and returning 0 will +reject it. Note that the OpenSSL library may reject early data for other reasons +in which case this callback will not get called. Notably, the built-in replay +protection feature will still be used even if a callback is present unless it +has been explicitly disabled using the SSL_OP_NO_ANTI_REPLAY option. See +L below. + =head1 NOTES The whole purpose of early data is to enable a client to start sending data to @@ -252,6 +279,12 @@ The OpenSSL replay protection does not apply to external Pre Shared Keys (PSKs) (e.g. see SSL_CTX_set_psk_find_session_callback(3)). Therefore extreme caution should be applied when combining external PSKs with early data. +Some applications may mitigate the replay risks in other ways. For those +applications it is possible to turn off the built-in replay protection feature +using the B option. See L for +details. Applications can also set a callback to make decisions about accepting +early data or not. See SSL_CTX_set_allow_early_data_cb() above for details. + =head1 RETURN VALUES SSL_write_early_data() returns 1 for success or 0 for failure. In the event of a diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 943a8d6..bbcfb3c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -368,6 +368,12 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx); */ # define SSL_OP_TLS_ROLLBACK_BUG 0x00800000U +/* + * Switches off automatic TLSv1.3 anti-replay protection for early data. This + * is a server-side option only (no effect on the client). + */ +# define SSL_OP_NO_ANTI_REPLAY 0x01000000U + # define SSL_OP_NO_SSLv3 0x02000000U # define SSL_OP_NO_TLSv1 0x04000000U # define SSL_OP_NO_TLSv1_2 0x08000000U @@ -2383,13 +2389,19 @@ int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len); extern const char SSL_version_str[]; - - typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us); void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb); +typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg); +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg); +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + # ifdef __cplusplus } # endif diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 758f012..9c20270 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -383,7 +383,8 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION), SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX), SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA), - SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT) + SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT), + SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY) }; if (value == NULL) return -3; @@ -626,6 +627,8 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("strict", 0), SSL_CONF_CMD_SWITCH("no_middlebox", 0), + SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), SSL_CONF_CMD_STRING(Curves, "curves", 0), @@ -671,7 +674,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_TYPE_FILE), #endif SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0), - SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER) + SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER), }; /* Supported switches: must match order of switches in ssl_conf_cmds */ @@ -704,6 +707,10 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */ /* no_middlebox */ {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV}, + /* anti_replay */ + {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV}, + /* no_anti_replay */ + {SSL_OP_NO_ANTI_REPLAY, 0}, }; static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 6ced147..1387067 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -805,6 +805,9 @@ SSL *SSL_new(SSL_CTX *ctx) s->key_update = SSL_KEY_UPDATE_NONE; + s->allow_early_data_cb = ctx->allow_early_data_cb; + s->allow_early_data_cb_data = ctx->allow_early_data_cb_data; + if (!s->method->ssl_new(s)) goto err; @@ -3381,7 +3384,8 @@ void ssl_update_cache(SSL *s, int mode) if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0 && (!SSL_IS_TLS13(s) || !s->server - || s->max_early_data > 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0) || s->session_ctx->remove_session_cb != NULL || (s->options & SSL_OP_NO_TICKET) != 0)) SSL_CTX_add_session(s->session_ctx, s->session); @@ -5482,3 +5486,19 @@ int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx, ctx->ticket_cb_data = arg; return 1; } + +void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx, + SSL_allow_early_data_cb_fn cb, + void *arg) +{ + ctx->allow_early_data_cb = cb; + ctx->allow_early_data_cb_data = arg; +} + +void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg) +{ + s->allow_early_data_cb = cb; + s->allow_early_data_cb_data = arg; +} diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a4d1376..6a2edeb 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1047,6 +1047,10 @@ struct ssl_ctx_st { /* The number of TLS1.3 tickets to automatically send */ size_t num_tickets; + + /* Callback to determine if early_data is acceptable or not */ + SSL_allow_early_data_cb_fn allow_early_data_cb; + void *allow_early_data_cb_data; }; struct ssl_st { @@ -1205,6 +1209,7 @@ struct ssl_st { # endif SSL_psk_find_session_cb_func psk_find_session_cb; SSL_psk_use_session_cb_func psk_use_session_cb; + SSL_CTX *ctx; /* Verified chain of peer */ STACK_OF(X509) *verified_chain; @@ -1424,6 +1429,10 @@ struct ssl_st { size_t sent_tickets; /* The next nonce value to use when we send a ticket on this connection */ uint64_t next_ticket_nonce; + + /* Callback to determine if early_data is acceptable or not */ + SSL_allow_early_data_cb_fn allow_early_data_cb; + void *allow_early_data_cb_data; }; /* diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 496039e..5309b12 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -1622,7 +1622,10 @@ static int final_early_data(SSL *s, unsigned int context, int sent) || s->session->ext.tick_identity != 0 || s->early_data_state != SSL_EARLY_DATA_ACCEPTING || !s->ext.early_data_ok - || s->hello_retry_request != SSL_HRR_NONE) { + || s->hello_retry_request != SSL_HRR_NONE + || (s->ctx->allow_early_data_cb != NULL + && !s->ctx->allow_early_data_cb(s, + s->ctx->allow_early_data_cb_data))) { s->ext.early_data = SSL_EARLY_DATA_REJECTED; } else { s->ext.early_data = SSL_EARLY_DATA_ACCEPTED; diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index f58ed0b..ab38a4f 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1165,7 +1165,8 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, * is no point in using full stateless tickets. */ if ((s->options & SSL_OP_NO_TICKET) != 0 - || s->max_early_data > 0) + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)) ret = tls_get_stateful_ticket(s, &identity, &sess); else ret = tls_decrypt_ticket(s, PACKET_data(&identity), @@ -1189,6 +1190,7 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, /* Check for replay */ if (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0 && !SSL_CTX_remove_session(s->session_ctx, sess)) { SSL_SESSION_free(sess); sess = NULL; diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 26cd850..5c59eb8 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -4086,8 +4086,10 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there * is no point in using full stateless tickets. */ - if (((s->options & SSL_OP_NO_TICKET) != 0 || s->max_early_data > 0) - && SSL_IS_TLS13(s)) { + if (SSL_IS_TLS13(s) + && ((s->options & SSL_OP_NO_TICKET) != 0 + || (s->max_early_data > 0 + && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) { if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) { /* SSLfatal() already called */ goto err; diff --git a/test/sslapitest.c b/test/sslapitest.c index baf0881..6e08795 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1847,11 +1847,14 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, static int setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, SSL **clientssl, SSL **serverssl, SSL_SESSION **sess, int idx) { - if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, - sctx, cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_max_early_data(*sctx, - SSL3_RT_MAX_PLAIN_LENGTH))) + if (*sctx == NULL + && !TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, + sctx, cctx, cert, privkey))) + return 0; + + if (!TEST_true(SSL_CTX_set_max_early_data(*sctx, SSL3_RT_MAX_PLAIN_LENGTH))) return 0; if (idx == 1) { @@ -2156,12 +2159,65 @@ static int test_early_data_read_write(int idx) return testresult; } -static int test_early_data_replay(int idx) +static int allow_ed_cb_called = 0; + +static int allow_early_data_cb(SSL *s, void *arg) +{ + int *usecb = (int *)arg; + + allow_ed_cb_called++; + + if (*usecb == 1) + return 0; + + return 1; +} + +/* + * idx == 0: Standard early_data setup + * idx == 1: early_data setup using read_ahead + * usecb == 0: Don't use a custom early data callback + * usecb == 1: Use a custom early data callback and reject the early data + * usecb == 2: Use a custom early data callback and accept the early data + * confopt == 0: Configure anti-replay directly + * confopt == 1: Configure anti-replay using SSL_CONF + */ +static int test_early_data_replay_int(int idx, int usecb, int confopt) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; SSL_SESSION *sess = NULL; + size_t readbytes, written; + unsigned char buf[20]; + + allow_ed_cb_called = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, &sctx, + &cctx, cert, privkey))) + return 0; + + if (usecb > 0) { + if (confopt == 0) { + SSL_CTX_set_options(sctx, SSL_OP_NO_ANTI_REPLAY); + } else { + SSL_CONF_CTX *confctx = SSL_CONF_CTX_new(); + + if (!TEST_ptr(confctx)) + goto end; + SSL_CONF_CTX_set_flags(confctx, SSL_CONF_FLAG_FILE + | SSL_CONF_FLAG_SERVER); + SSL_CONF_CTX_set_ssl_ctx(confctx, sctx); + if (!TEST_int_eq(SSL_CONF_cmd(confctx, "Options", "-AntiReplay"), + 2)) { + SSL_CONF_CTX_free(confctx); + goto end; + } + SSL_CONF_CTX_free(confctx); + } + SSL_CTX_set_allow_early_data_cb(sctx, allow_early_data_cb, &usecb); + } if (!TEST_true(setupearly_data_test(&cctx, &sctx, &clientssl, &serverssl, &sess, idx))) @@ -2183,14 +2239,49 @@ static int test_early_data_replay(int idx) if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sess)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - /* - * This time we should not have resumed the session because we - * already used it once. - */ - || !TEST_false(SSL_session_reused(clientssl))) + || !TEST_true(SSL_set_session(clientssl, sess))) + goto end; + + /* Write and read some early data */ + if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), + &written)) + || !TEST_size_t_eq(written, strlen(MSG1))) + goto end; + + if (usecb <= 1) { + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + /* + * The ticket was reused, so the we should have rejected the + * early data + */ + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_REJECTED)) + goto end; + } else { + /* In this case the callback decides to accept the early data */ + if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_SUCCESS) + || !TEST_mem_eq(MSG1, strlen(MSG1), buf, readbytes) + /* + * Server will have sent its flight so client can now send + * end of early data and complete its half of the handshake + */ + || !TEST_int_gt(SSL_connect(clientssl), 0) + || !TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), + &readbytes), + SSL_READ_EARLY_DATA_FINISH) + || !TEST_int_eq(SSL_get_early_data_status(serverssl), + SSL_EARLY_DATA_ACCEPTED)) + goto end; + } + + /* Complete the connection */ + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)) + || !TEST_int_eq(SSL_session_reused(clientssl), (usecb > 0) ? 1 : 0) + || !TEST_int_eq(allow_ed_cb_called, usecb > 0 ? 1 : 0)) goto end; testresult = 1; @@ -2207,6 +2298,18 @@ static int test_early_data_replay(int idx) return testresult; } +static int test_early_data_replay(int idx) +{ + int ret = 1, usecb, confopt; + + for (usecb = 0; usecb < 3; usecb++) { + for (confopt = 0; confopt < 2; confopt++) + ret &= test_early_data_replay_int(idx, usecb, confopt); + } + + return ret; +} + /* * Helper function to test that a server attempting to read early data can * handle a connection from a client where the early data should be skipped. diff --git a/util/libssl.num b/util/libssl.num index 3495903..df6a71e 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -490,3 +490,5 @@ SSL_set_num_tickets 490 1_1_1 EXIST::FUNCTION: SSL_CTX_get_num_tickets 491 1_1_1 EXIST::FUNCTION: SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION: SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION: +SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION: diff --git a/util/private.num b/util/private.num index ac536a5..b90e33d 100644 --- a/util/private.num +++ b/util/private.num @@ -48,7 +48,9 @@ RAND_DRBG_cleanup_nonce_fn datatype RAND_DRBG_get_entropy_fn datatype RAND_DRBG_get_nonce_fn datatype RAND_poll_cb datatype +SSL_CTX_allow_early_data_cb_fn datatype SSL_CTX_keylog_cb_func datatype +SSL_allow_early_data_cb_fn datatype SSL_client_hello_cb_fn datatype SSL_psk_client_cb_func datatype SSL_psk_find_session_cb_func datatype From no-reply at appveyor.com Mon Jul 2 22:21:48 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 02 Jul 2018 22:21:48 +0000 Subject: [openssl-commits] Build failed: openssl master.18797 Message-ID: <20180702222148.1.8FED78E74DEF0A91@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 2 23:01:42 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 02 Jul 2018 23:01:42 +0000 Subject: [openssl-commits] Build completed: openssl master.18798 Message-ID: <20180702230142.1.1040B5A29DA7C53E@appveyor.com> An HTML attachment was scrubbed... URL: From paul.dale at oracle.com Tue Jul 3 04:50:47 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 03 Jul 2018 04:50:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530593447.842837.17050.nullmailer@dev.openssl.org> The branch master has been updated via c36b39b5cd685fc5eae84ece247e7873a27d8834 (commit) from 3bb5e5b09e32defefda2b61087c113203005ffa0 (commit) - Log ----------------------------------------------------------------- commit c36b39b5cd685fc5eae84ece247e7873a27d8834 Author: Pauli Date: Tue Jul 3 08:02:37 2018 +1000 Check for NULL conf in NCONF_get_number The problematic case falls back to a NULL conf which returns the result of getenv(2). If this returns NULL, everything was good. If this returns a string an attempt to convert it to a number is made using the function pointers from conf. This fix uses the strtol(3) function instead, we don't have the configuration settings and this behaves as the default would. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6632) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_lib.c | 11 +++++++---- test/conf_include_test.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index c72511b..5f976f3 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -292,10 +292,13 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, if (str == NULL) return 0; - for (*result = 0; conf->meth->is_number(conf, *str);) { - *result = (*result) * 10 + conf->meth->to_int(conf, *str); - str++; - } + if (conf == NULL) + *result = strtol(str, &str, 10); + else + for (*result = 0; conf->meth->is_number(conf, *str);) { + *result = (*result) * 10 + conf->meth->to_int(conf, *str); + str++; + } return 1; } diff --git a/test/conf_include_test.c b/test/conf_include_test.c index 7f99d3b..ba79d2c 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -123,6 +123,36 @@ static int test_load_config(void) return 1; } +static int test_check_null_numbers(void) +{ +#if defined(_BSD_SOURCE) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \ + || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) + long val = 0; + + /* Verify that a NULL config with a present environment variable returns + * success and the value. + */ + if (!TEST_int_eq(setenv("FNORD", "123", 1), 0) + || !TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val)) + || !TEST_long_eq(val, 123)) { + TEST_note("environment variable with NULL conf failed"); + return 0; + } + + /* + * Verify that a NULL config with a missing envrionment variable returns + * a failure code. + */ + if (!TEST_int_eq(unsetenv("FNORD"), 0) + || !TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val))) { + TEST_note("missing environment variable with NULL conf failed"); + return 0; + } +#endif + return 1; +} + int setup_tests(void) { const char *conf_file; @@ -150,6 +180,7 @@ int setup_tests(void) change_path(conf_file); ADD_TEST(test_load_config); + ADD_TEST(test_check_null_numbers); return 1; } From matt at openssl.org Tue Jul 3 08:49:21 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 03 Jul 2018 08:49:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530607761.403487.15329.nullmailer@dev.openssl.org> The branch master has been updated via 4cb004573a28fe5f8f8d95dc9407e0fe9df6f14c (commit) via 1f1563216d6827e1dc8212795344c82e0f5d5933 (commit) from c36b39b5cd685fc5eae84ece247e7873a27d8834 (commit) - Log ----------------------------------------------------------------- commit 4cb004573a28fe5f8f8d95dc9407e0fe9df6f14c Author: Matt Caswell Date: Tue Jun 26 18:07:56 2018 +0100 Remove TLSv1.3 tickets from the client cache as we use them Tickets are supposed to be single use so we remove them from the cache on use. Fixes #6377 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6601) commit 1f1563216d6827e1dc8212795344c82e0f5d5933 Author: Matt Caswell Date: Tue Jun 26 18:06:45 2018 +0100 Restore behaviour from commit 36ff232cf that was incorrectly removed In TLSv1.2 and below we should remove an old session from the client session cache in the event that we receive a new session ticket from the server. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6601) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_clnt.c | 12 ++++++++++++ ssl/statem/statem_lib.c | 19 ++++++++++++++----- test/sslapitest.c | 5 +++-- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index ff35384..88c3437 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -2591,6 +2591,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) */ if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) { SSL_SESSION *new_sess; + /* * We reused an existing session, so we need to replace it with a new * one @@ -2602,6 +2603,16 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) goto err; } + if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0 + && !SSL_IS_TLS13(s)) { + /* + * In TLSv1.2 and below the arrival of a new tickets signals that + * any old ticket we were using is now out of date, so we remove the + * old session from the cache. We carry on if this fails + */ + SSL_CTX_remove_session(s->session_ctx, s->session); + } + SSL_SESSION_free(s->session); s->session = new_sess; } @@ -2671,6 +2682,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt) goto err; } s->session->session_id_length = sess_len; + s->session->not_resumable = 0; /* This is a standalone message in TLSv1.3, so there is no more to read */ if (SSL_IS_TLS13(s)) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 91d304e..61fc3ca 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1068,12 +1068,21 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop) dtls1_start_timer(s); } } else { - /* - * In TLSv1.3 we update the cache as part of processing the - * NewSessionTicket - */ - if (!SSL_IS_TLS13(s)) + if (SSL_IS_TLS13(s)) { + /* + * We encourage applications to only use TLSv1.3 tickets once, + * so we remove this one from the cache. + */ + if ((s->session_ctx->session_cache_mode + & SSL_SESS_CACHE_CLIENT) != 0) + SSL_CTX_remove_session(s->session_ctx, s->session); + } else { + /* + * In TLSv1.3 we update the cache as part of processing the + * NewSessionTicket + */ ssl_update_cache(s, SSL_SESS_CACHE_CLIENT); + } if (s->hit) CRYPTO_atomic_add(&s->session_ctx->stats.sess_hit, 1, &discard, s->session_ctx->lock); diff --git a/test/sslapitest.c b/test/sslapitest.c index 6e08795..598b02a 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -944,11 +944,12 @@ static int execute_test_session(int maxprot, int use_int_cache, if (maxprot == TLS1_3_VERSION) { /* * In TLSv1.3 we should have created a new session even though we have - * resumed. + * resumed. Since we attempted a resume we should also have removed the + * old ticket from the cache so that we try to only use tickets once. */ if (use_ext_cache && (!TEST_int_eq(new_called, 1) - || !TEST_int_eq(remove_called, 0))) + || !TEST_int_eq(remove_called, 1))) goto end; } else { /* From matt at openssl.org Tue Jul 3 10:24:13 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 03 Jul 2018 10:24:13 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530613453.504737.19763.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 9d4167241c8fa15b3ae77651109aac7fa66ac17b (commit) from 1e8cb18d499604c1766bfcec23a358888eaf6551 (commit) - Log ----------------------------------------------------------------- commit 9d4167241c8fa15b3ae77651109aac7fa66ac17b Author: Matt Caswell Date: Mon Jul 2 14:09:03 2018 +0100 Don't create an invalid CertificateRequest We should validate that the various fields we put into the CertificateRequest are not too long. Otherwise we will construct an invalid message. Fixes #6609 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6628) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 2 ++ ssl/statem/statem_srvr.c | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f5b03df..374fa0e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -164,6 +164,8 @@ (c)[1]=(unsigned char)(((l)>> 8)&0xff), \ (c)[2]=(unsigned char)(((l) )&0xff)),(c)+=3) +# define SSL_MAX_2_BYTE_LEN (0xffff) + /* * DTLS version numbers are strange because they're inverted. Except for * DTLS1_BAD_VER, which should be considered "lower" than the rest. diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 10301f1..378eae2 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -2006,6 +2006,11 @@ int tls_construct_certificate_request(SSL *s) const unsigned char *psigs; unsigned char *etmp = p; nl = tls12_get_psigalgs(s, 1, &psigs); + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } /* Skip over length for now */ p += 2; nl = tls12_copy_sigalgs(s, p, psigs, nl); @@ -2025,6 +2030,11 @@ int tls_construct_certificate_request(SSL *s) for (i = 0; i < sk_X509_NAME_num(sk); i++) { name = sk_X509_NAME_value(sk, i); j = i2d_X509_NAME(name, NULL); + if (j > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } if (!BUF_MEM_grow_clean(buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) { SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_BUF_LIB); goto err; @@ -2034,6 +2044,11 @@ int tls_construct_certificate_request(SSL *s) i2d_X509_NAME(name, &p); n += 2 + j; nl += 2 + j; + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } } } /* else no CA names */ From matt at openssl.org Tue Jul 3 10:27:39 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 03 Jul 2018 10:27:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1530613659.899816.21715.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 434af36f9778abe274bb637396f60977fbee98d2 (commit) from 2c739f72e5236a8e0c351c00047c77083dcdb77f (commit) - Log ----------------------------------------------------------------- commit 434af36f9778abe274bb637396f60977fbee98d2 Author: Matt Caswell Date: Mon Jul 2 14:09:03 2018 +0100 Don't create an invalid CertificateRequest We should validate that the various fields we put into the CertificateRequest are not too long. Otherwise we will construct an invalid message. Fixes #6609 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6629) ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 15 +++++++++++++++ ssl/ssl.h | 1 + ssl/ssl_locl.h | 2 ++ 3 files changed, 18 insertions(+) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 753b804..a8d5125 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2091,6 +2091,11 @@ int ssl3_send_certificate_request(SSL *s) if (SSL_USE_SIGALGS(s)) { const unsigned char *psigs; nl = tls12_get_psigalgs(s, 1, &psigs); + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } s2n(nl, p); memcpy(p, psigs, nl); p += nl; @@ -2107,6 +2112,11 @@ int ssl3_send_certificate_request(SSL *s) for (i = 0; i < sk_X509_NAME_num(sk); i++) { name = sk_X509_NAME_value(sk, i); j = i2d_X509_NAME(name, NULL); + if (j > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } if (!BUF_MEM_grow_clean (buf, SSL_HM_HEADER_LENGTH(s) + n + j + 2)) { SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, @@ -2128,6 +2138,11 @@ int ssl3_send_certificate_request(SSL *s) n += j; nl += j; } + if (nl > SSL_MAX_2_BYTE_LEN) { + SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST, + SSL_R_LENGTH_TOO_LONG); + goto err; + } } } /* else no CA names */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 30a9471..7efb8c7 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2954,6 +2954,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_KRB5_S_TKT_NYV 294 # define SSL_R_KRB5_S_TKT_SKEW 295 # define SSL_R_LENGTH_MISMATCH 159 +# define SSL_R_LENGTH_TOO_LONG 404 # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 # define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index aeffc00..11115e3 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -259,6 +259,8 @@ c[1]=(unsigned char)(((l)>> 8)&0xff), \ c[2]=(unsigned char)(((l) )&0xff)),c+=3) +# define SSL_MAX_2_BYTE_LEN (0xffff) + /* LOCAL STUFF */ # define SSL_DECRYPT 0 From openssl at openssl.org Tue Jul 3 11:17:39 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 03 Jul 2018 11:17:39 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1530616659.320590.9078.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: 3bb5e5b Add the ability to configure anti-replay via SSL_CONF 5a42141 Add a test for the new early data callback dc7a354 Document the new early data callback and option c959845 Add setters to set the early_data callback 5d263fb Make the anti-replay feature optional b6ff436 Fix a NULL ptr deref in error path in tls_process_cke_dhe() 5281bb2 Address coverity-reported NULL dereference in SSL_SESSION_print() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1267, 231 wallclock secs ( 1.61 usr 0.30 sys + 208.51 cusr 8.22 csys = 218.64 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 3 11:56:37 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 03 Jul 2018 11:56:37 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1530618997.475976.29804.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: 3bb5e5b Add the ability to configure anti-replay via SSL_CONF 5a42141 Add a test for the new early data callback dc7a354 Document the new early data callback and option c959845 Add setters to set the early_data callback 5d263fb Make the anti-replay feature optional b6ff436 Fix a NULL ptr deref in error path in tls_process_cke_dhe() 5281bb2 Address coverity-reported NULL dereference in SSL_SESSION_print() Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1267, 232 wallclock secs ( 1.70 usr 0.29 sys + 209.22 cusr 9.18 csys = 220.39 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From rsalz at openssl.org Tue Jul 3 15:35:31 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 03 Jul 2018 15:35:31 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1530632131.442133.14044.nullmailer@dev.openssl.org> The branch master has been updated via 3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit) from 108c503eb0e909259ef0f1f68a07e74752c2f9a3 (commit) - Log ----------------------------------------------------------------- commit 3c0d5cabf30bc2367a5574b3b9bfd5639396533f Author: Rich Salz Date: Tue Jul 3 11:35:17 2018 -0400 Fix NIST links, remove 2473. Also remove some "political" content. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/63) ----------------------------------------------------------------------- Summary of changes: docs/fips.html | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/docs/fips.html b/docs/fips.html index 8c67a04..5c9b3ec 100644 --- a/docs/fips.html +++ b/docs/fips.html @@ -10,15 +10,10 @@

FIPS-140

-

For a basic introduction, - see below. Thanks to multiple platform - sponsorships, the 2.0 validations include the largest number of - formally tested platforms for any validated module.

-

The most recent open source based validation of a cryptographic - module (Module) compatible with the OpenSSL 1.0.1 and 1.0.2 - libraries is v2.0.16, FIPS 140-2 certificate #1747. + module (Module) compatible with the OpenSSL 1.0.2 + is v2.0.16, FIPS 140-2 certificate #1747. This Module is documented in the 2.0 User Guide; the source code, @@ -26,12 +21,10 @@ are also available.

- For convoluted bureaucratic reasons, the same module is also - available under the validations #2398 - (revision 2.0.16) and #2473 - (revision 2.0.10). + For various bureaucratic reasons, the same module is also + available as validation #2398 + (revision 2.0.16).

@@ -69,14 +62,18 @@ instructions) for your platform, then you can use it as validated cryptography on a "vendor affirmed" basis. -

  • If even the tiniest source code or build process changes are - required for your intended application, you cannot use the open +
  • If even a single line of the source code or build process + has to be changed + for your intended application, you cannot use the open source based validated module directly. You must obtain your own validation.
  • None of the validations will work with OpenSSL 1.1.0 or later.
  • +
  • We are starting work on a new validation based on the + upcoming 1.1.1 release.
  • +
    From appro at openssl.org Tue Jul 3 17:02:27 2018 From: appro at openssl.org (Andy Polyakov) Date: Tue, 03 Jul 2018 17:02:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530637347.406115.17266.nullmailer@dev.openssl.org> The branch master has been updated via d5487a454c485eb6f9aef7fb0cb1c0681a06fd25 (commit) via b068a9b914887af5cc99895754412582fbb0e10b (commit) from 4cb004573a28fe5f8f8d95dc9407e0fe9df6f14c (commit) - Log ----------------------------------------------------------------- commit d5487a454c485eb6f9aef7fb0cb1c0681a06fd25 Author: Andy Polyakov Date: Mon Jul 2 13:16:33 2018 +0200 chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs. The 128-byte vectors are extensively used in chacha20_poly1305_tls_cipher and dedicated code path is ~30-50% faster on most platforms. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6626) commit b068a9b914887af5cc99895754412582fbb0e10b Author: Andy Polyakov Date: Mon Jul 2 13:12:49 2018 +0200 perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata. Hexadecimals were erroneously recognized as symbols in .xdata. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6626) ----------------------------------------------------------------------- Summary of changes: crypto/chacha/asm/chacha-x86_64.pl | 295 +++++++++++++++++++++++++++---------- crypto/perlasm/x86_64-xlate.pl | 2 +- 2 files changed, 222 insertions(+), 75 deletions(-) diff --git a/crypto/chacha/asm/chacha-x86_64.pl b/crypto/chacha/asm/chacha-x86_64.pl index 51bb6a9..b54f3b1 100755 --- a/crypto/chacha/asm/chacha-x86_64.pl +++ b/crypto/chacha/asm/chacha-x86_64.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -28,33 +28,32 @@ # # Performance in cycles per byte out of large buffer. # -# IALU/gcc 4.8(i) 1xSSSE3/SSE2 4xSSSE3 NxAVX(v) +# IALU/gcc 4.8(i) 1x/2xSSSE3(ii) 4xSSSE3 NxAVX(v) # -# P4 9.48/+99% -/22.7(ii) - -# Core2 7.83/+55% 7.90/8.08 4.35 -# Westmere 7.19/+50% 5.60/6.70 3.00 -# Sandy Bridge 8.31/+42% 5.45/6.76 2.72 -# Ivy Bridge 6.71/+46% 5.40/6.49 2.41 -# Haswell 5.92/+43% 5.20/6.45 2.42 1.23 -# Skylake[-X] 5.87/+39% 4.70/- 2.31 1.19[0.80(vi)] -# Silvermont 12.0/+33% 7.75/7.40 7.03(iii) -# Knights L 11.7/- - 9.60(iii) 0.80 -# Goldmont 10.6/+17% 5.10/- 3.28 -# Sledgehammer 7.28/+52% -/14.2(ii) - -# Bulldozer 9.66/+28% 9.85/11.1 3.06(iv) -# Ryzen 5.96/+50% 5.19/- 2.40 2.09 -# VIA Nano 10.5/+46% 6.72/8.60 6.05 +# P4 9.48/+99% - - +# Core2 7.83/+55% 7.90/5.76 4.35 +# Westmere 7.19/+50% 5.60/4.50 3.00 +# Sandy Bridge 8.31/+42% 5.45/4.00 2.72 +# Ivy Bridge 6.71/+46% 5.40/? 2.41 +# Haswell 5.92/+43% 5.20/3.45 2.42 1.23 +# Skylake[-X] 5.87/+39% 4.70/3.22 2.31 1.19[0.80(vi)] +# Silvermont 12.0/+33% 7.75/6.90 7.03(iii) +# Knights L 11.7/- ? 9.60(iii) 0.80 +# Goldmont 10.6/+17% 5.10/3.52 3.28 +# Sledgehammer 7.28/+52% - - +# Bulldozer 9.66/+28% 9.85/5.35(iv) 3.06(iv) +# Ryzen 5.96/+50% 5.19/3.00 2.40 2.09 +# VIA Nano 10.5/+46% 6.72/6.88 6.05 # # (i) compared to older gcc 3.x one can observe >2x improvement on # most platforms; -# (ii) as it can be seen, SSE2 performance is too low on legacy -# processors; NxSSE2 results are naturally better, but not -# impressively better than IALU ones, which is why you won't -# find SSE2 code below; +# (ii) 2xSSSE3 is code path optimized specifically for 128 bytes used +# by chacha20_poly1305_tls_cipher, results are EVP-free; # (iii) this is not optimal result for Atom because of MSROM # limitations, SSE2 can do better, but gain is considered too # low to justify the [maintenance] effort; -# (iv) Bulldozer actually executes 4xXOP code path that delivers 2.20; +# (iv) Bulldozer actually executes 4xXOP code path that delivers 2.20 +# and 4.85 for 128-byte inputs; # (v) 8xAVX2, 8xAVX512VL or 16xAVX512F, whichever best applicable; # (vi) even though Skylake-X can execute AVX512F code and deliver 0.57 # cpb in single thread, the corresponding capability is suppressed; @@ -489,6 +488,7 @@ $code.=<<___ if ($avx); ___ $code.=<<___; cmp \$128,$len # we might throw away some data, + je .LChaCha20_128 ja .LChaCha20_4x # but overall it won't be slower .Ldo_sse3_after_all: @@ -606,6 +606,172 @@ ___ } ######################################################################## +# SSSE3 code path that handles 128-byte inputs +{ +my ($a,$b,$c,$d,$t,$t1,$rot16,$rot24)=map("%xmm$_",(8,9,2..7)); +my ($a1,$b1,$c1,$d1)=map("%xmm$_",(10,11,0,1)); + +sub SSSE3ROUND_2x { + &paddd ($a,$b); + &pxor ($d,$a); + &paddd ($a1,$b1); + &pxor ($d1,$a1); + &pshufb ($d,$rot16); + &pshufb($d1,$rot16); + + &paddd ($c,$d); + &paddd ($c1,$d1); + &pxor ($b,$c); + &pxor ($b1,$c1); + &movdqa ($t,$b); + &psrld ($b,20); + &movdqa($t1,$b1); + &pslld ($t,12); + &psrld ($b1,20); + &por ($b,$t); + &pslld ($t1,12); + &por ($b1,$t1); + + &paddd ($a,$b); + &pxor ($d,$a); + &paddd ($a1,$b1); + &pxor ($d1,$a1); + &pshufb ($d,$rot24); + &pshufb($d1,$rot24); + + &paddd ($c,$d); + &paddd ($c1,$d1); + &pxor ($b,$c); + &pxor ($b1,$c1); + &movdqa ($t,$b); + &psrld ($b,25); + &movdqa($t1,$b1); + &pslld ($t,7); + &psrld ($b1,25); + &por ($b,$t); + &pslld ($t1,7); + &por ($b1,$t1); +} + +my $xframe = $win64 ? 0x68 : 8; + +$code.=<<___; +.type ChaCha20_128,\@function,5 +.align 32 +ChaCha20_128: +.cfi_startproc +.LChaCha20_128: + mov %rsp,%r9 # frame pointer +.cfi_def_cfa_register %r9 + sub \$64+$xframe,%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,-0x68(%r9) + movaps %xmm7,-0x58(%r9) + movaps %xmm8,-0x48(%r9) + movaps %xmm9,-0x38(%r9) + movaps %xmm10,-0x28(%r9) + movaps %xmm11,-0x18(%r9) +.L128_body: +___ +$code.=<<___; + movdqa .Lsigma(%rip),$a + movdqu ($key),$b + movdqu 16($key),$c + movdqu ($counter),$d + movdqa .Lone(%rip),$d1 + movdqa .Lrot16(%rip),$rot16 + movdqa .Lrot24(%rip),$rot24 + + movdqa $a,$a1 + movdqa $a,0x00(%rsp) + movdqa $b,$b1 + movdqa $b,0x10(%rsp) + movdqa $c,$c1 + movdqa $c,0x20(%rsp) + paddd $d,$d1 + movdqa $d,0x30(%rsp) + mov \$10,$counter # reuse $counter + jmp .Loop_128 + +.align 32 +.Loop_128: +___ + &SSSE3ROUND_2x(); + &pshufd ($c,$c,0b01001110); + &pshufd ($b,$b,0b00111001); + &pshufd ($d,$d,0b10010011); + &pshufd ($c1,$c1,0b01001110); + &pshufd ($b1,$b1,0b00111001); + &pshufd ($d1,$d1,0b10010011); + + &SSSE3ROUND_2x(); + &pshufd ($c,$c,0b01001110); + &pshufd ($b,$b,0b10010011); + &pshufd ($d,$d,0b00111001); + &pshufd ($c1,$c1,0b01001110); + &pshufd ($b1,$b1,0b10010011); + &pshufd ($d1,$d1,0b00111001); + + &dec ($counter); + &jnz (".Loop_128"); + +$code.=<<___; + paddd 0x00(%rsp),$a + paddd 0x10(%rsp),$b + paddd 0x20(%rsp),$c + paddd 0x30(%rsp),$d + paddd .Lone(%rip),$d1 + paddd 0x00(%rsp),$a1 + paddd 0x10(%rsp),$b1 + paddd 0x20(%rsp),$c1 + paddd 0x30(%rsp),$d1 + + movdqu 0x00($inp),$t + movdqu 0x10($inp),$t1 + pxor $t,$a # xor with input + movdqu 0x20($inp),$t + pxor $t1,$b + movdqu 0x30($inp),$t1 + pxor $t,$c + movdqu 0x40($inp),$t + pxor $t1,$d + movdqu 0x50($inp),$t1 + pxor $t,$a1 + movdqu 0x60($inp),$t + pxor $t1,$b1 + movdqu 0x70($inp),$t1 + pxor $t,$c1 + pxor $t1,$d1 + + movdqu $a,0x00($out) # write output + movdqu $b,0x10($out) + movdqu $c,0x20($out) + movdqu $d,0x30($out) + movdqu $a1,0x40($out) + movdqu $b1,0x50($out) + movdqu $c1,0x60($out) + movdqu $d1,0x70($out) +___ +$code.=<<___ if ($win64); + movaps -0x68(%r9),%xmm6 + movaps -0x58(%r9),%xmm7 + movaps -0x48(%r9),%xmm8 + movaps -0x38(%r9),%xmm9 + movaps -0x28(%r9),%xmm10 + movaps -0x18(%r9),%xmm11 +___ +$code.=<<___; + lea (%r9),%rsp +.cfi_def_cfa_register %rsp +.L128_epilogue: + ret +.cfi_endproc +.size ChaCha20_128,.-ChaCha20_128 +___ +} + +######################################################################## # SSSE3 code path that handles longer messages. { # assign variables to favor Atom front-end @@ -3674,9 +3840,9 @@ se_handler: ret .size se_handler,.-se_handler -.type ssse3_handler,\@abi-omnipotent +.type simd_handler,\@abi-omnipotent .align 16 -ssse3_handler: +simd_handler: push %rsi push %rdi push %rbx @@ -3702,57 +3868,20 @@ ssse3_handler: mov 192($context),%rax # pull context->R9 mov 4(%r11),%r10d # HandlerData[1] + mov 8(%r11),%ecx # HandlerData[2] lea (%rsi,%r10),%r10 # epilogue label cmp %r10,%rbx # context->Rip>=epilogue label jae .Lcommon_seh_tail - lea -0x28(%rax),%rsi + neg %rcx + lea -8(%rax,%rcx),%rsi lea 512($context),%rdi # &context.Xmm6 - mov \$4,%ecx + neg %ecx + shr \$3,%ecx .long 0xa548f3fc # cld; rep movsq jmp .Lcommon_seh_tail -.size ssse3_handler,.-ssse3_handler - -.type full_handler,\@abi-omnipotent -.align 16 -full_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - mov 8($disp),%rsi # disp->ImageBase - mov 56($disp),%r11 # disp->HandlerData - - mov 0(%r11),%r10d # HandlerData[0] - lea (%rsi,%r10),%r10 # prologue label - cmp %r10,%rbx # context->RipR9 - - mov 4(%r11),%r10d # HandlerData[1] - lea (%rsi,%r10),%r10 # epilogue label - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lcommon_seh_tail - - lea -0xa8(%rax),%rsi - lea 512($context),%rdi # &context.Xmm6 - mov \$20,%ecx - .long 0xa548f3fc # cld; rep movsq - - jmp .Lcommon_seh_tail -.size full_handler,.-full_handler +.size simd_handler,.-simd_handler .section .pdata .align 4 @@ -3764,6 +3893,10 @@ full_handler: .rva .LSEH_end_ChaCha20_ssse3 .rva .LSEH_info_ChaCha20_ssse3 + .rva .LSEH_begin_ChaCha20_128 + .rva .LSEH_end_ChaCha20_128 + .rva .LSEH_info_ChaCha20_128 + .rva .LSEH_begin_ChaCha20_4x .rva .LSEH_end_ChaCha20_4x .rva .LSEH_info_ChaCha20_4x @@ -3804,46 +3937,60 @@ $code.=<<___; .LSEH_info_ChaCha20_ssse3: .byte 9,0,0,0 - .rva ssse3_handler + .rva simd_handler .rva .Lssse3_body,.Lssse3_epilogue + .long 0x20,0 + +.LSEH_info_ChaCha20_128: + .byte 9,0,0,0 + .rva simd_handler + .rva .L128_body,.L128_epilogue + .long 0x60,0 .LSEH_info_ChaCha20_4x: .byte 9,0,0,0 - .rva full_handler + .rva simd_handler .rva .L4x_body,.L4x_epilogue + .long 0xa0,0 ___ $code.=<<___ if ($avx); .LSEH_info_ChaCha20_4xop: .byte 9,0,0,0 - .rva full_handler + .rva simd_handler .rva .L4xop_body,.L4xop_epilogue # HandlerData[] + .long 0xa0,0 ___ $code.=<<___ if ($avx>1); .LSEH_info_ChaCha20_8x: .byte 9,0,0,0 - .rva full_handler + .rva simd_handler .rva .L8x_body,.L8x_epilogue # HandlerData[] + .long 0xa0,0 ___ $code.=<<___ if ($avx>2); .LSEH_info_ChaCha20_avx512: .byte 9,0,0,0 - .rva ssse3_handler + .rva simd_handler .rva .Lavx512_body,.Lavx512_epilogue # HandlerData[] + .long 0x20,0 .LSEH_info_ChaCha20_avx512vl: .byte 9,0,0,0 - .rva ssse3_handler + .rva simd_handler .rva .Lavx512vl_body,.Lavx512vl_epilogue # HandlerData[] + .long 0x20,0 .LSEH_info_ChaCha20_16x: .byte 9,0,0,0 - .rva full_handler + .rva simd_handler .rva .L16x_body,.L16x_epilogue # HandlerData[] + .long 0xa0,0 .LSEH_info_ChaCha20_8xvl: .byte 9,0,0,0 - .rva full_handler + .rva simd_handler .rva .L8xvl_body,.L8xvl_epilogue # HandlerData[] + .long 0xa0,0 ___ } diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl index eac21c1..0bde5ee 100755 --- a/crypto/perlasm/x86_64-xlate.pl +++ b/crypto/perlasm/x86_64-xlate.pl @@ -877,7 +877,7 @@ my %globals; $var=~s/^(0b[0-1]+)/oct($1)/eig; $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm); if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva")) - { $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } + { $var=~s/^([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } $var; }; From rsalz at openssl.org Tue Jul 3 17:35:30 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 03 Jul 2018 17:35:30 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530639330.931360.28836.nullmailer@dev.openssl.org> The branch master has been updated via dfee8626a8f6c1e23ab270a6fc20b4d1ba145392 (commit) from d5487a454c485eb6f9aef7fb0cb1c0681a06fd25 (commit) - Log ----------------------------------------------------------------- commit dfee8626a8f6c1e23ab270a6fc20b4d1ba145392 Author: Rich Salz Date: Tue Jul 3 12:45:14 2018 -0400 Fix some issues found by Denian's lintian tool Also fix some L<> labels and =item entries found while doing this. Reviewed-by: Richard Levitte Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6630) ----------------------------------------------------------------------- Summary of changes: doc/man1/ciphers.pod | 2 +- doc/man1/cms.pod | 7 +-- doc/man1/dsa.pod | 2 +- doc/man1/gendsa.pod | 2 +- doc/man1/genpkey.pod | 12 ++--- doc/man1/genrsa.pod | 2 +- doc/man1/openssl.pod | 123 +++++++++++++++++++++++++------------------------- doc/man1/passwd.pod | 12 +++-- doc/man1/pkcs8.pod | 4 +- doc/man1/rsa.pod | 2 +- doc/man1/s_client.pod | 2 +- doc/man1/s_server.pod | 3 +- doc/man1/spkac.pod | 11 +++-- doc/man1/ts.pod | 10 ++-- 14 files changed, 101 insertions(+), 93 deletions(-) diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index 3786e9a..e3278eb 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -113,7 +113,7 @@ TLSv1.2 and below ciphersuites that have been configured. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By default this value is: -"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" + TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256 =item B diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod index 4620561..60ee3b5 100644 --- a/doc/man1/cms.pod +++ b/doc/man1/cms.pod @@ -83,7 +83,8 @@ B B [B<-signer file>] [B<-recip file>] [B<-keyid>] -[B<-receipt_request_all -receipt_request_first>] +[B<-receipt_request_all>] +[B<-receipt_request_first>] [B<-receipt_request_from emailaddress>] [B<-receipt_request_to emailaddress>] [B<-receipt_request_print>] @@ -304,7 +305,7 @@ default digest algorithm for the signing key will be used (usually SHA1). The encryption algorithm to use. For example triple DES (168 bits) - B<-des3> or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the EVP_get_cipherbyname() function) can also be used preceded by a dash, for -example B<-aes-128-cbc>. See L|enc(1)> for a list of ciphers +example B<-aes-128-cbc>. See L for a list of ciphers supported by your version of OpenSSL. If not specified triple DES is used. Only used with B<-encrypt> and @@ -403,7 +404,7 @@ Use subject key identifier to identify certificates instead of issuer name and serial number. The supplied certificate B include a subject key identifier extension. Supported by B<-sign> and B<-encrypt> options. -=item B<-receipt_request_all -receipt_request_first> +=item B<-receipt_request_all>, B<-receipt_request_first> For B<-sign> option include a signed receipt request. Indicate requests should be provided by all recipient or first tier recipients (those mailed directly diff --git a/doc/man1/dsa.pod b/doc/man1/dsa.pod index 2428879..a4dcc56 100644 --- a/doc/man1/dsa.pod +++ b/doc/man1/dsa.pod @@ -89,7 +89,7 @@ filename. The output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. diff --git a/doc/man1/gendsa.pod b/doc/man1/gendsa.pod index 7984b74..1cbd3f4 100644 --- a/doc/man1/gendsa.pod +++ b/doc/man1/gendsa.pod @@ -45,7 +45,7 @@ Print out a usage message. Output the key to the specified file. If this argument is not specified then standard output is used. -=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with specified cipher before outputting it. A pass phrase is prompted for. diff --git a/doc/man1/genpkey.pod b/doc/man1/genpkey.pod index cdf2173..fa62973 100644 --- a/doc/man1/genpkey.pod +++ b/doc/man1/genpkey.pod @@ -261,13 +261,13 @@ Encrypt output private key using 128 bit AES and the passphrase "hello": Generate a 2048 bit RSA key using 3 as the public exponent: - openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048 \ - -pkeyopt rsa_keygen_pubexp:3 + openssl genpkey -algorithm RSA -out key.pem \ + -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 Generate 2048 bit DSA parameters: openssl genpkey -genparam -algorithm DSA -out dsap.pem \ - -pkeyopt dsa_paramgen_bits:2048 + -pkeyopt dsa_paramgen_bits:2048 Generate DSA key from parameters: @@ -276,13 +276,13 @@ Generate DSA key from parameters: Generate 2048 bit DH parameters: openssl genpkey -genparam -algorithm DH -out dhp.pem \ - -pkeyopt dh_paramgen_prime_len:2048 + -pkeyopt dh_paramgen_prime_len:2048 Generate 2048 bit X9.42 DH parameters: openssl genpkey -genparam -algorithm DH -out dhpx.pem \ - -pkeyopt dh_paramgen_prime_len:2048 \ - -pkeyopt dh_paramgen_type:1 + -pkeyopt dh_paramgen_prime_len:2048 \ + -pkeyopt dh_paramgen_type:1 Output RFC5114 2048 bit DH parameters with 224 bit subgroup: diff --git a/doc/man1/genrsa.pod b/doc/man1/genrsa.pod index 25562dc..638deba 100644 --- a/doc/man1/genrsa.pod +++ b/doc/man1/genrsa.pod @@ -53,7 +53,7 @@ standard output is used. The output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with specified cipher before outputting it. If none of these options is diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index a713269..c656a34 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -77,161 +77,160 @@ B, or BI itself.) =over 4 -=item L|asn1parse(1)> +=item B Parse an ASN.1 sequence. -=item L|ca(1)> +=item B Certificate Authority (CA) Management. -=item L|ciphers(1)> +=item B Cipher Suite Description Determination. -=item L|cms(1)> +=item B CMS (Cryptographic Message Syntax) utility. -=item L|crl(1)> +=item B Certificate Revocation List (CRL) Management. -=item L|crl2pkcs7(1)> +=item B CRL to PKCS#7 Conversion. -=item L|dgst(1)> +=item B Message Digest Calculation. =item B Diffie-Hellman Parameter Management. -Obsoleted by L|dhparam(1)>. +Obsoleted by L. -=item L|dhparam(1)> +=item B Generation and Management of Diffie-Hellman Parameters. Superseded by -L|genpkey(1)> and L|pkeyparam(1)>. +L and L. -=item L|dsa(1)> +=item B DSA Data Management. -=item L|dsaparam(1)> +=item B DSA Parameter Generation and Management. Superseded by -L|genpkey(1)> and L|pkeyparam(1)>. +L and L. -=item L|ec(1)> +=item B EC (Elliptic curve) key processing. -=item L|ecparam(1)> +=item B EC parameter manipulation and generation. -=item L|enc(1)> +=item B Encoding with Ciphers. -=item L|engine(1)> +=item B Engine (loadable module) information and manipulation. -=item L|errstr(1)> +=item B Error Number to Error String Conversion. =item B Generation of Diffie-Hellman Parameters. -Obsoleted by L|dhparam(1)>. +Obsoleted by L. -=item L|gendsa(1)> +=item B Generation of DSA Private Key from Parameters. Superseded by -L|genpkey(1)> and L|pkey(1)>. +L and L. -=item L|genpkey(1)> +=item B Generation of Private Key or Parameters. -=item L|genrsa(1)> +=item B -Generation of RSA Private Key. Superseded by L|genpkey(1)>. +Generation of RSA Private Key. Superseded by L. -=item L|nseq(1)> +=item B Create or examine a Netscape certificate sequence. -=item L|ocsp(1)> +=item B Online Certificate Status Protocol utility. -=item L|passwd(1)> +=item B Generation of hashed passwords. -=item L|pkcs12(1)> +=item B PKCS#12 Data Management. -=item L|pkcs7(1)> +=item B PKCS#7 Data Management. -=item L|pkcs8(1)> +=item B PKCS#8 format private key conversion tool. -=item L|pkey(1)> +=item B Public and private key management. -=item L|pkeyparam(1)> +=item B Public key algorithm parameter management. -=item L|pkeyutl(1)> +=item B Public key algorithm cryptographic operation utility. -=item L|prime(1)> +=item B Compute prime numbers. -=item L|rand(1)> +=item B Generate pseudo-random bytes. -=item L|rehash(1)> +=item B Create symbolic links to certificate and CRL files named by the hash values. -=item L|req(1)> +=item B PKCS#10 X.509 Certificate Signing Request (CSR) Management. -=item L|rsa(1)> +=item B RSA key management. - -=item L|rsautl(1)> +=item B RSA utility for signing, verification, encryption, and decryption. Superseded -by L|pkeyutl(1)>. +by L. -=item L|s_client(1)> +=item B This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL B library. -=item L|s_server(1)> +=item B This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides @@ -240,47 +239,47 @@ functionality of the OpenSSL B library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver. -=item L|s_time(1)> +=item B SSL Connection Timer. -=item L|sess_id(1)> +=item B SSL Session Data Management. -=item L|smime(1)> +=item B S/MIME mail processing. -=item L|speed(1)> +=item B Algorithm Speed Measurement. -=item L|spkac(1)> +=item B SPKAC printing and generating utility. -=item L|srp(1)> +=item B Maintain SRP password file. -=item L|storeutl(1)> +=item B Utility to list and display certificates, keys, CRLs, etc. -=item L|ts(1)> +=item B Time Stamping Authority tool (client/server). -=item L|verify(1)> +=item B X.509 Certificate Verification. -=item L|version(1)> +=item B OpenSSL Version Information. -=item L|x509(1)> +=item B X.509 Certificate Data Management. @@ -376,31 +375,31 @@ SM3 Digest Base64 Encoding -=item B +=item B, B, B, B, B Blowfish Cipher -=item B +=item B, B CAST Cipher -=item B +=item B, B, B, B CAST5 Cipher -=item B +=item B, B, B, B, B, B, B, B, B DES Cipher -=item B +=item B, B, B, B, B, B Triple-DES Cipher -=item B +=item B, B, B, B, B IDEA Cipher -=item B +=item B, B, B, B, B RC2 Cipher @@ -408,7 +407,7 @@ RC2 Cipher RC4 Cipher -=item B +=item B, B, B, B, B RC5 Cipher diff --git a/doc/man1/passwd.pod b/doc/man1/passwd.pod index 6c3d811..bdfba2a 100644 --- a/doc/man1/passwd.pod +++ b/doc/man1/passwd.pod @@ -108,13 +108,17 @@ This can be used with a subsequent B<-rand> flag. =head1 EXAMPLES -B prints B. + % openssl passwd -crypt -salt xx password + xxj31ZMTZzkVA -B prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>. + % openssl passwd -1 -salt xxxxxxxx password + $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. -B prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>. + % openssl passwd -apr1 -salt xxxxxxxx password + $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 -B prints B. + % openssl passwd -aixmd5 -salt xxxxxxxx password + xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ =head1 COPYRIGHT diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod index 84a10e8..6510115 100644 --- a/doc/man1/pkcs8.pod +++ b/doc/man1/pkcs8.pod @@ -223,14 +223,14 @@ below. These algorithms were included in the original PKCS#5 v1.5 specification. They only offer 56 bits of protection since they both use DES. -=item B +=item B, B, B, B These algorithms are not mentioned in the original PKCS#5 v1.5 specification but they use the same key derivation algorithm and are supported by some software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or 56 bit DES. -=item B +=item B, B, B, B, B, B These algorithms use the PKCS#12 password based encryption algorithm and allow strong encryption algorithms like triple DES or 128 bit RC2 to be used. diff --git a/doc/man1/rsa.pod b/doc/man1/rsa.pod index 835f844..0280d07 100644 --- a/doc/man1/rsa.pod +++ b/doc/man1/rsa.pod @@ -90,7 +90,7 @@ filename. The output file password source. For more information about the format of B see the B section in L. -=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> +=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 69bae94..7d92dd8 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -804,7 +804,7 @@ information whenever a session is renegotiated. =head1 SEE ALSO L, L, L, L, -L, L +L, L, L =head1 HISTORY diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index f601794..5399096 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -809,7 +809,8 @@ unknown cipher suites a client says it supports. =head1 SEE ALSO L, L, L, L -L, L +L, +L, L =head1 HISTORY diff --git a/doc/man1/spkac.pod b/doc/man1/spkac.pod index 75b12d8..9ad03c1 100644 --- a/doc/man1/spkac.pod +++ b/doc/man1/spkac.pod @@ -116,11 +116,12 @@ Create an SPKAC using the challenge string "hello": Example of an SPKAC, (long lines split up for clarity): - SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ - PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ - PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ - 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ - 4= + SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\ + 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\ + 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\ + FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\ + h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\ + dq+NQ3F+X4deMx9AaEglZtULwV4= =head1 NOTES diff --git a/doc/man1/ts.pod b/doc/man1/ts.pod index 3ae320f..3ec6e0d 100644 --- a/doc/man1/ts.pod +++ b/doc/man1/ts.pod @@ -557,10 +557,12 @@ OID section of the config file): Before generating a response a signing certificate must be created for the TSA that contains the B critical extended key usage extension -without any other key usage extensions. You can add the -'extendedKeyUsage = critical,timeStamping' line to the user certificate section -of the config file to generate a proper certificate. See L, -L, L for instructions. The examples +without any other key usage extensions. You can add this line to the +user certificate section of the config file to generate a proper certificate; + + extendedKeyUsage = critical,timeStamping + +See L, L, and L for instructions. The examples below assume that cacert.pem contains the certificate of the CA, tsacert.pem is the signing certificate issued by cacert.pem and tsakey.pem is the private key of the TSA. From paul.dale at oracle.com Tue Jul 3 22:15:55 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 03 Jul 2018 22:15:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530656155.620871.24160.nullmailer@dev.openssl.org> The branch master has been updated via a9f3f1ccbbf84f4ef804ede82d4b072492b54c03 (commit) from dfee8626a8f6c1e23ab270a6fc20b4d1ba145392 (commit) - Log ----------------------------------------------------------------- commit a9f3f1ccbbf84f4ef804ede82d4b072492b54c03 Author: Pauli Date: Wed Jul 4 07:48:45 2018 +1000 Tests for MD5-SHA1 combined digest. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6642) ----------------------------------------------------------------------- Summary of changes: test/recipes/30-test_evp_data/evpdigest.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/recipes/30-test_evp_data/evpdigest.txt b/test/recipes/30-test_evp_data/evpdigest.txt index c0b9d2d..ae3f7e6 100644 --- a/test/recipes/30-test_evp_data/evpdigest.txt +++ b/test/recipes/30-test_evp_data/evpdigest.txt @@ -257,6 +257,20 @@ Digest = MD5 Input = 3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930 Output = 57edf4a22be3c955ac49da2e2107b67a +Title = MD5-SHA1 + +Digest = MD5-SHA1 +Input = +Output = d41d8cd98f00b204e9800998ecf8427eda39a3ee5e6b4b0d3255bfef95601890afd80709 + +Digest = MD5-SHA1 +Input = "abc" +Output = 900150983cd24fb0d6963f7d28e17f72a9993e364706816aba3e25717850c26c9cd0d89d + +Digest = MD5-SHA1 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 8215ef0796a20bcaaae116d3876c664a84983e441c3bd26ebaae4aa1f95129e5e54670f1 + Title = MD4 tests Digest = MD4 From matt at openssl.org Wed Jul 4 09:42:58 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 04 Jul 2018 09:42:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530697378.446022.23046.nullmailer@dev.openssl.org> The branch master has been updated via a97d19f7ce93845997a8f75f522f0331899ed5f4 (commit) from a9f3f1ccbbf84f4ef804ede82d4b072492b54c03 (commit) - Log ----------------------------------------------------------------- commit a97d19f7ce93845997a8f75f522f0331899ed5f4 Author: Matt Caswell Date: Tue Jul 3 13:36:31 2018 +0100 Fix no-tls1_2 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6634) ----------------------------------------------------------------------- Summary of changes: test/sslapitest.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index 598b02a..64f8f59 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5097,11 +5097,11 @@ static int test_shutdown(int tst) size_t written, readbytes; #ifdef OPENSSL_NO_TLS1_2 - if (tst == 0) + if (tst <= 1) return 1; #endif #ifdef OPENSSL_NO_TLS1_3 - if (tst != 0) + if (tst >= 2) return 1; #endif From openssl at openssl.org Wed Jul 4 11:21:21 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 04 Jul 2018 11:21:21 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1530703281.914964.25805.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: dfee862 Fix some issues found by Denian's lintian tool d5487a4 chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs. b068a9b perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata. 4cb0045 Remove TLSv1.3 tickets from the client cache as we use them 1f15632 Restore behaviour from commit 36ff232cf that was incorrectly removed c36b39b Check for NULL conf in NCONF_get_number Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1267, 224 wallclock secs ( 1.61 usr 0.28 sys + 200.20 cusr 9.11 csys = 211.20 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Wed Jul 4 11:59:55 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 04 Jul 2018 11:59:55 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1530705595.027427.14101.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: dfee862 Fix some issues found by Denian's lintian tool d5487a4 chacha/asm/chacha-x86_64.pl: add dedicated path for 128-byte inputs. b068a9b perlasm/x86_64-xlate.pl: refine symbol recognition in .xdata. 4cb0045 Remove TLSv1.3 tickets from the client cache as we use them 1f15632 Restore behaviour from commit 36ff232cf that was incorrectly removed c36b39b Check for NULL conf in NCONF_get_number Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_evp_extra.t ................ ok ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs TLS <= 1.2 enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs TLS enabled ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs TLS enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs TLS1.3, TLS1.2 and TLS1.1 enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs TLS1.3 and TLS1.2 enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... skipped: test_sysdefault is not supported in this build ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_sslapi.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=149, Tests=1267, 222 wallclock secs ( 1.60 usr 0.32 sys + 197.44 cusr 9.15 csys = 208.51 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-tls1_2-method' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Wed Jul 4 15:56:57 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 04 Jul 2018 15:56:57 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530719817.139617.14537.nullmailer@dev.openssl.org> The branch master has been updated via de72274d62a9939e833ab2816360228ba2e1a74b (commit) from a97d19f7ce93845997a8f75f522f0331899ed5f4 (commit) - Log ----------------------------------------------------------------- commit de72274d62a9939e833ab2816360228ba2e1a74b Author: Billy Brumley Date: Wed Jul 4 15:35:18 2018 +0300 [crypto/ec] disable SCA mitigations for curves with incomplete parameters Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6648) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_mult.c | 46 ++++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index c821cb8..663db57 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -389,30 +389,32 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, return EC_POINT_set_to_infinity(group, r); } - /*- - * Handle the common cases where the scalar is secret, enforcing a constant - * time scalar multiplication algorithm. - */ - if ((scalar != NULL) && (num == 0)) { - /*- - * In this case we want to compute scalar * GeneratorPoint: this - * codepath is reached most prominently by (ephemeral) key generation - * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH - * keygen/first half), where the scalar is always secret. This is why - * we ignore if BN_FLG_CONSTTIME is actually set and we always call the - * constant time version. - */ - return ec_mul_consttime(group, r, scalar, NULL, ctx); - } - if ((scalar == NULL) && (num == 1)) { + if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) { /*- - * In this case we want to compute scalar * GenericPoint: this codepath - * is reached most prominently by the second half of ECDH, where the - * secret scalar is multiplied by the peer's public point. To protect - * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and - * we always call the constant time version. + * Handle the common cases where the scalar is secret, enforcing a constant + * time scalar multiplication algorithm. */ - return ec_mul_consttime(group, r, scalars[0], points[0], ctx); + if ((scalar != NULL) && (num == 0)) { + /*- + * In this case we want to compute scalar * GeneratorPoint: this + * codepath is reached most prominently by (ephemeral) key generation + * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH + * keygen/first half), where the scalar is always secret. This is why + * we ignore if BN_FLG_CONSTTIME is actually set and we always call the + * constant time version. + */ + return ec_mul_consttime(group, r, scalar, NULL, ctx); + } + if ((scalar == NULL) && (num == 1)) { + /*- + * In this case we want to compute scalar * GenericPoint: this codepath + * is reached most prominently by the second half of ECDH, where the + * secret scalar is multiplied by the peer's public point. To protect + * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and + * we always call the constant time version. + */ + return ec_mul_consttime(group, r, scalars[0], points[0], ctx); + } } for (i = 0; i < num; i++) { From levitte at openssl.org Wed Jul 4 16:23:54 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 04 Jul 2018 16:23:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530721434.697879.28565.nullmailer@dev.openssl.org> The branch master has been updated via a9cf71a3716f8f624b711faa0d5ea391bb26d9f6 (commit) from de72274d62a9939e833ab2816360228ba2e1a74b (commit) - Log ----------------------------------------------------------------- commit a9cf71a3716f8f624b711faa0d5ea391bb26d9f6 Author: Richard Levitte Date: Wed Jul 4 09:26:05 2018 +0200 Document more EVP_MD_CTX functions Fixes #6644 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6645) ----------------------------------------------------------------------- Summary of changes: doc/man3/EVP_DigestInit.pod | 52 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod index 45c361e..808d796 100644 --- a/doc/man3/EVP_DigestInit.pod +++ b/doc/man3/EVP_DigestInit.pod @@ -3,11 +3,13 @@ =head1 NAME EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, -EVP_MD_CTX_ctrl, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, +EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, +EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, +EVP_md_null, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -19,6 +21,9 @@ EVP_get_digestbyobj - EVP digest routines int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); void EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void* p2); + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); + void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); + int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); @@ -41,6 +46,7 @@ EVP_get_digestbyobj - EVP digest routines int EVP_MD_CTX_size(const EVP_MD *ctx); int EVP_MD_CTX_block_size(const EVP_MD *ctx); int EVP_MD_CTX_type(const EVP_MD *ctx); + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); @@ -72,6 +78,10 @@ Cleans up digest context B and frees up the space allocated to it. Performs digest-specific control actions on context B. +=item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() + +Sets, clears and tests B flags. See L below for more information. + =item EVP_DigestInit_ex() Sets up digest context B to use a digest B from ENGINE B. @@ -140,6 +150,12 @@ Return the NID of the OBJECT IDENTIFIER representing the given message digest when passed an B structure. For example, C returns B. This function is normally used when setting ASN1 OIDs. +=item EVP_MD_CTX_md_data() + +Return the digest method private data for the passed B. +The space is allocated by OpenSSL and has the size originally set with +EVP_MD_meth_set_app_datasize(). + =item EVP_MD_CTX_md() Returns the B structure corresponding to the passed B. @@ -165,6 +181,38 @@ B structure respectively. =back +=head1 FLAGS + +EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +can be used the manipulate and test these B flags: + +=over 4 + +=item EVP_MD_CTX_FLAG_ONESHOT + +This flag instructs the digest to optimize for one update only, if possible. + +=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it + +=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it + +=for comment We currently avoid documenting flags that are only bit holder: +EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_* + +=item EVP_MD_CTX_FLAG_NO_INIT + +This flag instructs EVP_DigestInit() and similar not to initialise the +implementation specific data. + +=item EVP_MD_CTX_FLAG_FINALISE + +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. + +=back + =head1 RETURN VALUES =over 4 From levitte at openssl.org Wed Jul 4 16:42:20 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 04 Jul 2018 16:42:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1530722540.799194.5571.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 03998dcc02d0d632132f4c24c99acc27507c351f (commit) from 9d4167241c8fa15b3ae77651109aac7fa66ac17b (commit) - Log ----------------------------------------------------------------- commit 03998dcc02d0d632132f4c24c99acc27507c351f Author: Richard Levitte Date: Wed Jul 4 09:26:05 2018 +0200 Document more EVP_MD_CTX functions Fixes #6644 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6645) (cherry picked from commit a9cf71a3716f8f624b711faa0d5ea391bb26d9f6) ----------------------------------------------------------------------- Summary of changes: doc/crypto/EVP_DigestInit.pod | 49 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index bb7ef7a..5b95694 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -3,11 +3,12 @@ =head1 NAME EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex, +EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, -EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data, EVP_md_null, EVP_md2, +EVP_md5, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_mdc2, EVP_ripemd160, EVP_blake2b512, EVP_blake2s256, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -18,6 +19,9 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines EVP_MD_CTX *EVP_MD_CTX_new(void); int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); void EVP_MD_CTX_free(EVP_MD_CTX *ctx); + void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); + void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); + int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); @@ -41,6 +45,7 @@ EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines int EVP_MD_CTX_size(const EVP_MD *ctx); int EVP_MD_CTX_block_size(const EVP_MD *ctx); int EVP_MD_CTX_type(const EVP_MD *ctx); + void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx); const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md2(void); @@ -73,6 +78,9 @@ to reuse an already existing context. EVP_MD_CTX_free() cleans up digest context B and frees up the space allocated to it. +EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +sets, clears and tests B flags. See L below for more information. + EVP_DigestInit_ex() sets up digest context B to use a digest B from ENGINE B. B must be initialized before calling this function. B will typically be supplied by a function such as EVP_sha1(). @@ -117,6 +125,11 @@ representing the given message digest when passed an B structure. For example EVP_MD_type(EVP_sha1()) returns B. This function is normally used when setting ASN1 OIDs. +EVP_MD_CTX_md_data() return the digest method private data for the passed +B. +The space is allocated by OpenSSL and has the size originally set with +EVP_MD_meth_set_app_datasize(). + EVP_MD_CTX_md() returns the B structure corresponding to the passed B. @@ -139,6 +152,38 @@ EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() return an B structure when passed a digest name, a digest NID or an ASN1_OBJECT structure respectively. +=head1 FLAGS + +EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags() +can be used the manipulate and test these B flags: + +=over 4 + +=item EVP_MD_CTX_FLAG_ONESHOT + +This flag instructs the digest to optimize for one update only, if possible. + +=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it + +=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it + +=for comment We currently avoid documenting flags that are only bit holder: +EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_* + +=item EVP_MD_CTX_FLAG_NO_INIT + +This flag instructs EVP_DigestInit() and similar not to initialise the +implementation specific data. + +=item EVP_MD_CTX_FLAG_FINALISE + +Some functions such as EVP_DigestSign only finalise copies of internal +contexts so additional data can be included after the finalisation call. +This is inefficient if this functionality is not required, and can be +disabled with this flag. + +=back + =head1 RETURN VALUES EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for From no-reply at appveyor.com Thu Jul 5 05:40:18 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 05 Jul 2018 05:40:18 +0000 Subject: [openssl-commits] Build failed: openssl master.18835 Message-ID: <20180705054018.1.8166483F176B4185@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 5 06:25:37 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 05 Jul 2018 06:25:37 +0000 Subject: [openssl-commits] Build failed: openssl master.18837 Message-ID: <20180705062537.1.71B7F66A033993A0@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Thu Jul 5 11:21:35 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 05 Jul 2018 11:21:35 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2 Message-ID: <1530789695.712455.7992.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2 Commit log since last time: a9cf71a Document more EVP_MD_CTX functions de72274 [crypto/ec] disable SCA mitigations for curves with incomplete parameters a97d19f Fix no-tls1_2 a9f3f1c Tests for MD5-SHA1 combined digest. From openssl at openssl.org Thu Jul 5 12:01:05 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 05 Jul 2018 12:01:05 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-tls1_2-method Message-ID: <1530792065.698477.28863.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-tls1_2-method Commit log since last time: a9cf71a Document more EVP_MD_CTX functions de72274 [crypto/ec] disable SCA mitigations for curves with incomplete parameters a97d19f Fix no-tls1_2 a9f3f1c Tests for MD5-SHA1 combined digest. From no-reply at appveyor.com Thu Jul 5 13:05:16 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 05 Jul 2018 13:05:16 +0000 Subject: [openssl-commits] Build completed: openssl master.18838 Message-ID: <20180705130516.1.E9AC33C0F86382F1@appveyor.com> An HTML attachment was scrubbed... URL: From rsalz at openssl.org Thu Jul 5 20:24:04 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 05 Jul 2018 20:24:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530822244.212766.13622.nullmailer@dev.openssl.org> The branch master has been updated via f27b906703bf933e2efcebfc1225a4c295abd2a0 (commit) from a9cf71a3716f8f624b711faa0d5ea391bb26d9f6 (commit) - Log ----------------------------------------------------------------- commit f27b906703bf933e2efcebfc1225a4c295abd2a0 Author: Rich Salz Date: Thu Jul 5 16:10:55 2018 -0400 Add missing include file to doc Reported by Ingo Schwarze Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6656) ----------------------------------------------------------------------- Summary of changes: doc/man3/X509_digest.pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod index ee39345..36b89a6 100644 --- a/doc/man3/X509_digest.pod +++ b/doc/man3/X509_digest.pod @@ -28,6 +28,8 @@ PKCS7_ISSUER_AND_SERIAL_digest int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); + #include + int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, unsigned char *md, unsigned int *len); From rsalz at openssl.org Fri Jul 6 00:20:39 2018 From: rsalz at openssl.org (Rich Salz) Date: Fri, 06 Jul 2018 00:20:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530836439.645388.12919.nullmailer@dev.openssl.org> The branch master has been updated via 2ddee136ec4157598b0679f9d5a5097ed77c4c01 (commit) from f27b906703bf933e2efcebfc1225a4c295abd2a0 (commit) - Log ----------------------------------------------------------------- commit 2ddee136ec4157598b0679f9d5a5097ed77c4c01 Author: Rich Salz Date: Thu Jul 5 19:57:22 2018 -0400 Reject duplicate -addext parameters Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6636) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 80 ++++++++++++++++++++++++++++++++++++++++++++-- test/recipes/25-test_req.t | 13 +++++++- 2 files changed, 89 insertions(+), 4 deletions(-) diff --git a/apps/req.c b/apps/req.c index 7e7b994..3d89f20 100644 --- a/apps/req.c +++ b/apps/req.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "apps.h" #include "progs.h" #include @@ -23,6 +24,8 @@ #include #include #include +#include +#include #ifndef OPENSSL_NO_RSA # include #endif @@ -147,6 +150,68 @@ const OPTIONS req_options[] = { {NULL} }; + +/* + * An LHASH of strings, where each string is an extension name. + */ +static unsigned long ext_name_hash(const OPENSSL_STRING *a) +{ + return OPENSSL_LH_strhash((const char *)a); +} + +static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b) +{ + return strcmp((const char *)a, (const char *)b); +} + +static void exts_cleanup(OPENSSL_STRING *x) +{ + OPENSSL_free((char *)x); +} + +/* + * Is the |kv| key already duplicated? This is remarkably tricky to get + * right. Return 0 if unique, -1 on runtime error; 1 if found or a syntax + * error. + */ +static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) +{ + char *p; + + /* Check syntax. */ + if (strchr(kv, '=') == NULL) + return 1; + + /* Skip leading whitespace, make a copy. */ + while (*kv && isspace(*kv)) + if (*++kv == '\0') + return 1; + if ((kv = OPENSSL_strdup(kv)) == NULL) + return -1; + + /* Skip trailing space before the equal sign. */ + for (p = strchr(kv, '='); p > kv; --p) + if (p[-1] != ' ' && p[-1] != '\t') + break; + if (p == kv) { + OPENSSL_free(kv); + return 1; + } + *p = '\0'; + + /* Finally have a clean "key"; see if it's there. */ + if (lh_OPENSSL_STRING_retrieve(addexts, (OPENSSL_STRING*)kv) != NULL) { + BIO_printf(bio_err, "Extension \"%s\" repeated\n", kv); + OPENSSL_free(kv); + return 1; + } + + /* Not found; add it. */ + if (lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv) == NULL) + return -1; + return 0; +} + int req_main(int argc, char **argv) { ASN1_INTEGER *serial = NULL; @@ -155,6 +220,7 @@ int req_main(int argc, char **argv) EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *genctx = NULL; STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL; + LHASH_OF(OPENSSL_STRING) *addexts = NULL; X509 *x509ss = NULL; X509_REQ *req = NULL; const EVP_CIPHER *cipher = NULL; @@ -324,11 +390,17 @@ int req_main(int argc, char **argv) multirdn = 1; break; case OPT_ADDEXT: - if (addext_bio == NULL) { + p = opt_arg(); + if (addexts == NULL) { + addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp); addext_bio = BIO_new(BIO_s_mem()); + if (addexts == NULL || addext_bio == NULL) + goto end; } - if (addext_bio == NULL - || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0) + i = duplicated(addexts, p); + if (i == 1) + goto opthelp; + if (i < 0 || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0) goto end; break; case OPT_EXTENSIONS: @@ -885,6 +957,8 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_free(genctx); sk_OPENSSL_STRING_free(pkeyopts); sk_OPENSSL_STRING_free(sigopts); + lh_OPENSSL_STRING_doall(addexts, exts_cleanup); + lh_OPENSSL_STRING_free(addexts); #ifndef OPENSSL_NO_ENGINE ENGINE_free(gen_eng); #endif diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index 82b9bf8..fa79219 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -15,13 +15,24 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 4; +plan tests => 8; require_ok(srctop_file('test','recipes','tconversion.pl')); open RND, ">>", ".rnd"; print RND "string to make the random number generator think it has randomness"; close RND; + +# Check for duplicate -addext parameters +my $val = "subjectAltName=DNS:example.com"; +my $val2 = " " . $val; +my $val3 = $val; +$val3 =~ s/=/ =/; +ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val]))); +ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val2]))); +ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val3]))); +ok(!run(app(["openssl", "req", "-new", "-addext", $val2, "-addext", $val3]))); + subtest "generating certificate requests" => sub { my @req_new; if (disabled("rsa")) { From no-reply at appveyor.com Fri Jul 6 01:31:24 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Jul 2018 01:31:24 +0000 Subject: [openssl-commits] Build failed: openssl master.18844 Message-ID: <20180706013124.1.7C4572C6219BA870@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 6 04:28:52 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Jul 2018 04:28:52 +0000 Subject: [openssl-commits] Build failed: openssl master.18845 Message-ID: <20180706042852.1.D4020610F5176A45@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 6 05:03:46 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Jul 2018 05:03:46 +0000 Subject: [openssl-commits] Build completed: openssl master.18846 Message-ID: <20180706050346.1.2C9D995D654E8AF3@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Jul 6 08:30:40 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Jul 2018 08:30:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530865840.850330.29074.nullmailer@dev.openssl.org> The branch master has been updated via 2ce71b60272325c4453914b501a2c2ff1b75c80d (commit) via bafe9cf5e34e194f299762c270843781003a84ca (commit) via 0d1b778901764f9bc747674f0e23b40c82877e6e (commit) via 4e8548e80e12ee73db77417ea159c58751bf4b06 (commit) from 2ddee136ec4157598b0679f9d5a5097ed77c4c01 (commit) - Log ----------------------------------------------------------------- commit 2ce71b60272325c4453914b501a2c2ff1b75c80d Author: Matt Caswell Date: Thu Jul 5 16:53:56 2018 +0100 Document SSL_CTX_set_recv_max_early_data() etc Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6655) commit bafe9cf5e34e194f299762c270843781003a84ca Author: Matt Caswell Date: Thu Jul 5 15:42:36 2018 +0100 Add the ability to configure recv_max_early_data via s_server Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6655) commit 0d1b778901764f9bc747674f0e23b40c82877e6e Author: Matt Caswell Date: Thu Jul 5 15:31:51 2018 +0100 Add a test for the recv_max_early_data setting Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6655) commit 4e8548e80e12ee73db77417ea159c58751bf4b06 Author: Matt Caswell Date: Thu Jul 5 14:40:39 2018 +0100 Introduce the recv_max_early_data setting Previoulsy we just had max_early_data which controlled both the value of max early_data that we advertise in tickets *and* the amount of early_data that we are willing to receive from clients. This doesn't work too well in the case where we want to reduce a previously advertised max_early_data value. In that case clients with old, stale tickets may attempt to send us more early data than we are willing to receive. Instead of rejecting the early data we abort the connection if that happens. To avoid this we introduce a new "recv_max_early_data" value. The old max_early_data becomes the value that is advertised in tickets while recv_max_early_data is the maximum we will tolerate from clients. Fixes #6647 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6655) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 19 ++++++++++++++---- doc/man3/SSL_read_early_data.pod | 33 ++++++++++++++++++++++++++++--- include/openssl/ssl.h | 4 ++++ ssl/record/ssl3_record.c | 11 ++++++++--- ssl/ssl_lib.c | 35 +++++++++++++++++++++++++++++++++ ssl/ssl_locl.h | 22 +++++++++++++++++++-- test/sslapitest.c | 42 +++++++++++++++++++++++++++++++++++----- util/libssl.num | 4 ++++ 8 files changed, 153 insertions(+), 17 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index b050200..4e8a9e2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -748,8 +748,8 @@ typedef enum OPTION_choice { OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL, OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, - OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_EARLY_DATA, OPT_S_NUM_TICKETS, - OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, + OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA, + OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_R_ENUM, OPT_S_ENUM, OPT_V_ENUM, @@ -955,7 +955,9 @@ const OPTIONS s_server_options[] = { #endif {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"}, {"max_early_data", OPT_MAX_EARLY, 'n', - "The maximum number of bytes of early data"}, + "The maximum number of bytes of early data as advertised in tickets"}, + {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n', + "The maximum number of bytes of early data (hard limit)"}, {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"}, {"num_tickets", OPT_S_NUM_TICKETS, 'n', "The number of TLSv1.3 session tickets that a server will automatically issue" }, @@ -1041,7 +1043,7 @@ int s_server_main(int argc, char *argv[]) unsigned int split_send_fragment = 0, max_pipelines = 0; const char *s_serverinfo_file = NULL; const char *keylog_file = NULL; - int max_early_data = -1; + int max_early_data = -1, recv_max_early_data = -1; char *psksessf = NULL; /* Init of few remaining global variables */ @@ -1570,6 +1572,13 @@ int s_server_main(int argc, char *argv[]) goto end; } break; + case OPT_RECV_MAX_EARLY: + recv_max_early_data = atoi(opt_arg()); + if (recv_max_early_data < 0) { + BIO_printf(bio_err, "Invalid value for recv_max_early_data\n"); + goto end; + } + break; case OPT_EARLY_DATA: early_data = 1; if (max_early_data == -1) @@ -2110,6 +2119,8 @@ int s_server_main(int argc, char *argv[]) if (max_early_data >= 0) SSL_CTX_set_max_early_data(ctx, max_early_data); + if (recv_max_early_data >= 0) + SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data); if (rev) server_cb = rev_body; diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index cf6f757..27c127d 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -6,6 +6,10 @@ SSL_set_max_early_data, SSL_CTX_set_max_early_data, SSL_get_max_early_data, SSL_CTX_get_max_early_data, +SSL_set_recv_max_early_data, +SSL_CTX_set_recv_max_early_data, +SSL_get_recv_max_early_data, +SSL_CTX_get_recv_max_early_data, SSL_SESSION_get_max_early_data, SSL_SESSION_set_max_early_data, SSL_write_early_data, @@ -24,6 +28,12 @@ SSL_set_allow_early_data_cb uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); uint32_t SSL_get_max_early_data(const SSL *s); + + int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); + uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); + int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); + uint32_t SSL_get_recv_max_early_data(const SSL *s); + uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s); int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data); @@ -195,9 +205,26 @@ since there is no practical benefit from using only one of them. If the maximum early data setting for a server is non-zero then replay protection is automatically enabled (see L below). -In the event that the current maximum early data setting for the server is -different to that originally specified in a session that a client is resuming -with then the lower of the two values will apply. +If the server rejects the early data sent by a client then it will skip over +the data that is sent. The maximum amount of received early data that is skipped +is controlled by the recv_max_early_data setting. If a client sends more than +this then the connection will abort. This value can be set by calling +SSL_CTX_set_recv_max_early_data() or SSL_set_recv_max_early_data(). The current +value for this setting can be obtained by calling +SSL_CTX_get_recv_max_early_data() or SSL_get_recv_max_early_data(). The default +value for this setting is 16,384 bytes. + +The recv_max_early_data value also has an impact on early data that is accepted. +The amount of data that is accepted will always be the lower of the +max_early_data for the session and the recv_max_early_data setting for the +server. If a client sends more data than this then the connection will abort. + +The configured value for max_early_data on a server may change over time as +required. However clients may have tickets containing the previously configured +max_early_data value. The recv_max_early_data should always be equal to or +higher than any recently configured max_early_data value in order to avoid +aborted connections. The recv_max_early_data should never be set to less than +the current configured max_early_data value. Some server applications may wish to have more control over whether early data is accepted or not, for example to mitigate replay risks (see L diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index bbcfb3c..2376828 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -919,6 +919,10 @@ int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data); uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx); int SSL_set_max_early_data(SSL *s, uint32_t max_early_data); uint32_t SSL_get_max_early_data(const SSL *s); +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data); +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx); +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data); +uint32_t SSL_get_recv_max_early_data(const SSL *s); #ifdef __cplusplus } diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index ae510b2..ad478bf 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -103,7 +103,7 @@ static int ssl3_record_app_data_waiting(SSL *s) int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) { - uint32_t max_early_data = s->max_early_data; + uint32_t max_early_data; SSL_SESSION *sess = s->session; /* @@ -120,9 +120,14 @@ int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send) } sess = s->psksession; } - if (!s->server - || (s->hit && sess->ext.max_early_data < s->max_early_data)) + + if (!s->server) max_early_data = sess->ext.max_early_data; + else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED) + max_early_data = s->recv_max_early_data; + else + max_early_data = s->recv_max_early_data < sess->ext.max_early_data + ? s->recv_max_early_data : sess->ext.max_early_data; if (max_early_data == 0) { SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1387067..38391fd 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -700,6 +700,7 @@ SSL *SSL_new(SSL_CTX *ctx) s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; s->max_early_data = ctx->max_early_data; + s->recv_max_early_data = ctx->recv_max_early_data; s->num_tickets = ctx->num_tickets; /* Shallow copy of the ciphersuites stack */ @@ -3039,6 +3040,16 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) */ ret->max_early_data = 0; + /* + * Default recv_max_early_data is a fully loaded single record. Could be + * split across multiple records in practice. We set this differently to + * max_early_data so that, in the default case, we do not advertise any + * support for early_data, but if a client were to send us some (e.g. + * because of an old, stale ticket) then we will tolerate it and skip over + * it. + */ + ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH; + /* By default we send two session tickets automatically in TLSv1.3 */ ret->num_tickets = 2; @@ -5376,6 +5387,30 @@ uint32_t SSL_get_max_early_data(const SSL *s) return s->max_early_data; } +int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data) +{ + ctx->recv_max_early_data = recv_max_early_data; + + return 1; +} + +uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx) +{ + return ctx->recv_max_early_data; +} + +int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data) +{ + s->recv_max_early_data = recv_max_early_data; + + return 1; +} + +uint32_t SSL_get_recv_max_early_data(const SSL *s) +{ + return s->recv_max_early_data; +} + __owur unsigned int ssl_get_max_send_fragment(const SSL *ssl) { /* Return any active Max Fragment Len extension */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6a2edeb..0bf3f16 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1032,9 +1032,18 @@ struct ssl_ctx_st { */ SSL_CTX_keylog_cb_func keylog_callback; - /* The maximum number of bytes that can be sent as early data */ + /* + * The maximum number of bytes advertised in session tickets that can be + * sent as early data. + */ uint32_t max_early_data; + /* + * The maximum number of bytes of early data that a server will tolerate + * (which should be at least as much as max_early_data). + */ + uint32_t recv_max_early_data; + /* TLS1.3 padding callback */ size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg); void *record_padding_arg; @@ -1406,9 +1415,18 @@ struct ssl_st { ASYNC_WAIT_CTX *waitctx; size_t asyncrw; - /* The maximum number of plaintext bytes that can be sent as early data */ + /* + * The maximum number of bytes advertised in session tickets that can be + * sent as early data. + */ uint32_t max_early_data; /* + * The maximum number of bytes of early data that a server will tolerate + * (which should be at least as much as max_early_data). + */ + uint32_t recv_max_early_data; + + /* * The number of bytes of early data received so far. If we accepted early * data then this is a count of the plaintext bytes. If we rejected it then * this is a count of the ciphertext bytes. diff --git a/test/sslapitest.c b/test/sslapitest.c index 64f8f59..cdac8bc 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2314,8 +2314,11 @@ static int test_early_data_replay(int idx) /* * Helper function to test that a server attempting to read early data can * handle a connection from a client where the early data should be skipped. + * testtype: 0 == No HRR + * testtype: 1 == HRR + * testtype: 2 == recv_max_early_data set to 0 */ -static int early_data_skip_helper(int hrr, int idx) +static int early_data_skip_helper(int testtype, int idx) { SSL_CTX *cctx = NULL, *sctx = NULL; SSL *clientssl = NULL, *serverssl = NULL; @@ -2328,7 +2331,7 @@ static int early_data_skip_helper(int hrr, int idx) &serverssl, &sess, idx))) goto end; - if (hrr) { + if (testtype == 1) { /* Force an HRR to occur */ if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) goto end; @@ -2348,13 +2351,17 @@ static int early_data_skip_helper(int hrr, int idx) goto end; } + if (testtype == 2 + && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0))) + goto end; + /* Write some early data */ if (!TEST_true(SSL_write_early_data(clientssl, MSG1, strlen(MSG1), &written)) || !TEST_size_t_eq(written, strlen(MSG1))) goto end; - /* Server should reject the early data and skip over it */ + /* Server should reject the early data */ if (!TEST_int_eq(SSL_read_early_data(serverssl, buf, sizeof(buf), &readbytes), SSL_READ_EARLY_DATA_FINISH) @@ -2363,7 +2370,7 @@ static int early_data_skip_helper(int hrr, int idx) SSL_EARLY_DATA_REJECTED)) goto end; - if (hrr) { + if (testtype == 1) { /* * Finish off the handshake. We perform the same writes and reads as * further down but we expect them to fail due to the incomplete @@ -2373,9 +2380,24 @@ static int early_data_skip_helper(int hrr, int idx) || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))) goto end; + } else if (testtype == 2) { + /* + * This client has sent more early_data than we are willing to skip so + * the connection should abort. + */ + if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) + || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL)) + goto end; + + /* Connection has failed - nothing more to do */ + testresult = 1; + goto end; } - /* Should be able to send normal data despite rejection of early data */ + /* + * Should be able to send normal data despite rejection of early data. The + * early_data should be skipped. + */ if (!TEST_true(SSL_write_ex(clientssl, MSG2, strlen(MSG2), &written)) || !TEST_size_t_eq(written, strlen(MSG2)) || !TEST_int_eq(SSL_get_early_data_status(clientssl), @@ -2417,6 +2439,15 @@ static int test_early_data_skip_hrr(int idx) } /* + * Test that a server attempting to read early data will abort if it tries to + * skip over too much. + */ +static int test_early_data_skip_abort(int idx) +{ + return early_data_skip_helper(2, idx); +} + +/* * Test that a server attempting to read early data can handle a connection * from a client that doesn't send any. */ @@ -5267,6 +5298,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_replay, 2); ADD_ALL_TESTS(test_early_data_skip, 3); ADD_ALL_TESTS(test_early_data_skip_hrr, 3); + ADD_ALL_TESTS(test_early_data_skip_abort, 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); ADD_ALL_TESTS(test_early_data_not_expected, 3); diff --git a/util/libssl.num b/util/libssl.num index df6a71e..9b6d266 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -492,3 +492,7 @@ SSL_get_num_tickets 492 1_1_1 EXIST::FUNCTION: SSL_CTX_set_num_tickets 493 1_1_1 EXIST::FUNCTION: SSL_CTX_set_allow_early_data_cb 494 1_1_1 EXIST::FUNCTION: SSL_set_allow_early_data_cb 495 1_1_1 EXIST::FUNCTION: +SSL_set_recv_max_early_data 496 1_1_1 EXIST::FUNCTION: +SSL_get_recv_max_early_data 497 1_1_1 EXIST::FUNCTION: +SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION: +SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION: From no-reply at appveyor.com Fri Jul 6 12:08:07 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Jul 2018 12:08:07 +0000 Subject: [openssl-commits] Build failed: openssl master.18850 Message-ID: <20180706120807.1.EF51B92E9515479F@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 6 13:13:34 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 06 Jul 2018 13:13:34 +0000 Subject: [openssl-commits] Build completed: openssl master.18851 Message-ID: <20180706131334.1.E9C3904E86E163FF@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Fri Jul 6 14:33:59 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 06 Jul 2018 14:33:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530887639.723379.29270.nullmailer@dev.openssl.org> The branch master has been updated via 0edb109f97c1bbbd5961326f93b2ccf385b26674 (commit) from 2ce71b60272325c4453914b501a2c2ff1b75c80d (commit) - Log ----------------------------------------------------------------- commit 0edb109f97c1bbbd5961326f93b2ccf385b26674 Author: Andy Polyakov Date: Tue Jul 3 21:34:08 2018 +0200 evp/e_chacha20_poly1305.c: further improve small-fragment TLS performance. Improvement coefficients vary with TLS fragment length and platform, on most Intel processors maximum improvement is ~50%, while on Ryzen - 80%. The "secret" is new dedicated ChaCha20_128 code path and vectorized xor helpers. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6638) ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_chacha20_poly1305.c | 54 ++++++++++++++--- crypto/poly1305/asm/poly1305-x86_64.pl | 104 +++++++++++++++++++++++++++++++++ 2 files changed, 150 insertions(+), 8 deletions(-) diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c index 47d5e50..6a9bccf 100644 --- a/crypto/evp/e_chacha20_poly1305.c +++ b/crypto/evp/e_chacha20_poly1305.c @@ -196,14 +196,23 @@ static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx, } # if !defined(OPENSSL_SMALL_FOOTPRINT) + +# if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64)) +# define XOR128_HELPERS +void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len); +void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len); +static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 }; +# else static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 }; +# endif static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t len) { EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx); - size_t i, tail, tohash_len, plen = actx->tls_payload_length; - unsigned char *buf, *tohash, *ctr, storage[2 * CHACHA_BLK_SIZE + 32]; + size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length; + unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32]; if (len != plen + POLY1305_BLOCK_SIZE) return -1; @@ -212,9 +221,11 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, ctr = buf + CHACHA_BLK_SIZE; tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE; - if (plen <= CHACHA_BLK_SIZE) { +# ifdef XOR128_HELPERS + if (plen <= 3 * CHACHA_BLK_SIZE) { actx->key.counter[0] = 0; - ChaCha20_ctr32(buf, zero, 2 * CHACHA_BLK_SIZE, actx->key.key.d, + buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE); + ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), buf); actx->key.partial_len = 0; @@ -223,6 +234,31 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; actx->len.text = plen; + if (plen) { + if (ctx->encrypt) + ctr = xor128_encrypt_n_pad(out, in, ctr, plen); + else + ctr = xor128_decrypt_n_pad(out, in, ctr, plen); + + in += plen; + out += plen; + tohash_len = (size_t)(ctr - tohash); + } + } +# else + if (plen <= CHACHA_BLK_SIZE) { + size_t i; + + actx->key.counter[0] = 0; + ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE), + actx->key.key.d, actx->key.counter); + Poly1305_Init(POLY1305_ctx(actx), buf); + actx->key.partial_len = 0; + memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE); + tohash_len = POLY1305_BLOCK_SIZE; + actx->len.aad = EVP_AEAD_TLS1_AAD_LEN; + actx->len.text = plen; + if (ctx->encrypt) { for (i = 0; i < plen; i++) { out[i] = ctr[i] ^= in[i]; @@ -242,10 +278,12 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, memset(ctr + i, 0, tail); ctr += i + tail; tohash_len += i + tail; - } else { + } +# endif + else { actx->key.counter[0] = 0; - ChaCha20_ctr32(buf, zero, CHACHA_BLK_SIZE, actx->key.key.d, - actx->key.counter); + ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE), + actx->key.key.d, actx->key.counter); Poly1305_Init(POLY1305_ctx(actx), buf); actx->key.counter[0] = 1; actx->key.partial_len = 0; @@ -300,7 +338,7 @@ static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, } Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len); - OPENSSL_cleanse(buf, 2 * CHACHA_BLK_SIZE); + OPENSSL_cleanse(buf, buf_len); Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag : tohash); diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index 0d1c0de..0b4c56e 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -3753,6 +3753,110 @@ poly1305_emit_base2_44: .size poly1305_emit_base2_44,.-poly1305_emit_base2_44 ___ } } } + +{ # chacha20-poly1305 helpers +my ($out,$inp,$otp,$len)=$win64 ? ("%rcx","%rdx","%r8", "%r9") : # Win64 order + ("%rdi","%rsi","%rdx","%rcx"); # Unix order +$code.=<<___; +.globl xor128_encrypt_n_pad +.type xor128_encrypt_n_pad,\@abi-omnipotent +.align 16 +xor128_encrypt_n_pad: + sub $otp,$inp + sub $otp,$out + mov $len,%r10 # put len aside + shr \$4,$len # len / 16 + jz .Ltail_enc + nop +.Loop_enc_xmm: + movdqu ($inp,$otp),%xmm0 + pxor ($otp),%xmm0 + movdqu %xmm0,($out,$otp) + movdqa %xmm0,($otp) + lea 16($otp),$otp + dec $len + jnz .Loop_enc_xmm + + and \$15,%r10 # len % 16 + jz .Ldone_enc + +.Ltail_enc: + mov \$16,$len + sub %r10,$len + xor %eax,%eax +.Loop_enc_byte: + mov ($inp,$otp),%al + xor ($otp),%al + mov %al,($out,$otp) + mov %al,($otp) + lea 1($otp),$otp + dec %r10 + jnz .Loop_enc_byte + + xor %eax,%eax +.Loop_enc_pad: + mov %al,($otp) + lea 1($otp),$otp + dec $len + jnz .Loop_enc_pad + +.Ldone_enc: + mov $otp,%rax + ret +.size xor128_encrypt_n_pad,.-xor128_encrypt_n_pad + +.globl xor128_decrypt_n_pad +.type xor128_decrypt_n_pad,\@abi-omnipotent +.align 16 +xor128_decrypt_n_pad: + sub $otp,$inp + sub $otp,$out + mov $len,%r10 # put len aside + shr \$4,$len # len / 16 + jz .Ltail_dec + nop +.Loop_dec_xmm: + movdqu ($inp,$otp),%xmm0 + movdqa ($otp),%xmm1 + pxor %xmm0,%xmm1 + movdqu %xmm1,($out,$otp) + movdqa %xmm0,($otp) + lea 16($otp),$otp + dec $len + jnz .Loop_dec_xmm + + pxor %xmm1,%xmm1 + and \$15,%r10 # len % 16 + jz .Ldone_dec + +.Ltail_dec: + mov \$16,$len + sub %r10,$len + xor %eax,%eax + xor %r11,%r11 +.Loop_dec_byte: + mov ($inp,$otp),%r11b + mov ($otp),%al + xor %r11b,%al + mov %al,($out,$otp) + mov %r11b,($otp) + lea 1($otp),$otp + dec %r10 + jnz .Loop_dec_byte + + xor %eax,%eax +.Loop_dec_pad: + mov %al,($otp) + lea 1($otp),$otp + dec $len + jnz .Loop_dec_pad + +.Ldone_dec: + mov $otp,%rax + ret +.size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad +___ +} $code.=<<___; .align 64 .Lconst: From matt at openssl.org Fri Jul 6 22:44:42 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Jul 2018 22:44:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530917082.016177.8453.nullmailer@dev.openssl.org> The branch master has been updated via c9d6fdd6f79c1725215347ad8409b1e60eaccf0c (commit) from 0edb109f97c1bbbd5961326f93b2ccf385b26674 (commit) - Log ----------------------------------------------------------------- commit c9d6fdd6f79c1725215347ad8409b1e60eaccf0c Author: Matt Caswell Date: Fri Jul 6 09:16:51 2018 +0100 Don't fail if the PSK identity doesn't match In 1.1.0 s_server if the PSK identity doesn't match what we have then a warning is printed and we continue the connection anyway. In 1.1.1, if TLSv1.3 is used and the identity doesn't match then we abort the connection. We should really be consistent with the old behaviour. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6659) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 4e8a9e2..94c1826 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -192,8 +192,11 @@ static int psk_find_session_cb(SSL *ssl, const unsigned char *identity, const SSL_CIPHER *cipher = NULL; if (strlen(psk_identity) != identity_len - || memcmp(psk_identity, identity, identity_len) != 0) - return 0; + || memcmp(psk_identity, identity, identity_len) != 0) { + BIO_printf(bio_s_out, + "PSK warning: client identity not what we expected" + " (got '%s' expected '%s')\n", identity, psk_identity); + } if (psksess != NULL) { SSL_SESSION_up_ref(psksess); From matt at openssl.org Sat Jul 7 13:04:23 2018 From: matt at openssl.org (Matt Caswell) Date: Sat, 07 Jul 2018 13:04:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1530968663.661153.12810.nullmailer@dev.openssl.org> The branch master has been updated via 74bfb980377f43367035959a2c0afb5ec501c033 (commit) via bdd92f4d9bce6c62e553f89a2556c6881fc6d5dd (commit) via 1829ff4b5e7f1d1570ea9b9e4660a1a673e5da67 (commit) via 3e0076c213ec2d1149a9a89f9bc141d1a1a44630 (commit) from c9d6fdd6f79c1725215347ad8409b1e60eaccf0c (commit) - Log ----------------------------------------------------------------- commit 74bfb980377f43367035959a2c0afb5ec501c033 Author: Matt Caswell Date: Tue Jun 26 15:21:09 2018 +0100 Remove a memset Also avoids calling EVP_MD_size() and a missing negative result check. Issue found by Coverity. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6592) commit bdd92f4d9bce6c62e553f89a2556c6881fc6d5dd Author: Matt Caswell Date: Tue Jun 26 15:12:56 2018 +0100 Check a return value for success in ec_field_size() Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6592) commit 1829ff4b5e7f1d1570ea9b9e4660a1a673e5da67 Author: Matt Caswell Date: Tue Jun 26 15:10:56 2018 +0100 Fix some Coverity issues in sm2_encrypt() Check for a negative EVP_MD_size(). Don't dereference group until we've checked if it is NULL. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6592) commit 3e0076c213ec2d1149a9a89f9bc141d1a1a44630 Author: Matt Caswell Date: Tue Jun 26 15:03:05 2018 +0100 Check md_size isn't negative before we use it Issue found by Coverity Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6592) ----------------------------------------------------------------------- Summary of changes: crypto/sm2/sm2_crypt.c | 22 ++++++++++++---------- crypto/sm2/sm2_sign.c | 11 ++++++----- crypto/sm2/sm2_za.c | 2 -- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index 0fe1dd8..aedf905 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -48,7 +48,8 @@ static size_t ec_field_size(const EC_GROUP *group) if (p == NULL || a == NULL || b == NULL) goto done; - EC_GROUP_get_curve_GFp(group, p, a, b, NULL); + if (!EC_GROUP_get_curve_GFp(group, p, a, b, NULL)) + goto done; field_size = (BN_num_bits(p) + 7) / 8; done: @@ -121,19 +122,20 @@ int sm2_encrypt(const EC_KEY *key, uint8_t *msg_mask = NULL; uint8_t *x2y2 = NULL; uint8_t *C3 = NULL; - const size_t field_size = ec_field_size(group); - const size_t C3_size = EVP_MD_size(digest); + size_t field_size; + const int C3_size = EVP_MD_size(digest); /* NULL these before any "goto done" */ ctext_struct.C2 = NULL; ctext_struct.C3 = NULL; - if (hash == NULL - || group == NULL - || order == NULL - || P == NULL - || field_size == 0 - || C3_size == 0) { + if (hash == NULL || C3_size <= 0) { + SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); + goto done; + } + + field_size = ec_field_size(group); + if (field_size == 0) { SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR); goto done; } @@ -273,7 +275,7 @@ int sm2_decrypt(const EC_KEY *key, int msg_len = 0; EVP_MD_CTX *hash = NULL; - if (field_size == 0 || hash_size == 0) + if (field_size == 0 || hash_size <= 0) goto done; memset(ptext_buf, 0xFF, *ptext_len); diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 14576ca..adde952 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -25,16 +25,17 @@ static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest, { EVP_MD_CTX *hash = EVP_MD_CTX_new(); const int md_size = EVP_MD_size(digest); - uint8_t *za = OPENSSL_zalloc(md_size); + uint8_t *za = NULL; BIGNUM *e = NULL; - if (hash == NULL || za == NULL) { - SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE); + if (md_size < 0) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST); goto done; } - if (md_size < 0) { - SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST); + za = OPENSSL_zalloc(md_size); + if (hash == NULL || za == NULL) { + SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE); goto done; } diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c index 94d0dac..8f45082 100644 --- a/crypto/sm2/sm2_za.c +++ b/crypto/sm2/sm2_za.c @@ -59,8 +59,6 @@ int sm2_compute_userid_digest(uint8_t *out, goto done; } - memset(out, 0, EVP_MD_size(digest)); - if (!EVP_DigestInit(hash, digest)) { SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EVP_LIB); goto done; From scan-admin at coverity.com Sun Jul 8 08:53:31 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 08 Jul 2018 08:53:31 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b41d10a4959f_2f7d2ab1dd750f587143b@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0znQPqxv1q2nyf1iYgzTQhBHFjhCoeZs5DTRBwSDV83xlPXp1wmfXwW4Otbwy-2B8aAv2UsObN1G2f0zbfv6dZ4FTFoXCO5Ey0MvKHGEOHsgk0x44OVoLq7j994UEQUail9Dlde4QI1SeoCoqWgrZD9ab-2F-2B2-2BAb0bqoj0ICtEQag1AF3wAAE-2BOQTvWC-2FtqMIn-2FA-3D Build ID: 218906 Analysis Summary: New defects found: 1 Defects eliminated: 7 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I0znQPqxv1q2nyf1iYgzTQhBHFjhCoeZs5DTRBwSDV83-2BfsBNHj4xQAEygv7qTzCJtULqlIs99rSt6lm52EQPqQDNhak206Z1pA1RlQWqMu3-2Bpzf57gbBmNQ18NqcyuZ1szs-2B-2BY7tdGLtQyEnuFFfFC28S7XVAcTs6xzAMBgmgeNRgJECgx5aBW-2Bv3PXQNiVKo-3D From scan-admin at coverity.com Sun Jul 8 08:56:52 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 08 Jul 2018 08:56:52 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b41d1d4b67_33552ab1dd750f5871471@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I07MAXvnISJ6Zd6Dq0N7GzWkkHdK4OU48b-2FJTX88R8tX4abr8NikKu-2BAhKipjlW3TJ7yPHtgM-2FUVhzkbKBGnsQZvihvPRtqoR8UCMYTu9F67982VVMNm3l4uyAdwdlsJitLwAGlwAnCH60yiWBQYD3LgYSGwBTRK9AMNvxs8m9AxXBl7UzctgfwLwc5POrVytQ-3D Build ID: 218908 Analysis Summary: New defects found: 0 Defects eliminated: 0 From kurt at openssl.org Sun Jul 8 16:53:55 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Sun, 08 Jul 2018 16:53:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531068835.982927.1457.nullmailer@dev.openssl.org> The branch master has been updated via 68b3cbd448e096bf3954d30de058d18615f9c257 (commit) from 74bfb980377f43367035959a2c0afb5ec501c033 (commit) - Log ----------------------------------------------------------------- commit 68b3cbd448e096bf3954d30de058d18615f9c257 Author: Kurt Roeckx Date: Sat Jul 7 10:55:18 2018 +0200 Update DRBG CHANGES section Reviewed-by: Tim Hudson Reviewed-by: Matthias St. Pierre GH: #6666 ----------------------------------------------------------------------- Summary of changes: CHANGES | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 2eb90a9..4765e0b 100644 --- a/CHANGES +++ b/CHANGES @@ -196,12 +196,12 @@ Some of its new features are: o Support for multiple DRBG instances with seed chaining. - o Add a public DRBG instance for the default RAND method. - o Add a dedicated DRBG instance for generating long term private keys. - o Make the DRBG instances fork-safe. + o The default RAND method makes use of a DRBG. + o There is a public and private DRBG instance. + o The DRBG instances are fork-safe. o Keep all global DRBG instances on the secure heap if it is enabled. - o Add a DRBG instance to every SSL instance for lock free operation - and to increase unpredictability. + o The public and private DRBG instance are per thread for lock free + operation [Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre] *) Changed Configure so it only says what it does and doesn't dump From rsalz at openssl.org Mon Jul 9 01:22:22 2018 From: rsalz at openssl.org (Rich Salz) Date: Mon, 09 Jul 2018 01:22:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531099342.589833.9720.nullmailer@dev.openssl.org> The branch master has been updated via b7b13c7ac8d92adc6d81858b7a4cf27d54bf5563 (commit) from 68b3cbd448e096bf3954d30de058d18615f9c257 (commit) - Log ----------------------------------------------------------------- commit b7b13c7ac8d92adc6d81858b7a4cf27d54bf5563 Author: Rich Salz Date: Sun Jul 8 20:32:04 2018 -0400 Update AUTHORS list, add commentary Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6602) ----------------------------------------------------------------------- Summary of changes: AUTHORS | 56 +++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 21 deletions(-) diff --git a/AUTHORS b/AUTHORS index 48211a2..ac93b2e 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,21 +1,35 @@ - Andy Polyakov - Ben Laurie - Bodo M?ller - Emilia K?sper - Eric Young - Geoff Thorpe - Holger Reif - Kurt Roeckx - Lutz J?nicke - Mark J. Cox - Matt Caswell - Nils Larsch - Paul C. Sutton - Ralf S. Engelschall - Rich Salz - Richard Levitte - Stephen Henson - Steve Marquess - Tim Hudson - Ulf M?ller - Viktor Dukhovni +# This is the list of OpenSSL authors for copyright purposes. +# +# This does not necessarily list everyone who has contributed code, since in +# some cases, their employer may be the copyright holder. To see the full list +# of contributors, see the revision history in source control. +OpenSSL Software Services, Inc. +OpenSSL Software Foundation, Inc. + +# Individuals +Andy Polyakov +Ben Laurie +Ben Kaduk +Bernd Edlinger +Bodo M??ller +David Benjamin +Emilia K??sper +Eric Young +Geoff Thorpe +Holger Reif +Kurt Roeckx +Lutz J??nicke +Mark J. Cox +Matt Caswell +Matthias St. Pierre +Nils Larsch +Paul Dale +Paul C. Sutton +Ralf S. Engelschall +Rich Salz +Richard Levitte +Stephen Henson +Steve Marquess +Tim Hudson +Ulf M??ller +Viktor Dukhovni From levitte at openssl.org Mon Jul 9 07:21:52 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Jul 2018 07:21:52 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531120912.843819.30305.nullmailer@dev.openssl.org> The branch master has been updated via 9e26532295c579afa91a3edf0864b380a5f0ec16 (commit) from b7b13c7ac8d92adc6d81858b7a4cf27d54bf5563 (commit) - Log ----------------------------------------------------------------- commit 9e26532295c579afa91a3edf0864b380a5f0ec16 Author: Richard Levitte Date: Sun Jul 8 12:00:06 2018 +0200 Keep supporting the env / make variable PERL OpenSSL 1.1.0 supports the use of this environment variable for passing to the build files. For the sake of backward compatibility, we keep it. Reviewed-by: Tim Hudson Reviewed-by: Paul Dale Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6668) ----------------------------------------------------------------------- Summary of changes: Configurations/descrip.mms.tmpl | 2 +- Configurations/unix-Makefile.tmpl | 2 +- Configurations/windows-makefile.tmpl | 2 +- Configure | 11 +++++------ 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/Configurations/descrip.mms.tmpl b/Configurations/descrip.mms.tmpl index 70e566e..0c2695d 100644 --- a/Configurations/descrip.mms.tmpl +++ b/Configurations/descrip.mms.tmpl @@ -180,7 +180,7 @@ CFLAGS={- join('', @{$config{CFLAGS}}) -} LDFLAGS={- join('', @{$config{LFLAGS}}) -} EX_LIBS={- join('', map { ",$_" } @{$config{LDLIBS}}) -} -PERL={- $config{perl} -} +PERL={- $config{PERL} -} AS={- $config{AS} -} ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 8d33e84..2423ad2 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -212,7 +212,7 @@ EX_LIBS= {- join(' ', @{$config{LDLIBS}}) -} MAKEDEPEND={- $config{makedepprog} -} -PERL={- $config{perl} -} +PERL={- $config{PERL} -} AR=$(CROSS_COMPILE){- $config{AR} -} ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -} diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 11acdf0..30fa5f9 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -173,7 +173,7 @@ LD={- $config{LD} -} LDFLAGS={- join(' ', @{$config{LDFLAGS}}) -} EX_LIBS={- join(' ', @{$config{LDLIBS}}) -} -PERL={- $config{perl} -} +PERL={- $config{PERL} -} AR={- $config{AR} -} ARFLAGS= {- join(' ', @{$config{ARFLAGS}}) -} diff --git a/Configure b/Configure index 05b798b..1b4e1d2 100755 --- a/Configure +++ b/Configure @@ -553,6 +553,7 @@ my %user = ( LDLIBS => [], # -l MT => undef, MTFLAGS => [], + PERL => env('PERL') || ($^O ne "VMS" ? $^X : "perl"), RANLIB => env('RANLIB'), RC => env('RC') || env('WINDRES'), RCFLAGS => [], @@ -1117,10 +1118,8 @@ $target{dso_extension}//=$target{shared_extension_simple}; ($target{shared_import_extension}=$target{shared_extension_simple}.".a") if ($config{target} =~ /^(?:Cygwin|mingw)/); -# Allow overriding the names of some tools. USE WITH CARE -# Note: only Unix cares about HASHBANGPERL... that explains -# the default string. -$config{perl} = ($^O ne "VMS" ? $^X : "perl"); +# Fill %config with values from %user, and in case those are undefined or +# empty, use values from %target (acting as a default). foreach (keys %user) { my $ref_type = ref $user{$_}; @@ -2459,7 +2458,7 @@ _____ if ($dump || $cmdline) { print "\nCommand line (with current working directory = $here):\n\n"; print ' ',join(' ', - $config{perl}, + $config{PERL}, catfile($config{sourcedir}, 'Configure'), @{$config{perlargv}}), "\n"; print "\nPerl information:\n\n"; @@ -3065,7 +3064,7 @@ sub run_dofile foreach (@templates) { die "Can't open $_, $!" unless -f $_; } - my $perlcmd = (quotify("maybeshell", $config{perl}))[0]; + my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"", at templates)."\" > \"$out.new\""; #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; system($cmd); From appro at openssl.org Mon Jul 9 10:38:01 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 09 Jul 2018 10:38:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531132681.377996.22746.nullmailer@dev.openssl.org> The branch master has been updated via 45197ad33ee77f3773eaefe2395072fbdd9d978c (commit) via c118fb92386cc6f81aadf2a64473e94bac938cee (commit) from 9e26532295c579afa91a3edf0864b380a5f0ec16 (commit) - Log ----------------------------------------------------------------- commit 45197ad33ee77f3773eaefe2395072fbdd9d978c Author: Andy Polyakov Date: Sun Jul 8 12:12:15 2018 +0200 modes/ocb128.c: readability and formatting improvements. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6669) commit c118fb92386cc6f81aadf2a64473e94bac938cee Author: DesWurstes Date: Sat Jul 7 12:10:53 2018 +0300 modes/ocb128.c: improve the calculation of double mask CLA: trivial Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6667) ----------------------------------------------------------------------- Summary of changes: crypto/modes/ocb128.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 76591e6..713b9aa 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -42,22 +42,13 @@ static u32 ocb_ntz(u64 n) static void ocb_block_lshift(const unsigned char *in, size_t shift, unsigned char *out) { - unsigned char shift_mask; int i; - unsigned char mask[15]; + unsigned char carry = 0, carry_next; - shift_mask = 0xff; - shift_mask <<= (8 - shift); for (i = 15; i >= 0; i--) { - if (i > 0) { - mask[i - 1] = in[i] & shift_mask; - mask[i - 1] >>= 8 - shift; - } - out[i] = in[i] << shift; - - if (i != 15) { - out[i] ^= mask[i]; - } + carry_next = in[i] >> (8 - shift); + out[i] = (in[i] << shift) | carry; + carry = carry_next; } } @@ -74,7 +65,7 @@ static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out) */ mask = in->c[0] & 0x80; mask >>= 7; - mask *= 135; + mask = (0 - mask) & 0x87; ocb_block_lshift(in->c, 1, out->c); @@ -119,8 +110,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) * the index. */ ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3; - tmp_ptr = - OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); + tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK)); if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */ return NULL; ctx->l = tmp_ptr; From rsalz at openssl.org Mon Jul 9 17:07:13 2018 From: rsalz at openssl.org (Rich Salz) Date: Mon, 09 Jul 2018 17:07:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531156033.170358.19880.nullmailer@dev.openssl.org> The branch master has been updated via 5d58e8f1710fbcf955bc949734aa8d594523276d (commit) from 45197ad33ee77f3773eaefe2395072fbdd9d978c (commit) - Log ----------------------------------------------------------------- commit 5d58e8f1710fbcf955bc949734aa8d594523276d Author: Conrad Meyer Date: Mon Jul 9 12:45:28 2018 -0400 Correctly check for cryptodev hash support The sense of the check for build-time support for most hashes was inverted. CLA: trivial Reviewed-by: Richard Levitte Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6673) ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_devcrypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c index 235e84b..27c6df4 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/crypto/engine/eng_devcrypto.c @@ -361,20 +361,20 @@ static const struct digest_data_st { #endif { NID_sha1, 20, CRYPTO_SHA1 }, #ifndef OPENSSL_NO_RMD160 -# if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_RIPEMD160) +# if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_RIPEMD160) { NID_ripemd160, 20, CRYPTO_RIPEMD160 }, # endif #endif -#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_224) +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_224) { NID_sha224, 224 / 8, CRYPTO_SHA2_224 }, #endif -#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_256) +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_256) { NID_sha256, 256 / 8, CRYPTO_SHA2_256 }, #endif -#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_384) +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_384) { NID_sha384, 384 / 8, CRYPTO_SHA2_384 }, #endif -#if !defined(CHECK_BSD_STYLE_MACROS) && defined(CRYPTO_SHA2_512) +#if !defined(CHECK_BSD_STYLE_MACROS) || defined(CRYPTO_SHA2_512) { NID_sha512, 512 / 8, CRYPTO_SHA2_512 }, #endif }; From appro at openssl.org Mon Jul 9 17:12:53 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 09 Jul 2018 17:12:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531156373.141691.21679.nullmailer@dev.openssl.org> The branch master has been updated via 750d5587d1d688df964cb37e86942da7e639d47b (commit) from 5d58e8f1710fbcf955bc949734aa8d594523276d (commit) - Log ----------------------------------------------------------------- commit 750d5587d1d688df964cb37e86942da7e639d47b Author: Andy Polyakov Date: Sun Jul 8 18:57:30 2018 +0200 apps/req.c: fix -addext option. Address even Coverity nit. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6671) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/apps/req.c b/apps/req.c index 3d89f20..066e7c6 100644 --- a/apps/req.c +++ b/apps/req.c @@ -24,7 +24,6 @@ #include #include #include -#include #include #ifndef OPENSSL_NO_RSA # include @@ -177,21 +176,22 @@ static void exts_cleanup(OPENSSL_STRING *x) static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) { char *p; + size_t off; /* Check syntax. */ - if (strchr(kv, '=') == NULL) - return 1; - /* Skip leading whitespace, make a copy. */ while (*kv && isspace(*kv)) if (*++kv == '\0') return 1; + if ((p = strchr(kv, '=')) == NULL) + return 1; + off = p - kv; if ((kv = OPENSSL_strdup(kv)) == NULL) return -1; /* Skip trailing space before the equal sign. */ - for (p = strchr(kv, '='); p > kv; --p) - if (p[-1] != ' ' && p[-1] != '\t') + for (p = kv + off; p > kv; --p) + if (!isspace(p[-1])) break; if (p == kv) { OPENSSL_free(kv); @@ -199,16 +199,13 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv) } *p = '\0'; - /* Finally have a clean "key"; see if it's there. */ - if (lh_OPENSSL_STRING_retrieve(addexts, (OPENSSL_STRING*)kv) != NULL) { - BIO_printf(bio_err, "Extension \"%s\" repeated\n", kv); - OPENSSL_free(kv); - return 1; + /* Finally have a clean "key"; see if it's there [by attempt to add it]. */ + if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv)) + != NULL || lh_OPENSSL_STRING_error(addexts)) { + OPENSSL_free(p != NULL ? p : kv); + return -1; } - /* Not found; add it. */ - if (lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv) == NULL) - return -1; return 0; } From bernd.edlinger at hotmail.de Mon Jul 9 17:19:15 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Jul 2018 17:19:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531156755.021093.23483.nullmailer@dev.openssl.org> The branch master has been updated via fb853fa245a98b3451818e43a6664219725fd43a (commit) from 750d5587d1d688df964cb37e86942da7e639d47b (commit) - Log ----------------------------------------------------------------- commit fb853fa245a98b3451818e43a6664219725fd43a Author: Bernd Edlinger Date: Thu Jul 5 15:38:28 2018 +0200 Fix minor windows build issues [extended tests] Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6661) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 30fa5f9..685a16f 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -92,20 +92,20 @@ GENERATED={- # common0.tmpl provides @generated join(" ", map { (my $x = $_) =~ s|\.[sS]$|.asm|; $x } @generated) -} -INSTALL_LIBS={- join(" ", map { lib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} -INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -} -INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} -INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_LIBS={- join(" ", map { quotify1(lib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBS={- join(" ", map { quotify1(shlib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify1(shlib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} +INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} +INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} {- output_off() if $disabled{apps}; "" -} -BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl -MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl +BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl" +MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl" {- output_on() if $disabled{apps}; "" -} APPS_OPENSSL={- use File::Spec::Functions; - catfile("apps","openssl") -} + "\"".catfile("apps","openssl")."\"" -} # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure @@ -415,7 +415,7 @@ install_dev: @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(libdir)" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) "$(libdir)" From bernd.edlinger at hotmail.de Mon Jul 9 17:24:39 2018 From: bernd.edlinger at hotmail.de (bernd.edlinger at hotmail.de) Date: Mon, 09 Jul 2018 17:24:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531157079.270910.25126.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 7725c76c3f685c306ef4f4125a8a3495e9978a68 (commit) from 03998dcc02d0d632132f4c24c99acc27507c351f (commit) - Log ----------------------------------------------------------------- commit 7725c76c3f685c306ef4f4125a8a3495e9978a68 Author: Bernd Edlinger Date: Thu Jul 5 15:38:28 2018 +0200 Fix minor windows build issues [extended tests] Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6663) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-checker.pm | 2 +- Configurations/windows-makefile.tmpl | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Configurations/windows-checker.pm b/Configurations/windows-checker.pm index de46fbc..4b7105d 100644 --- a/Configurations/windows-checker.pm +++ b/Configurations/windows-checker.pm @@ -6,7 +6,7 @@ use Config; # we expect for the platform use File::Spec::Functions qw(:DEFAULT rel2abs); -if (rel2abs('.') !~ m|\\|) { +if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) { die <{libraries}}) -} -INSTALL_SHLIBS={- join(" ", map { shlib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; shlib($_) } @{$unified_info{install}->{libraries}}) -} -INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} -INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; dso($_) } @{$unified_info{install}->{engines}}) -} -INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} -INSTALL_PROGRAMPDBS={- join(" ", map { $_.".pdb" } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_LIBS={- join(" ", map { quotify1($_.$libext) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBS={- join(" ", map { quotify1(shlib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_SHLIBPDBS={- join(" ", map { local $shlibext = ".pdb"; quotify1(shlib($_)) } @{$unified_info{install}->{libraries}}) -} +INSTALL_ENGINES={- join(" ", map { quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} +INSTALL_ENGINEPDBS={- join(" ", map { local $dsoext = ".pdb"; quotify1(dso($_)) } @{$unified_info{install}->{engines}}) -} +INSTALL_PROGRAMS={- join(" ", map { quotify1($_.$exeext) } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} +INSTALL_PROGRAMPDBS={- join(" ", map { quotify1($_.".pdb") } grep { !m|^test\\| } @{$unified_info{install}->{programs}}) -} {- output_off() if $disabled{apps}; "" -} -BIN_SCRIPTS=$(BLDDIR)\tools\c_rehash.pl -MISC_SCRIPTS=$(BLDDIR)\apps\CA.pl $(BLDDIR)\apps\tsget.pl +BIN_SCRIPTS="$(BLDDIR)\tools\c_rehash.pl" +MISC_SCRIPTS="$(BLDDIR)\apps\CA.pl" "$(BLDDIR)\apps\tsget.pl" {- output_on() if $disabled{apps}; "" -} APPS_OPENSSL={- use File::Spec::Functions; - catfile("apps","openssl") -} + "\"".catfile("apps","openssl")."\"" -} # Do not edit these manually. Use Configure with --prefix or --openssldir # to change this! Short explanation in the top comment in Configure @@ -295,7 +295,7 @@ install_dev: @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(BLDDIR)\include\openssl\*.h \ + @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(BLDDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\$(LIBDIR)" @"$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_LIBS) \ From rsalz at openssl.org Mon Jul 9 19:10:20 2018 From: rsalz at openssl.org (Rich Salz) Date: Mon, 09 Jul 2018 19:10:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531163420.765451.5743.nullmailer@dev.openssl.org> The branch master has been updated via f99648638c8340cbc0cb7ddaa54309435bda9530 (commit) from fb853fa245a98b3451818e43a6664219725fd43a (commit) - Log ----------------------------------------------------------------- commit f99648638c8340cbc0cb7ddaa54309435bda9530 Author: Rich Salz Date: Mon Jul 9 14:55:17 2018 -0400 Add tests for the "req" command, -addext flag Also fixed a memory leak found by the test. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6681) ----------------------------------------------------------------------- Summary of changes: apps/req.c | 1 + test/recipes/25-test_req.t | 34 +++++++++++++++++++--------------- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/apps/req.c b/apps/req.c index 066e7c6..48f3a3a 100644 --- a/apps/req.c +++ b/apps/req.c @@ -947,6 +947,7 @@ int req_main(int argc, char **argv) ERR_print_errors(bio_err); } NCONF_free(req_conf); + NCONF_free(addext_conf); BIO_free(addext_bio); BIO_free(in); BIO_free_all(out); diff --git a/test/recipes/25-test_req.t b/test/recipes/25-test_req.t index fa79219..b6d2335 100644 --- a/test/recipes/25-test_req.t +++ b/test/recipes/25-test_req.t @@ -15,7 +15,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_req"); -plan tests => 8; +plan tests => 9; require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -23,26 +23,30 @@ open RND, ">>", ".rnd"; print RND "string to make the random number generator think it has randomness"; close RND; -# Check for duplicate -addext parameters +# What type of key to generate? +my @req_new; +if (disabled("rsa")) { + @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); +} else { + @req_new = ("-new"); + note("There should be a 2 sequences of .'s and some +'s."); + note("There should not be more that at most 80 per line"); +} + +# Check for duplicate -addext parameters, and one "working" case. +my @addext_args = ( "openssl", "req", "-new", "-out", "testreq.pem", + "-config", srctop_file("test", "test.cnf"), @req_new ); my $val = "subjectAltName=DNS:example.com"; my $val2 = " " . $val; my $val3 = $val; $val3 =~ s/=/ =/; -ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val]))); -ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val2]))); -ok(!run(app(["openssl", "req", "-new", "-addext", $val, "-addext", $val3]))); -ok(!run(app(["openssl", "req", "-new", "-addext", $val2, "-addext", $val3]))); +ok( run(app([@addext_args, "-addext", $val]))); +ok(!run(app([@addext_args, "-addext", $val, "-addext", $val]))); +ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); +ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); +ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); subtest "generating certificate requests" => sub { - my @req_new; - if (disabled("rsa")) { - @req_new = ("-newkey", "dsa:".srctop_file("apps", "dsa512.pem")); - } else { - @req_new = ("-new"); - note("There should be a 2 sequences of .'s and some +'s."); - note("There should not be more that at most 80 per line"); - } - plan tests => 2; ok(run(app(["openssl", "req", "-config", srctop_file("test", "test.cnf"), From appro at openssl.org Tue Jul 10 10:02:55 2018 From: appro at openssl.org (Andy Polyakov) Date: Tue, 10 Jul 2018 10:02:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531216975.283618.22272.nullmailer@dev.openssl.org> The branch master has been updated via 8977880603176bea3dda1f1accae1b774d2104ac (commit) from f99648638c8340cbc0cb7ddaa54309435bda9530 (commit) - Log ----------------------------------------------------------------- commit 8977880603176bea3dda1f1accae1b774d2104ac Author: Andy Polyakov Date: Mon Jul 9 11:11:37 2018 +0200 poly1305/asm/poly1305-x86_64.pl: fix solaris64-x86_64-cc build. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6676) ----------------------------------------------------------------------- Summary of changes: crypto/poly1305/asm/poly1305-x86_64.pl | 77 +++++++++++++++++----------------- 1 file changed, 38 insertions(+), 39 deletions(-) diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl index 0b4c56e..88394b0 100755 --- a/crypto/poly1305/asm/poly1305-x86_64.pl +++ b/crypto/poly1305/asm/poly1305-x86_64.pl @@ -3753,6 +3753,44 @@ poly1305_emit_base2_44: .size poly1305_emit_base2_44,.-poly1305_emit_base2_44 ___ } } } +$code.=<<___; +.align 64 +.Lconst: +.Lmask24: +.long 0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0 +.L129: +.long `1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0 +.Lmask26: +.long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0 +.Lpermd_avx2: +.long 2,2,2,3,2,0,2,1 +.Lpermd_avx512: +.long 0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7 + +.L2_44_inp_permd: +.long 0,1,1,2,2,3,7,7 +.L2_44_inp_shift: +.quad 0,12,24,64 +.L2_44_mask: +.quad 0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff +.L2_44_shift_rgt: +.quad 44,44,42,64 +.L2_44_shift_lft: +.quad 8,8,10,64 + +.align 64 +.Lx_mask44: +.quad 0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff +.quad 0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff +.Lx_mask42: +.quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff +.quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff +___ +} +$code.=<<___; +.asciz "Poly1305 for x86_64, CRYPTOGAMS by " +.align 16 +___ { # chacha20-poly1305 helpers my ($out,$inp,$otp,$len)=$win64 ? ("%rcx","%rdx","%r8", "%r9") : # Win64 order @@ -3857,45 +3895,6 @@ xor128_decrypt_n_pad: .size xor128_decrypt_n_pad,.-xor128_decrypt_n_pad ___ } -$code.=<<___; -.align 64 -.Lconst: -.Lmask24: -.long 0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0 -.L129: -.long `1<<24`,0,`1<<24`,0,`1<<24`,0,`1<<24`,0 -.Lmask26: -.long 0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0 -.Lpermd_avx2: -.long 2,2,2,3,2,0,2,1 -.Lpermd_avx512: -.long 0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7 - -.L2_44_inp_permd: -.long 0,1,1,2,2,3,7,7 -.L2_44_inp_shift: -.quad 0,12,24,64 -.L2_44_mask: -.quad 0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff -.L2_44_shift_rgt: -.quad 44,44,42,64 -.L2_44_shift_lft: -.quad 8,8,10,64 - -.align 64 -.Lx_mask44: -.quad 0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff -.quad 0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff -.Lx_mask42: -.quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff -.quad 0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff -___ -} - -$code.=<<___; -.asciz "Poly1305 for x86_64, CRYPTOGAMS by " -.align 16 -___ # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) From levitte at openssl.org Tue Jul 10 14:09:41 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Jul 2018 14:09:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531231781.445055.22712.nullmailer@dev.openssl.org> The branch master has been updated via 3550d9159f0c89b2ae1c01e81e31649d1b357d06 (commit) from 8977880603176bea3dda1f1accae1b774d2104ac (commit) - Log ----------------------------------------------------------------- commit 3550d9159f0c89b2ae1c01e81e31649d1b357d06 Author: Richard Levitte Date: Mon Jul 9 17:31:23 2018 +0200 Avoid __GNUC__ warnings when defining DECLARE_DEPRECATED We need to check that __GNUC__ is defined before trying to use it. This demands a slightly different way to define DECLARE_DEPRECATED. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6680) ----------------------------------------------------------------------- Summary of changes: include/openssl/opensslconf.h.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 96f791e..200a11a 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -68,10 +68,12 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -#else -# define DECLARE_DEPRECATED(f) f; +#define DECLARE_DEPRECATED(f) f; +#ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif #endif #ifndef OPENSSL_FILE From levitte at openssl.org Tue Jul 10 14:32:54 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Jul 2018 14:32:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531233174.945869.26331.nullmailer@dev.openssl.org> The branch master has been updated via 4e351ca92e3a1f447cef3d2e330f13941f9412c6 (commit) via f7dce50f21c13520d36f51bed83d19d3eb0bf698 (commit) via e9bc5706744213a1a6748dbbcd1b43a6ad4ca09e (commit) from 3550d9159f0c89b2ae1c01e81e31649d1b357d06 (commit) - Log ----------------------------------------------------------------- commit 4e351ca92e3a1f447cef3d2e330f13941f9412c6 Author: Richard Levitte Date: Mon Jul 9 21:10:10 2018 +0200 util/dofile.pl: require Text::Template 1.46 or newer The reason is that we override Text::Template::append_text_to_output(), and it didn't exist before Text::Template 1.46. Fixes #6641 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6682) commit f7dce50f21c13520d36f51bed83d19d3eb0bf698 Author: Richard Levitte Date: Mon Jul 9 21:09:30 2018 +0200 Existing transfer modules must have a package and a $VERSION Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6682) commit e9bc5706744213a1a6748dbbcd1b43a6ad4ca09e Author: Richard Levitte Date: Mon Jul 9 21:07:25 2018 +0200 Make 'with_fallback' use 'use' instead of 'require' This enables us to require module versions, and to fall back to a bundled version if the system version is too low. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6682) ----------------------------------------------------------------------- Summary of changes: external/perl/transfer/Text/Template.pm | 3 +++ util/dofile.pl | 2 +- util/perl/with_fallback.pm | 6 ++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/external/perl/transfer/Text/Template.pm b/external/perl/transfer/Text/Template.pm index 7dbfe3f..fa2acc3 100644 --- a/external/perl/transfer/Text/Template.pm +++ b/external/perl/transfer/Text/Template.pm @@ -7,6 +7,9 @@ # Quick transfer to the downloaded Text::Template +package transfer::Text::Template; +$VERSION = 1.46; + BEGIN { use File::Spec::Functions; use File::Basename; diff --git a/util/dofile.pl b/util/dofile.pl index b0e2068..c3bc9ba 100644 --- a/util/dofile.pl +++ b/util/dofile.pl @@ -40,7 +40,7 @@ package OpenSSL::Template; use File::Basename; use File::Spec::Functions; use lib "$FindBin::Bin/perl"; -use with_fallback qw(Text::Template); +use with_fallback "Text::Template 1.46"; #use parent qw/Text::Template/; use vars qw/@ISA/; diff --git a/util/perl/with_fallback.pm b/util/perl/with_fallback.pm index 2af1d5f..fc5638d 100644 --- a/util/perl/with_fallback.pm +++ b/util/perl/with_fallback.pm @@ -8,15 +8,17 @@ package with_fallback; sub import { + shift; + use File::Basename; use File::Spec::Functions; foreach (@_) { - eval "require $_"; + eval "use $_"; if ($@) { unshift @INC, catdir(dirname(__FILE__), "..", "..", "external", "perl"); my $transfer = "transfer::$_"; - eval "require $transfer"; + eval "use $transfer"; shift @INC; warn $@ if $@; } From levitte at openssl.org Tue Jul 10 14:35:01 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Jul 2018 14:35:01 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531233301.475973.27466.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 356d63458279f05e361de5f69f8d8acb75ada925 (commit) via 374976ee64d31bee04bbd2548df7c0b2ecc10000 (commit) via 546574ba92cae095fd1b4c7366c3b5bde4a58383 (commit) from 7725c76c3f685c306ef4f4125a8a3495e9978a68 (commit) - Log ----------------------------------------------------------------- commit 356d63458279f05e361de5f69f8d8acb75ada925 Author: Richard Levitte Date: Mon Jul 9 21:10:10 2018 +0200 util/dofile.pl: require Text::Template 1.46 or newer The reason is that we override Text::Template::append_text_to_output(), and it didn't exist before Text::Template 1.46. Fixes #6641 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit 4e351ca92e3a1f447cef3d2e330f13941f9412c6) commit 374976ee64d31bee04bbd2548df7c0b2ecc10000 Author: Richard Levitte Date: Mon Jul 9 21:09:30 2018 +0200 Existing transfer modules must have a package and a $VERSION Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit f7dce50f21c13520d36f51bed83d19d3eb0bf698) commit 546574ba92cae095fd1b4c7366c3b5bde4a58383 Author: Richard Levitte Date: Mon Jul 9 21:07:25 2018 +0200 Make 'with_fallback' use 'use' instead of 'require' This enables us to require module versions, and to fall back to a bundled version if the system version is too low. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6682) (cherry picked from commit e9bc5706744213a1a6748dbbcd1b43a6ad4ca09e) ----------------------------------------------------------------------- Summary of changes: external/perl/transfer/Text/Template.pm | 3 +++ util/dofile.pl | 2 +- util/perl/with_fallback.pm | 6 ++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/external/perl/transfer/Text/Template.pm b/external/perl/transfer/Text/Template.pm index 7dbfe3f..fa2acc3 100644 --- a/external/perl/transfer/Text/Template.pm +++ b/external/perl/transfer/Text/Template.pm @@ -7,6 +7,9 @@ # Quick transfer to the downloaded Text::Template +package transfer::Text::Template; +$VERSION = 1.46; + BEGIN { use File::Spec::Functions; use File::Basename; diff --git a/util/dofile.pl b/util/dofile.pl index a932941..4533c13 100644 --- a/util/dofile.pl +++ b/util/dofile.pl @@ -40,7 +40,7 @@ package OpenSSL::Template; use File::Basename; use File::Spec::Functions; use lib "$FindBin::Bin/perl"; -use with_fallback qw(Text::Template); +use with_fallback "Text::Template 1.46"; #use parent qw/Text::Template/; use vars qw/@ISA/; diff --git a/util/perl/with_fallback.pm b/util/perl/with_fallback.pm index 2af1d5f..fc5638d 100644 --- a/util/perl/with_fallback.pm +++ b/util/perl/with_fallback.pm @@ -8,15 +8,17 @@ package with_fallback; sub import { + shift; + use File::Basename; use File::Spec::Functions; foreach (@_) { - eval "require $_"; + eval "use $_"; if ($@) { unshift @INC, catdir(dirname(__FILE__), "..", "..", "external", "perl"); my $transfer = "transfer::$_"; - eval "require $transfer"; + eval "use $transfer"; shift @INC; warn $@ if $@; } From levitte at openssl.org Tue Jul 10 17:48:44 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Jul 2018 17:48:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531244924.406804.12195.nullmailer@dev.openssl.org> The branch master has been updated via 4431107d6c430950c2c2e19c03b8dff6355ccfdb (commit) from 4e351ca92e3a1f447cef3d2e330f13941f9412c6 (commit) - Log ----------------------------------------------------------------- commit 4431107d6c430950c2c2e19c03b8dff6355ccfdb Author: Richard Levitte Date: Tue Jul 10 19:11:06 2018 +0200 Guard DECLARE_DEPRECATED against multiple includes of opensslconf.h Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6689) ----------------------------------------------------------------------- Summary of changes: include/openssl/opensslconf.h.in | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 200a11a..b793d48 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -68,11 +68,13 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#define DECLARE_DEPRECATED(f) f; -#ifdef __GNUC__ -# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# undef DECLARE_DEPRECATED -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +#ifndef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif # endif #endif From paul.dale at oracle.com Tue Jul 10 23:13:16 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 10 Jul 2018 23:13:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531264396.791635.9905.nullmailer@dev.openssl.org> The branch master has been updated via c9ecb13191fe902c1e78e3bca7c36c293bba4bc6 (commit) from 4431107d6c430950c2c2e19c03b8dff6355ccfdb (commit) - Log ----------------------------------------------------------------- commit c9ecb13191fe902c1e78e3bca7c36c293bba4bc6 Author: Pauli Date: Wed Jul 4 09:30:43 2018 +1000 NCONF_get_number refix. Fix the NULL check lack in a different way that is more compatible with non-NULL branch. Refer #6632 Also mark and pop the error stack instead of clearing all errors when something goes awry in CONF_get_number. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6643) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_err.c | 1 + crypto/conf/conf_lib.c | 44 ++++++++++++++++++++++++++++++++------------ crypto/err/openssl.txt | 1 + include/openssl/conferr.h | 1 + test/conf_include_test.c | 26 ++++++++++++++++++++++++++ 5 files changed, 61 insertions(+), 12 deletions(-) diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index 01f98da..f761358 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -60,6 +60,7 @@ static const ERR_STRING_DATA CONF_str_reasons[] = { {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), "recursive directory include"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 5f976f3..1833b15 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -11,6 +11,7 @@ #include #include #include "internal/conf.h" +#include "internal/ctype.h" #include #include #include @@ -123,6 +124,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, int status; long result = 0; + ERR_set_mark(); if (conf == NULL) { status = NCONF_get_number_e(NULL, group, name, &result); } else { @@ -130,12 +132,8 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, CONF_set_nconf(&ctmp, conf); status = NCONF_get_number_e(&ctmp, group, name, &result); } - - if (status == 0) { - /* This function does not believe in errors... */ - ERR_clear_error(); - } - return result; + ERR_pop_to_mark(); + return status == 0 ? 0L : result; } void CONF_free(LHASH_OF(CONF_VALUE) *conf) @@ -277,10 +275,23 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name) return NULL; } +static int default_is_number(const CONF *conf, char c) +{ + return ossl_isdigit(c); +} + +static int default_to_int(const CONF *conf, char c) +{ + return (int)(c - '0'); +} + int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, long *result) { char *str; + long res; + int (*is_number)(const CONF *, char) = &default_is_number; + int (*to_int)(const CONF *, char) = &default_to_int; if (result == NULL) { CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER); @@ -292,14 +303,23 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, if (str == NULL) return 0; - if (conf == NULL) - *result = strtol(str, &str, 10); - else - for (*result = 0; conf->meth->is_number(conf, *str);) { - *result = (*result) * 10 + conf->meth->to_int(conf, *str); - str++; + if (conf != NULL) { + if (conf->meth->is_number != NULL) + is_number = conf->meth->is_number; + if (conf->meth->to_int != NULL) + to_int = conf->meth->to_int; + } + for (res = 0; is_number(conf, *str); str++) { + const int d = to_int(conf, *str); + + if (res > (LONG_MAX - d) / 10L) { + CONFerr(CONF_F_NCONF_GET_NUMBER_E, CONF_R_NUMBER_TOO_LARGE); + return 0; } + res = res * 10 + d; + } + *result = res; return 1; } diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index ee68388..007560a 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2012,6 +2012,7 @@ CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE:106:no conf or environment variable CONF_R_NO_SECTION:107:no section CONF_R_NO_SUCH_FILE:114:no such file CONF_R_NO_VALUE:108:no value +CONF_R_NUMBER_TOO_LARGE:121:number too large CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h index 4574636..d1c92f4 100644 --- a/include/openssl/conferr.h +++ b/include/openssl/conferr.h @@ -58,6 +58,7 @@ int ERR_load_CONF_strings(void); # define CONF_R_NO_SECTION 107 # define CONF_R_NO_SUCH_FILE 114 # define CONF_R_NO_VALUE 108 +# define CONF_R_NUMBER_TOO_LARGE 121 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 # define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 diff --git a/test/conf_include_test.c b/test/conf_include_test.c index ba79d2c..ee02d9b 100644 --- a/test/conf_include_test.c +++ b/test/conf_include_test.c @@ -153,6 +153,31 @@ static int test_check_null_numbers(void) return 1; } +static int test_check_overflow(void) +{ +#if defined(_BSD_SOURCE) \ + || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) \ + || (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600) + long val = 0; + char max[(sizeof(long) * 8) / 3 + 3]; + char *p; + + p = max + sprintf(max, "0%ld", LONG_MAX) - 1; + setenv("FNORD", max, 1); + if (!TEST_true(NCONF_get_number(NULL, "missing", "FNORD", &val)) + || !TEST_long_eq(val, LONG_MAX)) + return 0; + + while (++*p > '9') + *p-- = '0'; + + setenv("FNORD", max, 1); + if (!TEST_false(NCONF_get_number(NULL, "missing", "FNORD", &val))) + return 0; +#endif + return 1; +} + int setup_tests(void) { const char *conf_file; @@ -181,6 +206,7 @@ int setup_tests(void) ADD_TEST(test_load_config); ADD_TEST(test_check_null_numbers); + ADD_TEST(test_check_overflow); return 1; } From levitte at openssl.org Wed Jul 11 12:49:09 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 11 Jul 2018 12:49:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531313349.820773.1187.nullmailer@dev.openssl.org> The branch master has been updated via 1b6a0a261e22eb5a574bdb75da208817ffa2fbba (commit) via 9abce88b4b0055d6238a838aa00360152e185f02 (commit) from c9ecb13191fe902c1e78e3bca7c36c293bba4bc6 (commit) - Log ----------------------------------------------------------------- commit 1b6a0a261e22eb5a574bdb75da208817ffa2fbba Author: Richard Levitte Date: Wed Jul 11 11:05:15 2018 +0200 Windows: avoid using 'rem' in the nmake makefile To avoid the possibility that someone creates rem.exe, rem.bat or rem.cmd, simply don't use it. In the cases it was used, it was to avoid empty lines, but it turns out that nmake handles those fine, so no harm done. Reviewed-by: Andy Polyakov Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6686) commit 9abce88b4b0055d6238a838aa00360152e185f02 Author: Richard Levitte Date: Tue Jul 10 14:12:33 2018 +0200 Windows: fix echo for nmake It seems that nmake first tries to run executables on its own, and only pass commands to cmd if that fails. That means it's possible to have nmake run something like 'echo.exe' when the builtin 'echo' command was expected, which might give us unexpected results. To get around this, we create our own echoing script and call it explicitly from the nmake makefile. Fixes #6670 Reviewed-by: Andy Polyakov Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6686) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 62 ++++++++++++++++++------------------ util/echo.pl | 12 +++++++ 2 files changed, 43 insertions(+), 31 deletions(-) create mode 100644 util/echo.pl diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index 685a16f..76efa41 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -186,6 +186,8 @@ ASFLAGS={- join(' ', @{$config{ASFLAGS}}) -} RC={- $config{RC} -} +ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl" + ##### Special command flags ########################################## COUTFLAG={- $target{coutflag} -}$(OSSL_EMPTY) @@ -319,15 +321,15 @@ build_apps build_tests: build_programs # Convenience target to prebuild all generated files, not just the mandatory # ones build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) - @rem {- output_off() if $disabled{makedepend}; "" -} - @echo "Warning: consider configuring with no-makedepend, because if" - @echo " target system doesn't have $(PERL)," - @echo " then make will fail..." - @rem {- output_on() if $disabled{makedepend}; "" -} + @{- output_off() if $disabled{makedepend}; "" -} + @$(ECHO) "Warning: consider configuring with no-makedepend, because if" + @$(ECHO) " target system doesn't have $(PERL)," + @$(ECHO) " then make will fail..." + @{- output_on() if $disabled{makedepend}; "" -} test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep - @rem {- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "" -} -mkdir $(BLDDIR)\test\test-runs set SRCTOP=$(SRCDIR) set BLDTOP=$(BLDDIR) @@ -336,17 +338,17 @@ test: tests set OPENSSL_ENGINES=$(MAKEDIR)\engines set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) - @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @rem {- output_on() if !$disabled{tests}; "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @$(ECHO) "Tests are not supported with your chosen Configure options" + @{- output_on() if !$disabled{tests}; "" -} list-tests: - @rem {- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "" -} @set SRCTOP=$(SRCDIR) @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list - @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @rem {- output_on() if !$disabled{tests}; "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @$(ECHO) "Tests are not supported with your chosen Configure options" + @{- output_on() if !$disabled{tests}; "" -} install: install_sw install_ssldirs install_docs @@ -373,9 +375,9 @@ distclean: clean -del /Q /F makefile depend: - @ rem {- output_off() if $disabled{makedepend}; "" -} + @ {- output_off() if $disabled{makedepend}; "" -} @ "$(PERL)" "$(SRCDIR)\util\add-depends.pl" "VC" - @ rem {- output_on() if $disabled{makedepend}; "" -} + @ {- output_on() if $disabled{makedepend}; "" -} # Install helper targets ############################################# @@ -405,13 +407,13 @@ install_ssldirs: "$(OPENSSLDIR)\ct_log_list.cnf" install_dev: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing development files + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -} + @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -} + @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$config{defines}}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @@ -425,8 +427,8 @@ install_dev: uninstall_dev: install_engines: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing engines + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing engines" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)" @if not "$(ENGINES)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)" @@ -436,8 +438,8 @@ install_engines: uninstall_engines: install_runtime: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing runtime files + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing runtime files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" @if not "$(SHLIBS)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin" @@ -462,13 +464,13 @@ uninstall_html_docs: # Building targets ################################################### configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} - @echo "Detected changed: $?" + @$(ECHO) "Detected changed: $?" "$(PERL)" configdata.pm -r - @echo "**************************************************" - @echo "*** ***" - @echo "*** Please run the same make command again ***" - @echo "*** ***" - @echo "**************************************************" + @$(ECHO) "**************************************************" + @$(ECHO) "*** ***" + @$(ECHO) "*** Please run the same make command again ***" + @$(ECHO) "*** ***" + @$(ECHO) "**************************************************" @exit 1 reconfigure reconf: @@ -740,8 +742,6 @@ EOF foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { if (dirname($prod) eq $dir) { push @deps, $prod.$extinfo{$type}; - } else { - push @actions, "\t at rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}}); } } } diff --git a/util/echo.pl b/util/echo.pl new file mode 100644 index 0000000..d90e521 --- /dev/null +++ b/util/echo.pl @@ -0,0 +1,12 @@ +#! /usr/bin/perl + +use strict; +use warnings; +use Getopt::Std; + +our $opt_n = 0; + +getopts('n') or die "Invalid option: $!\n"; + +print join(' ', @ARGV); +print "\n" unless $opt_n; From levitte at openssl.org Wed Jul 11 12:55:28 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 11 Jul 2018 12:55:28 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531313728.063007.2838.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 5c06c7d748161697642bd4d1369acad4297abb3c (commit) via 566e333e52998e478ac6928c5d06bd89f4b37aba (commit) from 356d63458279f05e361de5f69f8d8acb75ada925 (commit) - Log ----------------------------------------------------------------- commit 5c06c7d748161697642bd4d1369acad4297abb3c Author: Richard Levitte Date: Wed Jul 11 11:05:15 2018 +0200 Windows: avoid using 'rem' in the nmake makefile To avoid the possibility that someone creates rem.exe, rem.bat or rem.cmd, simply don't use it. In the cases it was used, it was to avoid empty lines, but it turns out that nmake handles those fine, so no harm done. Reviewed-by: Andy Polyakov Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6686) (cherry picked from commit 1b6a0a261e22eb5a574bdb75da208817ffa2fbba) commit 566e333e52998e478ac6928c5d06bd89f4b37aba Author: Richard Levitte Date: Tue Jul 10 14:12:33 2018 +0200 Windows: fix echo for nmake It seems that nmake first tries to run executables on its own, and only pass commands to cmd if that fails. That means it's possible to have nmake run something like 'echo.exe' when the builtin 'echo' command was expected, which might give us unexpected results. To get around this, we create our own echoing script and call it explicitly from the nmake makefile. Fixes #6670 Reviewed-by: Andy Polyakov Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6686) (cherry picked from commit 9abce88b4b0055d6238a838aa00360152e185f02) ----------------------------------------------------------------------- Summary of changes: Configurations/windows-makefile.tmpl | 51 ++++++++++++++++++------------------ util/echo.pl | 12 +++++++++ 2 files changed, 38 insertions(+), 25 deletions(-) create mode 100644 util/echo.pl diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl index bd9868b..af11ff4 100644 --- a/Configurations/windows-makefile.tmpl +++ b/Configurations/windows-makefile.tmpl @@ -182,6 +182,9 @@ MTOUTFLAG={- $target{mtoutflag} || "-outputresource:" -}$(OSSL_EMPTY) AS={- $target{as} -} ASFLAGS={- $target{asflags} -} ASOUTFLAG={- $target{asoutflag} -}$(OSSL_EMPTY) + +ECHO="$(PERL)" "$(SRCDIR)\util\echo.pl" + PERLASM_SCHEME= {- $target{perlasm_scheme} -} PROCESSOR= {- $config{processor} -} @@ -207,7 +210,7 @@ build_all_generated: $(GENERATED_MANDATORY) $(GENERATED) test: tests {- dependmagic('tests'); -}: build_programs_nodep build_engines_nodep - @rem {- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "" -} -mkdir $(BLDDIR)\test\test-runs set SRCTOP=$(SRCDIR) set BLDTOP=$(BLDDIR) @@ -216,17 +219,17 @@ test: tests set OPENSSL_ENGINES=$(MAKEDIR)\engines set OPENSSL_DEBUG_MEMORY=on "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS) - @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @rem {- output_on() if !$disabled{tests}; "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @$(ECHO) "Tests are not supported with your chosen Configure options" + @{- output_on() if !$disabled{tests}; "" -} list-tests: - @rem {- output_off() if $disabled{tests}; "" -} + @{- output_off() if $disabled{tests}; "" -} @set SRCTOP=$(SRCDIR) @"$(PERL)" "$(SRCDIR)\test\run_tests.pl" list - @rem {- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} - @echo "Tests are not supported with your chosen Configure options" - @rem {- output_on() if !$disabled{tests}; "" -} + @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} + @$(ECHO) "Tests are not supported with your chosen Configure options" + @{- output_on() if !$disabled{tests}; "" -} install: install_sw install_ssldirs install_docs @@ -285,13 +288,13 @@ install_ssldirs: "$(OPENSSLDIR)\misc" install_dev: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing development files + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing development files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\include\openssl" - @rem {- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @{- output_off() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(SRCDIR)\ms\applink.c" \ "$(INSTALLTOP)\include\openssl" - @rem {- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} + @{- output_on() unless grep { $_ eq "OPENSSL_USE_APPLINK" } @{$target{defines}}; "" -} @"$(PERL)" "$(SRCDIR)\util\copy.pl" "-exclude_re=/__DECC_" \ "$(SRCDIR)\include\openssl\*.h" \ "$(INSTALLTOP)\include\openssl" @@ -307,8 +310,8 @@ install_dev: uninstall_dev: install_engines: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing engines + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing engines" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(ENGINESDIR)" @if not "$(ENGINES)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_ENGINES) "$(ENGINESDIR)" @@ -318,8 +321,8 @@ install_engines: uninstall_engines: install_runtime: - @if "$(INSTALLTOP)"=="" ( echo INSTALLTOP should not be empty & exit 1 ) - @echo *** Installing runtime files + @if "$(INSTALLTOP)"=="" ( $(ECHO) "INSTALLTOP should not be empty" & exit 1 ) + @$(ECHO) "*** Installing runtime files" @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(INSTALLTOP)\bin" @if not "$(SHLIBS)"=="" \ "$(PERL)" "$(SRCDIR)\util\copy.pl" $(INSTALL_SHLIBS) "$(INSTALLTOP)\bin" @@ -344,14 +347,14 @@ uninstall_html_docs: # Building targets ################################################### configdata.pm: "$(SRCDIR)\Configure" {- join(" ", map { '"'.$_.'"' } @{$config{build_file_templates}}, @{$config{build_infos}}, @{$config{conf_files}}) -} - @echo "Detected changed: $?" - @echo "Reconfiguring..." + @$(ECHO) "Detected changed: $?" + @$(ECHO) "Reconfiguring..." "$(PERL)" "$(SRCDIR)\Configure" reconf - @echo "**************************************************" - @echo "*** ***" - @echo "*** Please run the same make command again ***" - @echo "*** ***" - @echo "**************************************************" + @$(ECHO) "**************************************************" + @$(ECHO) "*** ***" + @$(ECHO) "*** Please run the same make command again ***" + @$(ECHO) "*** ***" + @$(ECHO) "**************************************************" @exit 1 {- @@ -605,8 +608,6 @@ EOF foreach my $prod (@{$unified_info{dirinfo}->{$dir}->{products}->{$type}}) { if (dirname($prod) eq $dir) { push @deps, $prod.$extinfo{$type}; - } else { - push @actions, "\t at rem No support to produce $type ".join(", ", @{$unified_info{dirinfo}->{$dir}->{products}->{$type}}); } } } diff --git a/util/echo.pl b/util/echo.pl new file mode 100644 index 0000000..d90e521 --- /dev/null +++ b/util/echo.pl @@ -0,0 +1,12 @@ +#! /usr/bin/perl + +use strict; +use warnings; +use Getopt::Std; + +our $opt_n = 0; + +getopts('n') or die "Invalid option: $!\n"; + +print join(' ', @ARGV); +print "\n" unless $opt_n; From levitte at openssl.org Wed Jul 11 13:34:08 2018 From: levitte at openssl.org (Richard Levitte) Date: Wed, 11 Jul 2018 13:34:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531316048.443354.8841.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via dcb8333087d56eef97c482aabb506b8be8299cde (commit) from 5c06c7d748161697642bd4d1369acad4297abb3c (commit) - Log ----------------------------------------------------------------- commit dcb8333087d56eef97c482aabb506b8be8299cde Author: Richard Levitte Date: Tue Jul 10 16:05:55 2018 +0200 Avoid __GNUC__ warnings when defining DECLARE_DEPRECATED We need to check that __GNUC__ is defined before trying to use it. This demands a slightly different way to define DECLARE_DEPRECATED. Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6688) ----------------------------------------------------------------------- Summary of changes: include/openssl/opensslconf.h.in | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index 9f8634a..17807fb 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -68,12 +68,18 @@ extern "C" { * still won't see them if the library has been built to disable deprecated * functions. */ -#if defined(OPENSSL_NO_DEPRECATED) -# define DECLARE_DEPRECATED(f) -#elif __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) -# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); -#else -# define DECLARE_DEPRECATED(f) f; +#ifndef DECLARE_DEPRECATED +# if defined(OPENSSL_NO_DEPRECATED) +# define DECLARE_DEPRECATED(f) +# else +# define DECLARE_DEPRECATED(f) f; +# ifdef __GNUC__ +# if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0) +# undef DECLARE_DEPRECATED +# define DECLARE_DEPRECATED(f) f __attribute__ ((deprecated)); +# endif +# endif +# endif #endif #ifndef OPENSSL_FILE From no-reply at appveyor.com Wed Jul 11 20:27:15 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 11 Jul 2018 20:27:15 +0000 Subject: [openssl-commits] Build failed: openssl master.18915 Message-ID: <20180711202715.1.71D59ADD42BDCB87@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 11 21:05:08 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 11 Jul 2018 21:05:08 +0000 Subject: [openssl-commits] Build completed: openssl master.18916 Message-ID: <20180711210508.1.2971A074C8B3D2DB@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Thu Jul 12 12:27:10 2018 From: levitte at openssl.org (Richard Levitte) Date: Thu, 12 Jul 2018 12:27:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531398430.988313.25317.nullmailer@dev.openssl.org> The branch master has been updated via 7da84e0f0088fc9d575039fb173f12af0ae25832 (commit) from 1b6a0a261e22eb5a574bdb75da208817ffa2fbba (commit) - Log ----------------------------------------------------------------- commit 7da84e0f0088fc9d575039fb173f12af0ae25832 Author: Patrick Steuer Date: Fri Feb 2 11:09:25 2018 +0100 apps/speed.c: let EVP_Update_loop_ccm behave more like EVP_Update_loop Signed-off-by: Patrick Steuer Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5246) ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index 181873c..2c792bd 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -903,14 +903,18 @@ static int EVP_Update_loop(void *args) if (decrypt) { for (count = 0; COND(nb_iter); count++) { rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - if (rc != 1) + if (rc != 1) { + /* reset iv in case of counter overflow */ EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); + } } } else { for (count = 0; COND(nb_iter); count++) { rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - if (rc != 1) + if (rc != 1) { + /* reset iv in case of counter overflow */ EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1); + } } } if (decrypt) @@ -937,20 +941,24 @@ static int EVP_Update_loop_ccm(void *args) #endif if (decrypt) { for (count = 0; COND(nb_iter); count++) { - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag); - EVP_DecryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); + /* reset iv */ + EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv); + /* counter is reset on every update */ EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - EVP_DecryptFinal_ex(ctx, buf, &outl); } } else { for (count = 0; COND(nb_iter); count++) { - EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv); + /* restore iv length field */ EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]); + /* counter is reset on every update */ EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]); - EVP_EncryptFinal_ex(ctx, buf, &outl); } } + if (decrypt) + EVP_DecryptFinal_ex(ctx, buf, &outl); + else + EVP_EncryptFinal_ex(ctx, buf, &outl); return count; } From appro at openssl.org Thu Jul 12 12:54:50 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 12 Jul 2018 12:54:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531400090.050540.29018.nullmailer@dev.openssl.org> The branch master has been updated via 71883868ea5b33416ae8283bcc38dd2d97e5006b (commit) via 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb (commit) via 6c90182a5f87af1a1e462536e7123ad2afb84c43 (commit) via 3c97e4121ecec20cfac433883cd4709580a05620 (commit) via e42395e637c3507b80b25c7ed63236898822d2f1 (commit) from 7da84e0f0088fc9d575039fb173f12af0ae25832 (commit) - Log ----------------------------------------------------------------- commit 71883868ea5b33416ae8283bcc38dd2d97e5006b Author: Andy Polyakov Date: Fri Jul 6 15:13:15 2018 +0200 bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors. Note that exported functions maintain original behaviour, so that external callers won't observe difference. While internally we can now perform Montogomery multiplication on fixed-length vectors, fixed at modulus size. The new functions, bn_to_mont_fixed_top and bn_mul_mont_fixed_top, are declared in bn_int.h, because one can use them even outside bn, e.g. in RSA, DSA, ECDSA... Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) commit 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb Author: Andy Polyakov Date: Fri Jul 6 15:02:29 2018 +0200 bn/bn_lib.c: add BN_FLG_FIXED_TOP flag. The new flag marks vectors that were not treated with bn_correct_top, in other words such vectors are permitted to be zero padded. For now it's BN_DEBUG-only flag, as initial use case for zero-padded vectors would be controlled Montgomery multiplication/exponentiation, not general purpose. For general purpose use another type might be more appropriate. Advantage of this suggestion is that it's possible to back-port it... bn/bn_div.c: fix memory sanitizer problem. bn/bn_sqr.c: harmonize with BN_mul. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) commit 6c90182a5f87af1a1e462536e7123ad2afb84c43 Author: Andy Polyakov Date: Fri Jul 6 14:54:34 2018 +0200 bn/bn_mont.c: improve readability of post-condition code. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) commit 3c97e4121ecec20cfac433883cd4709580a05620 Author: Andy Polyakov Date: Fri Jul 6 13:46:07 2018 +0200 bn/bn_mont.c: move boundary condition check closer to caller. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) commit e42395e637c3507b80b25c7ed63236898822d2f1 Author: Andy Polyakov Date: Fri Jul 6 13:16:40 2018 +0200 bn/bn_lib.c: remove bn_check_top from bn_expand2. Trouble is that addition is postponing expansion till carry is calculated, and if addition carries, top word can be zero, which triggers assertion in bn_check_top. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_div.c | 1 + crypto/bn/bn_exp.c | 47 ++++++++++++++++-------------- crypto/bn/bn_lcl.h | 20 +++++++++++-- crypto/bn/bn_lib.c | 20 +++++++------ crypto/bn/bn_mont.c | 63 +++++++++++++++++++++++++++------------- crypto/bn/bn_sqr.c | 10 ++----- crypto/include/internal/bn_int.h | 12 ++++++++ 7 files changed, 112 insertions(+), 61 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index b9b85fd..464a444 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -234,6 +234,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.neg = 0; wnum.d = &(snum->d[loop]); wnum.top = div_n; + wnum.flags = BN_FLG_STATIC_DATA; /* * only needed when BN_ucmp messes up the values between top and max */ diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 10d3912..4e24c94 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -361,17 +361,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; goto err; } - if (!BN_to_montgomery(val[0], aa, mont, ctx)) + if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) + if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) + !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) goto err; } } @@ -393,19 +393,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, for (i = 1; i < j; i++) r->d[i] = (~m->d[i]) & BN_MASK2; r->top = j; - /* - * Upper words will be zero if the corresponding words of 'm' were - * 0xfff[...], so decrement r->top accordingly. - */ - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; } else #endif - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) goto err; for (;;) { if (BN_is_bit_set(p, wstart) == 0) { if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } if (wstart == 0) @@ -436,12 +432,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx)) goto err; /* move the 'window' down further */ @@ -451,6 +447,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (wstart < 0) break; } + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { j = mont->N.top; /* borrow j */ @@ -575,7 +576,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, } b->top = top; - bn_correct_top(b); + b->flags |= BN_FLG_FIXED_TOP; return 1; } @@ -747,16 +748,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.top = top; } else #endif - if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) goto err; /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { if (!BN_nnmod(&am, a, m, ctx)) goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) + if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) + } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; #if defined(SPARC_T4_MONT) @@ -1034,14 +1035,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * performance advantage of sqr over mul). */ if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, window)) goto err; for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, window)) @@ -1072,7 +1073,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* Square the result window-size times */ for (i = 0; i < window; i++) - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; /* @@ -1095,12 +1096,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx)) goto err; } } - /* Convert the final result from montgomery to standard format */ + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { am.d[0] = 1; /* borrow am */ diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index f57c87d..0d3a8bf 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -141,6 +141,16 @@ */ # ifdef BN_DEBUG +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 # include # ifdef BN_DEBUG_RAND # define bn_pollute(a) \ @@ -165,8 +175,10 @@ do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - assert(((_bnum2->top == 0) && !_bnum2->neg) || \ - (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ + int top = _bnum2->top; \ + assert((top == 0 && !_bnum2->neg) || \ + (top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -185,6 +197,7 @@ # else /* !BN_DEBUG */ +# define BN_FLG_FIXED_TOP 0 # define bn_pollute(a) # define bn_check_top(a) # define bn_fix_top(a) bn_correct_top(a) @@ -216,7 +229,8 @@ struct bignum_st { /* Used for montgomery multiplication */ struct bn_mont_ctx_st { int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM RR; /* used to convert to montgomery form, + possibly zero-padded */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only * stored for bignum algorithm) */ diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 5bb996e..b42df82 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -209,8 +209,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) { BN_ULONG *a = NULL; - bn_check_top(b); - if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); return NULL; @@ -245,8 +243,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BIGNUM *bn_expand2(BIGNUM *b, int words) { - bn_check_top(b); - if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); if (!a) @@ -259,7 +255,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) b->dmax = words; } - bn_check_top(b); return b; } @@ -294,15 +289,17 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) if (b->top > 0) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); - a->top = b->top; a->neg = b->neg; + a->top = b->top; + a->flags |= b->flags & BN_FLG_FIXED_TOP; bn_check_top(a); return a; } #define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ | BN_FLG_CONSTTIME \ - | BN_FLG_SECURE)) + | BN_FLG_SECURE \ + | BN_FLG_FIXED_TOP)) #define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) void BN_swap(BIGNUM *a, BIGNUM *b) @@ -343,8 +340,9 @@ void BN_clear(BIGNUM *a) bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } BN_ULONG BN_get_word(const BIGNUM *a) @@ -365,6 +363,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->neg = 0; a->d[0] = w; a->top = (w ? 1 : 0); + a->flags &= ~BN_FLG_FIXED_TOP; bn_check_top(a); return 1; } @@ -601,6 +600,7 @@ int BN_set_bit(BIGNUM *a, int n) for (k = a->top; k < i + 1; k++) a->d[k] = 0; a->top = i + 1; + a->flags &= ~BN_FLG_FIXED_TOP; } a->d[i] |= (((BN_ULONG)1) << j); @@ -833,8 +833,9 @@ int BN_security_bits(int L, int N) void BN_zero_ex(BIGNUM *a) { - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) @@ -958,5 +959,6 @@ void bn_correct_top(BIGNUM *a) } if (a->top == 0) a->neg = 0; + a->flags &= ~BN_FLG_FIXED_TOP; bn_pollute(a); } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 5e068c4..683e8e9 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -20,29 +20,43 @@ #define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { + int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) +{ BIGNUM *tmp; int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) int num = mont->N.top; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return 0; if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; return 1; } } #endif + if ((a->top + b->top) > 2 * num) + return 0; + BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) @@ -58,13 +72,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ #ifdef MONT_WORD - if (!BN_from_montgomery_word(r, tmp, mont)) + if (!bn_from_montgomery_word(r, tmp, mont)) goto err; #else if (!BN_from_montgomery(r, tmp, mont, ctx)) goto err; #endif - bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -72,7 +85,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; @@ -95,12 +108,11 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) /* clear the top words of T */ i = max - r->top; - if (i < 0) - return 0; if (i) memset(&rp[r->top], 0, sizeof(*rp) * i); r->top = max; + r->flags |= BN_FLG_FIXED_TOP; n0 = mont->n0[0]; /* @@ -119,6 +131,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) if (bn_wexpand(ret, nl) == NULL) return 0; ret->top = nl; + ret->flags |= BN_FLG_FIXED_TOP; ret->neg = r->neg; rp = ret->d; @@ -129,20 +142,16 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) */ ap = &(r->d[nl]); + carry -= bn_sub_words(rp, ap, np, nl); /* - * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| - * cannot be -1. That would imply the subtraction did not fit in |nl| words, - * and we know at most one subtraction is needed. + * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note + * |carry| cannot be 1. That would imply the subtraction did not fit in + * |nl| words, and we know at most one subtraction is needed. */ - v = bn_sub_words(rp, ap, np, nl) - carry; - v = 0 - v; for (i = 0; i < nl; i++) { - rp[i] = (v & ap[i]) | (~v & rp[i]); + rp[i] = (carry & ap[i]) | (~carry & rp[i]); ap[i] = 0; } - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); return 1; } @@ -156,8 +165,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BIGNUM *t; BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) - retn = BN_from_montgomery_word(ret, t, mont); + if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { + retn = bn_from_montgomery_word(ret, t, mont); + bn_correct_top(ret); + bn_check_top(ret); + } BN_CTX_end(ctx); #else /* !MONT_WORD */ BIGNUM *t1, *t2; @@ -195,6 +207,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, return retn; } +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ + return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); +} + BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; @@ -232,7 +250,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { - int ret = 0; + int i, ret = 0; BIGNUM *Ri, *R; if (BN_is_zero(mod)) @@ -367,6 +385,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) goto err; + for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) + mont->RR.d[i] = 0; + mont->RR.top = ret; + mont->RR.flags |= BN_FLG_FIXED_TOP; + ret = 1; err: BN_CTX_end(ctx); diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index dbfe9b8..40f7b23 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -82,14 +82,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; + rr->top = max; + bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index 9379951..e7fd899 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -60,4 +60,16 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); */ int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); + #endif From appro at openssl.org Thu Jul 12 13:10:11 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 12 Jul 2018 13:10:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531401011.722527.32026.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 88af716e831fd7f76e2b2eab568905733b7c87eb (commit) via 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b (commit) via cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2 (commit) from dcb8333087d56eef97c482aabb506b8be8299cde (commit) - Log ----------------------------------------------------------------- commit 88af716e831fd7f76e2b2eab568905733b7c87eb Author: Andy Polyakov Date: Fri Jul 6 14:54:34 2018 +0200 bn/bn_mont.c: improve readability of post-condition code. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit 6c90182a5f87af1a1e462536e7123ad2afb84c43) commit 308447e3bdacd9ed55d5f8c4dd266d6aa75aab2b Author: Andy Polyakov Date: Fri Jul 6 13:46:07 2018 +0200 bn/bn_mont.c: move boundary condition check closer to caller. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit 3c97e4121ecec20cfac433883cd4709580a05620) commit cc1fef6308ec6cb8ba6c00b20e4a8014d7847db2 Author: Andy Polyakov Date: Fri Jul 6 13:16:40 2018 +0200 bn/bn_lib.c: remove bn_check_top from bn_expand2. Trouble is that addition is postponing expansion till carry is calculated, and if addition carries, top word can be zero, which triggers assertion in bn_check_top. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6662) (cherry picked from commit e42395e637c3507b80b25c7ed63236898822d2f1) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 5 ----- crypto/bn/bn_mont.c | 18 +++++++++--------- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index c59bdb7..8fa9f2f 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -222,8 +222,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) const BN_ULONG *B; int i; - bn_check_top(b); - if (words > (INT_MAX / (4 * BN_BITS2))) { BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG); return NULL; @@ -298,8 +296,6 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BIGNUM *bn_expand2(BIGNUM *b, int words) { - bn_check_top(b); - if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); if (!a) @@ -312,7 +308,6 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) b->dmax = words; } - bn_check_top(b); return b; } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index dad3d07..e1d2973 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -28,9 +28,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, { BIGNUM *tmp; int ret = 0; -#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) int num = mont->N.top; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) if (num > 1 && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return (0); @@ -43,6 +43,9 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #endif + if ((a->top + b->top) > 2 * num) + return 0; + BN_CTX_start(ctx); tmp = BN_CTX_get(ctx); if (tmp == NULL) @@ -95,8 +98,6 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) /* clear the top words of T */ i = max - r->top; - if (i < 0) - return 0; if (i) memset(&rp[r->top], 0, sizeof(*rp) * i); @@ -129,15 +130,14 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) */ ap = &(r->d[nl]); + carry -= bn_sub_words(rp, ap, np, nl); /* - * |v| is one if |ap| - |np| underflowed or zero if it did not. Note |v| - * cannot be -1. That would imply the subtraction did not fit in |nl| words, - * and we know at most one subtraction is needed. + * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note + * |carry| cannot be 1. That would imply the subtraction did not fit in + * |nl| words, and we know at most one subtraction is needed. */ - v = bn_sub_words(rp, ap, np, nl) - carry; - v = 0 - v; for (i = 0; i < nl; i++) { - rp[i] = (v & ap[i]) | (~v & rp[i]); + rp[i] = (carry & ap[i]) | (~carry & rp[i]); ap[i] = 0; } bn_correct_top(r); From rsalz at openssl.org Thu Jul 12 16:22:43 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Jul 2018 16:22:43 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1531412563.662277.19060.nullmailer@dev.openssl.org> The branch master has been updated via 5f62625fdbc9dba7d402ea9d5ee91f5b8280df50 (commit) from 805106fc21b3bb4337c68f736fe43518344862a8 (commit) - Log ----------------------------------------------------------------- commit 5f62625fdbc9dba7d402ea9d5ee91f5b8280df50 Author: Pauli Date: Thu Jul 12 12:22:20 2018 -0400 Export CC variable The default for CC wasn't exporting the environment variable. Likewise, the variable wasn't used. Hence it didn't take effect. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/20) ----------------------------------------------------------------------- Summary of changes: review-tools/opensslbuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/review-tools/opensslbuild b/review-tools/opensslbuild index 404a04e..e9abfb3 100755 --- a/review-tools/opensslbuild +++ b/review-tools/opensslbuild @@ -21,7 +21,7 @@ test "$1" = "-x" && { } # Set compiler -test "$CC" = "" && CC="ccache clang-3.6" +test "$CC" = "" && export CC="ccache clang-3.6" # Set basic config arguments CONFIGARGS="-d --strict-warnings --prefix=/usr/local/openssl" From rsalz at openssl.org Thu Jul 12 17:36:40 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 12 Jul 2018 17:36:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531417000.821888.26429.nullmailer@dev.openssl.org> The branch master has been updated via 03a5e5ae6304c75f611d3613bedf2019524ff0d6 (commit) from 71883868ea5b33416ae8283bcc38dd2d97e5006b (commit) - Log ----------------------------------------------------------------- commit 03a5e5ae6304c75f611d3613bedf2019524ff0d6 Author: Patrick Steuer Date: Thu Jul 12 13:19:07 2018 -0400 Fix undefined behavior in s390x aes-gcm/ccm Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index eb37b4b..0add393 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -144,6 +144,22 @@ void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len, const unsigned char iv[16]); #endif +/* increment counter (64-bit int) by 1 */ +static void ctr64_inc(unsigned char *counter) +{ + int n = 8; + unsigned char c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) + return; + } while (n); +} + #if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC)) # include "ppc_arch.h" # ifdef VPAES_ASM @@ -1654,7 +1670,7 @@ static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) * Invocation field will be at least 8 bytes in size and so no need * to check wrap around or increment more than last 8 bytes. */ - (*(unsigned long long *)(gctx->iv + gctx->ivlen - 8))++; + ctr64_inc(gctx->iv + gctx->ivlen - 8); gctx->iv_set = 1; return 1; @@ -2291,7 +2307,7 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) memcpy(buf, ptr, arg); cctx->aes.ccm.tls_aad_len = arg; - len = *(uint16_t *)(buf + arg - 2); + len = buf[arg - 2] << 8 | buf[arg - 1]; if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN) return 0; @@ -2307,7 +2323,9 @@ static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) len -= cctx->aes.ccm.m; } - *(uint16_t *)(buf + arg - 2) = len; + buf[arg - 2] = len >> 8; + buf[arg - 1] = len & 0xff; + /* Extra padding: tag appended to record. */ return cctx->aes.ccm.m; @@ -2791,22 +2809,6 @@ static int aes_gcm_cleanup(EVP_CIPHER_CTX *c) return 1; } -/* increment counter (64-bit int) by 1 */ -static void ctr64_inc(unsigned char *counter) -{ - int n = 8; - unsigned char c; - - do { - --n; - c = counter[n]; - ++c; - counter[n] = c; - if (c) - return; - } while (n); -} - static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) { EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c); From no-reply at appveyor.com Thu Jul 12 23:30:44 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 12 Jul 2018 23:30:44 +0000 Subject: [openssl-commits] Build failed: openssl master.18934 Message-ID: <20180712233044.1.E9988A77246738CA@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 13 00:33:05 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 13 Jul 2018 00:33:05 +0000 Subject: [openssl-commits] Build completed: openssl master.18935 Message-ID: <20180713003305.1.26BB8855598A6CE3@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 13 10:28:22 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 13 Jul 2018 10:28:22 +0000 Subject: [openssl-commits] Build failed: openssl master.18939 Message-ID: <20180713102822.1.BA28FA7587F16019@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Fri Jul 13 10:50:13 2018 From: no-reply at appveyor.com (AppVeyor) Date: Fri, 13 Jul 2018 10:50:13 +0000 Subject: [openssl-commits] Build completed: openssl master.18940 Message-ID: <20180713105013.1.F633B48E71818F55@appveyor.com> An HTML attachment was scrubbed... URL: From matthias.st.pierre at ncp-e.com Fri Jul 13 12:58:23 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 13 Jul 2018 12:58:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531486703.613456.15184.nullmailer@dev.openssl.org> The branch master has been updated via 1f4add418d3ef07da80be87bc4e696197c84468f (commit) from 03a5e5ae6304c75f611d3613bedf2019524ff0d6 (commit) - Log ----------------------------------------------------------------- commit 1f4add418d3ef07da80be87bc4e696197c84468f Author: Alexandre Perrin Date: Fri Jul 13 10:32:42 2018 +0200 Documentation typo fix in BN_bn2bin.pod Change the description for BN_hex2bn() so that it uses the same BIGNUM argument name as its prototype. CLA: trivial Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6712) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_bn2bin.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/BN_bn2bin.pod b/doc/man3/BN_bn2bin.pod index dcff251..5da1ffd 100644 --- a/doc/man3/BN_bn2bin.pod +++ b/doc/man3/BN_bn2bin.pod @@ -55,8 +55,8 @@ freed later using OPENSSL_free(). BN_hex2bn() takes as many characters as possible from the string B, including the leading character '-' which means negative, to form a valid hexadecimal number representation and converts them to a B and -stores it in **B. If *B is NULL, a new B is created. If -B is NULL, it only computes the length of valid representation. +stores it in **B. If *B is NULL, a new B is created. If +B is NULL, it only computes the length of valid representation. A "negative zero" is converted to zero. BN_dec2bn() is the same using the decimal system. From matthias.st.pierre at ncp-e.com Fri Jul 13 12:58:57 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 13 Jul 2018 12:58:57 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531486737.519178.16265.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via db9926ff007ad8cd999a4e7eff35b04505b744b8 (commit) from 88af716e831fd7f76e2b2eab568905733b7c87eb (commit) - Log ----------------------------------------------------------------- commit db9926ff007ad8cd999a4e7eff35b04505b744b8 Author: Alexandre Perrin Date: Fri Jul 13 10:32:42 2018 +0200 Documentation typo fix in BN_bn2bin.pod Change the description for BN_hex2bn() so that it uses the same BIGNUM argument name as its prototype. CLA: trivial Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6712) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_bn2bin.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index ac46948..9bfda2d 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -55,8 +55,8 @@ freed later using OPENSSL_free(). BN_hex2bn() takes as many characters as possible from the string B, including the leading character '-' which means negative, to form a valid hexadecimal number representation and converts them to a B and -stores it in **B. If *B is NULL, a new B is created. If -B is NULL, it only computes the length of valid representation. +stores it in **B. If *B is NULL, a new B is created. If +B is NULL, it only computes the length of valid representation. A "negative zero" is converted to zero. BN_dec2bn() is the same using the decimal system. From matthias.st.pierre at ncp-e.com Fri Jul 13 12:59:23 2018 From: matthias.st.pierre at ncp-e.com (matthias.st.pierre at ncp-e.com) Date: Fri, 13 Jul 2018 12:59:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1531486763.228273.17266.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 3d5d123d86532391249d7b33ca5da12d0a5599f3 (commit) from 434af36f9778abe274bb637396f60977fbee98d2 (commit) - Log ----------------------------------------------------------------- commit 3d5d123d86532391249d7b33ca5da12d0a5599f3 Author: Alexandre Perrin Date: Fri Jul 13 10:32:42 2018 +0200 Documentation typo fix in BN_bn2bin.pod Change the description for BN_hex2bn() so that it uses the same BIGNUM argument name as its prototype. CLA: trivial Reviewed-by: Matthias St. Pierre Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6712) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_bn2bin.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod index f6bb484..075aec3 100644 --- a/doc/crypto/BN_bn2bin.pod +++ b/doc/crypto/BN_bn2bin.pod @@ -39,8 +39,8 @@ numbers, the string is prefaced with a leading '-'. The string must be freed later using OPENSSL_free(). BN_hex2bn() converts the string B containing a hexadecimal number -to a B and stores it in **B. If *B is NULL, a new -B is created. If B is NULL, it only computes the number's +to a B and stores it in **B. If *B is NULL, a new +B is created. If B is NULL, it only computes the number's length in hexadecimal digits. If the string starts with '-', the number is negative. A "negative zero" is converted to zero. From matt at openssl.org Fri Jul 13 17:19:20 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 13 Jul 2018 17:19:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531502360.033836.12388.nullmailer@dev.openssl.org> The branch master has been updated via 1e839545803107b230a8177875de5994f85984de (commit) via baa45c3e74e1202eb963d22821ed87c097506b05 (commit) via 4fd12788ebd352308e3f3c5f0f9bc607ababc867 (commit) via 871980a9ada476fa54cec2e5174aa916d09efd11 (commit) from 1f4add418d3ef07da80be87bc4e696197c84468f (commit) - Log ----------------------------------------------------------------- commit 1e839545803107b230a8177875de5994f85984de Author: Matt Caswell Date: Fri Jul 13 16:11:46 2018 +0100 Add a GOST test Test that we never negotiate TLSv1.3 using GOST Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6650) commit baa45c3e74e1202eb963d22821ed87c097506b05 Author: Matt Caswell Date: Wed Jul 4 16:48:56 2018 +0100 As a server don't select TLSv1.3 if we're not capable of it Check that we are either configured for PSK, or that we have a TLSv1.3 capable certificate type. DSA certs can't be used in TLSv1.3 and we don't (currently) allow GOST ones either (owing to the lack of standard sig algs). Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6650) commit 4fd12788ebd352308e3f3c5f0f9bc607ababc867 Author: Matt Caswell Date: Wed Jul 4 16:02:20 2018 +0100 Use ssl_version_supported() when choosing server version Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6650) commit 871980a9ada476fa54cec2e5174aa916d09efd11 Author: Matt Caswell Date: Tue Jul 3 17:45:35 2018 +0100 Do not use GOST sig algs in TLSv1.3 where possible Fixes #6513 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6650) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 3 +- ssl/statem/statem_clnt.c | 2 +- ssl/statem/statem_lib.c | 63 ++++++++++----- ssl/t1_lib.c | 41 ++++++++++ test/build.info | 6 +- test/gosttest.c | 91 ++++++++++++++++++++++ test/recipes/90-test_gost.t | 37 +++++++++ test/recipes/90-test_gost_data/gost.conf | 13 ++++ test/recipes/90-test_gost_data/server-cert2001.pem | 13 ++++ test/recipes/90-test_gost_data/server-cert2012.pem | 13 ++++ test/recipes/90-test_gost_data/server-key2001.pem | 4 + test/recipes/90-test_gost_data/server-key2012.pem | 4 + 12 files changed, 267 insertions(+), 23 deletions(-) create mode 100644 test/gosttest.c create mode 100644 test/recipes/90-test_gost.t create mode 100644 test/recipes/90-test_gost_data/gost.conf create mode 100644 test/recipes/90-test_gost_data/server-cert2001.pem create mode 100644 test/recipes/90-test_gost_data/server-cert2012.pem create mode 100644 test/recipes/90-test_gost_data/server-key2001.pem create mode 100644 test/recipes/90-test_gost_data/server-key2012.pem diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 0bf3f16..b38052f 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2368,7 +2368,8 @@ __owur int ssl3_handshake_write(SSL *s); __owur int ssl_allow_compression(SSL *s); -__owur int ssl_version_supported(const SSL *s, int version); +__owur int ssl_version_supported(const SSL *s, int version, + const SSL_METHOD **meth); __owur int ssl_set_client_hello_version(SSL *s); __owur int ssl_check_version_downgrade(SSL *s); diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c index 88c3437..ad79fef 100644 --- a/ssl/statem/statem_clnt.c +++ b/ssl/statem/statem_clnt.c @@ -1119,7 +1119,7 @@ int tls_construct_client_hello(SSL *s, WPACKET *pkt) } if (sess == NULL - || !ssl_version_supported(s, sess->ssl_version) + || !ssl_version_supported(s, sess->ssl_version, NULL) || !SSL_SESSION_is_resumable(sess)) { if (s->hello_retry_request == SSL_HRR_NONE && !ssl_get_new_session(s, 0)) { diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 61fc3ca..0d8fe5d 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1486,6 +1486,35 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) } /* + * Only called by servers. Returns 1 if the server has a TLSv1.3 capable + * certificate type, or has PSK configured. Otherwise returns 0. + */ +static int is_tls13_capable(const SSL *s) +{ + int i; + + if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL) + return 1; + + for (i = 0; i < SSL_PKEY_NUM; i++) { + /* Skip over certs disallowed for TLSv1.3 */ + switch (i) { + case SSL_PKEY_DSA_SIGN: + case SSL_PKEY_GOST01: + case SSL_PKEY_GOST12_256: + case SSL_PKEY_GOST12_512: + continue; + default: + break; + } + if (ssl_has_cert(s, i)) + return 1; + } + + return 0; +} + +/* * ssl_version_supported - Check that the specified `version` is supported by * `SSL *` instance * @@ -1494,7 +1523,7 @@ static int ssl_method_error(const SSL *s, const SSL_METHOD *method) * * Returns 1 when supported, otherwise 0 */ -int ssl_version_supported(const SSL *s, int version) +int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth) { const version_info *vent; const version_info *table; @@ -1514,9 +1543,14 @@ int ssl_version_supported(const SSL *s, int version) for (vent = table; vent->version != 0 && version_cmp(s, version, vent->version) <= 0; ++vent) { - if (vent->cmeth != NULL && - version_cmp(s, version, vent->version) == 0 && - ssl_method_error(s, vent->cmeth()) == 0) { + if (vent->cmeth != NULL + && version_cmp(s, version, vent->version) == 0 + && ssl_method_error(s, vent->cmeth()) == 0 + && (!s->server + || version != TLS1_3_VERSION + || is_tls13_capable(s))) { + if (meth != NULL) + *meth = vent->cmeth(); return 1; } } @@ -1625,11 +1659,11 @@ int ssl_set_version_bound(int method_version, int version, int *bound) static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd) { if (vers == TLS1_2_VERSION - && ssl_version_supported(s, TLS1_3_VERSION)) { + && ssl_version_supported(s, TLS1_3_VERSION, NULL)) { *dgrd = DOWNGRADE_TO_1_2; } else if (!SSL_IS_DTLS(s) && vers < TLS1_2_VERSION - && (ssl_version_supported(s, TLS1_2_VERSION) - || ssl_version_supported(s, TLS1_3_VERSION))) { + && (ssl_version_supported(s, TLS1_2_VERSION, NULL) + || ssl_version_supported(s, TLS1_3_VERSION, NULL))) { *dgrd = DOWNGRADE_TO_1_1; } else { *dgrd = DOWNGRADE_NONE; @@ -1735,19 +1769,8 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) */ if (version_cmp(s, candidate_vers, best_vers) <= 0) continue; - for (vent = table; - vent->version != 0 && vent->version != (int)candidate_vers; - ++vent) - continue; - if (vent->version != 0 && vent->smeth != NULL) { - const SSL_METHOD *method; - - method = vent->smeth(); - if (ssl_method_error(s, method) == 0) { - best_vers = candidate_vers; - best_method = method; - } - } + if (ssl_version_supported(s, candidate_vers, &best_method)) + best_vers = candidate_vers; } if (PACKET_remaining(&versionslist) != 0) { /* Trailing data? */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index abf523e..3c7590c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1519,9 +1519,50 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu) || lu->hash_idx == SSL_MD_MD5_IDX || lu->hash_idx == SSL_MD_SHA224_IDX)) return 0; + /* See if public key algorithm allowed */ if (ssl_cert_is_disabled(lu->sig_idx)) return 0; + + if (lu->sig == NID_id_GostR3410_2012_256 + || lu->sig == NID_id_GostR3410_2012_512 + || lu->sig == NID_id_GostR3410_2001) { + /* We never allow GOST sig algs on the server with TLSv1.3 */ + if (s->server && SSL_IS_TLS13(s)) + return 0; + if (!s->server + && s->method->version == TLS_ANY_VERSION + && s->s3->tmp.max_ver >= TLS1_3_VERSION) { + int i, num; + STACK_OF(SSL_CIPHER) *sk; + + /* + * We're a client that could negotiate TLSv1.3. We only allow GOST + * sig algs if we could negotiate TLSv1.2 or below and we have GOST + * ciphersuites enabled. + */ + + if (s->s3->tmp.min_ver >= TLS1_3_VERSION) + return 0; + + sk = SSL_get_ciphers(s); + num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0; + for (i = 0; i < num; i++) { + const SSL_CIPHER *c; + + c = sk_SSL_CIPHER_value(sk, i); + /* Skip disabled ciphers */ + if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) + continue; + + if ((c->algorithm_mkey & SSL_kGOST) != 0) + break; + } + if (i == num) + return 0; + } + } + if (lu->hash == NID_undef) return 1; /* Security bits: half digest bits */ diff --git a/test/build.info b/test/build.info index 9fe511a..8dbe0c2 100644 --- a/test/build.info +++ b/test/build.info @@ -50,7 +50,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN recordlentest drbgtest drbg_cavs_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ servername_test ocspapitest rsa_mp_test fatalerrtest tls13ccstest \ - sysdefaulttest errtest + sysdefaulttest errtest gosttest SOURCE[versions]=versions.c INCLUDE[versions]=../include @@ -537,6 +537,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN SOURCE[errtest]=errtest.c INCLUDE[errtest]=../include DEPEND[errtest]=../libcrypto libtestutil.a + + SOURCE[gosttest]=gosttest.c ssltestlib.c + INCLUDE[gosttest]=../include .. + DEPEND[gosttest]=../libcrypto ../libssl libtestutil.a ENDIF {- diff --git a/test/gosttest.c b/test/gosttest.c new file mode 100644 index 0000000..1a31a33 --- /dev/null +++ b/test/gosttest.c @@ -0,0 +1,91 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "ssltestlib.h" +#include "testutil.h" +#include "internal/nelem.h" + +static char *cert1 = NULL; +static char *privkey1 = NULL; +static char *cert2 = NULL; +static char *privkey2 = NULL; + +static struct { + char *cipher; + int expected_prot; + int certnum; +} ciphers[] = { + /* Server doesn't have a cert with appropriate sig algs - should fail */ + {"AES128-SHA", 0, 0}, + /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ + {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 0}, + /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ + {"GOST2012-GOST8912-GOST8912", TLS1_2_VERSION, 1}, + /* Server doesn't have a TLSv1.3 capable cert - should use TLSv1.2 */ + {"GOST2001-GOST89-GOST89", TLS1_2_VERSION, 0}, +}; + +/* Test that we never negotiate TLSv1.3 if using GOST */ +static int test_tls13(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), + TLS1_VERSION, + TLS_MAX_VERSION, + &sctx, &cctx, + ciphers[idx].certnum == 0 ? cert1 + : cert2, + ciphers[idx].certnum == 0 ? privkey1 + : privkey2))) + goto end; + + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, ciphers[idx].cipher)) + || !TEST_true(SSL_CTX_set_cipher_list(sctx, ciphers[idx].cipher)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL))) + goto end; + + if (ciphers[idx].expected_prot == 0) { + if (!TEST_false(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + } else { + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_int_eq(SSL_version(clientssl), + ciphers[idx].expected_prot)) + goto end; + } + + testresult = 1; + + end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + + return testresult; +} + +int setup_tests(void) +{ + if (!TEST_ptr(cert1 = test_get_argument(0)) + || !TEST_ptr(privkey1 = test_get_argument(1)) + || !TEST_ptr(cert2 = test_get_argument(2)) + || !TEST_ptr(privkey2 = test_get_argument(3))) + return 0; + + ADD_ALL_TESTS(test_tls13, OSSL_NELEM(ciphers)); + return 1; +} diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t new file mode 100644 index 0000000..00f95af --- /dev/null +++ b/test/recipes/90-test_gost.t @@ -0,0 +1,37 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Utils; +use OpenSSL::Test qw/:DEFAULT srctop_file/; + +setup("test_gost"); + +plan skip_all => "GOST support is disabled in this OpenSSL build" + if disabled("gost"); + +plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build" + if disabled("tls1_3") || disabled("tls1_2"); + +plan skip_all => "No test GOST engine found" + if !$ENV{OPENSSL_GOST_ENGINE_SO}; + +plan tests => 1; + +$ENV{OPENSSL_CONF} = srctop_file("test", "recipes", "90-test_gost_data", + "gost.conf"); + +ok(run(test(["gosttest", + srctop_file("test", "recipes", "90-test_gost_data", + "server-cert2001.pem"), + srctop_file("test", "recipes", "90-test_gost_data", + "server-key2001.pem"), + srctop_file("test", "recipes", "90-test_gost_data", + "server-cert2012.pem"), + srctop_file("test", "recipes", "90-test_gost_data", + "server-key2012.pem")])), + "running gosttest"); diff --git a/test/recipes/90-test_gost_data/gost.conf b/test/recipes/90-test_gost_data/gost.conf new file mode 100644 index 0000000..1f42b9d --- /dev/null +++ b/test/recipes/90-test_gost_data/gost.conf @@ -0,0 +1,13 @@ +openssl_conf = openssl_def +[openssl_def] +engines = engine_section + +[engine_section] +gost = gost_section + +[gost_section] +engine_id = gost +dynamic_path = $ENV::OPENSSL_GOST_ENGINE_SO +default_algorithms = ALL +CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet + diff --git a/test/recipes/90-test_gost_data/server-cert2001.pem b/test/recipes/90-test_gost_data/server-cert2001.pem new file mode 100644 index 0000000..e287821 --- /dev/null +++ b/test/recipes/90-test_gost_data/server-cert2001.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB4jCCAY+gAwIBAgIUNKO10+LkPoYGkOqNJ2wv1YI8RpQwCgYGKoUDAgIDBQAw +RTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGElu +dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0xODA3MTMxNTAzMDFaFw0yODA3MTAx +NTAzMDFaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYD +VQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwYzAcBgYqhQMCAhMwEgYHKoUD +AgIjAQYHKoUDAgIeAQNDAARAyDUhXsZP1JSLkvZ3xaU4aHXxAGKDwpawJ89+3B+N +lD7FS48QUIeoQrv9hn1B/kVuVxJwU4CeZRQohLvc5IkzJ6NTMFEwHQYDVR0OBBYE +FEz6BbScOOWYqklNGMTbyikZG/cRMB8GA1UdIwQYMBaAFEz6BbScOOWYqklNGMTb +yikZG/cRMA8GA1UdEwEB/wQFMAMBAf8wCgYGKoUDAgIDBQADQQAbkdWo441FqSbB +13JTW498NOzHZn69wnjYsOmMHLCdEHBTHVCa/g1wHPc4CyYk4UfMRWz5awzb6zNB +TncjMl2a +-----END CERTIFICATE----- diff --git a/test/recipes/90-test_gost_data/server-cert2012.pem b/test/recipes/90-test_gost_data/server-cert2012.pem new file mode 100644 index 0000000..85d13c6 --- /dev/null +++ b/test/recipes/90-test_gost_data/server-cert2012.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB6TCCAZSgAwIBAgIUVF/ajykAyHqQm1n6K1JdMFX/O6owDAYIKoUDBwEBAwIF +ADBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY +SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMB4XDTE4MDcxMzE0MzcxNVoXDTI4MDcx +MDE0MzcxNVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAf +BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDBmMB8GCCqFAwcBAQEBMBMG +ByqFAwICIwEGCCqFAwcBAQICA0MABEDIj2JgFybRexBIdkG7bI//Z8woXbpC/hpg +62qflBE/dHnWVnbzpJUVeSd5sAkP7Ta0qrrs5YdW4MBIM/VPbDVOo1MwUTAdBgNV +HQ4EFgQUFZtRh6plQ3nHf1A+7ayjYw9B1X0wHwYDVR0jBBgwFoAUFZtRh6plQ3nH +f1A+7ayjYw9B1X0wDwYDVR0TAQH/BAUwAwEB/zAMBggqhQMHAQEDAgUAA0EAMttA +fMPa3YFO9db/xIS9wMB7ntbtibeZEJlngaPu5gvfdNmCY0uzjY2c3yPr9dDq84j7 +gSqY1VwVBLuKrpLC+w== +-----END CERTIFICATE----- diff --git a/test/recipes/90-test_gost_data/server-key2001.pem b/test/recipes/90-test_gost_data/server-key2001.pem new file mode 100644 index 0000000..92a59d8 --- /dev/null +++ b/test/recipes/90-test_gost_data/server-key2001.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEMCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIJgoLqJR/05zND0f +8Wnma1MFMxE7ezisZhkS/DL4DXb6 +-----END PRIVATE KEY----- diff --git a/test/recipes/90-test_gost_data/server-key2012.pem b/test/recipes/90-test_gost_data/server-key2012.pem new file mode 100644 index 0000000..e932f0d --- /dev/null +++ b/test/recipes/90-test_gost_data/server-key2012.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEYCAQAwHwYIKoUDBwEBAQEwEwYHKoUDAgIjAQYIKoUDBwEBAgIEILemtIak5CeX +Jd75HfVqAMi1MfhxW7kGvGDj8l1/nF45 +-----END PRIVATE KEY----- From appro at openssl.org Sat Jul 14 11:38:46 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 14 Jul 2018 11:38:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531568326.416230.8110.nullmailer@dev.openssl.org> The branch master has been updated via 582ad5d4d9b7703eb089016935133e3a18ea8205 (commit) via 89d8aade5f4011ddeea7827f08ec544c914f275a (commit) from 1e839545803107b230a8177875de5994f85984de (commit) - Log ----------------------------------------------------------------- commit 582ad5d4d9b7703eb089016935133e3a18ea8205 Author: Andy Polyakov Date: Sun Feb 4 15:24:54 2018 +0100 rsa/*: switch to BN_bn2binpad. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5254) commit 89d8aade5f4011ddeea7827f08ec544c914f275a Author: Andy Polyakov Date: Sun Feb 4 15:20:29 2018 +0100 bn/bn_lib.c: make BN_bn2binpad computationally constant-time. "Computationally constant-time" means that it might still leak information about input's length, but only in cases when input is missing complete BN_ULONG limbs. But even then leak is possible only if attacker can observe memory access pattern with limb granularity. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5254) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 23 +++++++++++++++-------- crypto/rsa/rsa_oaep.c | 38 +++++++++++++++++++++++--------------- crypto/rsa/rsa_ossl.c | 38 ++++++++++++-------------------------- crypto/rsa/rsa_pk1.c | 39 +++++++++++++++++++++------------------ crypto/rsa/rsa_ssl.c | 8 ++++++++ 5 files changed, 79 insertions(+), 67 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index b42df82..a582ce5 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -12,6 +12,7 @@ #include "internal/cryptlib.h" #include "bn_lcl.h" #include +#include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L @@ -416,24 +417,30 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; + int i, j, top; BN_ULONG l; - bn_check_top(a); i = BN_num_bytes(a); if (tolen == -1) tolen = i; else if (tolen < i) return -1; - /* Add leading zeroes if necessary */ - if (tolen > i) { - memset(to, 0, tolen - i); - to += tolen - i; + + if (i == 0) { + OPENSSL_cleanse(to, tolen); + return tolen; } - while (i--) { + + top = a->top * BN_BYTES; + for (i = 0, j = tolen; j > 0; i++) { + unsigned int mask; + + mask = constant_time_lt(i, top); + i -= 1 & ~mask; /* stay on top limb */ l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); } + return tolen; } diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index d4de71d..dfea063 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -150,32 +150,40 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); - em = OPENSSL_malloc(num); - if (db == NULL || em == NULL) { + if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); goto cleanup; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; + } /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(em[0]); + good = constant_time_is_zero(from[0]); - maskedseed = em + 1; - maskeddb = em + 1 + mdlen; + maskedseed = from + 1; + maskeddb = from + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index f7b5cdc..feb1ab4 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -68,7 +68,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -142,15 +142,10 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, goto err; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(ret); - i = BN_bn2bin(ret, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(ret, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -239,7 +234,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -354,15 +349,10 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, } /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(res); - i = BN_bn2bin(res, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(res, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -376,7 +366,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int j, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -472,8 +461,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; - p = buf; - j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ + j = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -486,7 +474,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, j, num); + memcpy(to, buf, (r = j)); break; default: RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -509,7 +497,6 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int i, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -574,8 +561,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, if (!BN_sub(ret, rsa->n, ret)) goto err; - p = buf; - i = BN_bn2bin(ret, p); + i = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -585,7 +571,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_X931(to, num, buf, i, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, i, num); + memcpy(to, buf, (r = i)); break; default: RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 7d453ff..a1134f1 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -175,27 +175,30 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, if (num < 11) goto err; - em = OPENSSL_zalloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memcpy(em + num - flen, from, flen); - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); found_zero_byte = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); + unsigned int equals0 = constant_time_is_zero(from[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); @@ -203,7 +206,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. + * PS must be at least 8 bytes long, and it starts two bytes into |from|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -232,7 +235,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, goto err; } - memcpy(to, em + msg_index, mlen); + memcpy(to, from + msg_index, mlen); err: OPENSSL_clear_free(em, num); diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index cd98584..97ae12d 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -63,6 +63,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return -1; } + /* Accept even zero-padded input */ + if (flen == num) { + if (*(p++) != 0) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); + return -1; + } + flen--; + } if ((num != (flen + 1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); return -1; From appro at openssl.org Sat Jul 14 11:40:58 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 14 Jul 2018 11:40:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531568458.631660.9182.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 0b139e41b4ca03c1d36f4c93c6e9147e497029ca (commit) via 75a67a036a041d9fdac0fd7fd5a461f48709a3d3 (commit) from db9926ff007ad8cd999a4e7eff35b04505b744b8 (commit) - Log ----------------------------------------------------------------- commit 0b139e41b4ca03c1d36f4c93c6e9147e497029ca Author: Andy Polyakov Date: Sun Feb 4 15:24:54 2018 +0100 rsa/*: switch to BN_bn2binpad. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5254) (cherry picked from commit 582ad5d4d9b7703eb089016935133e3a18ea8205) commit 75a67a036a041d9fdac0fd7fd5a461f48709a3d3 Author: Andy Polyakov Date: Sun Feb 4 15:20:29 2018 +0100 bn/bn_lib.c: make BN_bn2binpad computationally constant-time. "Computationally constant-time" means that it might still leak information about input's length, but only in cases when input is missing complete BN_ULONG limbs. But even then leak is possible only if attacker can observe memory access pattern with limb granularity. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/5254) (cherry picked from commit 89d8aade5f4011ddeea7827f08ec544c914f275a) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 23 +++++++++++++++-------- crypto/rsa/rsa_oaep.c | 38 +++++++++++++++++++++++--------------- crypto/rsa/rsa_ossl.c | 38 ++++++++++++-------------------------- crypto/rsa/rsa_pk1.c | 39 +++++++++++++++++++++------------------ crypto/rsa/rsa_ssl.c | 8 ++++++++ 5 files changed, 79 insertions(+), 67 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 8fa9f2f..ebad255 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -12,6 +12,7 @@ #include "internal/cryptlib.h" #include "bn_lcl.h" #include +#include "internal/constant_time_locl.h" /* This stuff appears to be completely unused, so is deprecated */ #if OPENSSL_API_COMPAT < 0x00908000L @@ -497,24 +498,30 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i; + int i, j, top; BN_ULONG l; - bn_check_top(a); i = BN_num_bytes(a); if (tolen == -1) tolen = i; else if (tolen < i) return -1; - /* Add leading zeroes if necessary */ - if (tolen > i) { - memset(to, 0, tolen - i); - to += tolen - i; + + if (i == 0) { + OPENSSL_cleanse(to, tolen); + return tolen; } - while (i--) { + + top = a->top * BN_BYTES; + for (i = 0, j = tolen; j > 0; i++) { + unsigned int mask; + + mask = constant_time_lt(i, top); + i -= 1 & ~mask; /* stay on top limb */ l = a->d[i / BN_BYTES]; - *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; + to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); } + return tolen; } diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 4878d49..fbe65c4 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -155,32 +155,40 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, dblen = num - mdlen - 1; db = OPENSSL_malloc(dblen); - em = OPENSSL_malloc(num); - if (db == NULL || em == NULL) { + if (db == NULL) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE); goto cleanup; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memset(em, 0, num); - memcpy(em + num - flen, from, flen); + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, + ERR_R_MALLOC_FAILURE); + goto cleanup; + } + + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; + } /* * The first byte must be zero, however we must not leak if this is * true. See James H. Manger, "A Chosen Ciphertext Attack on RSA * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001). */ - good = constant_time_is_zero(em[0]); + good = constant_time_is_zero(from[0]); - maskedseed = em + 1; - maskeddb = em + 1 + mdlen; + maskedseed = from + 1; + maskeddb = from + 1 + mdlen; if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md)) goto cleanup; diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 62a8895..41fafa7 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -62,7 +62,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -136,15 +136,10 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, goto err; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(ret); - i = BN_bn2bin(ret, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(ret, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -233,7 +228,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; - int i, j, k, num = 0, r = -1; + int i, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -346,15 +341,10 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, res = ret; /* - * put in leading 0 bytes if the number is less than the length of the - * modulus + * BN_bn2binpad puts in leading 0 bytes if the number is less than + * the length of the modulus. */ - j = BN_num_bytes(res); - i = BN_bn2bin(res, &(to[num - j])); - for (k = 0; k < (num - i); k++) - to[k] = 0; - - r = num; + r = BN_bn2binpad(res, to, num); err: if (ctx != NULL) BN_CTX_end(ctx); @@ -368,7 +358,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int j, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; @@ -463,8 +452,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; - p = buf; - j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ + j = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -477,7 +465,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, j, num); + memcpy(to, buf, (r = j)); break; default: RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); @@ -500,7 +488,6 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, { BIGNUM *f, *ret; int i, num = 0, r = -1; - unsigned char *p; unsigned char *buf = NULL; BN_CTX *ctx = NULL; @@ -565,8 +552,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, if (!BN_sub(ret, rsa->n, ret)) goto err; - p = buf; - i = BN_bn2bin(ret, p); + i = BN_bn2binpad(ret, buf, num); switch (padding) { case RSA_PKCS1_PADDING: @@ -576,7 +562,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, r = RSA_padding_check_X931(to, num, buf, i, num); break; case RSA_NO_PADDING: - r = RSA_padding_check_none(to, num, buf, i, num); + memcpy(to, buf, (r = i)); break; default: RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index aeeb32c..2f7fbf9 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -175,27 +175,30 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, if (num < 11) goto err; - em = OPENSSL_zalloc(num); - if (em == NULL) { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); - return -1; + if (flen != num) { + em = OPENSSL_zalloc(num); + if (em == NULL) { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE); + return -1; + } + /* + * Caller is encouraged to pass zero-padded message created with + * BN_bn2binpad, but if it doesn't, we do this zero-padding copy + * to avoid leaking that information. The copy still leaks some + * side-channel information, but it's impossible to have a fixed + * memory access pattern since we can't read out of the bounds of + * |from|. + */ + memcpy(em + num - flen, from, flen); + from = em; } - /* - * Always do this zero-padding copy (even when num == flen) to avoid - * leaking that information. The copy still leaks some side-channel - * information, but it's impossible to have a fixed memory access - * pattern since we can't read out of the bounds of |from|. - * - * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL. - */ - memcpy(em + num - flen, from, flen); - good = constant_time_is_zero(em[0]); - good &= constant_time_eq(em[1], 2); + good = constant_time_is_zero(from[0]); + good &= constant_time_eq(from[1], 2); found_zero_byte = 0; for (i = 2; i < num; i++) { - unsigned int equals0 = constant_time_is_zero(em[i]); + unsigned int equals0 = constant_time_is_zero(from[i]); zero_index = constant_time_select_int(~found_zero_byte & equals0, i, zero_index); @@ -203,7 +206,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, } /* - * PS must be at least 8 bytes long, and it starts two bytes into |em|. + * PS must be at least 8 bytes long, and it starts two bytes into |from|. * If we never found a 0-byte, then |zero_index| is 0 and the check * also fails. */ @@ -232,7 +235,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, goto err; } - memcpy(to, em + msg_index, mlen); + memcpy(to, from + msg_index, mlen); err: OPENSSL_clear_free(em, num); diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 9ef6b80..cb5c319 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -63,6 +63,14 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); return (-1); } + /* Accept even zero-padded input */ + if (flen == num) { + if (*(p++) != 0) { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); + return -1; + } + flen--; + } if ((num != (flen + 1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02); return (-1); From appro at openssl.org Sat Jul 14 11:44:54 2018 From: appro at openssl.org (Andy Polyakov) Date: Sat, 14 Jul 2018 11:44:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531568694.031562.10083.nullmailer@dev.openssl.org> The branch master has been updated via 5d1c09de1f2736e1d4b1877206d08455ec75f558 (commit) from 582ad5d4d9b7703eb089016935133e3a18ea8205 (commit) - Log ----------------------------------------------------------------- commit 5d1c09de1f2736e1d4b1877206d08455ec75f558 Author: Andy Polyakov Date: Thu Jul 12 19:15:26 2018 +0200 bn/bn_lcl.h,bn_nist.c: addres strict warnings with -DBN_DEBUG. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lcl.h | 9 ++++----- crypto/bn/bn_nist.c | 2 +- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 0d3a8bf..d74b590 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -151,7 +151,6 @@ * all operations manipulating the bit in question in non-BN_DEBUG build. */ # define BN_FLG_FIXED_TOP 0x10000 -# include # ifdef BN_DEBUG_RAND # define bn_pollute(a) \ do { \ @@ -175,10 +174,10 @@ do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - int top = _bnum2->top; \ - assert((top == 0 && !_bnum2->neg) || \ - (top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ - || _bnum2->d[top - 1] != 0))); \ + int _top = _bnum2->top; \ + (void)ossl_assert((_top == 0 && !_bnum2->neg) || \ + (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[_top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index fcc2b77..4d71afd 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -254,7 +254,7 @@ static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) int i; #ifdef BN_DEBUG - assert(top <= max); + (void)ossl_assert(top <= max); #endif for (i = 0; i < top; i++) dst[i] = src[i]; From scan-admin at coverity.com Sun Jul 15 08:30:43 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 15 Jul 2018 08:30:43 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b4b06332293_8bd82ab1dd750f5871481@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1-2FeiPYIogddWaPwPBmNJqYiuWEF6JyWx8jhvIdhibnNw9ZCqxqopDpzJuiKenjRidu2IcqoYwt0mliJsBeU3KpTb-2BUs5lp-2BC2EuKK8dWOlXk2nuhralkpvKOK3Ef7Cc14sO2zBgOUle9MAtBijlGdkDg1en6QMpcYNZxvnkk3fXf9chENdExepYX-2BZxwuDnbI-3D Build ID: 219623 Analysis Summary: New defects found: 1 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1-2FeiPYIogddWaPwPBmNJqYiuWEF6JyWx8jhvIdhibnN24I8zMsrQXqzB-2B3TtJoKgwiovPXf6f3Pe-2F3AptBZuR-2F8J74g-2Fcb2XFXl8YPsE03STaXtQFEFqWp4HIZW9nKYr0GBsIdMSrO6P-2FE3WtsKMI9qBd9Ncv4fyYAAjX167dsM-2Fag6hYhb5WVfq2E99ySviA-3D From scan-admin at coverity.com Sun Jul 15 08:48:26 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 15 Jul 2018 08:48:26 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b4b0a59a731c_97672ab1dd750f58714a4@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2quXnSG454URJ6g8ysjCN273w7LSHDwH0eHx1zE80ra4fPlYfNgzW8v1u39yJTccnP-2FzS8xA7VPD66EhSYe5WDFCu-2FqnsjAn3c2qC4PoZrSM2b0YhCRTBsvAXuvawyHPuWq3j5Bo0ZfTND1R3aXyOKw57n-2FbUaBS8zOkjnG-2Bg1YZp3EmxmuSUTXcH7d-2BIqYPs-3D Build ID: 219626 Analysis Summary: New defects found: 0 Defects eliminated: 0 From appro at openssl.org Sun Jul 15 17:13:45 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 15 Jul 2018 17:13:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531674825.955222.11164.nullmailer@dev.openssl.org> The branch master has been updated via 3c849bc901fa191fc517bc20d905783e6e428de5 (commit) via d3e3263072c91999afc256fa4666c40912dde410 (commit) via dfd5fb09500d5800b37b3aec05884fc7409032d7 (commit) via 2de607d8c952fef0cadf158b0a020037837911ac (commit) from 5d1c09de1f2736e1d4b1877206d08455ec75f558 (commit) - Log ----------------------------------------------------------------- commit 3c849bc901fa191fc517bc20d905783e6e428de5 Author: Andy Polyakov Date: Thu Jul 12 11:53:16 2018 +0200 ec/curve25519.c: reorganize for better accessibility. Move base 2^64 code to own #if section. It was nested in base 2^51 section, which arguably might have been tricky to follow. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6699) commit d3e3263072c91999afc256fa4666c40912dde410 Author: Andy Polyakov Date: Wed Jul 11 22:36:49 2018 +0200 ec/asm/x25519-x86_64.pl: add CFI directives and Windows SE handler. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6699) commit dfd5fb09500d5800b37b3aec05884fc7409032d7 Author: Andy Polyakov Date: Wed Jul 11 22:22:52 2018 +0200 test/.../evppkey.txt: X25519 regression test vectors. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6699) commit 2de607d8c952fef0cadf158b0a020037837911ac Author: Andy Polyakov Date: Wed Jul 11 22:08:02 2018 +0200 ec/asm/x25519-x86_64.pl: fix base 2^64 add/sub and final reduction. Base 2^64 addition/subtraction and final reduction failed to treat partially reduced values correctly. Thanks to Wycheproof Project for vectors and Paul Kehrer for report. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6699) ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/x25519-x86_64.pl | 318 +++++++++++++++++++++++++++++- crypto/ec/curve25519.c | 293 +++++++++++++-------------- test/recipes/30-test_evp_data/evppkey.txt | 38 ++++ 3 files changed, 501 insertions(+), 148 deletions(-) diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl index 930d7bd..da81e06 100755 --- a/crypto/ec/asm/x25519-x86_64.pl +++ b/crypto/ec/asm/x25519-x86_64.pl @@ -102,13 +102,22 @@ $code.=<<___; .type x25519_fe51_mul,\@function,3 .align 32 x25519_fe51_mul: +.cfi_startproc push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -8*5(%rsp),%rsp +.cfi_adjust_cfa_offset 40 +.Lfe51_mul_body: mov 8*0(%rsi),%rax # f[0] mov 8*0(%rdx),%r11 # load g[0-4] @@ -236,19 +245,30 @@ x25519_fe51_mul: mov 8*4(%rsp),%rdi # restore 1st argument jmp .Lreduce51 +.Lfe51_mul_epilogue: +.cfi_endproc .size x25519_fe51_mul,.-x25519_fe51_mul .globl x25519_fe51_sqr .type x25519_fe51_sqr,\@function,2 .align 32 x25519_fe51_sqr: +.cfi_startproc push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 lea -8*5(%rsp),%rsp +.cfi_adjust_cfa_offset 40 +.Lfe51_sqr_body: mov 8*0(%rsi),%rax # g[0] mov 8*2(%rsi),%r15 # g[2] @@ -391,27 +411,45 @@ x25519_fe51_sqr: mov %r10,8*4(%rdi) mov 8*5(%rsp),%r15 +.cfi_restore %r15 mov 8*6(%rsp),%r14 +.cfi_restore %r14 mov 8*7(%rsp),%r13 +.cfi_restore %r13 mov 8*8(%rsp),%r12 +.cfi_restore %r12 mov 8*9(%rsp),%rbx +.cfi_restore %rbx mov 8*10(%rsp),%rbp +.cfi_restore %rbp lea 8*11(%rsp),%rsp +.cfi_adjust_cfa_offset 88 +.Lfe51_sqr_epilogue: ret +.cfi_endproc .size x25519_fe51_sqr,.-x25519_fe51_sqr .globl x25519_fe51_mul121666 .type x25519_fe51_mul121666,\@function,2 .align 32 x25519_fe51_mul121666: +.cfi_startproc push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 - mov \$121666,%eax +.cfi_push %r15 lea -8*5(%rsp),%rsp +.cfi_adjust_cfa_offset 40 +.Lfe51_mul121666_body: + mov \$121666,%eax mulq 8*0(%rsi) mov %rax,%rbx # %rbx:%rcx = h0 @@ -434,6 +472,8 @@ x25519_fe51_mul121666: mov %rdx,%r15 jmp .Lreduce51 +.Lfe51_mul121666_epilogue: +.cfi_endproc .size x25519_fe51_mul121666,.-x25519_fe51_mul121666 ___ ######################################################################## @@ -460,14 +500,24 @@ x25519_fe64_eligible: .type x25519_fe64_mul,\@function,3 .align 32 x25519_fe64_mul: +.cfi_startproc push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 push %rdi # offload dst +.cfi_push %rdi lea -8*2(%rsp),%rsp +.cfi_adjust_cfa_offset 16 +.Lfe64_mul_body: mov %rdx,%rax mov 8*0(%rdx),%rbp # b[0] @@ -534,20 +584,32 @@ x25519_fe64_mul: adox %rdi,$acc7 # of=0 jmp .Lreduce64 +.Lfe64_mul_epilogue: +.cfi_endproc .size x25519_fe64_mul,.-x25519_fe64_mul .globl x25519_fe64_sqr .type x25519_fe64_sqr,\@function,2 .align 32 x25519_fe64_sqr: +.cfi_startproc push %rbp +.cfi_push %rbp push %rbx +.cfi_push %rbx push %r12 +.cfi_push %r12 push %r13 +.cfi_push %r13 push %r14 +.cfi_push %r14 push %r15 +.cfi_push %r15 push %rdi # offload dst +.cfi_push %rdi lea -8*2(%rsp),%rsp +.cfi_adjust_cfa_offset 16 +.Lfe64_sqr_body: mov 8*0(%rsi),%rdx # a[0] mov 8*1(%rsi),%rcx # a[1] @@ -637,19 +699,29 @@ x25519_fe64_sqr: mov $acc0,8*0(%rdi) mov 8*3(%rsp),%r15 +.cfi_restore %r15 mov 8*4(%rsp),%r14 +.cfi_restore %r14 mov 8*5(%rsp),%r13 +.cfi_restore %r13 mov 8*6(%rsp),%r12 +.cfi_restore %r12 mov 8*7(%rsp),%rbx +.cfi_restore %rbx mov 8*8(%rsp),%rbp +.cfi_restore %rbp lea 8*9(%rsp),%rsp +.cfi_adjust_cfa_offset 88 +.Lfe64_sqr_epilogue: ret +.cfi_endproc .size x25519_fe64_sqr,.-x25519_fe64_sqr .globl x25519_fe64_mul121666 .type x25519_fe64_mul121666,\@function,2 .align 32 x25519_fe64_mul121666: +.Lfe64_mul121666_body: mov \$121666,%edx mulx 8*0(%rsi),$acc0,%rcx mulx 8*1(%rsi),$acc1,%rax @@ -676,6 +748,7 @@ x25519_fe64_mul121666: mov $acc3,8*3(%rdi) mov $acc0,8*0(%rdi) +.Lfe64_mul121666_epilogue: ret .size x25519_fe64_mul121666,.-x25519_fe64_mul121666 @@ -683,6 +756,7 @@ x25519_fe64_mul121666: .type x25519_fe64_add,\@function,3 .align 32 x25519_fe64_add: +.Lfe64_add_body: mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -698,13 +772,18 @@ x25519_fe64_add: add %rax,$acc0 adc \$0,$acc1 - mov $acc0,8*0(%rdi) adc \$0,$acc2 mov $acc1,8*1(%rdi) adc \$0,$acc3 mov $acc2,8*2(%rdi) + sbb %rax,%rax # cf -> mask mov $acc3,8*3(%rdi) + and \$38,%rax + add %rax,$acc0 + mov $acc0,8*0(%rdi) + +.Lfe64_add_epilogue: ret .size x25519_fe64_add,.-x25519_fe64_add @@ -712,6 +791,7 @@ x25519_fe64_add: .type x25519_fe64_sub,\@function,3 .align 32 x25519_fe64_sub: +.Lfe64_sub_body: mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -727,13 +807,18 @@ x25519_fe64_sub: sub %rax,$acc0 sbb \$0,$acc1 - mov $acc0,8*0(%rdi) sbb \$0,$acc2 mov $acc1,8*1(%rdi) sbb \$0,$acc3 mov $acc2,8*2(%rdi) + sbb %rax,%rax # cf -> mask mov $acc3,8*3(%rdi) + and \$38,%rax + + sub %rax,$acc0 + mov $acc0,8*0(%rdi) +.Lfe64_sub_epilogue: ret .size x25519_fe64_sub,.-x25519_fe64_sub @@ -741,6 +826,7 @@ x25519_fe64_sub: .type x25519_fe64_tobytes,\@function,2 .align 32 x25519_fe64_tobytes: +.Lfe64_to_body: mov 8*0(%rsi),$acc0 mov 8*1(%rsi),$acc1 mov 8*2(%rsi),$acc2 @@ -751,6 +837,7 @@ x25519_fe64_tobytes: sar \$63,$acc3 # most significant bit -> mask shr \$1,%rax # most significant bit cleared and \$19,$acc3 + add \$19,$acc3 # compare to modulus in the same go add $acc3,$acc0 adc \$0,$acc1 @@ -760,15 +847,20 @@ x25519_fe64_tobytes: lea (%rax,%rax),$acc3 sar \$63,%rax # most significant bit -> mask shr \$1,$acc3 # most significant bit cleared + not %rax and \$19,%rax - add %rax,$acc0 + sub %rax,$acc0 + sbb \$0,$acc1 + sbb \$0,$acc2 + sbb \$0,$acc3 + mov $acc0,8*0(%rdi) mov $acc1,8*1(%rdi) mov $acc2,8*2(%rdi) mov $acc3,8*3(%rdi) - mov $acc0,8*0(%rdi) +.Lfe64_to_epilogue: ret .size x25519_fe64_tobytes,.-x25519_fe64_tobytes ___ @@ -804,6 +896,222 @@ $code.=<<___; .asciz "X25519 primitives for x86_64, CRYPTOGAMS by " ___ +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind + +.type short_handler,\@abi-omnipotent +.align 16 +short_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRsp + jmp .Lcommon_seh_tail +.size short_handler,.-short_handler + +.type full_handler,\@abi-omnipotent +.align 16 +full_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + mov 8(%r11),%r10d # HandlerData[2] + lea (%rax,%r10),%rax + + mov -8(%rax),%rbp + mov -16(%rax),%rbx + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size full_handler,.-full_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_x25519_fe51_mul + .rva .LSEH_end_x25519_fe51_mul + .rva .LSEH_info_x25519_fe51_mul + + .rva .LSEH_begin_x25519_fe51_sqr + .rva .LSEH_end_x25519_fe51_sqr + .rva .LSEH_info_x25519_fe51_sqr + + .rva .LSEH_begin_x25519_fe51_mul121666 + .rva .LSEH_end_x25519_fe51_mul121666 + .rva .LSEH_info_x25519_fe51_mul121666 +___ +$code.=<<___ if ($addx); + .rva .LSEH_begin_x25519_fe64_mul + .rva .LSEH_end_x25519_fe64_mul + .rva .LSEH_info_x25519_fe64_mul + + .rva .LSEH_begin_x25519_fe64_sqr + .rva .LSEH_end_x25519_fe64_sqr + .rva .LSEH_info_x25519_fe64_sqr + + .rva .LSEH_begin_x25519_fe64_mul121666 + .rva .LSEH_end_x25519_fe64_mul121666 + .rva .LSEH_info_x25519_fe64_mul121666 + + .rva .LSEH_begin_x25519_fe64_add + .rva .LSEH_end_x25519_fe64_add + .rva .LSEH_info_x25519_fe64_add + + .rva .LSEH_begin_x25519_fe64_sub + .rva .LSEH_end_x25519_fe64_sub + .rva .LSEH_info_x25519_fe64_sub + + .rva .LSEH_begin_x25519_fe64_tobytes + .rva .LSEH_end_x25519_fe64_tobytes + .rva .LSEH_info_x25519_fe64_tobytes +___ +$code.=<<___; +.section .xdata +.align 8 +.LSEH_info_x25519_fe51_mul: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe51_mul_body,.Lfe51_mul_epilogue # HandlerData[] + .long 88,0 +.LSEH_info_x25519_fe51_sqr: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe51_sqr_body,.Lfe51_sqr_epilogue # HandlerData[] + .long 88,0 +.LSEH_info_x25519_fe51_mul121666: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe51_mul121666_body,.Lfe51_mul121666_epilogue # HandlerData[] + .long 88,0 +___ +$code.=<<___ if ($addx); +.LSEH_info_x25519_fe64_mul: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe64_mul_body,.Lfe64_mul_epilogue # HandlerData[] + .long 72,0 +.LSEH_info_x25519_fe64_sqr: + .byte 9,0,0,0 + .rva full_handler + .rva .Lfe64_sqr_body,.Lfe64_sqr_epilogue # HandlerData[] + .long 72,0 +.LSEH_info_x25519_fe64_mul121666: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_mul121666_body,.Lfe64_mul121666_epilogue # HandlerData[] +.LSEH_info_x25519_fe64_add: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_add_body,.Lfe64_add_epilogue # HandlerData[] +.LSEH_info_x25519_fe64_sub: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_sub_body,.Lfe64_sub_epilogue # HandlerData[] +.LSEH_info_x25519_fe64_tobytes: + .byte 9,0,0,0 + .rva short_handler + .rva .Lfe64_to_body,.Lfe64_to_epilogue # HandlerData[] +___ +} + $code =~ s/\`([^\`]*)\`/eval $1/gem; print $code; close STDOUT; diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index 9666de1..abe9b9c 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -11,149 +11,23 @@ #include "ec_lcl.h" #include -#if defined(X25519_ASM) \ - || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \ - && !defined(__sparc__) \ - && !(defined(__ANDROID__) && !defined(__clang__)) ) -/* - * Base 2^51 implementation. - */ -# define BASE_2_51_IMPLEMENTED - -typedef uint64_t fe51[5]; -# if !defined(X25519_ASM) -typedef __uint128_t u128; -# endif - -static const uint64_t MASK51 = 0x7ffffffffffff; - -static uint64_t load_7(const uint8_t *in) -{ - uint64_t result; - - result = in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - result |= ((uint64_t)in[4]) << 32; - result |= ((uint64_t)in[5]) << 40; - result |= ((uint64_t)in[6]) << 48; - - return result; -} - -static uint64_t load_6(const uint8_t *in) -{ - uint64_t result; - - result = in[0]; - result |= ((uint64_t)in[1]) << 8; - result |= ((uint64_t)in[2]) << 16; - result |= ((uint64_t)in[3]) << 24; - result |= ((uint64_t)in[4]) << 32; - result |= ((uint64_t)in[5]) << 40; - - return result; -} - -static void fe51_frombytes(fe51 h, const uint8_t *s) -{ - uint64_t h0 = load_7(s); /* 56 bits */ - uint64_t h1 = load_6(s + 7) << 5; /* 53 bits */ - uint64_t h2 = load_7(s + 13) << 2; /* 58 bits */ - uint64_t h3 = load_6(s + 20) << 7; /* 55 bits */ - uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4; /* 51 bits */ - - h1 |= h0 >> 51; h0 &= MASK51; - h2 |= h1 >> 51; h1 &= MASK51; - h3 |= h2 >> 51; h2 &= MASK51; - h4 |= h3 >> 51; h3 &= MASK51; - - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; -} - -static void fe51_tobytes(uint8_t *s, const fe51 h) -{ - uint64_t h0 = h[0]; - uint64_t h1 = h[1]; - uint64_t h2 = h[2]; - uint64_t h3 = h[3]; - uint64_t h4 = h[4]; - uint64_t q; +#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64)) - /* compare to modulus */ - q = (h0 + 19) >> 51; - q = (h1 + q) >> 51; - q = (h2 + q) >> 51; - q = (h3 + q) >> 51; - q = (h4 + q) >> 51; - - /* full reduce */ - h0 += 19 * q; - h1 += h0 >> 51; h0 &= MASK51; - h2 += h1 >> 51; h1 &= MASK51; - h3 += h2 >> 51; h2 &= MASK51; - h4 += h3 >> 51; h3 &= MASK51; - h4 &= MASK51; - - /* smash */ - s[0] = (uint8_t)(h0 >> 0); - s[1] = (uint8_t)(h0 >> 8); - s[2] = (uint8_t)(h0 >> 16); - s[3] = (uint8_t)(h0 >> 24); - s[4] = (uint8_t)(h0 >> 32); - s[5] = (uint8_t)(h0 >> 40); - s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3)); - s[7] = (uint8_t)(h1 >> 5); - s[8] = (uint8_t)(h1 >> 13); - s[9] = (uint8_t)(h1 >> 21); - s[10] = (uint8_t)(h1 >> 29); - s[11] = (uint8_t)(h1 >> 37); - s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6)); - s[13] = (uint8_t)(h2 >> 2); - s[14] = (uint8_t)(h2 >> 10); - s[15] = (uint8_t)(h2 >> 18); - s[16] = (uint8_t)(h2 >> 26); - s[17] = (uint8_t)(h2 >> 34); - s[18] = (uint8_t)(h2 >> 42); - s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1)); - s[20] = (uint8_t)(h3 >> 7); - s[21] = (uint8_t)(h3 >> 15); - s[22] = (uint8_t)(h3 >> 23); - s[23] = (uint8_t)(h3 >> 31); - s[24] = (uint8_t)(h3 >> 39); - s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4)); - s[26] = (uint8_t)(h4 >> 4); - s[27] = (uint8_t)(h4 >> 12); - s[28] = (uint8_t)(h4 >> 20); - s[29] = (uint8_t)(h4 >> 28); - s[30] = (uint8_t)(h4 >> 36); - s[31] = (uint8_t)(h4 >> 44); -} - -# ifdef X25519_ASM -void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g); -void x25519_fe51_sqr(fe51 h, const fe51 f); -void x25519_fe51_mul121666(fe51 h, fe51 f); -# define fe51_mul x25519_fe51_mul -# define fe51_sq x25519_fe51_sqr -# define fe51_mul121666 x25519_fe51_mul121666 - -# if defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined(_M_X64) - -# define BASE_2_64_IMPLEMENTED +# define BASE_2_64_IMPLEMENTED typedef uint64_t fe64[4]; int x25519_fe64_eligible(void); /* - * There are no reference C implementations for this radix. + * Following subroutines perform corresponding operations modulo + * 2^256-38, i.e. double the curve modulus. However, inputs and + * outputs are permitted to be partially reduced, i.e. to remain + * in [0..2^256) range. It's all tied up in final fe64_tobytes + * that performs full reduction modulo 2^255-19. + * + * There are no reference C implementations for these. */ void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g); void x25519_fe64_sqr(fe64 h, const fe64 f); @@ -161,12 +35,12 @@ void x25519_fe64_mul121666(fe64 h, fe64 f); void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g); void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g); void x25519_fe64_tobytes(uint8_t *s, const fe64 f); -# define fe64_mul x25519_fe64_mul -# define fe64_sqr x25519_fe64_sqr -# define fe64_mul121666 x25519_fe64_mul121666 -# define fe64_add x25519_fe64_add -# define fe64_sub x25519_fe64_sub -# define fe64_tobytes x25519_fe64_tobytes +# define fe64_mul x25519_fe64_mul +# define fe64_sqr x25519_fe64_sqr +# define fe64_mul121666 x25519_fe64_mul121666 +# define fe64_add x25519_fe64_add +# define fe64_sub x25519_fe64_sub +# define fe64_tobytes x25519_fe64_tobytes static uint64_t load_8(const uint8_t *in) { @@ -375,10 +249,143 @@ static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32], OPENSSL_cleanse(e, sizeof(e)); } -# endif +#endif + +#if defined(X25519_ASM) \ + || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \ + && !defined(__sparc__) \ + && !(defined(__ANDROID__) && !defined(__clang__)) ) +/* + * Base 2^51 implementation. It's virtually no different from reference + * base 2^25.5 implementation in respect to lax boundary conditions for + * intermediate values and even individual limbs. So that whatever you + * know about the reference, applies even here... + */ +# define BASE_2_51_IMPLEMENTED + +typedef uint64_t fe51[5]; + +static const uint64_t MASK51 = 0x7ffffffffffff; + +static uint64_t load_7(const uint8_t *in) +{ + uint64_t result; + + result = in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + result |= ((uint64_t)in[4]) << 32; + result |= ((uint64_t)in[5]) << 40; + result |= ((uint64_t)in[6]) << 48; + + return result; +} + +static uint64_t load_6(const uint8_t *in) +{ + uint64_t result; + + result = in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + result |= ((uint64_t)in[4]) << 32; + result |= ((uint64_t)in[5]) << 40; + + return result; +} + +static void fe51_frombytes(fe51 h, const uint8_t *s) +{ + uint64_t h0 = load_7(s); /* 56 bits */ + uint64_t h1 = load_6(s + 7) << 5; /* 53 bits */ + uint64_t h2 = load_7(s + 13) << 2; /* 58 bits */ + uint64_t h3 = load_6(s + 20) << 7; /* 55 bits */ + uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4; /* 51 bits */ + + h1 |= h0 >> 51; h0 &= MASK51; + h2 |= h1 >> 51; h1 &= MASK51; + h3 |= h2 >> 51; h2 &= MASK51; + h4 |= h3 >> 51; h3 &= MASK51; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; +} + +static void fe51_tobytes(uint8_t *s, const fe51 h) +{ + uint64_t h0 = h[0]; + uint64_t h1 = h[1]; + uint64_t h2 = h[2]; + uint64_t h3 = h[3]; + uint64_t h4 = h[4]; + uint64_t q; + /* compare to modulus */ + q = (h0 + 19) >> 51; + q = (h1 + q) >> 51; + q = (h2 + q) >> 51; + q = (h3 + q) >> 51; + q = (h4 + q) >> 51; + + /* full reduce */ + h0 += 19 * q; + h1 += h0 >> 51; h0 &= MASK51; + h2 += h1 >> 51; h1 &= MASK51; + h3 += h2 >> 51; h2 &= MASK51; + h4 += h3 >> 51; h3 &= MASK51; + h4 &= MASK51; + + /* smash */ + s[0] = (uint8_t)(h0 >> 0); + s[1] = (uint8_t)(h0 >> 8); + s[2] = (uint8_t)(h0 >> 16); + s[3] = (uint8_t)(h0 >> 24); + s[4] = (uint8_t)(h0 >> 32); + s[5] = (uint8_t)(h0 >> 40); + s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3)); + s[7] = (uint8_t)(h1 >> 5); + s[8] = (uint8_t)(h1 >> 13); + s[9] = (uint8_t)(h1 >> 21); + s[10] = (uint8_t)(h1 >> 29); + s[11] = (uint8_t)(h1 >> 37); + s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6)); + s[13] = (uint8_t)(h2 >> 2); + s[14] = (uint8_t)(h2 >> 10); + s[15] = (uint8_t)(h2 >> 18); + s[16] = (uint8_t)(h2 >> 26); + s[17] = (uint8_t)(h2 >> 34); + s[18] = (uint8_t)(h2 >> 42); + s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1)); + s[20] = (uint8_t)(h3 >> 7); + s[21] = (uint8_t)(h3 >> 15); + s[22] = (uint8_t)(h3 >> 23); + s[23] = (uint8_t)(h3 >> 31); + s[24] = (uint8_t)(h3 >> 39); + s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4)); + s[26] = (uint8_t)(h4 >> 4); + s[27] = (uint8_t)(h4 >> 12); + s[28] = (uint8_t)(h4 >> 20); + s[29] = (uint8_t)(h4 >> 28); + s[30] = (uint8_t)(h4 >> 36); + s[31] = (uint8_t)(h4 >> 44); +} + +# if defined(X25519_ASM) +void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g); +void x25519_fe51_sqr(fe51 h, const fe51 f); +void x25519_fe51_mul121666(fe51 h, fe51 f); +# define fe51_mul x25519_fe51_mul +# define fe51_sq x25519_fe51_sqr +# define fe51_mul121666 x25519_fe51_mul121666 # else +typedef __uint128_t u128; + static void fe51_mul(fe51 h, const fe51 f, const fe51 g) { u128 h0, h1, h2, h3, h4; diff --git a/test/recipes/30-test_evp_data/evppkey.txt b/test/recipes/30-test_evp_data/evppkey.txt index 7435125..d482c14 100644 --- a/test/recipes/30-test_evp_data/evppkey.txt +++ b/test/recipes/30-test_evp_data/evppkey.txt @@ -18436,3 +18436,41 @@ Ctrl = digest:SM3 Input = D7AD397F6FFA5D4F7F11E7217F241607DC30618C236D2C09C1B9EA8FDADEE2E8 Output = 3045022100f11bf36e75bb304f094fb42a4ca22377d0cc768637c5011cd59fb9ed4b130c98022035545ffe2c2efb3abee4fee661468946d886004fae8ea5311593e48f7fe21b91 Result = KEYOP_MISMATCH + +Title = Chosen Wycheproof vectors + +PrivateKeyRaw = WychePRIVATE0:X25519:288796bc5aff4b81a37501757bc0753a3c21964790d38699308debc17a6eaf8d + +PublicKeyRaw = WychePUBLIC0:X25519:f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f + +Derive=WychePRIVATE0 +PeerKey=WychePUBLIC0 +SharedSecret=b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c + +PrivateKeyRaw = WychePRIVATE1:X25519:60887b3dc72443026ebedbbbb70665f42b87add1440e7768fbd7e8e2ce5f639d + +PublicKeyRaw = WychePUBLIC1:X25519:f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + +Derive=WychePRIVATE1 +PeerKey=WychePUBLIC1 +SharedSecret=38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633 + +PrivateKeyRaw = WychePRIVATE2:X25519:a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63 + +PublicKeyRaw = WychePUBLIC2:X25519:0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36 + +Derive=WychePRIVATE2 +PeerKey=WychePUBLIC2 +SharedSecret=0200000000000000000000000000000000000000000000000000000000000000 + +PublicKeyRaw = WychePUBLIC3:X25519:89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000 + +Derive=WychePRIVATE2 +PeerKey=WychePUBLIC3 +SharedSecret=0900000000000000000000000000000000000000000000000000000000000000 + +PublicKeyRaw = WychePUBLIC4:X25519:2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d + +Derive=WychePRIVATE2 +PeerKey=WychePUBLIC4 +SharedSecret=1000000000000000000000000000000000000000000000000000000000000000 From openssl at openssl.org Mon Jul 16 07:15:26 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 16 Jul 2018 07:15:26 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk Message-ID: <1531725326.328005.9433.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: 3c849bc ec/curve25519.c: reorganize for better accessibility. d3e3263 ec/asm/x25519-x86_64.pl: add CFI directives and Windows SE handler. dfd5fb0 test/.../evppkey.txt: X25519 regression test vectors. 2de607d ec/asm/x25519-x86_64.pl: fix base 2^64 add/sub and final reduction. 5d1c09d bn/bn_lcl.h,bn_nist.c: addres strict warnings with -DBN_DEBUG. 582ad5d rsa/*: switch to BN_bn2binpad. 89d8aad bn/bn_lib.c: make BN_bn2binpad computationally constant-time. 1e83954 Add a GOST test baa45c3 As a server don't select TLSv1.3 if we're not capable of it 4fd1278 Use ssl_version_supported() when choosing server version 871980a Do not use GOST sig algs in TLSv1.3 where possible 1f4add4 Documentation typo fix in BN_bn2bin.pod Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509spki.d.tmp -MT crypto/x509/x509spki.o -c -o crypto/x509/x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509type.d.tmp -MT crypto/x509/x509type.o -c -o crypto/x509/x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_all.d.tmp -MT crypto/x509/x_all.o -c -o crypto/x509/x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_attrib.d.tmp -MT crypto/x509/x_attrib.o -c -o crypto/x509/x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_crl.d.tmp -MT crypto/x509/x_crl.o -c -o crypto/x509/x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_exten.d.tmp -MT crypto/x509/x_exten.o -c -o crypto/x509/x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_name.d.tmp -MT crypto/x509/x_name.o -c -o crypto/x509/x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_pubkey.d.tmp -MT crypto/x509/x_pubkey.o -c -o crypto/x509/x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_req.d.tmp -MT crypto/x509/x_req.o -c -o crypto/x509/x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_x509.d.tmp -MT crypto/x509/x_x509.o -c -o crypto/x509/x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_x509a.d.tmp -MT crypto/x509/x_x509a.o -c -o crypto/x509/x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_cache.d.tmp -MT crypto/x509v3/pcy_cache.o -c -o crypto/x509v3/pcy_cache.o ../openssl/crypto/x509v3/pcy_cache.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_data.d.tmp -MT crypto/x509v3/pcy_data.o -c -o crypto/x509v3/pcy_data.o ../openssl/crypto/x509v3/pcy_data.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_lib.d.tmp -MT crypto/x509v3/pcy_lib.o -c -o crypto/x509v3/pcy_lib.o ../openssl/crypto/x509v3/pcy_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_map.d.tmp -MT crypto/x509v3/pcy_map.o -c -o crypto/x509v3/pcy_map.o ../openssl/crypto/x509v3/pcy_map.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_node.d.tmp -MT crypto/x509v3/pcy_node.o -c -o crypto/x509v3/pcy_node.o ../openssl/crypto/x509v3/pcy_node.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_tree.d.tmp -MT crypto/x509v3/pcy_tree.o -c -o crypto/x509v3/pcy_tree.o ../openssl/crypto/x509v3/pcy_tree.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_addr.d.tmp -MT crypto/x509v3/v3_addr.o -c -o crypto/x509v3/v3_addr.o ../openssl/crypto/x509v3/v3_addr.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_admis.d.tmp -MT crypto/x509v3/v3_admis.o -c -o crypto/x509v3/v3_admis.o ../openssl/crypto/x509v3/v3_admis.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_akey.d.tmp -MT crypto/x509v3/v3_akey.o -c -o crypto/x509v3/v3_akey.o ../openssl/crypto/x509v3/v3_akey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_akeya.d.tmp -MT crypto/x509v3/v3_akeya.o -c -o crypto/x509v3/v3_akeya.o ../openssl/crypto/x509v3/v3_akeya.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_alt.d.tmp -MT crypto/x509v3/v3_alt.o -c -o crypto/x509v3/v3_alt.o ../openssl/crypto/x509v3/v3_alt.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_asid.d.tmp -MT crypto/x509v3/v3_asid.o -c -o crypto/x509v3/v3_asid.o ../openssl/crypto/x509v3/v3_asid.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_bcons.d.tmp -MT crypto/x509v3/v3_bcons.o -c -o crypto/x509v3/v3_bcons.o ../openssl/crypto/x509v3/v3_bcons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_bitst.d.tmp -MT crypto/x509v3/v3_bitst.o -c -o crypto/x509v3/v3_bitst.o ../openssl/crypto/x509v3/v3_bitst.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_conf.d.tmp -MT crypto/x509v3/v3_conf.o -c -o crypto/x509v3/v3_conf.o ../openssl/crypto/x509v3/v3_conf.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_cpols.d.tmp -MT crypto/x509v3/v3_cpols.o -c -o crypto/x509v3/v3_cpols.o ../openssl/crypto/x509v3/v3_cpols.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_crld.d.tmp -MT crypto/x509v3/v3_crld.o -c -o crypto/x509v3/v3_crld.o ../openssl/crypto/x509v3/v3_crld.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_enum.d.tmp -MT crypto/x509v3/v3_enum.o -c -o crypto/x509v3/v3_enum.o ../openssl/crypto/x509v3/v3_enum.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_extku.d.tmp -MT crypto/x509v3/v3_extku.o -c -o crypto/x509v3/v3_extku.o ../openssl/crypto/x509v3/v3_extku.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_genn.d.tmp -MT crypto/x509v3/v3_genn.o -c -o crypto/x509v3/v3_genn.o ../openssl/crypto/x509v3/v3_genn.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_ia5.d.tmp -MT crypto/x509v3/v3_ia5.o -c -o crypto/x509v3/v3_ia5.o ../openssl/crypto/x509v3/v3_ia5.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_info.d.tmp -MT crypto/x509v3/v3_info.o -c -o crypto/x509v3/v3_info.o ../openssl/crypto/x509v3/v3_info.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_int.d.tmp -MT crypto/x509v3/v3_int.o -c -o crypto/x509v3/v3_int.o ../openssl/crypto/x509v3/v3_int.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_lib.d.tmp -MT crypto/x509v3/v3_lib.o -c -o crypto/x509v3/v3_lib.o ../openssl/crypto/x509v3/v3_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_ncons.d.tmp -MT crypto/x509v3/v3_ncons.o -c -o crypto/x509v3/v3_ncons.o ../openssl/crypto/x509v3/v3_ncons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pci.d.tmp -MT crypto/x509v3/v3_pci.o -c -o crypto/x509v3/v3_pci.o ../openssl/crypto/x509v3/v3_pci.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pcia.d.tmp -MT crypto/x509v3/v3_pcia.o -c -o crypto/x509v3/v3_pcia.o ../openssl/crypto/x509v3/v3_pcia.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pcons.d.tmp -MT crypto/x509v3/v3_pcons.o -c -o crypto/x509v3/v3_pcons.o ../openssl/crypto/x509v3/v3_pcons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pku.d.tmp -MT crypto/x509v3/v3_pku.o -c -o crypto/x509v3/v3_pku.o ../openssl/crypto/x509v3/v3_pku.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pmaps.d.tmp -MT crypto/x509v3/v3_pmaps.o -c -o crypto/x509v3/v3_pmaps.o ../openssl/crypto/x509v3/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_prn.d.tmp -MT crypto/x509v3/v3_prn.o -c -o crypto/x509v3/v3_prn.o ../openssl/crypto/x509v3/v3_prn.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_purp.d.tmp -MT crypto/x509v3/v3_purp.o -c -o crypto/x509v3/v3_purp.o ../openssl/crypto/x509v3/v3_purp.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_skey.d.tmp -MT crypto/x509v3/v3_skey.o -c -o crypto/x509v3/v3_skey.o ../openssl/crypto/x509v3/v3_skey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_sxnet.d.tmp -MT crypto/x509v3/v3_sxnet.o -c -o crypto/x509v3/v3_sxnet.o ../openssl/crypto/x509v3/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_tlsf.d.tmp -MT crypto/x509v3/v3_tlsf.o -c -o crypto/x509v3/v3_tlsf.o ../openssl/crypto/x509v3/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_utl.d.tmp -MT crypto/x509v3/v3_utl.o -c -o crypto/x509v3/v3_utl.o ../openssl/crypto/x509v3/v3_utl.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3err.d.tmp -MT crypto/x509v3/v3err.o -c -o crypto/x509v3/v3err.o ../openssl/crypto/x509v3/v3err.c CC="clang" /usr/bin/perl ../openssl/crypto/x86_64cpuid.pl elf crypto/x86_64cpuid.s clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/bio_ssl.d.tmp -MT ssl/bio_ssl.o -c -o ssl/bio_ssl.o ../openssl/ssl/bio_ssl.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_lib.d.tmp -MT ssl/d1_lib.o -c -o ssl/d1_lib.o ../openssl/ssl/d1_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_msg.d.tmp -MT ssl/d1_msg.o -c -o ssl/d1_msg.o ../openssl/ssl/d1_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_srtp.d.tmp -MT ssl/d1_srtp.o -c -o ssl/d1_srtp.o ../openssl/ssl/d1_srtp.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/methods.d.tmp -MT ssl/methods.o -c -o ssl/methods.o ../openssl/ssl/methods.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/packet.d.tmp -MT ssl/packet.o -c -o ssl/packet.o ../openssl/ssl/packet.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/pqueue.d.tmp -MT ssl/pqueue.o -c -o ssl/pqueue.o ../openssl/ssl/pqueue.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/dtls1_bitmap.d.tmp -MT ssl/record/dtls1_bitmap.o -c -o ssl/record/dtls1_bitmap.o ../openssl/ssl/record/dtls1_bitmap.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/rec_layer_d1.d.tmp -MT ssl/record/rec_layer_d1.o -c -o ssl/record/rec_layer_d1.o ../openssl/ssl/record/rec_layer_d1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/rec_layer_s3.d.tmp -MT ssl/record/rec_layer_s3.o -c -o ssl/record/rec_layer_s3.o ../openssl/ssl/record/rec_layer_s3.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_buffer.d.tmp -MT ssl/record/ssl3_buffer.o -c -o ssl/record/ssl3_buffer.o ../openssl/ssl/record/ssl3_buffer.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_record.d.tmp -MT ssl/record/ssl3_record.o -c -o ssl/record/ssl3_record.o ../openssl/ssl/record/ssl3_record.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_record_tls13.d.tmp -MT ssl/record/ssl3_record_tls13.o -c -o ssl/record/ssl3_record_tls13.o ../openssl/ssl/record/ssl3_record_tls13.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_cbc.d.tmp -MT ssl/s3_cbc.o -c -o ssl/s3_cbc.o ../openssl/ssl/s3_cbc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_enc.d.tmp -MT ssl/s3_enc.o -c -o ssl/s3_enc.o ../openssl/ssl/s3_enc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_lib.d.tmp -MT ssl/s3_lib.o -c -o ssl/s3_lib.o ../openssl/ssl/s3_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_msg.d.tmp -MT ssl/s3_msg.o -c -o ssl/s3_msg.o ../openssl/ssl/s3_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_asn1.d.tmp -MT ssl/ssl_asn1.o -c -o ssl/ssl_asn1.o ../openssl/ssl/ssl_asn1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_cert.d.tmp -MT ssl/ssl_cert.o -c -o ssl/ssl_cert.o ../openssl/ssl/ssl_cert.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_ciph.d.tmp -MT ssl/ssl_ciph.o -c -o ssl/ssl_ciph.o ../openssl/ssl/ssl_ciph.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_conf.d.tmp -MT ssl/ssl_conf.o -c -o ssl/ssl_conf.o ../openssl/ssl/ssl_conf.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_err.d.tmp -MT ssl/ssl_err.o -c -o ssl/ssl_err.o ../openssl/ssl/ssl_err.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_init.d.tmp -MT ssl/ssl_init.o -c -o ssl/ssl_init.o ../openssl/ssl/ssl_init.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_lib.d.tmp -MT ssl/ssl_lib.o -c -o ssl/ssl_lib.o ../openssl/ssl/ssl_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_mcnf.d.tmp -MT ssl/ssl_mcnf.o -c -o ssl/ssl_mcnf.o ../openssl/ssl/ssl_mcnf.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_rsa.d.tmp -MT ssl/ssl_rsa.o -c -o ssl/ssl_rsa.o ../openssl/ssl/ssl_rsa.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_sess.d.tmp -MT ssl/ssl_sess.o -c -o ssl/ssl_sess.o ../openssl/ssl/ssl_sess.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_stat.d.tmp -MT ssl/ssl_stat.o -c -o ssl/ssl_stat.o ../openssl/ssl/ssl_stat.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_txt.d.tmp -MT ssl/ssl_txt.o -c -o ssl/ssl_txt.o ../openssl/ssl/ssl_txt.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_utst.d.tmp -MT ssl/ssl_utst.o -c -o ssl/ssl_utst.o ../openssl/ssl/ssl_utst.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions.d.tmp -MT ssl/statem/extensions.o -c -o ssl/statem/extensions.o ../openssl/ssl/statem/extensions.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions_clnt.d.tmp -MT ssl/statem/extensions_clnt.o -c -o ssl/statem/extensions_clnt.o ../openssl/ssl/statem/extensions_clnt.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions_cust.d.tmp -MT ssl/statem/extensions_cust.o -c -o ssl/statem/extensions_cust.o ../openssl/ssl/statem/extensions_cust.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions_srvr.d.tmp -MT ssl/statem/extensions_srvr.o -c -o ssl/statem/extensions_srvr.o ../openssl/ssl/statem/extensions_srvr.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem.d.tmp -MT ssl/statem/statem.o -c -o ssl/statem/statem.o ../openssl/ssl/statem/statem.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_clnt.d.tmp -MT ssl/statem/statem_clnt.o -c -o ssl/statem/statem_clnt.o ../openssl/ssl/statem/statem_clnt.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_dtls.d.tmp -MT ssl/statem/statem_dtls.o -c -o ssl/statem/statem_dtls.o ../openssl/ssl/statem/statem_dtls.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_lib.d.tmp -MT ssl/statem/statem_lib.o -c -o ssl/statem/statem_lib.o ../openssl/ssl/statem/statem_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_srvr.d.tmp -MT ssl/statem/statem_srvr.o -c -o ssl/statem/statem_srvr.o ../openssl/ssl/statem/statem_srvr.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/t1_enc.d.tmp -MT ssl/t1_enc.o -c -o ssl/t1_enc.o ../openssl/ssl/t1_enc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/t1_lib.d.tmp -MT ssl/t1_lib.o -c -o ssl/t1_lib.o ../openssl/ssl/t1_lib.c ../openssl/ssl/statem/statem_lib.c:1496:12: error: no member named 'psk_server_callback' in 'struct ssl_st' if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL) ~ ^ 1 error generated. Makefile:6254: recipe for target 'ssl/statem/statem_lib.o' failed make[1]: *** [ssl/statem/statem_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-psk' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From levitte at openssl.org Mon Jul 16 08:17:14 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 16 Jul 2018 08:17:14 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1531729034.652995.26623.nullmailer@dev.openssl.org> The branch master has been updated via 45ea2185ce1a2f39c6fb72abd076dbb191b0d016 (commit) from 5f62625fdbc9dba7d402ea9d5ee91f5b8280df50 (commit) - Log ----------------------------------------------------------------- commit 45ea2185ce1a2f39c6fb72abd076dbb191b0d016 Author: Richard Levitte Date: Sat Jul 14 11:47:17 2018 +0200 run-checker: Add script to build gost.so It gets built against a 1.1.0 build, on purpose to check that it links and runs correctly against any libcrypto.so.1.1. Fixes #21 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/22) ----------------------------------------------------------------------- Summary of changes: run-checker/build-gost.sh | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 run-checker/build-gost.sh diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh new file mode 100755 index 0000000..f3d205f --- /dev/null +++ b/run-checker/build-gost.sh @@ -0,0 +1,39 @@ +#! /bin/bash +# +# Run in a directory for a gost engine build. +# Two subdirectories will be created: +# +# gost-engine a checkout of https://github.com/gost-engine/engine.git +# openssl a checkout of https://github.com/openssl/openssl.git +# +# Required ubuntu packages to run this script: +# +# build-essential +# cmake +# perl +# git + +if [ -d openssl ]; then + (cd openssl; git pull --rebase) +else + git clone -b OpenSSL_1_1_0-stable --depth 1 --single-branch \ + https://github.com/openssl/openssl.git openssl +fi + +if [ -d gost-engine ]; then + (cd gost-engine; git pull --rebase) +else + git clone https://github.com/gost-engine/engine.git gost-engine +fi + +OPENSSL_PREFIX=$(pwd)/openssl/_install +( + cd openssl + ./config --prefix=$OPENSSL_PREFIX \ + && make -j8 build_libs \ + && make install_dev +) && ( + cd gost-engine + cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX . + make +) From matt at openssl.org Mon Jul 16 09:26:37 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 16 Jul 2018 09:26:37 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531733197.613447.5072.nullmailer@dev.openssl.org> The branch master has been updated via 01ad66f85d22fd001582b5f2e6e18db8b820c550 (commit) via f45846f50036343778d7575578e7115e92a3fce1 (commit) via 66b0bca887eb4ad1f5758e56c45905fb3fc36667 (commit) via 3712436071c04ed831594cf47073788417d1506b (commit) via 51f3021d974f32539a2727908018664963695b5d (commit) from 3c849bc901fa191fc517bc20d905783e6e428de5 (commit) - Log ----------------------------------------------------------------- commit 01ad66f85d22fd001582b5f2e6e18db8b820c550 Author: Nicola Tuveri Date: Sun Jul 8 10:39:39 2018 +0300 EC2M Lopez-Dahab ladder: use it also for ECDSA verify By default `ec_scalar_mul_ladder` (which uses the Lopez-Dahab ladder implementation) is used only for (k * Generator) or (k * VariablePoint). ECDSA verification uses (a * Generator + b * VariablePoint): this commit forces the use of `ec_scalar_mul_ladder` also for the ECDSA verification path, while using the default wNAF implementation for any other case. With this commit `ec_scalar_mul_ladder` loses the static attribute, and is added to ec_lcl.h so EC_METHODs can directly use it. While working on a new custom EC_POINTs_mul implementation, I realized that many checks (e.g. all the points being compatible with the given EC_GROUP, creating a temporary BN_CTX if `ctx == NULL`, check for the corner case `scalar == NULL && num == 0`) were duplicated again and again in every single implementation (and actually some implementations lacked some of the tests). I thought that it makes way more sense for those checks that are independent from the actual implementation and should always be done, to be moved in the EC_POINTs_mul wrapper: so this commit also includes these changes. Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6690) commit f45846f50036343778d7575578e7115e92a3fce1 Author: Nicola Tuveri Date: Sat Jul 14 00:55:01 2018 +0300 EC2M Lopez-Dahab ladder implementation This commit uses the new ladder scaffold to implement a specialized ladder step based on differential addition-and-doubling in mixed Lopez-Dahab projective coordinates, modified to independently blind the operands. The arithmetic in `ladder_pre`, `ladder_step` and `ladder_post` is auto generated with tooling: - see, e.g., "Guide to ECC" Alg 3.40 for reference about the `ladder_pre` implementation; - see https://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3 for the differential addition-and-doubling formulas implemented in `ladder_step`; - see, e.g., "Fast Multiplication on Elliptic Curves over GF(2**m) without Precomputation" (Lopez and Dahab, CHES 1999) Appendix Alg Mxy for the `ladder_post` implementation to recover the `(x,y)` result in affine coordinates. Co-authored-by: Billy Brumley Co-authored-by: Sohaib ul Hassan Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6690) commit 66b0bca887eb4ad1f5758e56c45905fb3fc36667 Author: Billy Brumley Date: Sun Jul 8 01:27:34 2018 +0300 [test] test some important ladder corner cases and catch corner cases better and earlier Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6690) commit 3712436071c04ed831594cf47073788417d1506b Author: Nicola Tuveri Date: Sun Jul 8 00:50:49 2018 +0300 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations PR #6009 and #6070 replaced the default EC point multiplication path for prime and binary curves with a unified Montgomery ladder implementation with various timing attack defenses (for the common paths when a secret scalar is feed to the point multiplication). The newly introduced default implementation directly used EC_POINT_add/dbl in the main loop. The scaffolding introduced by this commit allows EC_METHODs to define a specialized `ladder_step` function to improve performances by taking advantage of efficient formulas for differential addition-and-doubling and different coordinate systems. - `ladder_pre` is executed before the main loop of the ladder: by default it copies the input point P into S, and doubles it into R. Specialized implementations could, e.g., use this hook to transition to different coordinate systems before copying and doubling; - `ladder_step` is the core of the Montgomery ladder loop: by default it computes `S := R+S; R := 2R;`, but specific implementations could, e.g., implement a more efficient formula for differential addition-and-doubling; - `ladder_post` is executed after the Montgomery ladder loop: by default it's a noop, but specialized implementations could, e.g., use this hook to transition back from the coordinate system used for optimizing the differential addition-and-doubling or recover the y coordinate of the result point. This commit also renames `ec_mul_consttime` to `ec_scalar_mul_ladder`, as it better corresponds to what this function does: nothing can be truly said about the constant-timeness of the overall execution of this function, given that the underlying operations are not necessarily constant-time themselves. What this implementation ensures is that the same fixed sequence of operations is executed for each scalar multiplication (for a given EC_GROUP), with no dependency on the value of the input scalar. Co-authored-by: Sohaib ul Hassan Co-authored-by: Billy Brumley Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6690) commit 51f3021d974f32539a2727908018664963695b5d Author: Nicola Tuveri Date: Fri Jul 13 11:48:29 2018 +0300 Remove stale SM2 error codes Run `make update ERROR_REBUILD=-rebuild` to remove some stale error codes for SM2 (which is now using its own submodule for error codes, i.e., `SM2_*`). Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6690) ----------------------------------------------------------------------- Summary of changes: CHANGES | 13 ++ crypto/ec/ec2_smpl.c | 328 ++++++++++++++++++++++++++++++++------- crypto/ec/ec_err.c | 21 ++- crypto/ec/ec_lcl.h | 81 ++++++++++ crypto/ec/ec_lib.c | 33 +++- crypto/ec/ec_mult.c | 183 +++++++++++++--------- crypto/ec/ecp_mont.c | 5 +- crypto/ec/ecp_nist.c | 5 +- crypto/ec/ecp_nistp224.c | 10 +- crypto/ec/ecp_nistp256.c | 12 +- crypto/ec/ecp_nistp521.c | 10 +- crypto/ec/ecp_nistz256.c | 29 +--- crypto/ec/ecp_smpl.c | 6 +- crypto/err/openssl.txt | 10 ++ crypto/include/internal/sm2err.h | 3 + include/internal/dsoerr.h | 3 + include/openssl/ecerr.h | 16 +- test/ectest.c | 13 +- 18 files changed, 586 insertions(+), 195 deletions(-) diff --git a/CHANGES b/CHANGES index 4765e0b..c1d4c2d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,19 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder + step for binary curves. The new implementation is based on formulas from + differential addition-and-doubling in mixed Lopez-Dahab projective + coordinates, modified to independently blind the operands. + [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri] + + *) Add a scaffold to optionally enhance the Montgomery ladder implementation + for `ec_scalar_mul_ladder` (formerly `ec_mul_consttime`) allowing + EC_METHODs to implement their own specialized "ladder step", to take + advantage of more favorable coordinate systems or more efficient + differential addition-and-doubling algorithms. + [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri] + *) Modified the random device based seed sources to keep the relevant file descriptors open rather than reopening them on each access. This allows such sources to operate in a chroot() jail without diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index cef6ba4..9ce332b 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -15,63 +15,6 @@ #ifndef OPENSSL_NO_EC2M -const EC_METHOD *EC_GF2m_simple_method(void) -{ - static const EC_METHOD ret = { - EC_FLAGS_DEFAULT_OCT, - NID_X9_62_characteristic_two_field, - ec_GF2m_simple_group_init, - ec_GF2m_simple_group_finish, - ec_GF2m_simple_group_clear_finish, - ec_GF2m_simple_group_copy, - ec_GF2m_simple_group_set_curve, - ec_GF2m_simple_group_get_curve, - ec_GF2m_simple_group_get_degree, - ec_group_simple_order_bits, - ec_GF2m_simple_group_check_discriminant, - ec_GF2m_simple_point_init, - ec_GF2m_simple_point_finish, - ec_GF2m_simple_point_clear_finish, - ec_GF2m_simple_point_copy, - ec_GF2m_simple_point_set_to_infinity, - 0 /* set_Jprojective_coordinates_GFp */ , - 0 /* get_Jprojective_coordinates_GFp */ , - ec_GF2m_simple_point_set_affine_coordinates, - ec_GF2m_simple_point_get_affine_coordinates, - 0, 0, 0, - ec_GF2m_simple_add, - ec_GF2m_simple_dbl, - ec_GF2m_simple_invert, - ec_GF2m_simple_is_at_infinity, - ec_GF2m_simple_is_on_curve, - ec_GF2m_simple_cmp, - ec_GF2m_simple_make_affine, - ec_GF2m_simple_points_make_affine, - 0 /* mul */, - 0 /* precompute_mul */, - 0 /* have_precompute_mul */, - ec_GF2m_simple_field_mul, - ec_GF2m_simple_field_sqr, - ec_GF2m_simple_field_div, - 0 /* field_encode */ , - 0 /* field_decode */ , - 0, /* field_set_to_one */ - ec_key_simple_priv2oct, - ec_key_simple_oct2priv, - 0, /* set private */ - ec_key_simple_generate_key, - ec_key_simple_check_key, - ec_key_simple_generate_public_key, - 0, /* keycopy */ - 0, /* keyfinish */ - ecdh_simple_compute_key, - 0, /* field_inverse_mod_ord */ - 0 /* blind_coordinates */ - }; - - return &ret; -} - /* * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members * are handled by EC_GROUP_new. @@ -737,4 +680,275 @@ int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, return BN_GF2m_mod_div(r, a, b, group->field, ctx); } +/*- + * Lopez-Dahab ladder, pre step. + * See e.g. "Guide to ECC" Alg 3.40. + * Modified to blind s and r independently. + * s:= p, r := 2p + */ +static +int ec_GF2m_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + /* if p is not affine, something is wrong */ + if (p->Z_is_one == 0) + return 0; + + /* s blinding: make sure lambda (s->Z here) is not zero */ + do { + if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB); + return 0; + } + } while (BN_is_zero(s->Z)); + + /* if field_encode defined convert between representations */ + if ((group->meth->field_encode != NULL + && !group->meth->field_encode(group, s->Z, s->Z, ctx)) + || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) + return 0; + + /* r blinding: make sure lambda (r->Y here for storage) is not zero */ + do { + if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1, + BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB); + return 0; + } + } while (BN_is_zero(r->Y)); + + if ((group->meth->field_encode != NULL + && !group->meth->field_encode(group, r->Y, r->Y, ctx)) + || !group->meth->field_sqr(group, r->Z, p->X, ctx) + || !group->meth->field_sqr(group, r->X, r->Z, ctx) + || !BN_GF2m_add(r->X, r->X, group->b) + || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx) + || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)) + return 0; + + s->Z_is_one = 0; + r->Z_is_one = 0; + + return 1; +} + +/*- + * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords. + * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3 + * s := r + s, r := 2r + */ +static +int ec_GF2m_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx) + || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx) + || !group->meth->field_sqr(group, s->Y, r->Z, ctx) + || !group->meth->field_sqr(group, r->Z, r->X, ctx) + || !BN_GF2m_add(s->Z, r->Y, s->X) + || !group->meth->field_sqr(group, s->Z, s->Z, ctx) + || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx) + || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx) + || !BN_GF2m_add(s->X, s->X, r->Y) + || !group->meth->field_sqr(group, r->Y, r->Z, ctx) + || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx) + || !group->meth->field_sqr(group, s->Y, s->Y, ctx) + || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx) + || !BN_GF2m_add(r->X, r->Y, s->Y)) + return 0; + + return 1; +} + +/*- + * Recover affine (x,y) result from Lopez-Dahab r and s, affine p. + * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m) + * without Precomputation" (Lopez and Dahab, CHES 1999), + * Appendix Alg Mxy. + */ +static +int ec_GF2m_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *t0, *t1, *t2 = NULL; + + if (BN_is_zero(r->Z)) + return EC_POINT_set_to_infinity(group, r); + + if (BN_is_zero(s->Z)) { + if (!EC_POINT_copy(r, p) + || !EC_POINT_invert(group, r, ctx)) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB); + return 0; + } + return 1; + } + + BN_CTX_start(ctx); + t0 = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t2 == NULL) { + ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t1, p->X, r->Z, ctx) + || !BN_GF2m_add(t1, r->X, t1) + || !group->meth->field_mul(group, t2, p->X, s->Z, ctx) + || !group->meth->field_mul(group, r->Z, r->X, t2, ctx) + || !BN_GF2m_add(t2, t2, s->X) + || !group->meth->field_mul(group, t1, t1, t2, ctx) + || !group->meth->field_sqr(group, t2, p->X, ctx) + || !BN_GF2m_add(t2, p->Y, t2) + || !group->meth->field_mul(group, t2, t2, t0, ctx) + || !BN_GF2m_add(t1, t2, t1) + || !group->meth->field_mul(group, t2, p->X, t0, ctx) + || !BN_GF2m_mod_inv(t2, t2, group->field, ctx) + || !group->meth->field_mul(group, t1, t1, t2, ctx) + || !group->meth->field_mul(group, r->X, r->Z, t2, ctx) + || !BN_GF2m_add(t2, p->X, r->X) + || !group->meth->field_mul(group, t2, t2, t1, ctx) + || !BN_GF2m_add(r->Y, p->Y, t2) + || !BN_one(r->Z)) + goto err; + + r->Z_is_one = 1; + + /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ + BN_set_negative(r->X, 0); + BN_set_negative(r->Y, 0); + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +static +int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, + const EC_POINT *points[], + const BIGNUM *scalars[], + BN_CTX *ctx) +{ + int ret = 0; + EC_POINT *t = NULL; + + /*- + * We limit use of the ladder only to the following cases: + * - r := scalar * G + * Fixed point mul: scalar != NULL && num == 0; + * - r := scalars[0] * points[0] + * Variable point mul: scalar == NULL && num == 1; + * - r := scalar * G + scalars[0] * points[0] + * used, e.g., in ECDSA verification: scalar != NULL && num == 1 + * + * In any other case (num > 1) we use the default wNAF implementation. + * + * We also let the default implementation handle degenerate cases like group + * order or cofactor set to 0. + */ + if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor)) + return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + + if (scalar != NULL && num == 0) + /* Fixed point multiplication */ + return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); + + if (scalar == NULL && num == 1) + /* Variable point multiplication */ + return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); + + /*- + * Double point multiplication: + * r := scalar * G + scalars[0] * points[0] + */ + + if ((t = EC_POINT_new(group)) == NULL) { + ECerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!ec_scalar_mul_ladder(group, t, scalar, NULL, ctx) + || !ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx) + || !EC_POINT_add(group, r, t, r, ctx)) + goto err; + + ret = 1; + + err: + EC_POINT_free(t); + return ret; +} + +const EC_METHOD *EC_GF2m_simple_method(void) +{ + static const EC_METHOD ret = { + EC_FLAGS_DEFAULT_OCT, + NID_X9_62_characteristic_two_field, + ec_GF2m_simple_group_init, + ec_GF2m_simple_group_finish, + ec_GF2m_simple_group_clear_finish, + ec_GF2m_simple_group_copy, + ec_GF2m_simple_group_set_curve, + ec_GF2m_simple_group_get_curve, + ec_GF2m_simple_group_get_degree, + ec_group_simple_order_bits, + ec_GF2m_simple_group_check_discriminant, + ec_GF2m_simple_point_init, + ec_GF2m_simple_point_finish, + ec_GF2m_simple_point_clear_finish, + ec_GF2m_simple_point_copy, + ec_GF2m_simple_point_set_to_infinity, + 0, /* set_Jprojective_coordinates_GFp */ + 0, /* get_Jprojective_coordinates_GFp */ + ec_GF2m_simple_point_set_affine_coordinates, + ec_GF2m_simple_point_get_affine_coordinates, + 0, /* point_set_compressed_coordinates */ + 0, /* point2oct */ + 0, /* oct2point */ + ec_GF2m_simple_add, + ec_GF2m_simple_dbl, + ec_GF2m_simple_invert, + ec_GF2m_simple_is_at_infinity, + ec_GF2m_simple_is_on_curve, + ec_GF2m_simple_cmp, + ec_GF2m_simple_make_affine, + ec_GF2m_simple_points_make_affine, + ec_GF2m_simple_points_mul, + 0, /* precompute_mult */ + 0, /* have_precompute_mult */ + ec_GF2m_simple_field_mul, + ec_GF2m_simple_field_sqr, + ec_GF2m_simple_field_div, + 0, /* field_encode */ + 0, /* field_decode */ + 0, /* field_set_to_one */ + ec_key_simple_priv2oct, + ec_key_simple_oct2priv, + 0, /* set private */ + ec_key_simple_generate_key, + ec_key_simple_check_key, + ec_key_simple_generate_public_key, + 0, /* keycopy */ + 0, /* keyfinish */ + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + ec_GF2m_simple_ladder_pre, + ec_GF2m_simple_ladder_step, + ec_GF2m_simple_ladder_post + }; + + return &ret; +} + #endif diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index 342b84f..cbe204f 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -70,10 +70,16 @@ static const ERR_STRING_DATA EC_str_functs[] = { "ec_GF2m_simple_group_check_discriminant"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0), "ec_GF2m_simple_group_set_curve"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0), + "ec_GF2m_simple_ladder_post"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0), + "ec_GF2m_simple_ladder_pre"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0), "ec_GF2m_simple_oct2point"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0), "ec_GF2m_simple_point2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0), + "ec_GF2m_simple_points_mul"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0), "ec_GF2m_simple_point_get_affine_coordinates"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0), @@ -191,6 +197,7 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0), "EC_POINTs_make_affine"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"}, @@ -226,6 +233,8 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0), "EC_POINT_set_to_infinity"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0), + "ec_scalar_mul_ladder"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0), "ec_wNAF_precompute_mult"}, @@ -261,12 +270,6 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"}, {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_KEYGEN, 0), "pkey_sm2_keygen"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_PARAMGEN, 0), "pkey_sm2_paramgen"}, - {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"}, {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"}, {0, NULL} }; @@ -320,6 +323,9 @@ static const ERR_STRING_DATA EC_str_reasons[] = { "invalid trinomial basis"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES), @@ -339,6 +345,8 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE), + "point coordinates blind failure"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED), @@ -347,6 +355,7 @@ static const ERR_STRING_DATA EC_str_reasons[] = { {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"}, + {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"}, {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"}, diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index ae38029..8b16971 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -178,6 +178,15 @@ struct ec_method_st { int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r, const BIGNUM *x, BN_CTX *); int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); + int (*ladder_pre)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + int (*ladder_step)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); + int (*ladder_post)(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); }; /* @@ -637,4 +646,76 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); +/*- + * This functions computes a single point multiplication over the EC group, + * using, at a high level, a Montgomery ladder with conditional swaps, with + * various timing attack defenses. + * + * It performs either a fixed point multiplication + * (scalar * generator) + * when point is NULL, or a variable point multiplication + * (scalar * point) + * when point is not NULL. + * + * `scalar` cannot be NULL and should be in the range [0,n) otherwise all + * constant time bets are off (where n is the cardinality of the EC group). + * + * This function expects `group->order` and `group->cardinality` to be well + * defined and non-zero: it fails with an error code otherwise. + * + * NB: This says nothing about the constant-timeness of the ladder step + * implementation (i.e., the default implementation is based on EC_POINT_add and + * EC_POINT_dbl, which of course are not constant time themselves) or the + * underlying multiprecision arithmetic. + * + * The product is stored in `r`. + * + * This is an internal function: callers are in charge of ensuring that the + * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. + * + * Returns 1 on success, 0 otherwise. + */ +int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx); + int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); + +static inline int ec_point_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_pre != NULL) + return group->meth->ladder_pre(group, r, s, p, ctx); + + if (!EC_POINT_copy(s, p) + || !EC_POINT_dbl(group, r, s, ctx)) + return 0; + + return 1; +} + +static inline int ec_point_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_step != NULL) + return group->meth->ladder_step(group, r, s, p, ctx); + + if (!EC_POINT_add(group, s, r, s, ctx) + || !EC_POINT_dbl(group, r, r, ctx)) + return 0; + + return 1; + +} + +static inline int ec_point_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->ladder_post != NULL) + return group->meth->ladder_post(group, r, s, p, ctx); + + return 1; +} diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 6a2d1b5..457cd35 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -919,11 +919,38 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { - if (group->meth->mul == 0) + int ret = 0; + size_t i = 0; + BN_CTX *new_ctx = NULL; + + if ((scalar == NULL) && (num == 0)) { + return EC_POINT_set_to_infinity(group, r); + } + + if (!ec_point_is_compat(r, group)) { + ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + for (i = 0; i < num; i++) { + if (!ec_point_is_compat(points[i], group)) { + ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + } + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) { + ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (group->meth->mul != NULL) + ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx); + else /* use default */ - return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); - return group->meth->mul(group, r, scalar, num, points, scalars, ctx); + BN_CTX_free(new_ctx); + return ret; } int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 663db57..7e1b365 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -108,10 +108,9 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) } while(0) /*- - * This functions computes (in constant time) a point multiplication over the - * EC group. - * - * At a high level, it is Montgomery ladder with conditional swaps. + * This functions computes a single point multiplication over the EC group, + * using, at a high level, a Montgomery ladder with conditional swaps, with + * various timing attack defenses. * * It performs either a fixed point multiplication * (scalar * generator) @@ -119,51 +118,85 @@ void EC_ec_pre_comp_free(EC_PRE_COMP *pre) * (scalar * point) * when point is not NULL. * - * scalar should be in the range [0,n) otherwise all constant time bets are off. + * `scalar` cannot be NULL and should be in the range [0,n) otherwise all + * constant time bets are off (where n is the cardinality of the EC group). + * + * This function expects `group->order` and `group->cardinality` to be well + * defined and non-zero: it fails with an error code otherwise. * - * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, - * which of course are not constant time themselves. + * NB: This says nothing about the constant-timeness of the ladder step + * implementation (i.e., the default implementation is based on EC_POINT_add and + * EC_POINT_dbl, which of course are not constant time themselves) or the + * underlying multiprecision arithmetic. * - * The product is stored in r. + * The product is stored in `r`. + * + * This is an internal function: callers are in charge of ensuring that the + * input parameters `group`, `r`, `scalar` and `ctx` are not NULL. * * Returns 1 on success, 0 otherwise. */ -static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, const EC_POINT *point, - BN_CTX *ctx) +int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, + BN_CTX *ctx) { int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *p = NULL; EC_POINT *s = NULL; BIGNUM *k = NULL; BIGNUM *lambda = NULL; BIGNUM *cardinality = NULL; - BN_CTX *new_ctx = NULL; int ret = 0; - if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) + /* early exit if the input point is the point at infinity */ + if (point != NULL && EC_POINT_is_at_infinity(group, point)) + return EC_POINT_set_to_infinity(group, r); + + if (BN_is_zero(group->order)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER); + return 0; + } + if (BN_is_zero(group->cofactor)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR); return 0; + } BN_CTX_start(ctx); - s = EC_POINT_new(group); - if (s == NULL) + if (((p = EC_POINT_new(group)) == NULL) + || ((s = EC_POINT_new(group)) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE); goto err; + } if (point == NULL) { - if (!EC_POINT_copy(s, group->generator)) + if (!EC_POINT_copy(p, group->generator)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); goto err; + } } else { - if (!EC_POINT_copy(s, point)) + if (!EC_POINT_copy(p, point)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB); goto err; + } } + EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME); + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); cardinality = BN_CTX_get(ctx); lambda = BN_CTX_get(ctx); k = BN_CTX_get(ctx); - if (k == NULL || !BN_mul(cardinality, group->order, group->cofactor, ctx)) + if (k == NULL) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } /* * Group cardinalities are often on a word boundary. @@ -174,11 +207,15 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, cardinality_bits = BN_num_bits(cardinality); group_top = bn_get_top(cardinality); if ((bn_wexpand(k, group_top + 1) == NULL) - || (bn_wexpand(lambda, group_top + 1) == NULL)) + || (bn_wexpand(lambda, group_top + 1) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } - if (!BN_copy(k, scalar)) + if (!BN_copy(k, scalar)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } BN_set_flags(k, BN_FLG_CONSTTIME); @@ -187,15 +224,21 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, * this is an unusual input, and we don't guarantee * constant-timeness */ - if (!BN_nnmod(k, k, cardinality, ctx)) + if (!BN_nnmod(k, k, cardinality, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } } - if (!BN_add(lambda, k, cardinality)) + if (!BN_add(lambda, k, cardinality)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } BN_set_flags(lambda, BN_FLG_CONSTTIME); - if (!BN_add(k, lambda, cardinality)) + if (!BN_add(k, lambda, cardinality)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } /* * lambda := scalar + cardinality * k := scalar + 2*cardinality @@ -209,8 +252,13 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, || (bn_wexpand(s->Z, group_top) == NULL) || (bn_wexpand(r->X, group_top) == NULL) || (bn_wexpand(r->Y, group_top) == NULL) - || (bn_wexpand(r->Z, group_top) == NULL)) + || (bn_wexpand(r->Z, group_top) == NULL) + || (bn_wexpand(p->X, group_top) == NULL) + || (bn_wexpand(p->Y, group_top) == NULL) + || (bn_wexpand(p->Z, group_top) == NULL)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB); goto err; + } /*- * Apply coordinate blinding for EC_POINT. @@ -220,19 +268,19 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, * success or if coordinate blinding is not implemented for this * group. */ - if (!ec_point_blind_coordinates(group, s, ctx)) + if (!ec_point_blind_coordinates(group, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_POINT_COORDINATES_BLIND_FAILURE); goto err; + } - /* top bit is a 1, in a fixed pos */ - if (!EC_POINT_copy(r, s)) - goto err; - - EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); - - if (!EC_POINT_dbl(group, s, s, ctx)) + /* Initialize the Montgomery ladder */ + if (!ec_point_ladder_pre(group, r, s, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE); goto err; + } - pbit = 0; + /* top bit is a 1, in a fixed pos */ + pbit = 1; #define EC_POINT_CSWAP(c, a, b, w, t) do { \ BN_consttime_swap(c, (a)->X, (b)->X, w); \ @@ -304,10 +352,12 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, for (i = cardinality_bits - 1; i >= 0; i--) { kbit = BN_is_bit_set(k, i) ^ pbit; EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); - if (!EC_POINT_add(group, s, r, s, ctx)) - goto err; - if (!EC_POINT_dbl(group, r, r, ctx)) + + /* Perform a single step of the Montgomery ladder */ + if (!ec_point_ladder_step(group, r, s, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE); goto err; + } /* * pbit logic merges this cswap with that of the * next iteration @@ -318,12 +368,18 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r, EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); #undef EC_POINT_CSWAP + /* Finalize ladder (and recover full point coordinates) */ + if (!ec_point_ladder_post(group, r, s, p, ctx)) { + ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE); + goto err; + } + ret = 1; err: + EC_POINT_free(p); EC_POINT_free(s); BN_CTX_end(ctx); - BN_CTX_free(new_ctx); return ret; } @@ -355,7 +411,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) { - BN_CTX *new_ctx = NULL; const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; @@ -380,56 +435,35 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, * precomputation is not available */ int ret = 0; - if (!ec_point_is_compat(r, group)) { - ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - - if ((scalar == NULL) && (num == 0)) { - return EC_POINT_set_to_infinity(group, r); - } - if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) { /*- - * Handle the common cases where the scalar is secret, enforcing a constant - * time scalar multiplication algorithm. + * Handle the common cases where the scalar is secret, enforcing a + * scalar multiplication implementation based on a Montgomery ladder, + * with various timing attack defenses. */ if ((scalar != NULL) && (num == 0)) { /*- * In this case we want to compute scalar * GeneratorPoint: this - * codepath is reached most prominently by (ephemeral) key generation - * of EC cryptosystems (i.e. ECDSA keygen and sign setup, ECDH - * keygen/first half), where the scalar is always secret. This is why - * we ignore if BN_FLG_CONSTTIME is actually set and we always call the - * constant time version. + * codepath is reached most prominently by (ephemeral) key + * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup, + * ECDH keygen/first half), where the scalar is always secret. This + * is why we ignore if BN_FLG_CONSTTIME is actually set and we + * always call the ladder version. */ - return ec_mul_consttime(group, r, scalar, NULL, ctx); + return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx); } if ((scalar == NULL) && (num == 1)) { /*- - * In this case we want to compute scalar * GenericPoint: this codepath - * is reached most prominently by the second half of ECDH, where the - * secret scalar is multiplied by the peer's public point. To protect - * the secret scalar, we ignore if BN_FLG_CONSTTIME is actually set and - * we always call the constant time version. + * In this case we want to compute scalar * VariablePoint: this + * codepath is reached most prominently by the second half of ECDH, + * where the secret scalar is multiplied by the peer's public point. + * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is + * actually set and we always call the ladder version. */ - return ec_mul_consttime(group, r, scalars[0], points[0], ctx); - } - } - - for (i = 0; i < num; i++) { - if (!ec_point_is_compat(points[i], group)) { - ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; + return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx); } } - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - if (scalar != NULL) { generator = EC_GROUP_get0_generator(group); if (generator == NULL) { @@ -736,7 +770,6 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ret = 1; err: - BN_CTX_free(new_ctx); EC_POINT_free(tmp); OPENSSL_free(wsize); OPENSSL_free(wNAF_len); diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index 358e998..fda9a23 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -63,7 +63,10 @@ const EC_METHOD *EC_GFp_mont_method(void) 0, /* keyfinish */ ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ - ec_GFp_simple_blind_coordinates + ec_GFp_simple_blind_coordinates, + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 58669d3..2c23525 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -65,7 +65,10 @@ const EC_METHOD *EC_GFp_nist_method(void) 0, /* keyfinish */ ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ - ec_GFp_simple_blind_coordinates + ec_GFp_simple_blind_coordinates, + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 6155b54..ecae568 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -292,7 +292,10 @@ const EC_METHOD *EC_GFp_nistp224_method(void) 0, /* keyfinish */ ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ - 0 /* blind_coordinates */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -1393,7 +1396,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, int j; unsigned i; int mixed = 0; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; @@ -1410,9 +1412,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const EC_POINT *p = NULL; const BIGNUM *p_scalar = NULL; - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new()) == NULL) - return 0; BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -1575,7 +1574,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - BN_CTX_free(new_ctx); OPENSSL_free(secrets); OPENSSL_free(pre_comp); OPENSSL_free(tmp_felems); diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 00fcfd5..22f172b 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1821,7 +1821,12 @@ const EC_METHOD *EC_GFp_nistp256_method(void) ec_key_simple_generate_public_key, 0, /* keycopy */ 0, /* keyfinish */ - ecdh_simple_compute_key + ecdh_simple_compute_key, + 0, /* field_inverse_mod_ord */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -2013,7 +2018,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, int ret = 0; int j; int mixed = 0; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; @@ -2031,9 +2035,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const EC_POINT *p = NULL; const BIGNUM *p_scalar = NULL; - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new()) == NULL) - return 0; BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -2202,7 +2203,6 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - BN_CTX_free(new_ctx); OPENSSL_free(secrets); OPENSSL_free(pre_comp); OPENSSL_free(tmp_smallfelems); diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 4e6c0f9..06945b5 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1660,7 +1660,10 @@ const EC_METHOD *EC_GFp_nistp521_method(void) 0, /* keyfinish */ ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ - 0 /* blind_coordinates */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -1852,7 +1855,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, int ret = 0; int j; int mixed = 0; - BN_CTX *new_ctx = NULL; BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; @@ -1869,9 +1871,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const EC_POINT *p = NULL; const BIGNUM *p_scalar = NULL; - if (ctx == NULL) - if ((ctx = new_ctx = BN_CTX_new()) == NULL) - return 0; BN_CTX_start(ctx); x = BN_CTX_get(ctx); y = BN_CTX_get(ctx); @@ -2038,7 +2037,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - BN_CTX_free(new_ctx); OPENSSL_free(secrets); OPENSSL_free(pre_comp); OPENSSL_free(tmp_felems); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 045c2e7..4b5fc62 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1139,12 +1139,10 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, const BIGNUM *scalars[], BN_CTX *ctx) { int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0; - size_t j; unsigned char p_str[33] = { 0 }; const PRECOMP256_ROW *preComputedTable = NULL; const NISTZ256_PRE_COMP *pre_comp = NULL; const EC_POINT *generator = NULL; - BN_CTX *new_ctx = NULL; const BIGNUM **new_scalars = NULL; const EC_POINT **new_points = NULL; unsigned int idx = 0; @@ -1162,27 +1160,6 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } - if (!ec_point_is_compat(r, group)) { - ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - - if ((scalar == NULL) && (num == 0)) - return EC_POINT_set_to_infinity(group, r); - - for (j = 0; j < num; j++) { - if (!ec_point_is_compat(points[j], group)) { - ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - } - - if (ctx == NULL) { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - BN_CTX_start(ctx); if (scalar) { @@ -1380,7 +1357,6 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, err: if (ctx) BN_CTX_end(ctx); - BN_CTX_free(new_ctx); OPENSSL_free(new_points); OPENSSL_free(new_scalars); return ret; @@ -1731,7 +1707,10 @@ const EC_METHOD *EC_GFp_nistz256_method(void) 0, /* keyfinish */ ecdh_simple_compute_key, ecp_nistz256_inv_mod_ord, /* can be #define-d NULL */ - 0 /* blind_coordinates */ + 0, /* blind_coordinates */ + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index e0e4996..768922a 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -64,7 +64,10 @@ const EC_METHOD *EC_GFp_simple_method(void) 0, /* keyfinish */ ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ - ec_GFp_simple_blind_coordinates + ec_GFp_simple_blind_coordinates, + 0, /* ladder_pre */ + 0, /* ladder_step */ + 0 /* ladder_post */ }; return &ret; @@ -1418,4 +1421,3 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX_end(ctx); return ret; } - diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 007560a..3e2bc69 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -521,8 +521,11 @@ EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY:208:ec_GF2m_montgomery_point_multiply EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT:159:\ ec_GF2m_simple_group_check_discriminant EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE:195:ec_GF2m_simple_group_set_curve +EC_F_EC_GF2M_SIMPLE_LADDER_POST:285:ec_GF2m_simple_ladder_post +EC_F_EC_GF2M_SIMPLE_LADDER_PRE:288:ec_GF2m_simple_ladder_pre EC_F_EC_GF2M_SIMPLE_OCT2POINT:160:ec_GF2m_simple_oct2point EC_F_EC_GF2M_SIMPLE_POINT2OCT:161:ec_GF2m_simple_point2oct +EC_F_EC_GF2M_SIMPLE_POINTS_MUL:289:ec_GF2m_simple_points_mul EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES:162:\ ec_GF2m_simple_point_get_affine_coordinates EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES:163:\ @@ -601,6 +604,7 @@ EC_F_EC_KEY_SIMPLE_PRIV2OCT:260:ec_key_simple_priv2oct EC_F_EC_PKEY_CHECK:273:ec_pkey_check EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine +EC_F_EC_POINTS_MUL:290:EC_POINTs_mul EC_F_EC_POINT_ADD:112:EC_POINT_add EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point EC_F_EC_POINT_CMP:113:EC_POINT_cmp @@ -630,6 +634,7 @@ EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP:126:\ EC_POINT_set_Jprojective_coordinates_GFp EC_F_EC_POINT_SET_TO_INFINITY:127:EC_POINT_set_to_infinity EC_F_EC_PRE_COMP_NEW:196:ec_pre_comp_new +EC_F_EC_SCALAR_MUL_LADDER:284:ec_scalar_mul_ladder EC_F_EC_WNAF_MUL:187:ec_wNAF_mul EC_F_EC_WNAF_PRECOMPUTE_MULT:188:ec_wNAF_precompute_mult EC_F_I2D_ECPARAMETERS:190:i2d_ECParameters @@ -2130,6 +2135,9 @@ EC_R_INVALID_PRIVATE_KEY:123:invalid private key EC_R_INVALID_TRINOMIAL_BASIS:137:invalid trinomial basis EC_R_KDF_PARAMETER_ERROR:148:kdf parameter error EC_R_KEYS_NOT_SET:140:keys not set +EC_R_LADDER_POST_FAILURE:136:ladder post failure +EC_R_LADDER_PRE_FAILURE:153:ladder pre failure +EC_R_LADDER_STEP_FAILURE:162:ladder step failure EC_R_MISSING_PARAMETERS:124:missing parameters EC_R_MISSING_PRIVATE_KEY:125:missing private key EC_R_NEED_NEW_SETUP_VALUES:157:need new setup values @@ -2144,12 +2152,14 @@ EC_R_PEER_KEY_ERROR:149:peer key error EC_R_PKPARAMETERS2GROUP_FAILURE:127:pkparameters2group failure EC_R_POINT_ARITHMETIC_FAILURE:155:point arithmetic failure EC_R_POINT_AT_INFINITY:106:point at infinity +EC_R_POINT_COORDINATES_BLIND_FAILURE:163:point coordinates blind failure EC_R_POINT_IS_NOT_ON_CURVE:107:point is not on curve EC_R_RANDOM_NUMBER_GENERATION_FAILED:158:random number generation failed EC_R_SHARED_INFO_ERROR:150:shared info error EC_R_SLOT_FULL:108:slot full EC_R_UNDEFINED_GENERATOR:113:undefined generator EC_R_UNDEFINED_ORDER:128:undefined order +EC_R_UNKNOWN_COFACTOR:164:unknown cofactor EC_R_UNKNOWN_GROUP:129:unknown group EC_R_UNKNOWN_ORDER:114:unknown order EC_R_UNSUPPORTED_FIELD:131:unsupported field diff --git a/crypto/include/internal/sm2err.h b/crypto/include/internal/sm2err.h index f32d26c..9a7e2b6 100644 --- a/crypto/include/internal/sm2err.h +++ b/crypto/include/internal/sm2err.h @@ -15,6 +15,9 @@ # ifndef OPENSSL_NO_SM2 +# ifdef __cplusplus +extern "C" +# endif int ERR_load_SM2_strings(void); /* diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index ac6bdcd..a54a185 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -15,6 +15,9 @@ # ifndef OPENSSL_NO_DSO +# ifdef __cplusplus +extern "C" +# endif int ERR_load_DSO_strings(void); /* diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 8db7967..967d6e0 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -64,8 +64,11 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 # define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 # define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +# define EC_F_EC_GF2M_SIMPLE_LADDER_POST 285 +# define EC_F_EC_GF2M_SIMPLE_LADDER_PRE 288 # define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 # define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +# define EC_F_EC_GF2M_SIMPLE_POINTS_MUL 289 # define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 # define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 # define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 @@ -133,6 +136,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_PKEY_CHECK 273 # define EC_F_EC_PKEY_PARAM_CHECK 274 # define EC_F_EC_POINTS_MAKE_AFFINE 136 +# define EC_F_EC_POINTS_MUL 290 # define EC_F_EC_POINT_ADD 112 # define EC_F_EC_POINT_BN2POINT 280 # define EC_F_EC_POINT_CMP 113 @@ -156,6 +160,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 # define EC_F_EC_POINT_SET_TO_INFINITY 127 # define EC_F_EC_PRE_COMP_NEW 196 +# define EC_F_EC_SCALAR_MUL_LADDER 284 # define EC_F_EC_WNAF_MUL 187 # define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 # define EC_F_I2D_ECPARAMETERS 190 @@ -183,12 +188,6 @@ int ERR_load_EC_strings(void); # define EC_F_PKEY_EC_KEYGEN 199 # define EC_F_PKEY_EC_PARAMGEN 219 # define EC_F_PKEY_EC_SIGN 218 -# define EC_F_PKEY_SM2_CTRL 284 -# define EC_F_PKEY_SM2_CTRL_STR 285 -# define EC_F_PKEY_SM2_INIT 287 -# define EC_F_PKEY_SM2_KEYGEN 288 -# define EC_F_PKEY_SM2_PARAMGEN 289 -# define EC_F_PKEY_SM2_SIGN 290 # define EC_F_VALIDATE_ECX_DERIVE 278 /* @@ -228,6 +227,9 @@ int ERR_load_EC_strings(void); # define EC_R_INVALID_TRINOMIAL_BASIS 137 # define EC_R_KDF_PARAMETER_ERROR 148 # define EC_R_KEYS_NOT_SET 140 +# define EC_R_LADDER_POST_FAILURE 136 +# define EC_R_LADDER_PRE_FAILURE 153 +# define EC_R_LADDER_STEP_FAILURE 162 # define EC_R_MISSING_PARAMETERS 124 # define EC_R_MISSING_PRIVATE_KEY 125 # define EC_R_NEED_NEW_SETUP_VALUES 157 @@ -242,12 +244,14 @@ int ERR_load_EC_strings(void); # define EC_R_PKPARAMETERS2GROUP_FAILURE 127 # define EC_R_POINT_ARITHMETIC_FAILURE 155 # define EC_R_POINT_AT_INFINITY 106 +# define EC_R_POINT_COORDINATES_BLIND_FAILURE 163 # define EC_R_POINT_IS_NOT_ON_CURVE 107 # define EC_R_RANDOM_NUMBER_GENERATION_FAILED 158 # define EC_R_SHARED_INFO_ERROR 150 # define EC_R_SLOT_FULL 108 # define EC_R_UNDEFINED_GENERATOR 113 # define EC_R_UNDEFINED_ORDER 128 +# define EC_R_UNKNOWN_COFACTOR 164 # define EC_R_UNKNOWN_GROUP 129 # define EC_R_UNKNOWN_ORDER 114 # define EC_R_UNSUPPORTED_FIELD 131 diff --git a/test/ectest.c b/test/ectest.c index ead23d7..2945cd7 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -31,6 +31,7 @@ static int group_order_tests(EC_GROUP *group) { BIGNUM *n1 = NULL, *n2 = NULL, *order = NULL; EC_POINT *P = NULL, *Q = NULL, *R = NULL, *S = NULL; + const EC_POINT *G = NULL; BN_CTX *ctx = NULL; int i = 0, r = 0; @@ -38,6 +39,7 @@ static int group_order_tests(EC_GROUP *group) || !TEST_ptr(n2 = BN_new()) || !TEST_ptr(order = BN_new()) || !TEST_ptr(ctx = BN_CTX_new()) + || !TEST_ptr(G = EC_GROUP_get0_generator(group)) || !TEST_ptr(P = EC_POINT_new(group)) || !TEST_ptr(Q = EC_POINT_new(group)) || !TEST_ptr(R = EC_POINT_new(group)) @@ -49,7 +51,15 @@ static int group_order_tests(EC_GROUP *group) || !TEST_true(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_GROUP_precompute_mult(group, ctx)) || !TEST_true(EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) - || !TEST_true(EC_POINT_is_at_infinity(group, Q))) + || !TEST_true(EC_POINT_is_at_infinity(group, Q)) + || !TEST_true(EC_POINT_copy(P, G)) + || !TEST_true(BN_one(n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx)) + || !TEST_true(BN_sub(n1, order, n1)) + || !TEST_true(EC_POINT_mul(group, Q, n1, NULL, NULL, ctx)) + || !TEST_true(EC_POINT_invert(group, Q, ctx)) + || !TEST_int_eq(0, EC_POINT_cmp(group, Q, P, ctx))) goto err; for (i = 1; i <= 2; i++) { @@ -62,6 +72,7 @@ static int group_order_tests(EC_GROUP *group) * EC_GROUP_precompute_mult has set up precomputation. */ || !TEST_true(EC_POINT_mul(group, P, n1, NULL, NULL, ctx)) + || (i == 1 && !TEST_int_eq(0, EC_POINT_cmp(group, P, G, ctx))) || !TEST_true(BN_one(n1)) /* n1 = 1 - order */ || !TEST_true(BN_sub(n1, n1, order)) From levitte at openssl.org Mon Jul 16 09:35:53 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 16 Jul 2018 09:35:53 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1531733753.651605.7306.nullmailer@dev.openssl.org> The branch master has been updated via 1fb2c1d2155c25b18b00bc9cc6f1a9169d1b9460 (commit) from 45ea2185ce1a2f39c6fb72abd076dbb191b0d016 (commit) - Log ----------------------------------------------------------------- commit 1fb2c1d2155c25b18b00bc9cc6f1a9169d1b9460 Author: Richard Levitte Date: Mon Jul 16 11:33:18 2018 +0200 build-gost: ensure gost.so is built with RUNPATH, not RPATH This allows us to point to whatever libcrypto we want. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/23) ----------------------------------------------------------------------- Summary of changes: run-checker/build-gost.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh index f3d205f..c9004c3 100755 --- a/run-checker/build-gost.sh +++ b/run-checker/build-gost.sh @@ -34,6 +34,8 @@ OPENSSL_PREFIX=$(pwd)/openssl/_install && make install_dev ) && ( cd gost-engine - cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX . + cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX \ + -DCMAKE_SHARED_LINKER_FLAGS='-Wl,--enable-new-dtags' \ + . make ) From levitte at openssl.org Mon Jul 16 10:16:27 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 16 Jul 2018 10:16:27 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1531736187.008515.14955.nullmailer@dev.openssl.org> The branch master has been updated via cab68a3abe9fa4d8b8837b98540bb0d25ee4f55b (commit) from 1fb2c1d2155c25b18b00bc9cc6f1a9169d1b9460 (commit) - Log ----------------------------------------------------------------- commit cab68a3abe9fa4d8b8837b98540bb0d25ee4f55b Author: Richard Levitte Date: Mon Jul 16 11:53:48 2018 +0200 build-gost: CMAKE_MODULE_LINKER_FLAGS, not CMAKE_SHARED_LINKER_FLAGS Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/24) ----------------------------------------------------------------------- Summary of changes: run-checker/build-gost.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-checker/build-gost.sh b/run-checker/build-gost.sh index c9004c3..a6f3468 100755 --- a/run-checker/build-gost.sh +++ b/run-checker/build-gost.sh @@ -35,7 +35,7 @@ OPENSSL_PREFIX=$(pwd)/openssl/_install ) && ( cd gost-engine cmake -DOPENSSL_ROOT_DIR=$OPENSSL_PREFIX \ - -DCMAKE_SHARED_LINKER_FLAGS='-Wl,--enable-new-dtags' \ + -DCMAKE_MODULE_LINKER_FLAGS='-Wl,--enable-new-dtags' \ . make ) From kurt at openssl.org Mon Jul 16 22:01:29 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Mon, 16 Jul 2018 22:01:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531778489.474038.12674.nullmailer@dev.openssl.org> The branch master has been updated via 57fd517066418472b3280a975823405fb8f2f43d (commit) via 07fc8d5207febe53c8203a8a89fb7ba006871a1b (commit) from 01ad66f85d22fd001582b5f2e6e18db8b820c550 (commit) - Log ----------------------------------------------------------------- commit 57fd517066418472b3280a975823405fb8f2f43d Author: Kurt Roeckx Date: Sun May 13 11:24:11 2018 +0200 Improve documentation about reading and writing Reviewed-by: Matt Caswell GH: #6240 commit 07fc8d5207febe53c8203a8a89fb7ba006871a1b Author: Kurt Roeckx Date: Sun Jul 15 13:49:53 2018 +0200 Enable all protocols and ciphers in the fuzzer The config file can override it. In case of the server, it needs to be set on the ctx or some of the other functions on the ctx might file. Reviewed-by: Rich Salz DH: #6718 ----------------------------------------------------------------------- Summary of changes: doc/man3/BIO_should_retry.pod | 10 ++++--- doc/man3/SSL_CTX_set_mode.pod | 38 ++++++++++++++++++++------ doc/man3/SSL_CTX_set_read_ahead.pod | 18 +++++++++++-- doc/man3/SSL_get_error.pod | 41 +++++++++++++++++++++------- doc/man3/SSL_read.pod | 53 ++++++++++++++++++++++--------------- doc/man3/SSL_write.pod | 17 +++++++----- fuzz/client.c | 1 + fuzz/server.c | 7 +++-- 8 files changed, 133 insertions(+), 52 deletions(-) diff --git a/doc/man3/BIO_should_retry.pod b/doc/man3/BIO_should_retry.pod index 60d8139..7a9ce8c 100644 --- a/doc/man3/BIO_should_retry.pod +++ b/doc/man3/BIO_should_retry.pod @@ -32,11 +32,13 @@ should then be retried at a later time. If BIO_should_retry() is false then the cause is an error condition. -BIO_should_read() is true if the cause of the condition is that a BIO -needs to read data. +BIO_should_read() is true if the cause of the condition is that the BIO +has insufficient data to return. Check for readability and/or retry the +last operation. -BIO_should_write() is true if the cause of the condition is that a BIO -needs to read data. +BIO_should_write() is true if the cause of the condition is that the BIO +has pending data to write. Check for writability and/or retry the +last operation. BIO_should_io_special() is true if some "special" condition, that is a reason other than reading or writing is the cause of the condition. diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index e83b591..e6de166 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -2,14 +2,16 @@ =head1 NAME -SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode +SSL_CTX_set_mode, SSL_CTX_clear_mode, SSL_set_mode, SSL_clear_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode =head1 SYNOPSIS #include long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); + long SSL_CTX_clear_mode(SSL_CTX *ctx, long mode); long SSL_set_mode(SSL *ssl, long mode); + long SSL_clear_mode(SSL *ssl, long mode); long SSL_CTX_get_mode(SSL_CTX *ctx); long SSL_get_mode(SSL *ssl); @@ -18,9 +20,11 @@ SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL SSL_CTX_set_mode() adds the mode set via bitmask in B to B. Options already set before are not cleared. +SSL_CTX_clear_mode() removes the mode set via bitmask in B from B. SSL_set_mode() adds the mode set via bitmask in B to B. Options already set before are not cleared. +SSL_clear_mode() removes the mode set via bitmask in B from B. SSL_CTX_get_mode() returns the mode set for B. @@ -51,16 +55,31 @@ non-blocking write(). =item SSL_MODE_AUTO_RETRY -Never bother the application with retries if the transport is blocking. -If a renegotiation take place during normal operation, a -L, L, L or L would -return with a failure and indicate the need to retry with SSL_ERROR_WANT_READ. +During normal operations, non-application data records might need to be sent or +received that the application is not aware of. +If a non-application data record was processed, +L and L can return with a failure and indicate the +need to retry with B. +If such a non-application data record was processed, the flag +B causes it to try to process the next record instead of +returning. + In a non-blocking environment applications must be prepared to handle incomplete read/write operations. +Setting B for a non-blocking B will process +non-application data records until either no more data is available or +an application data record has been processed. + In a blocking environment, applications are not always prepared to -deal with read/write operations returning without success report. The -flag SSL_MODE_AUTO_RETRY will cause read/write operations to only -return after the handshake and successful completion. +deal with the functions returning intermediate reports such as retry +requests, and setting the B flag will cause the functions +to only return after successfully processing an application data record or a +failure. + +Turning off B can be useful with blocking Bs in case +they are used in combination with something like select() or poll(). +Otherwise the call to SSL_read() or SSL_read_ex() might hang when a +non-application record was sent and no application data was sent. =item SSL_MODE_RELEASE_BUFFERS @@ -88,6 +107,9 @@ used to perform cryptographic operations. See L. =back +All modes are off by default except for SSL_MODE_AUTO_RETRY which is on by +default since 1.1.1. + =head1 RETURN VALUES SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask diff --git a/doc/man3/SSL_CTX_set_read_ahead.pod b/doc/man3/SSL_CTX_set_read_ahead.pod index 3a96ce3..f2731a0 100644 --- a/doc/man3/SSL_CTX_set_read_ahead.pod +++ b/doc/man3/SSL_CTX_set_read_ahead.pod @@ -25,12 +25,14 @@ many input bytes as possible (for non-blocking reads) or not. For example if B bytes are currently required by OpenSSL, but B bytes are available from the underlying BIO (where B > B), then OpenSSL will read all B bytes into its buffer (providing that the buffer is large enough) if reading ahead is -on, or B bytes otherwise. The parameter B or B should be 0 to ensure -reading ahead is off, or non zero otherwise. +on, or B bytes otherwise. +Setting the parameter B to 0 turns reading ahead is off, other values turn +it on. SSL_CTX_set_default_read_ahead() is identical to SSL_CTX_set_read_ahead(). SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading ahead has been set or not. +SSL_CTX_get_default_read_ahead() is identical to SSL_CTX_get_read_ahead(). =head1 NOTES @@ -39,6 +41,18 @@ SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. Setting B can impact the behaviour of the SSL_pending() function (see L). +Since SSL_read() can return B for non-application data +records, and SSL_has_pending() can't tell the difference between processed and +unprocessed data, it's recommended that if read ahead is turned on that +B is not turned off using SSL_CTX_clear_mode(). +That will prevent getting B when there is still a complete +record availale that hasn't been processed. + +If the application wants to continue to use the underlying transport (e.g. TCP +connection) after the SSL connection is finished using SSL_shutdown() reading +ahead should be turned off. +Otherwise the SSL structure might read data that it shouldn't. + =head1 RETURN VALUES SSL_get_read_ahead() and SSL_CTX_get_read_ahead() return 0 if reading ahead is off, diff --git a/doc/man3/SSL_get_error.pod b/doc/man3/SSL_get_error.pod index f1050b0..01446a2 100644 --- a/doc/man3/SSL_get_error.pod +++ b/doc/man3/SSL_get_error.pod @@ -46,25 +46,45 @@ indicate that the underlying transport has been closed. =item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE -The operation did not complete; the same TLS/SSL I/O function should be -called again later. If, by then, the underlying B has data -available for reading (if the result code is B) -or allows writing data (B), then some TLS/SSL -protocol progress will take place, i.e. at least part of an TLS/SSL -record will be read or written. Note that the retry may again lead to -a B or B condition. +The operation did not complete and can be retried later. + +B is returned when the last operation was a read +operation from a non-blocking B. +It means that not enough data was available at this time to complete the +operation. +If at a later time the underlying B has data available for reading the same +function can be called again. + +SSL_read() and SSL_read_ex() can also set B when there is +still unprocessed data available at either the B or the B layer, even +for a blocking B. +See L for more information. + +B is returned when the last operation was a write +to a non-blocking B and it was unable to sent all data to the B. +When the B is writeable again, the same function can be called again. + +Note that the retry may again lead to an B or +B condition. There is no fixed upper limit for the number of iterations that may be necessary until progress becomes visible at application protocol level. +It is safe to call SSL_read() or SSL_read_ex() when more data is available +even when the call that set this error was an SSL_write() or SSL_write_ex(). +However if the call was an SSL_write() or SSL_write_ex(), it should be called +again to continue sending the application data. + For socket Bs (e.g. when SSL_set_fd() was used), select() or poll() on the underlying socket can be used to find out when the TLS/SSL I/O function should be retried. Caveat: Any TLS/SSL I/O function can lead to either of -B and B. In particular, +B and B. +In particular, SSL_read_ex(), SSL_read(), SSL_peek_ex(), or SSL_peek() may want to write data -and SSL_write() or SSL_write_ex() may want to read data. This is mainly because +and SSL_write() or SSL_write_ex() may want to read data. +This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read_ex(), SSL_read(), SSL_peek_ex(), SSL_peek(), SSL_write_ex(), and SSL_write() will handle any pending handshakes. @@ -122,6 +142,9 @@ Some non-recoverable I/O error occurred. The OpenSSL error queue may contain more information on the error. For socket I/O on Unix systems, consult B for details. +This value can also be returned for other errors, check the error queue for +details. + =item SSL_ERROR_SSL A failure in the SSL library occurred, usually a protocol error. The diff --git a/doc/man3/SSL_read.pod b/doc/man3/SSL_read.pod index 215d4c5..b1b2002 100644 --- a/doc/man3/SSL_read.pod +++ b/doc/man3/SSL_read.pod @@ -51,40 +51,47 @@ call. If B is higher than the number of bytes buffered then the read functions will return with the bytes buffered. If no more bytes are in the buffer, the read functions will trigger the processing of the next record. Only when the record has been received and processed completely will the read -functions return reporting success. At most the contents of the record will +functions return reporting success. At most the contents of one record will be returned. As the size of an SSL/TLS record may exceed the maximum packet size of the underlying transport (e.g. TCP), it may be necessary to read several packets from the transport layer before the record is complete and the read call can succeed. +If B has been switched off and a non-application data +record has been processed, the read function can return and set the error to +B. +In this case there might still be unprocessed data available in the B. +If read ahead was set using L, there might also still +be unprocessed data available in the B. +This behaviour can be controlled using the L call. + If the underlying BIO is B, a read function will only return once the read operation has been finished or an error occurred, except when a -renegotiation takes place, in which case a SSL_ERROR_WANT_READ may occur. This -behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the -L call. +non-application data record has been processed and B is +not set. +Note that if B is set and only non-application data is +available the call will hang. If the underlying BIO is B, a read function will also return when the underlying BIO could not satisfy the needs of the function to continue the -operation. In this case a call to L with the +operation. +In this case a call to L with the return value of the read function will yield B or -B. As at any time a re-negotiation is possible, a -a read function can also cause write operations! The calling process then must -repeat the call after taking appropriate action to satisfy the needs of the read -function. The action depends on the underlying BIO. When using a non-blocking -socket, nothing is to be done, but select() can be used to check for the -required condition. When using a buffering BIO, like a BIO pair, data must be -written into or retrieved out of the BIO before being able to continue. +B. +As at any time it's possible that non-application data needs to be sent, +a read function can also cause write operations. +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of the read function. +The action depends on the underlying BIO. +When using a non-blocking socket, nothing is to be done, but select() can be +used to check for the required condition. +When using a buffering BIO, like a BIO pair, data must be written into or +retrieved out of the BIO before being able to continue. L can be used to find out whether there -are buffered bytes available for immediate retrieval. In this case -the read function can be called without blocking or actually receiving -new data from the underlying socket. - -=head1 WARNING - -When a read function operation has to be repeated because L -returned B or B, it must be repeated -with the same arguments. +are buffered bytes available for immediate retrieval. +In this case the read function can be called without blocking or actually +receiving new data from the underlying socket. =head1 RETURN VALUES @@ -119,6 +126,10 @@ You should instead call SSL_get_error() to find out if it's retryable. =back +=head1 HISTORY + +SSL_read_ex() and SSL_peek_ex() were added in OpenSSL 1.1.1. + =head1 SEE ALSO L, L, diff --git a/doc/man3/SSL_write.pod b/doc/man3/SSL_write.pod index 14b651a..d528442 100644 --- a/doc/man3/SSL_write.pod +++ b/doc/man3/SSL_write.pod @@ -34,10 +34,7 @@ L or SSL_set_accept_state() before the first call to a write function. If the underlying BIO is B, the write functions will only return, once -the write operation has been finished or an error occurred, except when a -renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. -This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the -L call. +the write operation has been finished or an error occurred. If the underlying BIO is B the write functions will also return when the underlying BIO could not satisfy the needs of the function to continue @@ -65,9 +62,13 @@ write is performed with the size of a message block, which is 16kB. When a write function call has to be repeated because L returned B or B, it must be repeated with the same arguments. +The data that was passed might have been partially processed. +When B was set using L +the pointer can be different, but the data and length should still be the same. -When calling the write functions with num=0 bytes to be sent the behaviour is -undefined. +You should not call SSL_write() with num=0, it will return an error. +SSL_write_ex() can be called with num=0, but will not send application data to +the peer. =head1 RETURN VALUES @@ -103,6 +104,10 @@ You should instead call SSL_get_error() to find out if it's retryable. =back +=head1 HISTORY + +SSL_write_ex() was added in OpenSSL 1.1.1. + =head1 SEE ALSO L, L, L diff --git a/fuzz/client.c b/fuzz/client.c index ce6d8cc..bc01f62 100644 --- a/fuzz/client.c +++ b/fuzz/client.c @@ -73,6 +73,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) ctx = SSL_CTX_new(SSLv23_method()); client = SSL_new(ctx); + OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); SSL_set_tlsext_host_name(client, "localhost"); in = BIO_new(BIO_s_mem()); diff --git a/fuzz/server.c b/fuzz/server.c index 2f7403e..7f9f9fa 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -534,6 +534,11 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) /* This only fuzzes the initial flow from the client so far. */ ctx = SSL_CTX_new(SSLv23_method()); + ret = SSL_CTX_set_min_proto_version(ctx, 0); + OPENSSL_assert(ret == 1); + ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0"); + OPENSSL_assert(ret == 1); + /* RSA */ bufp = kRSAPrivateKeyDER; privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); @@ -602,8 +607,6 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) /* TODO: Set up support for SRP and PSK */ server = SSL_new(ctx); - ret = SSL_set_cipher_list(server, "ALL:eNULL:@SECLEVEL=0"); - OPENSSL_assert(ret == 1); in = BIO_new(BIO_s_mem()); out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); From openssl at openssl.org Mon Jul 16 22:38:07 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 16 Jul 2018 22:38:07 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1531780687.954794.18294.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1168, 443 wallclock secs ( 0.93 usr 0.33 sys + 371.29 cusr 50.96 csys = 423.51 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-asan' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Mon Jul 16 23:49:35 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 16 Jul 2018 23:49:35 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1531784975.128924.4252.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... skipped: CMS is not supported by this OpenSSL build ../../openssl/test/recipes/80-test_cmsapi.t ................... skipped: CMS is disabled in this build ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1343, 208 wallclock secs ( 3.02 usr 0.39 sys + 176.93 cusr 10.74 csys = 191.08 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-cms' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 00:02:11 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 00:02:11 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings enable-crypto-mdebug Message-ID: <1531785731.771461.13695.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-crypto-mdebug Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1349, 276 wallclock secs ( 2.97 usr 0.45 sys + 220.73 cusr 18.03 csys = 242.18 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-crypto-mdebug' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 00:41:43 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 00:41:43 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1531788103.548465.1528.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... ok ../../openssl/test/recipes/70-test_key_share.t ................ ok ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ ok ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ ok ../../openssl/test/recipes/70-test_sslcertstatus.t ............ ok ../../openssl/test/recipes/70-test_sslextension.t ............. ok ../../openssl/test/recipes/70-test_sslmessages.t .............. ok ../../openssl/test/recipes/70-test_sslrecords.t ............... ok ../../openssl/test/recipes/70-test_sslsessiontick.t ........... ok ../../openssl/test/recipes/70-test_sslsigalgs.t ............... ok ../../openssl/test/recipes/70-test_sslsignature.t ............. ok ../../openssl/test/recipes/70-test_sslskewith0p.t ............. ok ../../openssl/test/recipes/70-test_sslversions.t .............. ok ../../openssl/test/recipes/70-test_sslvertol.t ................ ok ../../openssl/test/recipes/70-test_tls13cookie.t .............. ok ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade not run in pre TLSv1.3 RFC implementation ../../openssl/test/recipes/70-test_tls13hrr.t ................. ok ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ ok ../../openssl/test/recipes/70-test_tls13messages.t ............ ok ../../openssl/test/recipes/70-test_tls13psk.t ................. ok ../../openssl/test/recipes/70-test_tlsextms.t ................. ok ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1349, 205 wallclock secs ( 2.82 usr 0.30 sys + 175.80 cusr 10.03 csys = 188.95 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dsa' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 00:47:14 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 00:47:14 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-dso Message-ID: <1531788434.431152.1506.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1176, 197 wallclock secs ( 0.84 usr 0.28 sys + 170.34 cusr 9.54 csys = 181.00 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-dso' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 01:30:41 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 01:30:41 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1531791041.879417.18093.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. skipped: Only supported in no-shared builds ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ ok ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. ok ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1175, 195 wallclock secs ( 0.80 usr 0.31 sys + 168.74 cusr 9.12 csys = 178.97 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-engine' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 01:40:35 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 01:40:35 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-engine no-shared Message-ID: <1531791635.818640.5695.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine no-shared Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1167, 179 wallclock secs ( 0.81 usr 0.32 sys + 167.44 cusr 8.43 csys = 177.00 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-engine_no-shared' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 04:26:22 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 04:26:22 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1531801582.432963.17137.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1168, 173 wallclock secs ( 0.86 usr 0.28 sys + 152.39 cusr 8.65 csys = 162.18 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/enable-fuzz-afl' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 05:57:16 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 05:57:16 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-pic Message-ID: <1531807036.346584.28567.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1168, 173 wallclock secs ( 0.80 usr 0.30 sys + 161.96 cusr 7.61 csys = 170.67 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-pic' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 06:12:00 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 06:12:00 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-psk Message-ID: <1531807920.630357.12094.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509spki.d.tmp -MT crypto/x509/x509spki.o -c -o crypto/x509/x509spki.o ../openssl/crypto/x509/x509spki.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x509type.d.tmp -MT crypto/x509/x509type.o -c -o crypto/x509/x509type.o ../openssl/crypto/x509/x509type.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_all.d.tmp -MT crypto/x509/x_all.o -c -o crypto/x509/x_all.o ../openssl/crypto/x509/x_all.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_attrib.d.tmp -MT crypto/x509/x_attrib.o -c -o crypto/x509/x_attrib.o ../openssl/crypto/x509/x_attrib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_crl.d.tmp -MT crypto/x509/x_crl.o -c -o crypto/x509/x_crl.o ../openssl/crypto/x509/x_crl.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_exten.d.tmp -MT crypto/x509/x_exten.o -c -o crypto/x509/x_exten.o ../openssl/crypto/x509/x_exten.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_name.d.tmp -MT crypto/x509/x_name.o -c -o crypto/x509/x_name.o ../openssl/crypto/x509/x_name.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_pubkey.d.tmp -MT crypto/x509/x_pubkey.o -c -o crypto/x509/x_pubkey.o ../openssl/crypto/x509/x_pubkey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_req.d.tmp -MT crypto/x509/x_req.o -c -o crypto/x509/x_req.o ../openssl/crypto/x509/x_req.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_x509.d.tmp -MT crypto/x509/x_x509.o -c -o crypto/x509/x_x509.o ../openssl/crypto/x509/x_x509.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509/x_x509a.d.tmp -MT crypto/x509/x_x509a.o -c -o crypto/x509/x_x509a.o ../openssl/crypto/x509/x_x509a.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_cache.d.tmp -MT crypto/x509v3/pcy_cache.o -c -o crypto/x509v3/pcy_cache.o ../openssl/crypto/x509v3/pcy_cache.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_data.d.tmp -MT crypto/x509v3/pcy_data.o -c -o crypto/x509v3/pcy_data.o ../openssl/crypto/x509v3/pcy_data.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_lib.d.tmp -MT crypto/x509v3/pcy_lib.o -c -o crypto/x509v3/pcy_lib.o ../openssl/crypto/x509v3/pcy_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_map.d.tmp -MT crypto/x509v3/pcy_map.o -c -o crypto/x509v3/pcy_map.o ../openssl/crypto/x509v3/pcy_map.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_node.d.tmp -MT crypto/x509v3/pcy_node.o -c -o crypto/x509v3/pcy_node.o ../openssl/crypto/x509v3/pcy_node.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/pcy_tree.d.tmp -MT crypto/x509v3/pcy_tree.o -c -o crypto/x509v3/pcy_tree.o ../openssl/crypto/x509v3/pcy_tree.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_addr.d.tmp -MT crypto/x509v3/v3_addr.o -c -o crypto/x509v3/v3_addr.o ../openssl/crypto/x509v3/v3_addr.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_admis.d.tmp -MT crypto/x509v3/v3_admis.o -c -o crypto/x509v3/v3_admis.o ../openssl/crypto/x509v3/v3_admis.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_akey.d.tmp -MT crypto/x509v3/v3_akey.o -c -o crypto/x509v3/v3_akey.o ../openssl/crypto/x509v3/v3_akey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_akeya.d.tmp -MT crypto/x509v3/v3_akeya.o -c -o crypto/x509v3/v3_akeya.o ../openssl/crypto/x509v3/v3_akeya.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_alt.d.tmp -MT crypto/x509v3/v3_alt.o -c -o crypto/x509v3/v3_alt.o ../openssl/crypto/x509v3/v3_alt.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_asid.d.tmp -MT crypto/x509v3/v3_asid.o -c -o crypto/x509v3/v3_asid.o ../openssl/crypto/x509v3/v3_asid.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_bcons.d.tmp -MT crypto/x509v3/v3_bcons.o -c -o crypto/x509v3/v3_bcons.o ../openssl/crypto/x509v3/v3_bcons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_bitst.d.tmp -MT crypto/x509v3/v3_bitst.o -c -o crypto/x509v3/v3_bitst.o ../openssl/crypto/x509v3/v3_bitst.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_conf.d.tmp -MT crypto/x509v3/v3_conf.o -c -o crypto/x509v3/v3_conf.o ../openssl/crypto/x509v3/v3_conf.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_cpols.d.tmp -MT crypto/x509v3/v3_cpols.o -c -o crypto/x509v3/v3_cpols.o ../openssl/crypto/x509v3/v3_cpols.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_crld.d.tmp -MT crypto/x509v3/v3_crld.o -c -o crypto/x509v3/v3_crld.o ../openssl/crypto/x509v3/v3_crld.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_enum.d.tmp -MT crypto/x509v3/v3_enum.o -c -o crypto/x509v3/v3_enum.o ../openssl/crypto/x509v3/v3_enum.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_extku.d.tmp -MT crypto/x509v3/v3_extku.o -c -o crypto/x509v3/v3_extku.o ../openssl/crypto/x509v3/v3_extku.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_genn.d.tmp -MT crypto/x509v3/v3_genn.o -c -o crypto/x509v3/v3_genn.o ../openssl/crypto/x509v3/v3_genn.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_ia5.d.tmp -MT crypto/x509v3/v3_ia5.o -c -o crypto/x509v3/v3_ia5.o ../openssl/crypto/x509v3/v3_ia5.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_info.d.tmp -MT crypto/x509v3/v3_info.o -c -o crypto/x509v3/v3_info.o ../openssl/crypto/x509v3/v3_info.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_int.d.tmp -MT crypto/x509v3/v3_int.o -c -o crypto/x509v3/v3_int.o ../openssl/crypto/x509v3/v3_int.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_lib.d.tmp -MT crypto/x509v3/v3_lib.o -c -o crypto/x509v3/v3_lib.o ../openssl/crypto/x509v3/v3_lib.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_ncons.d.tmp -MT crypto/x509v3/v3_ncons.o -c -o crypto/x509v3/v3_ncons.o ../openssl/crypto/x509v3/v3_ncons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pci.d.tmp -MT crypto/x509v3/v3_pci.o -c -o crypto/x509v3/v3_pci.o ../openssl/crypto/x509v3/v3_pci.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pcia.d.tmp -MT crypto/x509v3/v3_pcia.o -c -o crypto/x509v3/v3_pcia.o ../openssl/crypto/x509v3/v3_pcia.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pcons.d.tmp -MT crypto/x509v3/v3_pcons.o -c -o crypto/x509v3/v3_pcons.o ../openssl/crypto/x509v3/v3_pcons.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pku.d.tmp -MT crypto/x509v3/v3_pku.o -c -o crypto/x509v3/v3_pku.o ../openssl/crypto/x509v3/v3_pku.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_pmaps.d.tmp -MT crypto/x509v3/v3_pmaps.o -c -o crypto/x509v3/v3_pmaps.o ../openssl/crypto/x509v3/v3_pmaps.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_prn.d.tmp -MT crypto/x509v3/v3_prn.o -c -o crypto/x509v3/v3_prn.o ../openssl/crypto/x509v3/v3_prn.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_purp.d.tmp -MT crypto/x509v3/v3_purp.o -c -o crypto/x509v3/v3_purp.o ../openssl/crypto/x509v3/v3_purp.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_skey.d.tmp -MT crypto/x509v3/v3_skey.o -c -o crypto/x509v3/v3_skey.o ../openssl/crypto/x509v3/v3_skey.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_sxnet.d.tmp -MT crypto/x509v3/v3_sxnet.o -c -o crypto/x509v3/v3_sxnet.o ../openssl/crypto/x509v3/v3_sxnet.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_tlsf.d.tmp -MT crypto/x509v3/v3_tlsf.o -c -o crypto/x509v3/v3_tlsf.o ../openssl/crypto/x509v3/v3_tlsf.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3_utl.d.tmp -MT crypto/x509v3/v3_utl.o -c -o crypto/x509v3/v3_utl.o ../openssl/crypto/x509v3/v3_utl.c clang -I. -Icrypto/include -Iinclude -I../openssl -I../openssl/crypto/include -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF crypto/x509v3/v3err.d.tmp -MT crypto/x509v3/v3err.o -c -o crypto/x509v3/v3err.o ../openssl/crypto/x509v3/v3err.c CC="clang" /usr/bin/perl ../openssl/crypto/x86_64cpuid.pl elf crypto/x86_64cpuid.s clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/bio_ssl.d.tmp -MT ssl/bio_ssl.o -c -o ssl/bio_ssl.o ../openssl/ssl/bio_ssl.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_lib.d.tmp -MT ssl/d1_lib.o -c -o ssl/d1_lib.o ../openssl/ssl/d1_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_msg.d.tmp -MT ssl/d1_msg.o -c -o ssl/d1_msg.o ../openssl/ssl/d1_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/d1_srtp.d.tmp -MT ssl/d1_srtp.o -c -o ssl/d1_srtp.o ../openssl/ssl/d1_srtp.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/methods.d.tmp -MT ssl/methods.o -c -o ssl/methods.o ../openssl/ssl/methods.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/packet.d.tmp -MT ssl/packet.o -c -o ssl/packet.o ../openssl/ssl/packet.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/pqueue.d.tmp -MT ssl/pqueue.o -c -o ssl/pqueue.o ../openssl/ssl/pqueue.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/dtls1_bitmap.d.tmp -MT ssl/record/dtls1_bitmap.o -c -o ssl/record/dtls1_bitmap.o ../openssl/ssl/record/dtls1_bitmap.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/rec_layer_d1.d.tmp -MT ssl/record/rec_layer_d1.o -c -o ssl/record/rec_layer_d1.o ../openssl/ssl/record/rec_layer_d1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/rec_layer_s3.d.tmp -MT ssl/record/rec_layer_s3.o -c -o ssl/record/rec_layer_s3.o ../openssl/ssl/record/rec_layer_s3.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_buffer.d.tmp -MT ssl/record/ssl3_buffer.o -c -o ssl/record/ssl3_buffer.o ../openssl/ssl/record/ssl3_buffer.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_record.d.tmp -MT ssl/record/ssl3_record.o -c -o ssl/record/ssl3_record.o ../openssl/ssl/record/ssl3_record.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/record/ssl3_record_tls13.d.tmp -MT ssl/record/ssl3_record_tls13.o -c -o ssl/record/ssl3_record_tls13.o ../openssl/ssl/record/ssl3_record_tls13.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_cbc.d.tmp -MT ssl/s3_cbc.o -c -o ssl/s3_cbc.o ../openssl/ssl/s3_cbc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_enc.d.tmp -MT ssl/s3_enc.o -c -o ssl/s3_enc.o ../openssl/ssl/s3_enc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_lib.d.tmp -MT ssl/s3_lib.o -c -o ssl/s3_lib.o ../openssl/ssl/s3_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/s3_msg.d.tmp -MT ssl/s3_msg.o -c -o ssl/s3_msg.o ../openssl/ssl/s3_msg.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_asn1.d.tmp -MT ssl/ssl_asn1.o -c -o ssl/ssl_asn1.o ../openssl/ssl/ssl_asn1.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_cert.d.tmp -MT ssl/ssl_cert.o -c -o ssl/ssl_cert.o ../openssl/ssl/ssl_cert.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_ciph.d.tmp -MT ssl/ssl_ciph.o -c -o ssl/ssl_ciph.o ../openssl/ssl/ssl_ciph.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_conf.d.tmp -MT ssl/ssl_conf.o -c -o ssl/ssl_conf.o ../openssl/ssl/ssl_conf.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_err.d.tmp -MT ssl/ssl_err.o -c -o ssl/ssl_err.o ../openssl/ssl/ssl_err.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_init.d.tmp -MT ssl/ssl_init.o -c -o ssl/ssl_init.o ../openssl/ssl/ssl_init.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_lib.d.tmp -MT ssl/ssl_lib.o -c -o ssl/ssl_lib.o ../openssl/ssl/ssl_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_mcnf.d.tmp -MT ssl/ssl_mcnf.o -c -o ssl/ssl_mcnf.o ../openssl/ssl/ssl_mcnf.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_rsa.d.tmp -MT ssl/ssl_rsa.o -c -o ssl/ssl_rsa.o ../openssl/ssl/ssl_rsa.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_sess.d.tmp -MT ssl/ssl_sess.o -c -o ssl/ssl_sess.o ../openssl/ssl/ssl_sess.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_stat.d.tmp -MT ssl/ssl_stat.o -c -o ssl/ssl_stat.o ../openssl/ssl/ssl_stat.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_txt.d.tmp -MT ssl/ssl_txt.o -c -o ssl/ssl_txt.o ../openssl/ssl/ssl_txt.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/ssl_utst.d.tmp -MT ssl/ssl_utst.o -c -o ssl/ssl_utst.o ../openssl/ssl/ssl_utst.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions.d.tmp -MT ssl/statem/extensions.o -c -o ssl/statem/extensions.o ../openssl/ssl/statem/extensions.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions_clnt.d.tmp -MT ssl/statem/extensions_clnt.o -c -o ssl/statem/extensions_clnt.o ../openssl/ssl/statem/extensions_clnt.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions_cust.d.tmp -MT ssl/statem/extensions_cust.o -c -o ssl/statem/extensions_cust.o ../openssl/ssl/statem/extensions_cust.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/extensions_srvr.d.tmp -MT ssl/statem/extensions_srvr.o -c -o ssl/statem/extensions_srvr.o ../openssl/ssl/statem/extensions_srvr.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem.d.tmp -MT ssl/statem/statem.o -c -o ssl/statem/statem.o ../openssl/ssl/statem/statem.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_clnt.d.tmp -MT ssl/statem/statem_clnt.o -c -o ssl/statem/statem_clnt.o ../openssl/ssl/statem/statem_clnt.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_dtls.d.tmp -MT ssl/statem/statem_dtls.o -c -o ssl/statem/statem_dtls.o ../openssl/ssl/statem/statem_dtls.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_lib.d.tmp -MT ssl/statem/statem_lib.o -c -o ssl/statem/statem_lib.o ../openssl/ssl/statem/statem_lib.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/statem/statem_srvr.d.tmp -MT ssl/statem/statem_srvr.o -c -o ssl/statem/statem_srvr.o ../openssl/ssl/statem/statem_srvr.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/t1_enc.d.tmp -MT ssl/t1_enc.o -c -o ssl/t1_enc.o ../openssl/ssl/t1_enc.c clang -I. -Iinclude -I../openssl -I../openssl/include -fPIC -pthread -m64 -Wa,--noexecstack -Qunused-arguments -DDEBUG_UNUSED -DPEDANTIC -pedantic -Wno-long-long -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wswitch -Wsign-compare -Wmissing-prototypes -Wstrict-prototypes -Wshadow -Wformat -Wtype-limits -Wundef -Werror -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations -Wno-unknown-warning-option -Wall -O0 -g -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/local/ssl\"" -DENGINESDIR="\"/usr/local/lib/engines-1.1\"" -MMD -MF ssl/t1_lib.d.tmp -MT ssl/t1_lib.o -c -o ssl/t1_lib.o ../openssl/ssl/t1_lib.c ../openssl/ssl/statem/statem_lib.c:1496:12: error: no member named 'psk_server_callback' in 'struct ssl_st' if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL) ~ ^ 1 error generated. Makefile:6254: recipe for target 'ssl/statem/statem_lib.o' failed make[1]: *** [ssl/statem/statem_lib.o] Error 1 make[1]: *** Waiting for unfinished jobs.... make[1]: Leaving directory '/home/openssl/run-checker/no-psk' Makefile:171: recipe for target 'all' failed make: *** [all] Error 2 From openssl at openssl.org Tue Jul 17 07:31:50 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 07:31:50 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-shared Message-ID: <1531812710.910243.12232.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-shared Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1168, 198 wallclock secs ( 0.72 usr 0.34 sys + 185.91 cusr 7.80 csys = 194.77 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-shared' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From openssl at openssl.org Tue Jul 17 08:11:01 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 08:11:01 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-static-engine no-shared Message-ID: <1531815061.036804.16660.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-static-engine no-shared Commit log since last time: 57fd517 Improve documentation about reading and writing 07fc8d5 Enable all protocols and ciphers in the fuzzer 01ad66f EC2M Lopez-Dahab ladder: use it also for ECDSA verify f45846f EC2M Lopez-Dahab ladder implementation 66b0bca [test] test some important ladder corner cases and catch corner cases better and earlier 3712436 EC point multiplication: add `ladder` scaffold for specialized Montgomery ladder implementations 51f3021 Remove stale SM2 error codes Build log ended with (last 100 lines): ../../openssl/test/recipes/30-test_pbelu.t .................... ok ../../openssl/test/recipes/30-test_pkey_meth.t ................ ok ../../openssl/test/recipes/30-test_pkey_meth_kdf.t ............ ok ../../openssl/test/recipes/40-test_rehash.t ................... ok ../../openssl/test/recipes/60-test_x509_check_cert_pkey.t ..... ok ../../openssl/test/recipes/60-test_x509_dup_cert.t ............ ok ../../openssl/test/recipes/60-test_x509_store.t ............... ok ../../openssl/test/recipes/60-test_x509_time.t ................ ok ../../openssl/test/recipes/70-test_asyncio.t .................. ok ../../openssl/test/recipes/70-test_bad_dtls.t ................. ok ../../openssl/test/recipes/70-test_clienthello.t .............. ok ../../openssl/test/recipes/70-test_comp.t ..................... skipped: test_comp needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_key_share.t ................ skipped: test_key_share needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_packet.t ................... ok ../../openssl/test/recipes/70-test_recordlen.t ................ ok ../../openssl/test/recipes/70-test_renegotiation.t ............ skipped: test_renegotiation needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_servername.t ............... ok ../../openssl/test/recipes/70-test_sslcbcpadding.t ............ skipped: test_sslcbcpadding needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslcertstatus.t ............ skipped: test_sslcertstatus needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslextension.t ............. skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslmessages.t .............. skipped: test_sslmessages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslrecords.t ............... skipped: test_sslrecords needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsessiontick.t ........... skipped: test_sslsessiontick needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsigalgs.t ............... skipped: test_sslsigalgs needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslsignature.t ............. skipped: test_sslsignature needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslskewith0p.t ............. skipped: test_sslskewith0p needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslversions.t .............. skipped: test_sslversions needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_sslvertol.t ................ skipped: test_sslextension needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13cookie.t .............. skipped: test_tls13cookie needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13downgrade.t ........... skipped: test_tls13downgrade needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13hrr.t ................. skipped: test_tls13hrr needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13kexmodes.t ............ skipped: test_tls13kexmodes needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13messages.t ............ skipped: test_tls13messages needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tls13psk.t ................. skipped: test_tls13psk needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_tlsextms.t ................. skipped: test_tlsextms needs the dynamic engine feature enabled ../../openssl/test/recipes/70-test_verify_extra.t ............. ok ../../openssl/test/recipes/70-test_wpacket.t .................. ok ../../openssl/test/recipes/80-test_ca.t ....................... ok ../../openssl/test/recipes/80-test_cipherbytes.t .............. ok ../../openssl/test/recipes/80-test_cipherlist.t ............... ok ../../openssl/test/recipes/80-test_ciphername.t ............... ok ../../openssl/test/recipes/80-test_cms.t ...................... ok ../../openssl/test/recipes/80-test_cmsapi.t ................... ok ../../openssl/test/recipes/80-test_ct.t ....................... ok ../../openssl/test/recipes/80-test_dane.t ..................... ok ../../openssl/test/recipes/80-test_dtls.t ..................... ok ../../openssl/test/recipes/80-test_dtls_mtu.t ................. ok ../../openssl/test/recipes/80-test_dtlsv1listen.t ............. ok ../../openssl/test/recipes/80-test_ocsp.t ..................... ok ../../openssl/test/recipes/80-test_pkcs12.t ................... ok ../../openssl/test/recipes/80-test_ssl_new.t .................. ok ../../openssl/test/recipes/80-test_ssl_old.t .................. ok ../../openssl/test/recipes/80-test_ssl_test_ctx.t ............. ok ../../openssl/test/recipes/80-test_sslcorrupt.t ............... ok ../../openssl/test/recipes/80-test_tsa.t ...................... ok ../../openssl/test/recipes/80-test_x509aux.t .................. ok ../../openssl/test/recipes/90-test_asn1_time.t ................ ok ../../openssl/test/recipes/90-test_async.t .................... ok ../../openssl/test/recipes/90-test_bio_enc.t .................. ok ../../openssl/test/recipes/90-test_constant_time.t ............ ok ../../openssl/test/recipes/90-test_fatalerr.t ................. ok ../../openssl/test/recipes/90-test_gmdiff.t ................... ok ../../openssl/test/recipes/90-test_gost.t ..................... Dubious, test returned 1 (wstat 256, 0x100) Failed 1/1 subtests ../../openssl/test/recipes/90-test_ige.t ...................... ok ../../openssl/test/recipes/90-test_includes.t ................. ok ../../openssl/test/recipes/90-test_memleak.t .................. ok ../../openssl/test/recipes/90-test_overhead.t ................. ok ../../openssl/test/recipes/90-test_secmem.t ................... ok ../../openssl/test/recipes/90-test_shlibload.t ................ skipped: Test only supported in a shared build ../../openssl/test/recipes/90-test_srp.t ...................... ok ../../openssl/test/recipes/90-test_sslapi.t ................... ok ../../openssl/test/recipes/90-test_sslbuffers.t ............... ok ../../openssl/test/recipes/90-test_store.t .................... ok ../../openssl/test/recipes/90-test_sysdefault.t ............... ok ../../openssl/test/recipes/90-test_threads.t .................. ok ../../openssl/test/recipes/90-test_time_offset.t .............. ok ../../openssl/test/recipes/90-test_tls13ccs.t ................. ok ../../openssl/test/recipes/90-test_tls13encryption.t .......... ok ../../openssl/test/recipes/90-test_tls13secrets.t ............. skipped: tls13secrets is not supported in this build ../../openssl/test/recipes/90-test_v3name.t ................... ok ../../openssl/test/recipes/95-test_external_boringssl.t ....... skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_krb5.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/95-test_external_pyca.t ............ skipped: No external tests in this configuration ../../openssl/test/recipes/99-test_ecstress.t ................. ok ../../openssl/test/recipes/99-test_fuzz.t ..................... ok Test Summary Report ------------------- ../../openssl/test/recipes/90-test_gost.t (Wstat: 256 Tests: 1 Failed: 1) Failed test: 1 Non-zero exit status: 1 Files=150, Tests=1168, 170 wallclock secs ( 0.75 usr 0.32 sys + 157.21 cusr 7.52 csys = 165.80 CPU) Result: FAIL Makefile:204: recipe for target '_tests' failed make[1]: *** [_tests] Error 1 make[1]: Leaving directory '/home/openssl/run-checker/no-static-engine' Makefile:202: recipe for target 'tests' failed make: *** [tests] Error 2 From matt at openssl.org Tue Jul 17 09:15:32 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Jul 2018 09:15:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531818932.919511.13206.nullmailer@dev.openssl.org> The branch master has been updated via 03cdf559145bff263692c9516cac3c6456c77f2c (commit) via 5f26ddff7ee2914782e312621023e10af356de18 (commit) via 04d7814a8038e01dbeb9fd7721d40c1824f553a8 (commit) via 84475ccb70da709c9a0035561429a34700b565d9 (commit) from 57fd517066418472b3280a975823405fb8f2f43d (commit) - Log ----------------------------------------------------------------- commit 03cdf559145bff263692c9516cac3c6456c77f2c Author: Matt Caswell Date: Mon Jul 16 16:58:23 2018 +0100 Test that a failed resumption issues the correct number of tickets Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6722) commit 5f26ddff7ee2914782e312621023e10af356de18 Author: Matt Caswell Date: Mon Jul 16 16:57:36 2018 +0100 Always issue new tickets when using TLSv1.3 stateful tickets Previously we were failing to issue new tickets if a resumption attempt failed. Fixes #6654 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6722) commit 04d7814a8038e01dbeb9fd7721d40c1824f553a8 Author: Matt Caswell Date: Thu Jul 5 17:19:03 2018 +0100 Improve testing of stateful tickets Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6722) commit 84475ccb70da709c9a0035561429a34700b565d9 Author: Matt Caswell Date: Mon Jul 16 14:57:35 2018 +0100 Don't remove sessions from the cache during PHA in TLSv1.3 If we issue new tickets due to post-handshake authentication there is no reason to remove previous tickets from the cache. The code that did that only removed the last session anyway - so if more than one ticket got issued then those other tickets are still valid. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6722) ----------------------------------------------------------------------- Summary of changes: ssl/statem/extensions_srvr.c | 3 +- ssl/statem/statem_srvr.c | 9 --- test/sslapitest.c | 183 +++++++++++++++++++++++++++++++++---------- 3 files changed, 144 insertions(+), 51 deletions(-) diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index ab38a4f..f5ab5bb 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -1014,6 +1014,8 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, { SSL_SESSION *tmpsess = NULL; + s->ext.ticket_expected = 1; + switch (PACKET_remaining(tick)) { case 0: return SSL_TICKET_EMPTY; @@ -1031,7 +1033,6 @@ static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick, if (tmpsess == NULL) return SSL_TICKET_NO_DECRYPT; - s->ext.ticket_expected = 1; *sess = tmpsess; return SSL_TICKET_SUCCESS; } diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c index 5c59eb8..01b07a9 100644 --- a/ssl/statem/statem_srvr.c +++ b/ssl/statem/statem_srvr.c @@ -3648,8 +3648,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) */ if (s->post_handshake_auth == SSL_PHA_REQUESTED) { - int m = s->session_ctx->session_cache_mode; - if ((new_sess = ssl_session_dup(s->session, 0)) == 0) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, @@ -3657,13 +3655,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt) goto err; } - if (m & SSL_SESS_CACHE_SERVER) { - /* - * Remove the old session from the cache. We carry on if this fails - */ - SSL_CTX_remove_session(s->session_ctx, s->session); - } - SSL_SESSION_free(s->session); s->session = new_sess; } diff --git a/test/sslapitest.c b/test/sslapitest.c index cdac8bc..f435853 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1233,11 +1233,92 @@ static int post_handshake_verify(SSL *sssl, SSL *cssl) return 1; } -static int test_tickets(int idx) +static int setup_ticket_text(int stateful, int idx, SSL_CTX **sctx, + SSL_CTX **cctx) +{ + int sess_id_ctx = 1; + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), + TLS1_VERSION, TLS_MAX_VERSION, sctx, + cctx, cert, privkey)) + || !TEST_true(SSL_CTX_set_num_tickets(*sctx, idx)) + || !TEST_true(SSL_CTX_set_session_id_context(*sctx, + (void *)&sess_id_ctx, + sizeof(sess_id_ctx)))) + return 0; + + if (stateful) + SSL_CTX_set_options(*sctx, SSL_OP_NO_TICKET); + + SSL_CTX_set_session_cache_mode(*cctx, SSL_SESS_CACHE_CLIENT + | SSL_SESS_CACHE_NO_INTERNAL_STORE); + SSL_CTX_sess_set_new_cb(*cctx, new_cachesession_cb); + + return 1; +} + +static int check_resumption(int idx, SSL_CTX *sctx, SSL_CTX *cctx, int succ) +{ + SSL *serverssl = NULL, *clientssl = NULL; + int i; + + /* Test that we can resume with all the tickets we got given */ + for (i = 0; i < idx * 2; i++) { + new_called = 0; + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL)) + || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) + goto end; + + SSL_force_post_handshake_auth(clientssl); + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE))) + goto end; + + /* + * Following a successful resumption we only get 1 ticket. After a + * failed one we should get idx tickets. + */ + if (succ) { + if (!TEST_true(SSL_session_reused(clientssl)) + || !TEST_int_eq(new_called, 1)) + goto end; + } else { + if (!TEST_false(SSL_session_reused(clientssl)) + || !TEST_int_eq(new_called, idx)) + goto end; + } + + new_called = 0; + /* After a post-handshake authentication we should get 1 new ticket */ + if (succ + && (!post_handshake_verify(serverssl, clientssl) + || !TEST_int_eq(new_called, 1))) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + serverssl = clientssl = NULL; + SSL_SESSION_free(sesscache[i]); + sesscache[i] = NULL; + } + + return 1; + + end: + SSL_free(clientssl); + SSL_free(serverssl); + return 0; +} + +static int test_tickets(int stateful, int idx) { SSL_CTX *sctx = NULL, *cctx = NULL; SSL *serverssl = NULL, *clientssl = NULL; - int testresult = 0, i; + int testresult = 0; size_t j; /* idx is the test number, but also the number of tickets we want */ @@ -1245,15 +1326,49 @@ static int test_tickets(int idx) new_called = 0; do_cache = 1; - if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(), - TLS1_VERSION, TLS_MAX_VERSION, &sctx, - &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_num_tickets(sctx, idx))) + if (!setup_ticket_text(stateful, idx, &sctx, &cctx)) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) goto end; - SSL_CTX_set_session_cache_mode(cctx, SSL_SESS_CACHE_CLIENT - | SSL_SESS_CACHE_NO_INTERNAL_STORE); - SSL_CTX_sess_set_new_cb(cctx, new_cachesession_cb); + if (!TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + /* Check we got the number of tickets we were expecting */ + || !TEST_int_eq(idx, new_called)) + goto end; + + SSL_shutdown(clientssl); + SSL_shutdown(serverssl); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + clientssl = serverssl = NULL; + sctx = cctx = NULL; + + /* + * Now we try to resume with the tickets we previously created. The + * resumption attempt is expected to fail (because we're now using a new + * SSL_CTX). We should see idx number of tickets issued again. + */ + + /* Stop caching sessions - just count them */ + do_cache = 0; + + if (!setup_ticket_text(stateful, idx, &sctx, &cctx)) + goto end; + + if (!check_resumption(idx, sctx, cctx, 0)) + goto end; + + /* Start again with caching sessions */ + new_called = 0; + do_cache = 1; + + if (!setup_ticket_text(stateful, idx, &sctx, &cctx)) + goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) @@ -1281,37 +1396,12 @@ static int test_tickets(int idx) /* Stop caching sessions - just count them */ do_cache = 0; - /* Test that we can resume with all the tickets we got given */ - for (i = 0; i < idx * 2; i++) { - new_called = 0; - if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(clientssl, sesscache[i]))) - goto end; - - SSL_force_post_handshake_auth(clientssl); - - if (!TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_session_reused(clientssl)) - /* Following a resumption we only get 1 ticket */ - || !TEST_int_eq(new_called, 1)) - goto end; - - new_called = 0; - /* After a post-handshake authentication we should get 1 new ticket */ - if (!post_handshake_verify(serverssl, clientssl) - || !TEST_int_eq(new_called, 1)) - goto end; - - SSL_shutdown(clientssl); - SSL_shutdown(serverssl); - SSL_free(serverssl); - SSL_free(clientssl); - serverssl = clientssl = NULL; - SSL_SESSION_free(sesscache[i]); - sesscache[i] = NULL; - } + /* + * Check we can resume with all the tickets we created. This time around the + * resumptions should all be successful. + */ + if (!check_resumption(idx, sctx, cctx, 1)) + goto end; testresult = 1; @@ -1327,6 +1417,16 @@ static int test_tickets(int idx) return testresult; } + +static int test_stateless_tickets(int idx) +{ + return test_tickets(0, idx); +} + +static int test_stateful_tickets(int idx) +{ + return test_tickets(1, idx); +} #endif #define USE_NULL 0 @@ -5272,7 +5372,8 @@ int setup_tests(void) ADD_TEST(test_session_with_only_ext_cache); ADD_TEST(test_session_with_both_cache); #ifndef OPENSSL_NO_TLS1_3 - ADD_ALL_TESTS(test_tickets, 3); + ADD_ALL_TESTS(test_stateful_tickets, 3); + ADD_ALL_TESTS(test_stateless_tickets, 3); #endif ADD_ALL_TESTS(test_ssl_set_bio, TOTAL_SSL_SET_BIO_TESTS); ADD_TEST(test_ssl_bio_pop_next_bio); From matt at openssl.org Tue Jul 17 10:11:09 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Jul 2018 10:11:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531822269.887065.21543.nullmailer@dev.openssl.org> The branch master has been updated via d162340d367d7a74916106d8706c6b22adb727c2 (commit) from 03cdf559145bff263692c9516cac3c6456c77f2c (commit) - Log ----------------------------------------------------------------- commit d162340d367d7a74916106d8706c6b22adb727c2 Author: Matt Caswell Date: Mon Jul 16 17:31:37 2018 +0100 Fix no-psk Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6724) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem_lib.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 0d8fe5d..6262a06 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1493,7 +1493,12 @@ static int is_tls13_capable(const SSL *s) { int i; - if (s->psk_server_callback != NULL || s->psk_find_session_cb != NULL) +#ifndef OPENSSL_NO_PSK + if (s->psk_server_callback != NULL) + return 1; +#endif + + if (s->psk_find_session_cb != NULL) return 1; for (i = 0; i < SSL_PKEY_NUM; i++) { From matt at openssl.org Tue Jul 17 10:22:31 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Jul 2018 10:22:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531822951.104869.23694.nullmailer@dev.openssl.org> The branch master has been updated via fbe9dafdddc5e4aa7190617d189eeadf2da34a4d (commit) from d162340d367d7a74916106d8706c6b22adb727c2 (commit) - Log ----------------------------------------------------------------- commit fbe9dafdddc5e4aa7190617d189eeadf2da34a4d Author: Matt Caswell Date: Tue Jul 17 10:27:57 2018 +0100 Fix a memory leak in the ticket test Also fixes a function name typo. Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/6729) ----------------------------------------------------------------------- Summary of changes: test/sslapitest.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/test/sslapitest.c b/test/sslapitest.c index f435853..8cc4934 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -1233,7 +1233,7 @@ static int post_handshake_verify(SSL *sssl, SSL *cssl) return 1; } -static int setup_ticket_text(int stateful, int idx, SSL_CTX **sctx, +static int setup_ticket_test(int stateful, int idx, SSL_CTX **sctx, SSL_CTX **cctx) { int sess_id_ctx = 1; @@ -1326,7 +1326,7 @@ static int test_tickets(int stateful, int idx) new_called = 0; do_cache = 1; - if (!setup_ticket_text(stateful, idx, &sctx, &cctx)) + if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, @@ -1357,7 +1357,7 @@ static int test_tickets(int stateful, int idx) /* Stop caching sessions - just count them */ do_cache = 0; - if (!setup_ticket_text(stateful, idx, &sctx, &cctx)) + if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) goto end; if (!check_resumption(idx, sctx, cctx, 0)) @@ -1366,8 +1366,11 @@ static int test_tickets(int stateful, int idx) /* Start again with caching sessions */ new_called = 0; do_cache = 1; + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + sctx = cctx = NULL; - if (!setup_ticket_text(stateful, idx, &sctx, &cctx)) + if (!setup_ticket_test(stateful, idx, &sctx, &cctx)) goto end; if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, From matt at openssl.org Tue Jul 17 11:01:02 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Jul 2018 11:01:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531825262.864646.28716.nullmailer@dev.openssl.org> The branch master has been updated via 910fff7eb6cb8175fec4535ede09dc871c9895ac (commit) from fbe9dafdddc5e4aa7190617d189eeadf2da34a4d (commit) - Log ----------------------------------------------------------------- commit 910fff7eb6cb8175fec4535ede09dc871c9895ac Author: Matt Caswell Date: Tue Jul 17 11:43:30 2018 +0100 Skip the GOST test where appropriate The GOST ciphers are dynamically loaded via the GOST engine, so we must be able to support that. The engine also uses DSA and CMS symbols, so we skip the test on no-dsa or no-cms. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6730) ----------------------------------------------------------------------- Summary of changes: test/recipes/90-test_gost.t | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/recipes/90-test_gost.t b/test/recipes/90-test_gost.t index 00f95af..c7bbb4e 100644 --- a/test/recipes/90-test_gost.t +++ b/test/recipes/90-test_gost.t @@ -11,8 +11,12 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; setup("test_gost"); +# The GOST ciphers are dynamically loaded via the GOST engine, so we must be +# able to support that. The engine also uses DSA and CMS symbols, so we skip +# this test on no-dsa or no-cms. plan skip_all => "GOST support is disabled in this OpenSSL build" - if disabled("gost"); + if disabled("gost") || disabled("engine") || disabled("dynamic-engine") + || disabled("dsa") || disabled("cms"); plan skip_all => "TLSv1.3 or TLSv1.2 are disabled in this OpenSSL build" if disabled("tls1_3") || disabled("tls1_2"); From rsalz at openssl.org Tue Jul 17 14:21:35 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 17 Jul 2018 14:21:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531837295.709803.20407.nullmailer@dev.openssl.org> The branch master has been updated via 1a50eedf2a1fbb1e0e009ad616d8be678e4c6340 (commit) from 910fff7eb6cb8175fec4535ede09dc871c9895ac (commit) - Log ----------------------------------------------------------------- commit 1a50eedf2a1fbb1e0e009ad616d8be678e4c6340 Author: Mat Date: Tue Jul 17 09:48:27 2018 -0400 Fix typo in x25519-x86_64.pl Reviewed-by: Tim Hudson Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6726) ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/x25519-x86_64.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/asm/x25519-x86_64.pl b/crypto/ec/asm/x25519-x86_64.pl index da81e06..18dc6af 100755 --- a/crypto/ec/asm/x25519-x86_64.pl +++ b/crypto/ec/asm/x25519-x86_64.pl @@ -13,7 +13,7 @@ # details see http://www.openssl.org/~appro/cryptogams/. # ==================================================================== # -# X25519 lower-level primitives for x86_86. +# X25519 lower-level primitives for x86_64. # # February 2018. # From openssl at openssl.org Tue Jul 17 22:36:56 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 22:36:56 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Message-ID: <1531867016.970886.7432.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-asan no-shared -DOPENSSL_SMALL_FOOTPRINT Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Tue Jul 17 23:47:40 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 23:47:40 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-cms Message-ID: <1531871260.225063.25804.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-cms Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Tue Jul 17 23:59:46 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 17 Jul 2018 23:59:46 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings enable-crypto-mdebug Message-ID: <1531871986.934875.2067.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings enable-crypto-mdebug Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 00:38:52 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 00:38:52 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dsa Message-ID: <1531874332.095969.23009.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dsa Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 00:44:27 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 00:44:27 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-dso Message-ID: <1531874667.536955.22968.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-dso Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 01:28:03 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 01:28:03 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-engine Message-ID: <1531877283.899104.7049.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 01:37:53 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 01:37:53 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-engine no-shared Message-ID: <1531877873.794926.27076.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-engine no-shared Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 04:22:24 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 04:22:24 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d enable-fuzz-afl no-shared Message-ID: <1531887744.640978.6054.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=afl-clang-fast ../openssl/config -d enable-fuzz-afl no-shared Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 05:53:01 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 05:53:01 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-pic Message-ID: <1531893181.915015.17348.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-pic Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 06:11:46 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 06:11:46 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-psk Message-ID: <1531894306.873294.32541.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-psk Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 07:24:37 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 07:24:37 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-shared Message-ID: <1531898677.481629.32428.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-shared Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From openssl at openssl.org Wed Jul 18 08:03:38 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 18 Jul 2018 08:03:38 +0000 Subject: [openssl-commits] SUCCESSFUL build of OpenSSL branch master with options -d --strict-warnings no-static-engine no-shared Message-ID: <1531901018.004171.4355.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-static-engine no-shared Commit log since last time: 1a50eed Fix typo in x25519-x86_64.pl 910fff7 Skip the GOST test where appropriate fbe9daf Fix a memory leak in the ticket test d162340 Fix no-psk 03cdf55 Test that a failed resumption issues the correct number of tickets 5f26ddf Always issue new tickets when using TLSv1.3 stateful tickets 04d7814 Improve testing of stateful tickets 84475cc Don't remove sessions from the cache during PHA in TLSv1.3 From matt at openssl.org Wed Jul 18 09:02:36 2018 From: matt at openssl.org (Matt Caswell) Date: Wed, 18 Jul 2018 09:02:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531904556.883776.17648.nullmailer@dev.openssl.org> The branch master has been updated via 9e6a32025e6e69949ad3e53a29a0b85f61f30b85 (commit) via 11d2641f96ead76deb5b8fac638a3ad36a971a66 (commit) from 1a50eedf2a1fbb1e0e009ad616d8be678e4c6340 (commit) - Log ----------------------------------------------------------------- commit 9e6a32025e6e69949ad3e53a29a0b85f61f30b85 Author: Matt Caswell Date: Tue Jul 17 17:29:08 2018 +0100 Add a test for mismatch between key OID and sig alg Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6732) commit 11d2641f96ead76deb5b8fac638a3ad36a971a66 Author: Matt Caswell Date: Tue Jul 17 16:31:07 2018 +0100 Check that the public key OID matches the sig alg Using the rsa_pss_rsae_sha256 sig alg should imply that the key OID is rsaEncryption. Similarly rsa_pss_pss_sha256 implies the key OID is rsassaPss. However we did not check this and incorrectly tolerated a key OID that did not match the sig alg sent by the peer. Fixes #6611 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6732) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_cert.c | 31 ++++++++++++++------ ssl/ssl_locl.h | 1 + ssl/t1_lib.c | 10 ++++++- test/recipes/70-test_sslsigalgs.t | 60 ++++++++++++++++++++++++++++----------- util/perl/TLSProxy/Message.pm | 9 ++++-- 5 files changed, 81 insertions(+), 30 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index b2b3427..df5cff7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -995,22 +995,35 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other) ctx->cert->sec_ex); } -const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) +int ssl_cert_lookup_by_nid(int nid, size_t *pidx) { - int nid = EVP_PKEY_id(pk); size_t i; - if (nid == NID_undef) - return NULL; - for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) { if (ssl_cert_info[i].nid == nid) { - if (pidx != NULL) - *pidx = i; - return &ssl_cert_info[i]; + *pidx = i; + return 1; } } - return NULL; + + return 0; +} + +const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx) +{ + int nid = EVP_PKEY_id(pk); + size_t tmpidx; + + if (nid == NID_undef) + return NULL; + + if (!ssl_cert_lookup_by_nid(nid, &tmpidx)) + return NULL; + + if (pidx != NULL) + *pidx = tmpidx; + + return &ssl_cert_info[tmpidx]; } const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index b38052f..e7258d4 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2288,6 +2288,7 @@ __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other); __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other); +__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx); __owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3c7590c..df27ba6 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -955,7 +955,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) const uint16_t *sent_sigs; const EVP_MD *md = NULL; char sigalgstr[2]; - size_t sent_sigslen, i; + size_t sent_sigslen, i, cidx; int pkeyid = EVP_PKEY_id(pkey); const SIGALG_LOOKUP *lu; @@ -986,6 +986,14 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) SSL_R_WRONG_SIGNATURE_TYPE); return 0; } + /* Check the sigalg is consistent with the key OID */ + if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx) + || lu->sig_idx != (int)cidx) { + SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG, + SSL_R_WRONG_SIGNATURE_TYPE); + return 0; + } + #ifndef OPENSSL_NO_EC if (pkeyid == EVP_PKEY_EC) { diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index 95af8a1..f805dcf 100644 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -53,12 +53,12 @@ use constant { #Test 1: Default sig algs should succeed $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 21; +plan tests => 22; ok(TLSProxy::Message->success, "Default sigalgs"); my $testtype; SKIP: { - skip "TLSv1.3 disabled", 5 if disabled("tls1_3"); + skip "TLSv1.3 disabled", 6 if disabled("tls1_3"); $proxy->filter(\&sigalgs_filter); @@ -94,12 +94,21 @@ SKIP: { $testtype = PSS_ONLY_SIG_ALGS; $proxy->start(); ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.3"); + + #Test 7: Modify the CertificateVerify sigalg from rsa_pss_rsae_sha256 to + # rsa_pss_pss_sha256. This should fail because the public key OID + # in the certificate is rsaEncryption and not rsassaPss + $proxy->filter(\&modify_cert_verify_sigalg); + $proxy->clear(); + $proxy->start(); + ok(TLSProxy::Message->fail, + "Mismatch between CertVerify sigalg and public key OID"); } SKIP: { skip "EC or TLSv1.3 disabled", 1 if disabled("tls1_3") || disabled("ec"); - #Test 7: Sending a valid sig algs list but not including a sig type that + #Test 8: Sending a valid sig algs list but not including a sig type that # matches the certificate should fail in TLSv1.3. $proxy->clear(); $proxy->clientflags("-sigalgs ECDSA+SHA256"); @@ -112,7 +121,7 @@ SKIP: { skip "EC, TLSv1.3 or TLSv1.2 disabled", 1 if disabled("tls1_2") || disabled("tls1_3") || disabled("ec"); - #Test 8: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 + #Test 9: Sending a full list of TLSv1.3 sig algs but negotiating TLSv1.2 # should succeed $proxy->clear(); $proxy->serverflags("-no_tls1_3"); @@ -127,7 +136,7 @@ SKIP: { $proxy->filter(\&sigalgs_filter); - #Test 9: Sending no sig algs extension in TLSv1.2 should succeed + #Test 10: Sending no sig algs extension in TLSv1.2 should succeed $proxy->clear(); $testtype = NO_SIG_ALGS_EXT; $proxy->clientflags("-no_tls1_3"); @@ -135,7 +144,7 @@ SKIP: { $proxy->start(); ok(TLSProxy::Message->success, "No TLSv1.2 sigalgs"); - #Test 10: Sending an empty sig algs extension in TLSv1.2 should fail + #Test 11: Sending an empty sig algs extension in TLSv1.2 should fail $proxy->clear(); $testtype = EMPTY_SIG_ALGS_EXT; $proxy->clientflags("-no_tls1_3"); @@ -143,7 +152,7 @@ SKIP: { $proxy->start(); ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); - #Test 11: Sending a list with no recognised sig algs in TLSv1.2 should fail + #Test 12: Sending a list with no recognised sig algs in TLSv1.2 should fail $proxy->clear(); $testtype = NO_KNOWN_SIG_ALGS; $proxy->clientflags("-no_tls1_3"); @@ -151,7 +160,7 @@ SKIP: { $proxy->start(); ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); - #Test 12: Sending a sig algs list without pss for an RSA cert in TLSv1.2 + #Test 13: Sending a sig algs list without pss for an RSA cert in TLSv1.2 # should succeed $proxy->clear(); $testtype = NO_PSS_SIG_ALGS; @@ -160,7 +169,7 @@ SKIP: { $proxy->start(); ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); - #Test 13: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed + #Test 14: Sending only TLSv1.3 PSS sig algs in TLSv1.2 should succeed $proxy->clear(); $testtype = PSS_ONLY_SIG_ALGS; $proxy->serverflags("-no_tls1_3"); @@ -168,7 +177,7 @@ SKIP: { $proxy->start(); ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); - #Test 14: Responding with a sig alg we did not send in TLSv1.2 should fail + #Test 15: Responding with a sig alg we did not send in TLSv1.2 should fail # We send rsa_pkcs1_sha256 and respond with rsa_pss_rsae_sha256 # TODO(TLS1.3): Add a similar test to the TLSv1.3 section above # when we have an API capable of configuring the TLSv1.3 sig algs @@ -179,7 +188,7 @@ SKIP: { $proxy->start(); ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); - #Test 15: Sending a valid sig algs list but not including a sig type that + #Test 16: Sending a valid sig algs list but not including a sig type that # matches the certificate should fail in TLSv1.2 $proxy->clear(); $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); @@ -189,7 +198,7 @@ SKIP: { ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); $proxy->filter(\&sigalgs_filter); - #Test 16: No sig algs extension, ECDSA cert, TLSv1.2 should succeed + #Test 17: No sig algs extension, ECDSA cert, TLSv1.2 should succeed $proxy->clear(); $testtype = NO_SIG_ALGS_EXT; $proxy->clientflags("-no_tls1_3"); @@ -205,7 +214,7 @@ SKIP: { my ($dsa_status, $sha1_status, $sha224_status); SKIP: { skip "TLSv1.3 disabled", 2 if disabled("tls1_3") || disabled("dsa"); - #Test 17: signature_algorithms with 1.3-only ClientHello + #Test 18: signature_algorithms with 1.3-only ClientHello $testtype = PURE_SIGALGS; $dsa_status = $sha1_status = $sha224_status = 0; $proxy->clear(); @@ -215,7 +224,7 @@ SKIP: { ok($dsa_status && $sha1_status && $sha224_status, "DSA/SHA2 sigalg sent for 1.3-only ClientHello"); - #Test 18: signature_algorithms with backwards compatible ClientHello + #Test 19: signature_algorithms with backwards compatible ClientHello SKIP: { skip "TLSv1.2 disabled", 1 if disabled("tls1_2"); $testtype = COMPAT_SIGALGS; @@ -230,21 +239,21 @@ SKIP: { SKIP: { skip "TLSv1.3 disabled", 3 if disabled("tls1_3"); - #Test 19: Insert signature_algorithms_cert that match normal sigalgs + #Test 20: Insert signature_algorithms_cert that match normal sigalgs $testtype = SIGALGS_CERT_ALL; $proxy->clear(); $proxy->filter(\&modify_sigalgs_cert_filter); $proxy->start(); ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3"); - #Test 19: Insert signature_algorithms_cert that forces PKCS#1 cert + #Test 21: Insert signature_algorithms_cert that forces PKCS#1 cert $testtype = SIGALGS_CERT_PKCS; $proxy->clear(); $proxy->filter(\&modify_sigalgs_cert_filter); $proxy->start(); ok(TLSProxy::Message->success, "sigalgs_cert in TLSv1.3 with PKCS#1 cert"); - #Test 19: Insert signature_algorithms_cert that fails + #Test 22: Insert signature_algorithms_cert that fails $testtype = SIGALGS_CERT_INVALID; $proxy->clear(); $proxy->filter(\&modify_sigalgs_cert_filter); @@ -380,3 +389,20 @@ sub modify_sigalgs_cert_filter } } } + +sub modify_cert_verify_sigalg +{ + my $proxy = shift; + + # We're only interested in the CertificateVerify + if ($proxy->flight != 1) { + return; + } + + foreach my $message (@{$proxy->message_list}) { + if ($message->mt == TLSProxy::Message::MT_CERTIFICATE_VERIFY) { + $message->sigalg(TLSProxy::Message::SIG_ALG_RSA_PSS_PSS_SHA256); + $message->repack(); + } + } +} diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 4a60ba0..56570f9 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -103,11 +103,14 @@ use constant { SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403, SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503, SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603, - SIG_ALG_RSA_PSS_SHA256 => 0x0804, - SIG_ALG_RSA_PSS_SHA384 => 0x0805, - SIG_ALG_RSA_PSS_SHA512 => 0x0806, + SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804, + SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805, + SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806, SIG_ALG_ED25519 => 0x0807, SIG_ALG_ED448 => 0x0808, + SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809, + SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a, + SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b, SIG_ALG_RSA_PKCS1_SHA1 => 0x0201, SIG_ALG_ECDSA_SHA1 => 0x0203, SIG_ALG_DSA_SHA1 => 0x0202, From appro at openssl.org Wed Jul 18 14:04:46 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 18 Jul 2018 14:04:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531922686.261924.24520.nullmailer@dev.openssl.org> The branch master has been updated via 83e034379fa3f6f0d308ec75fbcb137e26154aec (commit) from 9e6a32025e6e69949ad3e53a29a0b85f61f30b85 (commit) - Log ----------------------------------------------------------------- commit 83e034379fa3f6f0d308ec75fbcb137e26154aec Author: Andy Polyakov Date: Mon Jul 16 18:17:44 2018 +0200 bn/bn_lib.c address Coverity nit in bn2binpad. It was false positive, but one can as well view it as readability issue. Switch even to unsigned indices because % BN_BYTES takes 4-6 instructions with signed dividend vs. 1 (one) with unsigned. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index a582ce5..df6ea69 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -417,28 +417,27 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i, j, top; + int n; + size_t i, inc, lasti, j; BN_ULONG l; - i = BN_num_bytes(a); + n = BN_num_bytes(a); if (tolen == -1) - tolen = i; - else if (tolen < i) + tolen = n; + else if (tolen < n) return -1; - if (i == 0) { + if (n == 0) { OPENSSL_cleanse(to, tolen); return tolen; } - top = a->top * BN_BYTES; - for (i = 0, j = tolen; j > 0; i++) { - unsigned int mask; - - mask = constant_time_lt(i, top); - i -= 1 & ~mask; /* stay on top limb */ + lasti = n - 1; + for (i = 0, inc = 1, j = tolen; j > 0;) { l = a->d[i / BN_BYTES]; - to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc)); + inc = (i - lasti) >> (8 * sizeof(i) - 1); + i += inc; /* stay on top limb */ } return tolen; From appro at openssl.org Wed Jul 18 14:05:39 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 18 Jul 2018 14:05:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1531922739.412195.25364.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 821c3baa002fc874553cfacd65bd7bd6f6e9cb3f (commit) from 0b139e41b4ca03c1d36f4c93c6e9147e497029ca (commit) - Log ----------------------------------------------------------------- commit 821c3baa002fc874553cfacd65bd7bd6f6e9cb3f Author: Andy Polyakov Date: Mon Jul 16 18:17:44 2018 +0200 bn/bn_lib.c address Coverity nit in bn2binpad. It was false positive, but one can as well view it as readability issue. Switch even to unsigned indices because % BN_BYTES takes 4-6 instructions with signed dividend vs. 1 (one) with unsigned. Reviewed-by: Rich Salz (cherry picked from commit 83e034379fa3f6f0d308ec75fbcb137e26154aec) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lib.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index ebad255..6c57a53 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -498,28 +498,27 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) /* ignore negative */ static int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen) { - int i, j, top; + int n; + size_t i, inc, lasti, j; BN_ULONG l; - i = BN_num_bytes(a); + n = BN_num_bytes(a); if (tolen == -1) - tolen = i; - else if (tolen < i) + tolen = n; + else if (tolen < n) return -1; - if (i == 0) { + if (n == 0) { OPENSSL_cleanse(to, tolen); return tolen; } - top = a->top * BN_BYTES; - for (i = 0, j = tolen; j > 0; i++) { - unsigned int mask; - - mask = constant_time_lt(i, top); - i -= 1 & ~mask; /* stay on top limb */ + lasti = n - 1; + for (i = 0, inc = 1, j = tolen; j > 0;) { l = a->d[i / BN_BYTES]; - to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask); + to[--j] = (unsigned char)(l >> (8 * (i % BN_BYTES)) & (0 - inc)); + inc = (i - lasti) >> (8 * sizeof(i) - 1); + i += inc; /* stay on top limb */ } return tolen; From appro at openssl.org Wed Jul 18 14:12:26 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 18 Jul 2018 14:12:26 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1531923146.173209.27038.nullmailer@dev.openssl.org> The branch master has been updated via 1c073b9521ce7dbdd5689bdf7ae5fa87557c3529 (commit) via 37132c9702328940a99b1307f742ab094ef754a7 (commit) via fff7a0dcf6e3135c7f93e6cb5fb35e37dd0b384d (commit) via 3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f (commit) from 83e034379fa3f6f0d308ec75fbcb137e26154aec (commit) - Log ----------------------------------------------------------------- commit 1c073b9521ce7dbdd5689bdf7ae5fa87557c3529 Author: Andy Polyakov Date: Sun Jul 15 17:59:59 2018 +0200 CHANGES: mention blinding reverting in ECDSA. [skip ci] Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6664) commit 37132c9702328940a99b1307f742ab094ef754a7 Author: Andy Polyakov Date: Thu Jul 12 22:27:43 2018 +0200 ec/ecdsa_ossl.c: switch to fixed-length Montgomery multiplication. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6664) commit fff7a0dcf6e3135c7f93e6cb5fb35e37dd0b384d Author: Andy Polyakov Date: Fri Jul 6 16:13:29 2018 +0200 ec/ecdsa_ossl.c: formatting and readability fixes. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6664) commit 3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f Author: Andy Polyakov Date: Fri Jul 6 15:55:34 2018 +0200 ec/ecdsa_ossl.c: revert blinding in ECDSA signature. Originally suggested solution for "Return Of the Hidden Number Problem" is arguably too expensive. While it has marginal impact on slower curves, none to ~6%, optimized implementations suffer real penalties. Most notably sign with P-256 went more than 2 times[!] slower. Instead, just implement constant-time BN_mod_add_quick. Reviewed-by: Rich Salz Reviewed-by: David Benjamin (Merged from https://github.com/openssl/openssl/pull/6664) ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++ crypto/bn/bn_mod.c | 66 ++++++++++++++++++-- crypto/ec/ecdsa_ossl.c | 131 +++++++++++---------------------------- crypto/include/internal/bn_int.h | 2 + 4 files changed, 103 insertions(+), 100 deletions(-) diff --git a/CHANGES b/CHANGES index c1d4c2d..ae59f92 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + [Andy Polyakov] + *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder step for binary curves. The new implementation is based on formulas from differential addition-and-doubling in mixed Lopez-Dahab projective diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 76adfb7..463d2d6 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -35,18 +35,72 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, /* * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m + * less than m. The original algorithm was + * + * if (!BN_uadd(r, a, b)) + * return 0; + * if (BN_ucmp(r, m) >= 0) + * return BN_usub(r, r, m); + * + * which is replaced with addition, subtracting modulus, and conditional + * move depending on whether or not subtraction borrowed. */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) { - if (!BN_uadd(r, a, b)) + size_t i, ai, bi, mtop = m->top; + BN_ULONG storage[1024 / BN_BITS2]; + BN_ULONG carry, temp, mask, *rp, *tp = storage; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, mtop) == NULL) return 0; - if (BN_ucmp(r, m) >= 0) - return BN_usub(r, r, m); + + if (mtop > sizeof(storage) / sizeof(storage[0]) + && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) + return 0; + + ap = a->d != NULL ? a->d : tp; + bp = b->d != NULL ? b->d : tp; + + for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + temp = ((ap[ai] & mask) + carry) & BN_MASK2; + carry = (temp < carry); + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; + carry += (tp[i] < temp); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + rp = r->d; + carry -= bn_sub_words(rp, tp, m->d, mtop); + for (i = 0; i < mtop; i++) { + rp[i] = (carry & tp[i]) | (~carry & rp[i]); + ((volatile BN_ULONG *)tp)[i] = 0; + } + r->top = mtop; + + if (tp != storage) + OPENSSL_free(tp); + return 1; } +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + int ret = bn_mod_add_fixed_top(r, a, b, m); + + if (ret) + bn_correct_top(r); + + return ret; +} + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) { diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index dfb0d19..ad7a6f7 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -10,9 +10,8 @@ #include #include #include -#include #include -#include +#include "internal/bn_int.h" #include "ec_lcl.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, @@ -53,13 +52,12 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, return 0; } - if (ctx_in == NULL) { + if ((ctx = ctx_in) == NULL) { if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); return 0; } - } else - ctx = ctx_in; + } k = BN_new(); /* this value is later returned in *kinvp */ r = BN_new(); /* this value is later returned in *rp */ @@ -73,10 +71,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } /* Preallocate space */ order_bits = BN_num_bits(order); @@ -87,23 +81,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, do { /* get random k */ - do + do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce - (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, - ctx)) { + if (!BN_generate_dsa_nonce(k, order, + EC_KEY_get0_private_key(eckey), + dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } else { if (!BN_priv_rand_range(k, order)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } - while (BN_is_zero(k)); + } while (BN_is_zero(k)); /* compute r the x-coordinate of generator * k */ if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { @@ -112,18 +106,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp - (group, tmp_point, X, NULL, ctx)) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } } #ifndef OPENSSL_NO_EC2M else { /* NID_X9_62_characteristic_two_field */ - - if (!EC_POINT_get_affine_coordinates_GF2m(group, - tmp_point, X, NULL, - ctx)) { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } @@ -133,8 +125,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } - } - while (BN_is_zero(r)); + } while (BN_is_zero(r)); /* compute the inverse of k */ if (!ec_group_do_inverse_ord(group, k, k, ctx)) { @@ -172,8 +163,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL; - BIGNUM *blindm = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL; const BIGNUM *order, *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -206,27 +196,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } s = ret->s; - ctx = BN_CTX_secure_new(); - if (ctx == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); - goto err; - } - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - m = BN_CTX_get(ctx); - blind = BN_CTX_get(ctx); - blindm = BN_CTX_get(ctx); - if (blindm == NULL) { + if ((ctx = BN_CTX_new()) == NULL + || (m = BN_new()) == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB); - goto err; - } i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. @@ -237,7 +213,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - /* If still too long truncate remaining bits with a shift */ + /* If still too long, truncate remaining bits with a shift */ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; @@ -258,59 +234,27 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } /* - * The normal signature calculation is: - * - * s := k^-1 * (m + r * priv_key) mod order - * - * We will blind this to protect against side channel attacks - * - * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod order + * With only one multiplicant being in Montgomery domain + * multiplication yields real result without post-conversion. + * Also note that all operations but last are performed with + * zero-padded vectors. Last operation, BN_mod_mul_montgomery + * below, returns user-visible value with removed zero padding. */ - - /* Generate a blinding value */ - do { - if (!BN_priv_rand(blind, BN_num_bits(order) - 1, - BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) - goto err; - } while (BN_is_zero(blind)); - BN_set_flags(blind, BN_FLG_CONSTTIME); - BN_set_flags(blindm, BN_FLG_CONSTTIME); - BN_set_flags(tmp, BN_FLG_CONSTTIME); - - /* tmp := blind * priv_key * r mod order */ - if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* blindm := blind * m mod order */ - if (!BN_mod_mul(blindm, blind, m, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* s : = (blind * priv_key * r) + (blind * m) mod order */ - if (!BN_mod_add_quick(s, tmp, blindm, order)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - - /* s:= s * blind^-1 mod order */ - if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + if (!bn_mod_add_fixed_top(s, s, m, order)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, blind, order, ctx)) { + /* + * |s| can still be larger than modulus, because |m| can be. In + * such case we count on Montgomery reduction to tie it up. + */ + if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } @@ -324,11 +268,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); goto err; } - } else + } else { /* s != 0 => we have a valid signature */ break; - } - while (1); + } + } while (1); ok = 1; err: @@ -336,9 +280,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } - if (ctx != NULL) - BN_CTX_end(ctx); BN_CTX_free(ctx); + BN_clear_free(m); BN_clear_free(kinv); return ret; } diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index e7fd899..f7d37d5 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -71,5 +71,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); #endif From matt at openssl.org Thu Jul 19 11:50:16 2018 From: matt at openssl.org (Matt Caswell) Date: Thu, 19 Jul 2018 11:50:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532001016.883859.12704.nullmailer@dev.openssl.org> The branch master has been updated via 0efa0ba4e664d6d3dab1ec2b9bce3b39696f4ac7 (commit) via 1c1e4160e069818a0f9ebf080f57ac5282ae1bff (commit) from 1c073b9521ce7dbdd5689bdf7ae5fa87557c3529 (commit) - Log ----------------------------------------------------------------- commit 0efa0ba4e664d6d3dab1ec2b9bce3b39696f4ac7 Author: Matt Caswell Date: Wed Jul 18 12:29:36 2018 +0100 Test early_data sent after a second ClientHello causes a failure Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6737) commit 1c1e4160e069818a0f9ebf080f57ac5282ae1bff Author: Matt Caswell Date: Wed Jul 18 11:16:28 2018 +0100 Don't skip over early_data if we sent an HRR It is not valid to send early_data after an HRR has been received. Fixes #6734 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6737) ----------------------------------------------------------------------- Summary of changes: ssl/statem/statem.c | 4 +++- test/sslapitest.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++------- 2 files changed, 62 insertions(+), 9 deletions(-) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index e836769..cf6472c 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -179,7 +179,9 @@ int ossl_statem_skip_early_data(SSL *s) if (s->ext.early_data != SSL_EARLY_DATA_REJECTED) return 0; - if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA) + if (!s->server + || s->statem.hand_state != TLS_ST_EARLY_DATA + || s->hello_retry_request == SSL_HRR_COMPLETE) return 0; return 1; diff --git a/test/sslapitest.c b/test/sslapitest.c index 8cc4934..c65bf59 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -2419,7 +2419,8 @@ static int test_early_data_replay(int idx) * handle a connection from a client where the early data should be skipped. * testtype: 0 == No HRR * testtype: 1 == HRR - * testtype: 2 == recv_max_early_data set to 0 + * testtype: 2 == HRR, invalid early_data sent after HRR + * testtype: 3 == recv_max_early_data set to 0 */ static int early_data_skip_helper(int testtype, int idx) { @@ -2434,7 +2435,7 @@ static int early_data_skip_helper(int testtype, int idx) &serverssl, &sess, idx))) goto end; - if (testtype == 1) { + if (testtype == 1 || testtype == 2) { /* Force an HRR to occur */ if (!TEST_true(SSL_set1_groups_list(serverssl, "P-256"))) goto end; @@ -2454,7 +2455,7 @@ static int early_data_skip_helper(int testtype, int idx) goto end; } - if (testtype == 2 + if (testtype == 3 && !TEST_true(SSL_set_recv_max_early_data(serverssl, 0))) goto end; @@ -2473,7 +2474,12 @@ static int early_data_skip_helper(int testtype, int idx) SSL_EARLY_DATA_REJECTED)) goto end; - if (testtype == 1) { + switch (testtype) { + case 0: + /* Nothing to do */ + break; + + case 1: /* * Finish off the handshake. We perform the same writes and reads as * further down but we expect them to fail due to the incomplete @@ -2483,10 +2489,40 @@ static int early_data_skip_helper(int testtype, int idx) || !TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes))) goto end; - } else if (testtype == 2) { + break; + + case 2: + { + BIO *wbio = SSL_get_wbio(clientssl); + /* A record that will appear as bad early_data */ + const unsigned char bad_early_data[] = { + 0x17, 0x03, 0x03, 0x00, 0x01, 0x00 + }; + + /* + * We force the client to attempt a write. This will fail because + * we're still in the handshake. It will cause the second + * ClientHello to be sent. + */ + if (!TEST_false(SSL_write_ex(clientssl, MSG2, strlen(MSG2), + &written))) + goto end; + + /* + * Inject some early_data after the second ClientHello. This should + * cause the server to fail + */ + if (!TEST_true(BIO_write_ex(wbio, bad_early_data, + sizeof(bad_early_data), &written))) + goto end; + } + /* fallthrough */ + + case 3: /* - * This client has sent more early_data than we are willing to skip so - * the connection should abort. + * This client has sent more early_data than we are willing to skip + * (case 3) or sent invalid early_data (case 2) so the connection should + * abort. */ if (!TEST_false(SSL_read_ex(serverssl, buf, sizeof(buf), &readbytes)) || !TEST_int_eq(SSL_get_error(serverssl, 0), SSL_ERROR_SSL)) @@ -2495,6 +2531,10 @@ static int early_data_skip_helper(int testtype, int idx) /* Connection has failed - nothing more to do */ testresult = 1; goto end; + + default: + TEST_error("Invalid test type"); + goto end; } /* @@ -2542,12 +2582,22 @@ static int test_early_data_skip_hrr(int idx) } /* + * Test that a server attempting to read early data can handle a connection + * from a client where an HRR occurs and correctly fails if early_data is sent + * after the HRR + */ +static int test_early_data_skip_hrr_fail(int idx) +{ + return early_data_skip_helper(2, idx); +} + +/* * Test that a server attempting to read early data will abort if it tries to * skip over too much. */ static int test_early_data_skip_abort(int idx) { - return early_data_skip_helper(2, idx); + return early_data_skip_helper(3, idx); } /* @@ -5402,6 +5452,7 @@ int setup_tests(void) ADD_ALL_TESTS(test_early_data_replay, 2); ADD_ALL_TESTS(test_early_data_skip, 3); ADD_ALL_TESTS(test_early_data_skip_hrr, 3); + ADD_ALL_TESTS(test_early_data_skip_hrr_fail, 3); ADD_ALL_TESTS(test_early_data_skip_abort, 3); ADD_ALL_TESTS(test_early_data_not_sent, 3); ADD_ALL_TESTS(test_early_data_psk, 8); From no-reply at appveyor.com Thu Jul 19 17:54:55 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 19 Jul 2018 17:54:55 +0000 Subject: [openssl-commits] Build failed: openssl master.19013 Message-ID: <20180719175455.1.1F58C79C6299A892@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Thu Jul 19 18:10:00 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 19 Jul 2018 18:10:00 +0000 Subject: [openssl-commits] Build failed: openssl master.19014 Message-ID: <20180719181000.1.E5D8A67B6DCEF0C1@appveyor.com> An HTML attachment was scrubbed... URL: From matt at openssl.org Fri Jul 20 09:50:17 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 20 Jul 2018 09:50:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532080217.682405.8894.nullmailer@dev.openssl.org> The branch master has been updated via d6ce9da49b131cad85da8c94c617febf6c8d9073 (commit) from 0efa0ba4e664d6d3dab1ec2b9bce3b39696f4ac7 (commit) - Log ----------------------------------------------------------------- commit d6ce9da49b131cad85da8c94c617febf6c8d9073 Author: Matt Caswell Date: Thu Jul 19 12:46:02 2018 +0100 Update the TLSv1.3 test vectors Use the latest version of the test vectors available in: https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6746) ----------------------------------------------------------------------- Summary of changes: test/tls13encryptiontest.c | 186 ++++++++++++++++++++++++--------------------- test/tls13secretstest.c | 90 ++++++++++------------ 2 files changed, 143 insertions(+), 133 deletions(-) diff --git a/test/tls13encryptiontest.c b/test/tls13encryptiontest.c index 4c5d575..6f359b3 100644 --- a/test/tls13encryptiontest.c +++ b/test/tls13encryptiontest.c @@ -27,7 +27,7 @@ /* * Based on the test vectors provided in: - * https://www.ietf.org/id/draft-thomson-tls-tls13-vectors-01.txt + * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06 */ typedef struct { @@ -42,6 +42,13 @@ typedef struct { const char *seq; } RECORD_DATA; +/* + * Note 1: The plaintext values given here have an additional "16" or "17" byte + * added to the end when compared to the official vectors. The official vectors + * do not include the inner content type, but we require it. + * + * Note 2: These are the vectors for the "Simple 1-RTT Handshake" + */ static RECORD_DATA refdata[] = { { /* @@ -49,143 +56,152 @@ static RECORD_DATA refdata[] = { * Finished */ { - "0800001e001c000a00140012001d001700180019010001010102010301040000" - "00000b0001b9000001b50001b0308201ac30820115a003020102020102300d06" - "092a864886f70d01010b0500300e310c300a06035504031303727361301e170d" - "3136303733303031323335395a170d3236303733303031323335395a300e310c" - "300a0603550403130372736130819f300d06092a864886f70d01010105000381" - "8d0030818902818100b4bb498f8279303d980836399b36c6988c0c68de55e1bd" - "b826d3901a2461eafd2de49a91d015abbc9a95137ace6c1af19eaa6af98c7ced", - "43120998e187a80ee0ccb0524b1b018c3e0b63264d449a6d38e22a5fda430846" - "748030530ef0461c8ca9d9efbfae8ea6d1d03e2bd193eff0ab9a8002c47428a6" - "d35a8d88d79f7f1e3f0203010001a31a301830090603551d1304023000300b06" - "03551d0f0404030205a0300d06092a864886f70d01010b05000381810085aad2" - "a0e5b9276b908c65f73a7267170618a54c5f8a7b337d2df7a594365417f2eae8" - "f8a58c8f8172f9319cf36b7fd6c55b80f21a03015156726096fd335e5e67f2db" - "f102702e608ccae6bec1fc63a42a99be5c3eb7107c3c54e9b9eb2bd5203b1c3b", - "84e0a8b2f759409ba3eac9d91d402dcc0cc8f8961229ac9187b42b4de100000f" - "00008408040080134e22eac57321ab47db6b38b2992cec2dd79bd065a034a9af" - "6b9e3d03475e4309e6523ccdf055453fb480804a3a7e996229eb28e734f6702b" - "ea2b32149899ac043a4b44468197868da77147ce9f73c0543c4e3fc33e306cac" - "8506faa80a959c5f1edccbee76eda1ad7a4fa440de35dcb87e82ec94e8725355" - "ce7507713a609e140000207304bb73321f01b71dd94622fae98daf634490d220" - "e4c8f3ffa2559911a56e5116" + "080000240022000a00140012001d00170018001901000101010201030104001c" + "00024001000000000b0001b9000001b50001b0308201ac30820115a003020102" + "020102300d06092a864886f70d01010b0500300e310c300a0603550403130372" + "7361301e170d3136303733303031323335395a170d3236303733303031323335" + "395a300e310c300a0603550403130372736130819f300d06092a864886f70d01" + "0101050003818d0030818902818100b4bb498f8279303d980836399b36c6988c" + "0c68de55e1bdb826d3901a2461eafd2de49a91d015abbc9a95137ace6c1af19e", + "aa6af98c7ced43120998e187a80ee0ccb0524b1b018c3e0b63264d449a6d38e2" + "2a5fda430846748030530ef0461c8ca9d9efbfae8ea6d1d03e2bd193eff0ab9a" + "8002c47428a6d35a8d88d79f7f1e3f0203010001a31a301830090603551d1304" + "023000300b0603551d0f0404030205a0300d06092a864886f70d01010b050003" + "81810085aad2a0e5b9276b908c65f73a7267170618a54c5f8a7b337d2df7a594" + "365417f2eae8f8a58c8f8172f9319cf36b7fd6c55b80f21a03015156726096fd" + "335e5e67f2dbf102702e608ccae6bec1fc63a42a99be5c3eb7107c3c54e9b9eb", + "2bd5203b1c3b84e0a8b2f759409ba3eac9d91d402dcc0cc8f8961229ac9187b4" + "2b4de100000f00008408040080754040d0ddab8cf0e2da2bc4995b868ad745c8" + "e1564e33cde17880a42392cc624aeef6b67bb3f0ae71d9d54a2309731d87dc59" + "f642d733be2eb27484ad8a8c8eb3516a7ac57f2625e2b5c0888a8541f4e734f7" + "3d054761df1dd02f0e3e9a33cfa10b6e3eb4ebf7ac053b01fdabbddfc54133bc" + "d24c8bbdceb223b2aa03452a2914000020ac86acbc9cd25a45b57ad5b64db15d" + "4405cf8c80e314583ebf3283ef9a99310c16" }, { - "40ae92071a3a548b26af31e116dfc0ba4549210b17e70da16cfbda9ccdad844d" - "94264a9ae65b786b3eaf0de20aa89c6babb448b6f32d07f233584296eefe1931" - "6bd979659472ee8567cb01d70b0366cddb3c60eb9e1d789a3691dc254c14de73" - "f4f20100504544ce184d44547e124b1f18303b4859f8f2e2b04423d23a866b43" - "866374d54af41649d25f4a3ec2cecd5d4e6de1b24953440b46fbb74c1dbec6fb" - "b1f16bc21d4aa0e1e936a49c07127e19719bc652a2f0b7f8df4a150b2b3c9e9e" - "353d6ed101970ddc611abad0632c6793f9379c9d06846c311fcbd6f85edd569b", - "8782c4c5f62294c4611ae60f83230a53aa95e3bcbed204f19a7a1db83c0fbfec" - "1edd2c17498fa7b5aa2321248a92592d891e4947df6bcef52f4481797d032ad3" - "32046a384abece6454b3e356d7249bfa5696793c7f7d3048dc87fa7409a46918" - "87caaf0982c402b902d699f62dc4d5e153f13e8589e4a6206c7f74eb26ddefbb" - "92309fb753decfea972dec7de02eda9c6d26acd7be53a8aa20f1a93f082ae6eb" - "927a6a1b7bd9153551aedfaf94f61dd4cb9355ad7ab09f615d9f92c21712c732" - "c0e7e117797f38cbdc184e3a65e15a89f46cb3624f5fdb8dbbd275f2c8492f8d", - "95bdbd8d1dc1b9f21107bd433acbbac247239c073a2f24a4a9f8074f325f277d" - "579b6bff0269ff19aed3809a9ddd21dd29c1363c9dc44812dd41d2111f9c2e83" - "42046c14133b853262676f15e94de18660e04ae5c0c661ea43559af5842e161c" - "83dd29f64508b2ec3e635a2134fc0e1a39d3ecb51dcddfcf8382c88ffe2a7378" - "42ad1de7fe505b6c4d1673870f6fc2a0f2f7972acaee368a1599d64ba18798f1" - "0333f9779bd5b05f9b084d03dab2f3d80c2eb74ec70c9866ea31c18b491cd597" - "aae3e941205fcc38a3a10ce8f2e230d97e3406b77ee53d84d89ca548" + "f10b26d8fcaf67b5b828f712122216a1cd14187465b77637cbcd78539128bb93" + "246dcca1af56f1eaa271666077455bc54965d85f05f9bd36d6996171eb536aff" + "613eeddc42bad5a2d2227c4606f1215f980e7afaf56bd3b85a51be130003101a" + "758d077b1c891d8e7a22947e5a229851fd42a9dd422608f868272abf92b3d43f" + "b46ac420259346067f66322fd708885680f4b4433c29116f2dfa529e09bba53c" + "7cd920121724809eaddcc84307ef46fc51a0b33d99d39db337fcd761ce0f2b02" + "dc73dedb6fddb77c4f8099bde93d5bee08bcf2131f29a2a37ff07949e8f8bcdd", + "3e8310b8bf8b3444c85aaf0d2aeb2d4f36fd14d5cb51fcebff418b3827136ab9" + "529e9a3d3f35e4c0ae749ea2dbc94982a1281d3e6daab719aa4460889321a008" + "bf10fa06ac0c61cc122cc90d5e22c0030c986ae84a33a0c47df174bcfbd50bf7" + "8ffdf24051ab423db63d5815db2f830040f30521131c98c66f16c362addce2fb" + "a0602cf0a7dddf22e8def7516cdfee95b4056cc9ad38c95352335421b5b1ffba" + "df75e5212fdad7a75f52a2801486a1eec3539580bee0e4b337cda6085ac9eccd" + "1a0f1a46cebfbb5cdfa3251ac28c3bc826148c6d8c1eb6a06f77f6ff632c6a83", + "e283e8f9df7c6dbabf1c6ea40629a85b43ab0c73d34f9d5072832a104eda3f75" + "f5d83da6e14822a18e14099d749eafd823ca2ac7542086501eca206ce7887920" + "008573757ce2f230a890782b99cc682377beee812756d04f9025135fb599d746" + "fefe7316c922ac265ca0d29021375adb63c1509c3e242dfb92b8dee891f7368c" + "4058399b8db9075f2dcc8216194e503b6652d87d2cb41f99adfdcc5be5ec7e1e" + "6326ac22d70bd3ba652827532d669aff005173597f8039c3ea4922d3ec757670" + "222f6ac29b93e90d7ad3f6dd96328e429cfcfd5cca22707fe2d86ad1dcb0be75" + "6e8e" }, - "d2dd45f87ad87801a85ac38187f9023b", - "f0a14f808692cef87a3daf70", + "c66cb1aec519df44c91e10995511ac8b", + "f7f6884c4981716c2d0d29a4", "0000000000000000" }, { /* Client: Finished */ { - "1400002078367856d3c8cc4e0a95eb98906ca7a48bd3cc7029f48bd4ae0dc91a" - "b903ca8916","","" + "14000020b9027a0204b972b52cdefa58950fa1580d68c9cb124dbe691a7178f2" + "5c554b2316", "", "" }, { - "fa15e92daa21cd05d8f9c3152a61748d9aaf049da559718e583f95aacecad657" - "b52a6562da66864fd14969acc30dc04a78c38283c5","","" + "9539b4ae2f87fd8e616b295628ea953d9e3858db274970d19813ec136cae7d96" + "e0417775fcabd3d8858fdc60240912d218f5afb21c", "", "" }, - "40e1201d75d419627f04c88530a15c9d", - "a0f073f3b35e18f96969696b", + "2679a43e1d76784034ea1797d5ad2649", + "5482405290dd0d2f81c0d942", "0000000000000000" }, { /* Server: NewSessionTicket */ { - "040000a60002a3004abe594b00924e535321cadc96238da09caf9b02fecafdd6" - "5e3e418f03e43772cf512ed8066100503b1c08abbbf298a9d138ce821dd12fe1" - "710e2137cd12e6a85cd3fd7f73706e7f5dddefb87c1ef83824638464099c9d13" - "63e3c64ed2075c16b8ccd8e524a6bbd7a6a6e34ea1579782b15bbe7dfed5c0c0" - "d980fb330f9d8ab252ffe7be1277d418b6828ead4dae3b30d448442417ef76af" - "0008002e00040002000016","","" + "040000c90000001e2fd3992f02000000b2ff099f9676cdff8b0bf8825d000000" + "007905a9d28efeef4a47c6f9b06a0cecdb0070d920b898997c75b79636943ed4" + "2046a96142bd084a04acfa0c490f452d756dea02c0f927259f1f3231ac0d541a" + "769129b740ce38090842b828c27fd729f59737ba98aa7b42e043c5da28f8dca8" + "590b2df410d5134fd6c4cacad8b30370602afa35d265bf4d127976bb36dbda6a" + "626f0270e20eebc73d6fcae2b1a0da122ee9042f76be56ebf41aa469c3d2c9da" + "9197d80008002a00040000040016", "", "" }, { - "45a6626fa13b66ce2c5b3ef807e299a118296f26a2dd9ec7487a0673e2460d4c" - "79f40087dcd014c59c51379c90d26b4e4f9bb2b78f5b6761594f013ff3e4c78d" - "836905229eac811c4ef8b2faa89867e9ffc586f7f03c216591aa5e620eac3c62" - "dfe60f846036bd7ecc4464b584af184e9644e94ee1d7834dba408a51cbe42480" - "04796ed9c558e0f5f96115a6f6ba487e17d16a2e20a3d3a650a9a070fb53d9da" - "82864b5621d77650bd0c7972f592aa8546de09b8e46921fab4d876","","" + "3680c2b2109d25caa26c3b06eea9fdc5cb31613ba702176596da2e886bf6af93" + "507bd68161ad9cb4780653842e1041ecbf0088a65ac4ef438419dd1d95ddd9bd" + "2ad4484e7e167d0e6c008448ae58a0418713b6fc6c51e4bb23a537fb75a74f73" + "de31fe6aa0bc522515f8b25f8955428b5de5ac06762cec22b0aa78c94385ef8e" + "70fa24945b7c1f268510871689bbbbfaf2e7f4a19277024f95f1143ab12a31ec" + "63adb128cb390711fd6d06a498df3e98615d8eb102e23353b480efcca5e8e026" + "7a6d0fe2441f14c8c9664aefb2cfff6ae9e0442728b6a0940c1e824fda06", + "", "" + }, - "3381f6b3f94500f16226de440193e858", - "4f1d73cc1d465eb30021c41f", + "a688ebb5ac826d6f42d45c0cc44b9b7d", + "c1cad4425a438b5de714830a", "0000000000000000" }, { /* Client: Application Data */ { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" - "202122232425262728292a2b2c2d2e2f303117","","" + "202122232425262728292a2b2c2d2e2f303117", "", "" }, { - "e306178ad97f74bb64f35eaf3c39846b83aef8472cbc9046749b81a949dfb12c" - "fbc65cbabd20ade92c1f944605892ceeb12fde5781d40e2ca080fc921b750b8c" - "21bd8d","","" + "8c3497da00ae023e53c01b4324b665404c1b49e78fe2bf4d17f6348ae8340551" + "e363a0cd05f2179c4fef5ad689b5cae0bae94adc63632e571fb79aa91544c639" + "4d28a1", "", "" + }, - "eb23a804904b80ba4fe8399e09b1ce42", - "efa8c50c06b9c9b8c483e174", + "88b96ad686c84be55ace18a59cce5c87", + "b99dc58cd5ff5ab082fdad19", "0000000000000000" }, + + { /* Server: Application Data */ { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" - "202122232425262728292a2b2c2d2e2f303117","","" + "202122232425262728292a2b2c2d2e2f303117", "", "" }, { - "467d99a807dbf778e6ffd8be52456c70665f890811ef2f3c495d5bbe983feeda" - "b0c251dde596bc7e2b135909ec9f9166fb01526c70c7e42b6df52d63b0000222" - "cb2047","","" + "f65f49fd2df6cd2347c3d30166e3cfddb6308a5906c076112c6a37ff1dbd406b" + "5813c0abd734883017a6b2833186b13c14da5d75f33d8760789994e27d82043a" + "b88d65", "", "" }, - "3381f6b3f94500f16226de440193e858", - "4f1d73cc1d465eb30021c41f", + "a688ebb5ac826d6f42d45c0cc44b9b7d", + "c1cad4425a438b5de714830a", "0000000000000001" }, { /* Client: CloseNotify */ { - "010015","","" + "010015", "", "" }, { - "6bdf609107610cff95d70387a67b89e2494f0d","","" + "2c2148163d7938a35f6acf2a6606f8cbd1d9f2", "", "" }, - "eb23a804904b80ba4fe8399e09b1ce42", - "efa8c50c06b9c9b8c483e174", + "88b96ad686c84be55ace18a59cce5c87", + "b99dc58cd5ff5ab082fdad19", "0000000000000001" }, { /* Server: CloseNotify */ { - "010015","","" + "010015", "", "" }, { - "621b7c60d32528b149b36a78c8891a8d2f65ad","","" + "f8141ebdb5eda511e0bce639a56ff9ea825a21", "", "" + }, - "3381f6b3f94500f16226de440193e858", - "4f1d73cc1d465eb30021c41f", + "a688ebb5ac826d6f42d45c0cc44b9b7d", + "c1cad4425a438b5de714830a", "0000000000000002" } }; diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c index 313ab56..724c170 100644 --- a/test/tls13secretstest.c +++ b/test/tls13secretstest.c @@ -26,27 +26,21 @@ #define IVLEN 12 #define KEYLEN 16 -/* The following are self-generated test vectors. This gives us very little - * confidence that we've got the implementation right, but at least tells us - * if we accidentally break something in the future. Until we can get some - * other source of test vectors this is all we've got. - * TODO(TLS1.3): As and when official vectors become available we should use - * those, e.g. see - * https://www.ietf.org/id/draft-thomson-tls-tls13-vectors-00.txt, however at - * the time of writing these are not suitable because they are based on - * draft -16, which works differently to the draft -20 vectors below. +/* + * Based on the test vectors availble in: + * https://tools.ietf.org/html/draft-ietf-tls-tls13-vectors-06 */ static unsigned char hs_start_hash[] = { -0xec, 0x14, 0x7a, 0x06, 0xde, 0xa3, 0xc8, 0x84, 0x6c, 0x02, 0xb2, 0x23, 0x8e, -0x41, 0xbd, 0xdc, 0x9d, 0x89, 0xf9, 0xae, 0xa1, 0x7b, 0x5e, 0xfd, 0x4d, 0x74, -0x82, 0xaf, 0x75, 0x88, 0x1c, 0x0a +0xc6, 0xc9, 0x18, 0xad, 0x2f, 0x41, 0x99, 0xd5, 0x59, 0x8e, 0xaf, 0x01, 0x16, +0xcb, 0x7a, 0x5c, 0x2c, 0x14, 0xcb, 0x54, 0x78, 0x12, 0x18, 0x88, 0x8d, 0xb7, +0x03, 0x0d, 0xd5, 0x0d, 0x5e, 0x6d }; static unsigned char hs_full_hash[] = { -0x75, 0x1a, 0x3d, 0x4a, 0x14, 0xdf, 0xab, 0xeb, 0x68, 0xe9, 0x2c, 0xa5, 0x91, -0x8e, 0x24, 0x08, 0xb9, 0xbc, 0xb0, 0x74, 0x89, 0x82, 0xec, 0x9c, 0x32, 0x30, -0xac, 0x30, 0xbb, 0xeb, 0x23, 0xe2, +0xf8, 0xc1, 0x9e, 0x8c, 0x77, 0xc0, 0x38, 0x79, 0xbb, 0xc8, 0xeb, 0x6d, 0x56, +0xe0, 0x0d, 0xd5, 0xd8, 0x6e, 0xf5, 0x59, 0x27, 0xee, 0xfc, 0x08, 0xe1, 0xb0, +0x02, 0xb6, 0xec, 0xe0, 0x5d, 0xbf }; static unsigned char early_secret[] = { @@ -56,89 +50,89 @@ static unsigned char early_secret[] = { }; static unsigned char ecdhe_secret[] = { -0xe7, 0xb8, 0xfe, 0xf8, 0x90, 0x3b, 0x52, 0x0c, 0xb9, 0xa1, 0x89, 0x71, 0xb6, -0x9d, 0xd4, 0x5d, 0xca, 0x53, 0xce, 0x2f, 0x12, 0xbf, 0x3b, 0xef, 0x93, 0x15, -0xe3, 0x12, 0x71, 0xdf, 0x4b, 0x40 +0x81, 0x51, 0xd1, 0x46, 0x4c, 0x1b, 0x55, 0x53, 0x36, 0x23, 0xb9, 0xc2, 0x24, +0x6a, 0x6a, 0x0e, 0x6e, 0x7e, 0x18, 0x50, 0x63, 0xe1, 0x4a, 0xfd, 0xaf, 0xf0, +0xb6, 0xe1, 0xc6, 0x1a, 0x86, 0x42 }; static unsigned char handshake_secret[] = { -0xf5, 0x51, 0xd0, 0xbd, 0x9e, 0x6a, 0xc0, 0x95, 0x5f, 0x8e, 0xae, 0xb6, 0x28, -0x2e, 0x8d, 0x9e, 0xf3, 0xd4, 0x08, 0x57, 0x81, 0xbc, 0x9d, 0x80, 0x91, 0x8a, -0x81, 0x33, 0x86, 0x58, 0x7f, 0x46 +0x5b, 0x4f, 0x96, 0x5d, 0xf0, 0x3c, 0x68, 0x2c, 0x46, 0xe6, 0xee, 0x86, 0xc3, +0x11, 0x63, 0x66, 0x15, 0xa1, 0xd2, 0xbb, 0xb2, 0x43, 0x45, 0xc2, 0x52, 0x05, +0x95, 0x3c, 0x87, 0x9e, 0x8d, 0x06 }; static const char *client_hts_label = "c hs traffic"; static unsigned char client_hts[] = { -0x61, 0x7b, 0x35, 0x07, 0x6b, 0x9d, 0x0e, 0x08, 0xcf, 0x73, 0x1d, 0x94, 0xa8, -0x66, 0x14, 0x78, 0x41, 0x09, 0xef, 0x25, 0x55, 0x51, 0x92, 0x1d, 0xd4, 0x6e, -0x04, 0x01, 0x35, 0xcf, 0x46, 0xab +0xe2, 0xe2, 0x32, 0x07, 0xbd, 0x93, 0xfb, 0x7f, 0xe4, 0xfc, 0x2e, 0x29, 0x7a, +0xfe, 0xab, 0x16, 0x0e, 0x52, 0x2b, 0x5a, 0xb7, 0x5d, 0x64, 0xa8, 0x6e, 0x75, +0xbc, 0xac, 0x3f, 0x3e, 0x51, 0x03 }; static unsigned char client_hts_key[] = { -0x62, 0xd0, 0xdd, 0x00, 0xf6, 0x96, 0x19, 0xd3, 0xb8, 0x19, 0x3a, 0xb4, 0xa0, -0x95, 0x85, 0xa7 +0x26, 0x79, 0xa4, 0x3e, 0x1d, 0x76, 0x78, 0x40, 0x34, 0xea, 0x17, 0x97, 0xd5, +0xad, 0x26, 0x49 }; static unsigned char client_hts_iv[] = { -0xff, 0xf7, 0x5d, 0xf5, 0xad, 0x35, 0xd5, 0xcb, 0x3c, 0x53, 0xf3, 0xa9 +0x54, 0x82, 0x40, 0x52, 0x90, 0xdd, 0x0d, 0x2f, 0x81, 0xc0, 0xd9, 0x42 }; static const char *server_hts_label = "s hs traffic"; static unsigned char server_hts[] = { -0xfc, 0xf7, 0xdf, 0xe6, 0x4f, 0xa2, 0xc0, 0x4f, 0x62, 0x35, 0x38, 0x7f, 0x43, -0x4e, 0x01, 0x42, 0x23, 0x36, 0xd9, 0xc0, 0x39, 0xde, 0x68, 0x47, 0xa0, 0xb9, -0xdd, 0xcf, 0x29, 0xa8, 0x87, 0x59 +0x3b, 0x7a, 0x83, 0x9c, 0x23, 0x9e, 0xf2, 0xbf, 0x0b, 0x73, 0x05, 0xa0, 0xe0, +0xc4, 0xe5, 0xa8, 0xc6, 0xc6, 0x93, 0x30, 0xa7, 0x53, 0xb3, 0x08, 0xf5, 0xe3, +0xa8, 0x3a, 0xa2, 0xef, 0x69, 0x79 }; static unsigned char server_hts_key[] = { -0x04, 0x67, 0xf3, 0x16, 0xa8, 0x05, 0xb8, 0xc4, 0x97, 0xee, 0x67, 0x04, 0x7b, -0xbc, 0xbc, 0x54 +0xc6, 0x6c, 0xb1, 0xae, 0xc5, 0x19, 0xdf, 0x44, 0xc9, 0x1e, 0x10, 0x99, 0x55, +0x11, 0xac, 0x8b }; static unsigned char server_hts_iv[] = { -0xde, 0x83, 0xa7, 0x3e, 0x9d, 0x81, 0x4b, 0x04, 0xc4, 0x8b, 0x78, 0x09 +0xf7, 0xf6, 0x88, 0x4c, 0x49, 0x81, 0x71, 0x6c, 0x2d, 0x0d, 0x29, 0xa4 }; static unsigned char master_secret[] = { -0x34, 0x83, 0x83, 0x84, 0x67, 0x12, 0xe7, 0xff, 0x24, 0xe8, 0x6e, 0x70, 0x56, -0x95, 0x16, 0x71, 0x43, 0x7f, 0x19, 0xd7, 0x85, 0x06, 0x9d, 0x75, 0x70, 0x49, -0x6e, 0x6c, 0xa4, 0x81, 0xf0, 0xb8 +0x5c, 0x79, 0xd1, 0x69, 0x42, 0x4e, 0x26, 0x2b, 0x56, 0x32, 0x03, 0x62, 0x7b, +0xe4, 0xeb, 0x51, 0x03, 0x3f, 0x58, 0x8c, 0x43, 0xc9, 0xce, 0x03, 0x73, 0x37, +0x2d, 0xbc, 0xbc, 0x01, 0x85, 0xa7 }; static const char *client_ats_label = "c ap traffic"; static unsigned char client_ats[] = { -0xc1, 0x4a, 0x6d, 0x79, 0x76, 0xd8, 0x10, 0x2b, 0x5a, 0x0c, 0x99, 0x51, 0x49, -0x3f, 0xee, 0x87, 0xdc, 0xaf, 0xf8, 0x2c, 0x24, 0xca, 0xb2, 0x14, 0xe8, 0xbe, -0x71, 0xa8, 0x20, 0x6d, 0xbd, 0xa5 +0xe2, 0xf0, 0xdb, 0x6a, 0x82, 0xe8, 0x82, 0x80, 0xfc, 0x26, 0xf7, 0x3c, 0x89, +0x85, 0x4e, 0xe8, 0x61, 0x5e, 0x25, 0xdf, 0x28, 0xb2, 0x20, 0x79, 0x62, 0xfa, +0x78, 0x22, 0x26, 0xb2, 0x36, 0x26 }; static unsigned char client_ats_key[] = { -0xcc, 0x9f, 0x5f, 0x98, 0x0b, 0x5f, 0x10, 0x30, 0x6c, 0xba, 0xd7, 0xbe, 0x98, -0xd7, 0x57, 0x2e +0x88, 0xb9, 0x6a, 0xd6, 0x86, 0xc8, 0x4b, 0xe5, 0x5a, 0xce, 0x18, 0xa5, 0x9c, +0xce, 0x5c, 0x87 }; static unsigned char client_ats_iv[] = { -0xb8, 0x09, 0x29, 0xe8, 0xd0, 0x2c, 0x70, 0xf6, 0x11, 0x62, 0xed, 0x6b +0xb9, 0x9d, 0xc5, 0x8c, 0xd5, 0xff, 0x5a, 0xb0, 0x82, 0xfd, 0xad, 0x19 }; static const char *server_ats_label = "s ap traffic"; static unsigned char server_ats[] = { -0x2c, 0x90, 0x77, 0x38, 0xd3, 0xf8, 0x37, 0x02, 0xd1, 0xe4, 0x59, 0x8f, 0x48, -0x48, 0x53, 0x1d, 0x9f, 0x93, 0x65, 0x49, 0x1b, 0x9f, 0x7f, 0x52, 0xc8, 0x22, -0x29, 0x0d, 0x4c, 0x23, 0x21, 0x92 +0x5b, 0x73, 0xb1, 0x08, 0xd9, 0xac, 0x1b, 0x9b, 0x0c, 0x82, 0x48, 0xca, 0x39, +0x26, 0xec, 0x6e, 0x7b, 0xc4, 0x7e, 0x41, 0x17, 0x06, 0x96, 0x39, 0x87, 0xec, +0x11, 0x43, 0x5d, 0x30, 0x57, 0x19 }; static unsigned char server_ats_key[] = { -0x0c, 0xb2, 0x95, 0x62, 0xd8, 0xd8, 0x8f, 0x48, 0xb0, 0x2c, 0xbf, 0xbe, 0xd7, -0xe6, 0x2b, 0xb3 +0xa6, 0x88, 0xeb, 0xb5, 0xac, 0x82, 0x6d, 0x6f, 0x42, 0xd4, 0x5c, 0x0c, 0xc4, +0x4b, 0x9b, 0x7d }; static unsigned char server_ats_iv[] = { -0x0d, 0xb2, 0x8f, 0x98, 0x85, 0x86, 0xa1, 0xb7, 0xe4, 0xd5, 0xc6, 0x9c +0xc1, 0xca, 0xd4, 0x42, 0x5a, 0x43, 0x8b, 0x5d, 0xe7, 0x14, 0x83, 0x0a }; /* Mocked out implementations of various functions */ From matt at openssl.org Fri Jul 20 10:01:51 2018 From: matt at openssl.org (Matt Caswell) Date: Fri, 20 Jul 2018 10:01:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532080911.492291.10935.nullmailer@dev.openssl.org> The branch master has been updated via d8434cf85691f32a17dcdfed6e81769a001074dd (commit) from d6ce9da49b131cad85da8c94c617febf6c8d9073 (commit) - Log ----------------------------------------------------------------- commit d8434cf85691f32a17dcdfed6e81769a001074dd Author: Matt Caswell Date: Thu Jul 19 16:51:58 2018 +0100 Validate legacy_version The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6747) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.txt | 1 + include/openssl/sslerr.h | 1 + ssl/ssl_err.c | 1 + ssl/statem/statem_lib.c | 12 ++++++++++++ test/recipes/70-test_sslversions.t | 18 +++++++++++++----- 5 files changed, 28 insertions(+), 5 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 3e2bc69..a0dc3c5 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2581,6 +2581,7 @@ SSL_R_BAD_HELLO_REQUEST:105:bad hello request SSL_R_BAD_HRR_VERSION:263:bad hrr version SSL_R_BAD_KEY_SHARE:108:bad key share SSL_R_BAD_KEY_UPDATE:122:bad key update +SSL_R_BAD_LEGACY_VERSION:292:bad legacy version SSL_R_BAD_LENGTH:271:bad length SSL_R_BAD_PACKET:240:bad packet SSL_R_BAD_PACKET_LENGTH:115:bad packet length diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index 9eba6d8..a5b2c55 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -471,6 +471,7 @@ int ERR_load_SSL_strings(void); # define SSL_R_BAD_HRR_VERSION 263 # define SSL_R_BAD_KEY_SHARE 108 # define SSL_R_BAD_KEY_UPDATE 122 +# define SSL_R_BAD_LEGACY_VERSION 292 # define SSL_R_BAD_LENGTH 271 # define SSL_R_BAD_PACKET 240 # define SSL_R_BAD_PACKET_LENGTH 115 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 9ce643a..d3e8056 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -757,6 +757,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"}, diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c index 6262a06..ebb21de 100644 --- a/ssl/statem/statem_lib.c +++ b/ssl/statem/statem_lib.c @@ -1753,6 +1753,18 @@ int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd) return SSL_R_LENGTH_MISMATCH; } + /* + * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION. + * The spec only requires servers to check that it isn't SSLv3: + * "Any endpoint receiving a Hello message with + * ClientHello.legacy_version or ServerHello.legacy_version set to + * 0x0300 MUST abort the handshake with a "protocol_version" alert." + * We are slightly stricter and require that it isn't SSLv3 or lower. + * We tolerate TLSv1 and TLSv1.1. + */ + if (client_version <= SSL3_VERSION) + return SSL_R_BAD_LEGACY_VERSION; + while (PACKET_get_net_2(&versionslist, &candidate_vers)) { /* TODO(TLS1.3): Remove this before release */ if (candidate_vers == TLS1_3_VERSION_DRAFT diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index 5c9ee6c..8ef85af 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -18,7 +18,8 @@ use constant { NO_EXTENSION => 3, EMPTY_EXTENSION => 4, TLS1_1_AND_1_0_ONLY => 5, - WITH_TLS1_4 => 6 + WITH_TLS1_4 => 6, + BAD_LEGACY_VERSION => 7 }; my $testtype; @@ -55,7 +56,7 @@ my $proxy = TLSProxy::Proxy->new( $testtype = EMPTY_EXTENSION; $proxy->filter(\&modify_supported_versions_filter); $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 7; +plan tests => 8; ok(TLSProxy::Message->fail(), "Empty supported versions"); #Test 2: supported_versions extension with no recognised versions should not @@ -111,6 +112,12 @@ ok(TLSProxy::Message->success() && TLSProxy::Proxy->is_tls13(), "TLS1.4 in supported versions extension"); +#Test 8: Set the legacy version to SSLv3 with supported versions. Should fail +$proxy->clear(); +$testtype = BAD_LEGACY_VERSION; +$proxy->start(); +ok(TLSProxy::Message->fail(), "Legacy version is SSLv3 with supported versions"); + sub modify_supported_versions_filter { my $proxy = shift; @@ -165,14 +172,15 @@ sub modify_supported_versions_filter } elsif ($testtype == EMPTY_EXTENSION) { $message->set_extension( TLSProxy::Message::EXT_SUPPORTED_VERSIONS, ""); - } else { + } elsif ($testtype == NO_EXTENSION) { $message->delete_extension( TLSProxy::Message::EXT_SUPPORTED_VERSIONS); + } else { + # BAD_LEGACY_VERSION + $message->client_version(TLSProxy::Record::VERS_SSL_3_0); } $message->repack(); } } } - - From appro at openssl.org Fri Jul 20 11:41:02 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 20 Jul 2018 11:41:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532086862.871299.22814.nullmailer@dev.openssl.org> The branch master has been updated via f20aa69e33a7b418e052cf210374e2267cb93a5c (commit) via f36e9f1183b4c4947d3c71d4c31a541b96c6e3f8 (commit) via 89310b8b0f4dbe207ffd9056109fad9abab6e4d4 (commit) via 756c91b163e7d4b117590e2cb7632fbfd8cd0bda (commit) via d1e19404ceab92084eeab9e9f319009fbd9e1002 (commit) from d8434cf85691f32a17dcdfed6e81769a001074dd (commit) - Log ----------------------------------------------------------------- commit f20aa69e33a7b418e052cf210374e2267cb93a5c Author: Andy Polyakov Date: Thu Jul 19 15:28:34 2018 +0200 crypto/*: address standard-compilance nits. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6745) commit f36e9f1183b4c4947d3c71d4c31a541b96c6e3f8 Author: Andy Polyakov Date: Thu Jul 19 15:27:24 2018 +0200 bio/bss_dgram.c: harmonize usage of OPENSSL_USE_IPV6 with the rest. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6745) commit 89310b8b0f4dbe207ffd9056109fad9abab6e4d4 Author: Andy Polyakov Date: Thu Jul 19 15:16:38 2018 +0200 include/openssl/e_os2.h: define last-resort SSIZE_MAX. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6745) commit 756c91b163e7d4b117590e2cb7632fbfd8cd0bda Author: Andy Polyakov Date: Thu Jul 19 14:45:06 2018 +0200 ec/ec_lcl.h: fix pre-C9x compilation problems. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6745) commit d1e19404ceab92084eeab9e9f319009fbd9e1002 Author: Andy Polyakov Date: Thu Jul 19 12:30:26 2018 +0200 .travis.yml: exercise -std=c89 in order to catch corresponding problems. Reviewed-by: Rich Salz Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6745) ----------------------------------------------------------------------- Summary of changes: .travis.yml | 2 +- crypto/bio/bss_dgram.c | 2 +- crypto/conf/conf_def.c | 6 +++++- crypto/ec/ec_lcl.h | 18 +++++++++--------- crypto/store/loader_file.c | 6 +++++- crypto/ui/ui_openssl.c | 2 +- include/openssl/e_os2.h | 2 ++ 7 files changed, 24 insertions(+), 14 deletions(-) diff --git a/.travis.yml b/.travis.yml index 34ccf80..51fd563 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,7 +27,7 @@ compiler: env: - CONFIG_OPTS="" DESTDIR="_install" - CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2" - - CONFIG_OPTS="no-asm no-makedepend --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes" + - CONFIG_OPTS="no-asm no-makedepend --strict-warnings -std=c89 -D_DEFAULT_SOURCE" BUILDONLY="yes" CHECKDOCS="yes" GENERATE="yes" matrix: include: diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 424109c..d5fe5bb 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -364,7 +364,7 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data) */ ret = 28; break; -# ifdef AF_INET6 +# if OPENSSL_USE_IPV6 case AF_INET6: { # ifdef IN6_IS_ADDR_V4MAPPED diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 7340a91..676540c 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -27,6 +27,10 @@ # endif #endif +#ifndef S_ISDIR +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif + /* * The maximum length we can grow a value to after variable expansion. 64k * should be more than enough for all reasonable uses. @@ -656,7 +660,7 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx, return NULL; } - if ((st.st_mode & S_IFDIR) == S_IFDIR) { + if (S_ISDIR(st.st_mode)) { if (*dirctx != NULL) { CONFerr(CONF_F_PROCESS_INCLUDE, CONF_R_RECURSIVE_DIRECTORY_INCLUDE); diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 8b16971..217392e 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -681,9 +681,9 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r, int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); -static inline int ec_point_ladder_pre(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) +static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (group->meth->ladder_pre != NULL) return group->meth->ladder_pre(group, r, s, p, ctx); @@ -695,9 +695,9 @@ static inline int ec_point_ladder_pre(const EC_GROUP *group, return 1; } -static inline int ec_point_ladder_step(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) +static ossl_inline int ec_point_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (group->meth->ladder_step != NULL) return group->meth->ladder_step(group, r, s, p, ctx); @@ -710,9 +710,9 @@ static inline int ec_point_ladder_step(const EC_GROUP *group, } -static inline int ec_point_ladder_post(const EC_GROUP *group, - EC_POINT *r, EC_POINT *s, - EC_POINT *p, BN_CTX *ctx) +static ossl_inline int ec_point_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) { if (group->meth->ladder_post != NULL) return group->meth->ladder_post(group, r, s, p, ctx); diff --git a/crypto/store/loader_file.c b/crypto/store/loader_file.c index 25ada81..632e451 100644 --- a/crypto/store/loader_file.c +++ b/crypto/store/loader_file.c @@ -35,6 +35,10 @@ # define stat _stat #endif +#ifndef S_ISDIR +# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR) +#endif + /*- * Password prompting * ------------------ @@ -839,7 +843,7 @@ static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader, return NULL; } - if ((st.st_mode & S_IFDIR) == S_IFDIR) { + if (S_ISDIR(st.st_mode)) { /* * Try to copy everything, even if we know that some of them must be * NULL for the moment. This prevents errors in the future, when more diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 9f13c14..45d4820 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -43,7 +43,7 @@ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX * system and have sigaction and termios. */ -# if defined(_POSIX_VERSION) +# if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L # define SIGACTION # if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index be0ee20..eeae215 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -216,6 +216,8 @@ extern "C" { # define OSSL_SSIZE_MAX SSIZE_MAX # elif defined(_POSIX_SSIZE_MAX) # define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX +# else +# define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1)) # endif # endif From kaduk at mit.edu Fri Jul 20 13:35:05 2018 From: kaduk at mit.edu (kaduk at mit.edu) Date: Fri, 20 Jul 2018 13:35:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532093705.790243.6635.nullmailer@dev.openssl.org> The branch master has been updated via c5d1fb78fd0fdbe1f1e61211bd56192a0f95bc91 (commit) via 1c4aa31d79821dee9be98e915159d52cc30d8403 (commit) via 4cc968df403ed9321d0df722aba33323ae575ce0 (commit) from f20aa69e33a7b418e052cf210374e2267cb93a5c (commit) - Log ----------------------------------------------------------------- commit c5d1fb78fd0fdbe1f1e61211bd56192a0f95bc91 Author: Benjamin Kaduk Date: Wed May 30 11:12:22 2018 -0500 Add TODO comment for a nonsensical public API The API used to set what SNI value to send in the ClientHello can also be used on server SSL objects, with undocumented and un-useful behavior. Unfortunately, when generic SSL_METHODs are used, s->server is still set, prior to the start of the handshake, so we cannot prevent this nonsensical usage at the present time. Leave a note to revisit this when ABI-breaking changes are permitted. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6378) commit 1c4aa31d79821dee9be98e915159d52cc30d8403 Author: Benjamin Kaduk Date: Wed May 30 09:49:29 2018 -0500 Normalize SNI hostname handling for SSL and SSL_SESSION In particular, adhere to the rule that we must not modify any property of an SSL_SESSION object once it is (or might be) in a session cache. Such modifications are thread-unsafe and have been observed to cause crashes at runtime. To effect this change, standardize on the property that SSL_SESSION->ext.hostname is set only when that SNI value has been negotiated by both parties for use with that session. For session resumption this is trivially the case, so only new handshakes are affected. On the client, the new semantics are that the SSL->ext.hostname is for storing the value configured by the caller, and this value is used when constructing the ClientHello. On the server, SSL->ext.hostname is used to hold the value received from the client. Only if the SNI negotiation is successful will the hostname be stored into the session object; the server can do this after it sends the ServerHello, and the client after it has received and processed the ServerHello. This obviates the need to remove the hostname from the session object in case of failed negotiation (a change that was introduced in commit 9fb6cb810b769abbd60f11ef6e936a4e4456b19d in order to allow TLS 1.3 early data when SNI was present in the ClientHello but not the session being resumed), which was modifying cached sessions in certain cases. (In TLS 1.3 we always produce a new SSL_SESSION object for new connections, even in the case of resumption, so no TLS 1.3 handshakes were affected.) Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6378) commit 4cc968df403ed9321d0df722aba33323ae575ce0 Author: Benjamin Kaduk Date: Wed May 30 09:28:03 2018 -0500 const-ify some input SSL * arguments These tiny functions only read from the input SSL, and we are about to use them from functions that only have a const SSL* available, so propagate const a bit further. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6378) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_in_init.pod | 6 +++--- include/openssl/ssl.h | 6 +++--- ssl/s3_lib.c | 9 +++++++++ ssl/ssl_lib.c | 10 +++++++++- ssl/ssl_sess.c | 9 --------- ssl/statem/extensions.c | 25 ++++++++++++++++++++++--- ssl/statem/extensions_srvr.c | 19 ++++++++++++------- ssl/statem/statem.c | 6 +++--- 8 files changed, 61 insertions(+), 29 deletions(-) diff --git a/doc/man3/SSL_in_init.pod b/doc/man3/SSL_in_init.pod index 37ebff6..d8467a9 100644 --- a/doc/man3/SSL_in_init.pod +++ b/doc/man3/SSL_in_init.pod @@ -14,9 +14,9 @@ SSL_get_state #include - int SSL_in_init(SSL *s); - int SSL_in_before(SSL *s); - int SSL_is_init_finished(SSL *s); + int SSL_in_init(const SSL *s); + int SSL_in_before(const SSL *s); + int SSL_is_init_finished(const SSL *s); int SSL_in_connect_init(SSL *s); int SSL_in_accept_init(SSL *s); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 2376828..155d651 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1058,9 +1058,9 @@ typedef enum { /* Is the SSL_connection established? */ # define SSL_in_connect_init(a) (SSL_in_init(a) && !SSL_is_server(a)) # define SSL_in_accept_init(a) (SSL_in_init(a) && SSL_is_server(a)) -int SSL_in_init(SSL *s); -int SSL_in_before(SSL *s); -int SSL_is_init_finished(SSL *s); +int SSL_in_init(const SSL *s); +int SSL_in_before(const SSL *s); +int SSL_is_init_finished(const SSL *s); /* * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 354769b..c170eed 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3466,6 +3466,15 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) break; #endif /* !OPENSSL_NO_EC */ case SSL_CTRL_SET_TLSEXT_HOSTNAME: + /* + * TODO(OpenSSL1.2) + * This API is only used for a client to set what SNI it will request + * from the server, but we currently allow it to be used on servers + * as well, which is a programming error. Currently we just clear + * the field in SSL_do_handshake() for server SSLs, but when we can + * make ABI-breaking changes, we may want to make use of this API + * an error on server SSLs. + */ if (larg == TLSEXT_NAMETYPE_host_name) { size_t len; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 38391fd..10a7694 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2612,7 +2612,15 @@ const char *SSL_get_servername(const SSL *s, const int type) if (type != TLSEXT_NAMETYPE_host_name) return NULL; - return s->session && !s->ext.hostname ? + /* + * TODO(OpenSSL1.2) clean up this compat mess. This API is + * currently a mix of "what did I configure" and "what did the + * peer send" and "what was actually negotiated"; we should have + * a clear distinction amongst those three. + */ + if (SSL_in_init(s)) + return s->ext.hostname; + return (s->session != NULL && s->ext.hostname == NULL) ? s->session->ext.hostname : s->ext.hostname; } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 628b9f0..d4a4808 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -421,15 +421,6 @@ int ssl_get_new_session(SSL *s, int session) return 0; } - if (s->ext.hostname) { - ss->ext.hostname = OPENSSL_strdup(s->ext.hostname); - if (ss->ext.hostname == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION, - ERR_R_INTERNAL_ERROR); - SSL_SESSION_free(ss); - return 0; - } - } } else { ss->session_id_length = 0; } diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c index 5309b12..85945ac 100644 --- a/ssl/statem/extensions.c +++ b/ssl/statem/extensions.c @@ -929,9 +929,28 @@ static int final_server_name(SSL *s, unsigned int context, int sent) ret = s->session_ctx->ext.servername_cb(s, &altmp, s->session_ctx->ext.servername_arg); - if (!sent) { - OPENSSL_free(s->session->ext.hostname); - s->session->ext.hostname = NULL; + /* + * For servers, propagate the SNI hostname from the temporary + * storage in the SSL to the persistent SSL_SESSION, now that we + * know we accepted it. + * Clients make this copy when parsing the server's response to + * the extension, which is when they find out that the negotiation + * was successful. + */ + if (s->server) { + if (!sent) { + /* Nothing from the client this handshake; cleanup stale value */ + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; + } else if (ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) { + /* Only store the hostname in the session if we accepted it. */ + OPENSSL_free(s->session->ext.hostname); + s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname); + if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME, + ERR_R_INTERNAL_ERROR); + } + } } /* diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index f5ab5bb..00c0ec9 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -127,7 +127,7 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, return 0; } - if (!s->hit) { + if (!s->hit || SSL_IS_TLS13(s)) { if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) { SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, @@ -142,21 +142,26 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context, return 0; } - OPENSSL_free(s->session->ext.hostname); - s->session->ext.hostname = NULL; - if (!PACKET_strndup(&hostname, &s->session->ext.hostname)) { + /* + * Store the requested SNI in the SSL as temporary storage. + * If we accept it, it will get stored in the SSL_SESSION as well. + */ + OPENSSL_free(s->ext.hostname); + s->ext.hostname = NULL; + if (!PACKET_strndup(&hostname, &s->ext.hostname)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, ERR_R_INTERNAL_ERROR); return 0; } s->servername_done = 1; - } else { + } + if (s->hit) { /* * TODO(openssl-team): if the SNI doesn't match, we MUST * fall back to a full handshake. */ - s->servername_done = s->session->ext.hostname + s->servername_done = (s->session->ext.hostname != NULL) && PACKET_equal(&hostname, s->session->ext.hostname, strlen(s->session->ext.hostname)); @@ -1325,7 +1330,7 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt, size_t chainidx) { if (s->hit || s->servername_done != 1 - || s->session->ext.hostname == NULL) + || s->ext.hostname == NULL) return EXT_RETURN_NOT_SENT; if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name) diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c index cf6472c..7f1017d 100644 --- a/ssl/statem/statem.c +++ b/ssl/statem/statem.c @@ -68,17 +68,17 @@ OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl) return ssl->statem.hand_state; } -int SSL_in_init(SSL *s) +int SSL_in_init(const SSL *s) { return s->statem.in_init; } -int SSL_is_init_finished(SSL *s) +int SSL_is_init_finished(const SSL *s) { return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK); } -int SSL_in_before(SSL *s) +int SSL_in_before(const SSL *s) { /* * Historically being "in before" meant before anything had happened. In the From scan-admin at coverity.com Sun Jul 22 09:00:25 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 22 Jul 2018 09:00:25 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b5447a8b74eb_5f202ab1dd750f58714de@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1FkiBzZCfw6mHg4TrFWxofZJ7NxxhdZb-2BjW8H8H8a3CQ-2B0uOUpMU2Qt2qHgPxIFhJ5fksCGizAZ8da0ohGB7tDhN7ETHNZKd-2FiO92wYzJVslNsPEcBJx5JjM2GjLlvKIZxfZWk9P4-2BUf6-2Fb79yGb2T-2BjZeZJ-2FXwbW4h5JPYTKAHCk319fkjBiOkqBnHaf49RI-3D Build ID: 220458 Analysis Summary: New defects found: 1 Defects eliminated: 1 If you have difficulty understanding any defects, email us at scan-admin at coverity.com, or post your question to StackOverflow at https://u2389337.ct.sendgrid.net/wf/click?upn=OgIsEqWzmIl4S-2FzEUMxLXL-2BukuZt9UUdRZhgmgzAKchwAzH1nH3073xDEXNRgHN6q227lMNIWoOb8ZgSjAjKcg-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I1FkiBzZCfw6mHg4TrFWxofZJ7NxxhdZb-2BjW8H8H8a3CQGp1Cu5URrsL0Ei8JmrW61V12HmmYvjTLSWIW5n7Vg4j-2BlANnMAbNQMdjlvWuCbWSYX1XhPX-2BsgO-2BdylAiAlYgKz6FsKkC3kt8FeHaiL2K7xxEZRZ47-2BVQOsoM660CHdBtoO5oFAblGDkV91HzHrns-3D From levitte at openssl.org Sun Jul 22 09:01:40 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Jul 2018 09:01:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532250100.916999.10897.nullmailer@dev.openssl.org> The branch master has been updated via b709babbca0498cd2b05f543b09f57f4a670298e (commit) from c5d1fb78fd0fdbe1f1e61211bd56192a0f95bc91 (commit) - Log ----------------------------------------------------------------- commit b709babbca0498cd2b05f543b09f57f4a670298e Author: Richard Levitte Date: Thu Jul 12 22:55:03 2018 +0200 PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF As per RFC 7292. Fixes #6665 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6708) ----------------------------------------------------------------------- Summary of changes: crypto/pkcs12/p12_asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index f2bfe32..3ad8664 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -51,7 +51,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ ASN1_ADB(PKCS12_SAFEBAG) = { ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) From levitte at openssl.org Sun Jul 22 09:02:59 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Jul 2018 09:02:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532250179.895184.12460.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 46905cd473db84649b39850c02056883c3da0960 (commit) from 821c3baa002fc874553cfacd65bd7bd6f6e9cb3f (commit) - Log ----------------------------------------------------------------- commit 46905cd473db84649b39850c02056883c3da0960 Author: Richard Levitte Date: Thu Jul 12 22:55:03 2018 +0200 PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF As per RFC 7292. Fixes #6665 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6708) (cherry picked from commit b709babbca0498cd2b05f543b09f57f4a670298e) ----------------------------------------------------------------------- Summary of changes: crypto/pkcs12/p12_asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index f2bfe32..3ad8664 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -51,7 +51,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ ASN1_ADB(PKCS12_SAFEBAG) = { ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) From levitte at openssl.org Sun Jul 22 09:04:11 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Jul 2018 09:04:11 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1532250252.002278.13544.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 7ccc506b56c3f20f08565b5aff268cb2f3bd046d (commit) from 3d5d123d86532391249d7b33ca5da12d0a5599f3 (commit) - Log ----------------------------------------------------------------- commit 7ccc506b56c3f20f08565b5aff268cb2f3bd046d Author: Richard Levitte Date: Thu Jul 12 22:55:03 2018 +0200 PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF As per RFC 7292. Fixes #6665 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6708) (cherry picked from commit b709babbca0498cd2b05f543b09f57f4a670298e) ----------------------------------------------------------------------- Summary of changes: crypto/pkcs12/p12_asn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 370ddbd..19fd592 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -100,7 +100,7 @@ ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ ASN1_ADB(PKCS12_SAFEBAG) = { ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), + ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) From scan-admin at coverity.com Sun Jul 22 09:04:52 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 22 Jul 2018 09:04:52 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b5448b359b54_62bf2ab1dd750f58714d6@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I26INVn0dqw6E2tgXs7UZvFlkZ4omyFCV0d-2FJeqrpPfvGAFXTQPpEjmAaUqCAGbPwU-2F6wCh0BjaMHbzkJFquiXbsVuVcmFfNs6tcsYBrjtFts3ErRemISd1xlX9kx84b0mVLI5sqpfOXBNzLCDKevXXXNeh3WB5F-2BG6a8NstMjVrbDsJh80c6woGUiBe3xsTLk-3D Build ID: 220461 Analysis Summary: New defects found: 0 Defects eliminated: 0 From levitte at openssl.org Sun Jul 22 09:06:55 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Jul 2018 09:06:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532250415.869207.14607.nullmailer@dev.openssl.org> The branch master has been updated via ddbe700e93e34694519d303e1b4e4525184c9dad (commit) from b709babbca0498cd2b05f543b09f57f4a670298e (commit) - Log ----------------------------------------------------------------- commit ddbe700e93e34694519d303e1b4e4525184c9dad Author: Richard Levitte Date: Sun Jul 22 10:56:25 2018 +0200 Configure: Display error/warning on deprecated/unsupported options after loop Fixes #6755 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6759) ----------------------------------------------------------------------- Summary of changes: Configure | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Configure b/Configure index 1b4e1d2..de226f1 100755 --- a/Configure +++ b/Configure @@ -888,21 +888,21 @@ while (@argvcopy) else { $config{options} .= " ".$_; } } + } - if (defined($config{api}) && !exists $apitable->{$config{api}}) { - die "***** Unsupported api compatibility level: $config{api}\n", - } +if (defined($config{api}) && !exists $apitable->{$config{api}}) { + die "***** Unsupported api compatibility level: $config{api}\n", +} - if (keys %deprecated_options) - { - warn "***** Deprecated options: ", - join(", ", keys %deprecated_options), "\n"; - } - if (keys %unsupported_options) - { - die "***** Unsupported options: ", - join(", ", keys %unsupported_options), "\n"; - } +if (keys %deprecated_options) + { + warn "***** Deprecated options: ", + join(", ", keys %deprecated_options), "\n"; + } +if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; } # If any %useradd entry has been set, we must check that the "make From levitte at openssl.org Sun Jul 22 09:07:46 2018 From: levitte at openssl.org (Richard Levitte) Date: Sun, 22 Jul 2018 09:07:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532250466.373647.15480.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via a0d893f9b403e2e435b39b4adf14ebffadd4ea89 (commit) from 46905cd473db84649b39850c02056883c3da0960 (commit) - Log ----------------------------------------------------------------- commit a0d893f9b403e2e435b39b4adf14ebffadd4ea89 Author: Richard Levitte Date: Sun Jul 22 10:56:25 2018 +0200 Configure: Display error/warning on deprecated/unsupported options after loop Fixes #6755 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6759) (cherry picked from commit ddbe700e93e34694519d303e1b4e4525184c9dad) ----------------------------------------------------------------------- Summary of changes: Configure | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/Configure b/Configure index 7f073b6..f819cab 100755 --- a/Configure +++ b/Configure @@ -756,21 +756,21 @@ while (@argvcopy) else { $config{options} .= " ".$_; } } + } - if (defined($config{api}) && !exists $apitable->{$config{api}}) { - die "***** Unsupported api compatibility level: $config{api}\n", - } +if (defined($config{api}) && !exists $apitable->{$config{api}}) { + die "***** Unsupported api compatibility level: $config{api}\n", +} - if (keys %deprecated_options) - { - warn "***** Deprecated options: ", - join(", ", keys %deprecated_options), "\n"; - } - if (keys %unsupported_options) - { - die "***** Unsupported options: ", - join(", ", keys %unsupported_options), "\n"; - } +if (keys %deprecated_options) + { + warn "***** Deprecated options: ", + join(", ", keys %deprecated_options), "\n"; + } +if (keys %unsupported_options) + { + die "***** Unsupported options: ", + join(", ", keys %unsupported_options), "\n"; } if ($libs =~ /(^|\s)-Wl,-rpath,/ From appro at openssl.org Sun Jul 22 13:15:08 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Jul 2018 13:15:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532265308.544078.6074.nullmailer@dev.openssl.org> The branch master has been updated via 708c28f2f0598af6bccbeb60fb46086784aed7da (commit) from ddbe700e93e34694519d303e1b4e4525184c9dad (commit) - Log ----------------------------------------------------------------- commit 708c28f2f0598af6bccbeb60fb46086784aed7da Author: Andy Polyakov Date: Sat Jul 21 13:50:14 2018 +0200 apps/dsaparam.c: fix -C output. Reviewed-by: Matthias St. Pierre Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6758) ----------------------------------------------------------------------- Summary of changes: apps/dsaparam.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 8e33ffd..ca072bb 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -180,24 +180,27 @@ int dsaparam_main(int argc, char **argv) data = app_malloc(len + 20, "BN space"); BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); - print_bignum_var(bio_out, p, "dsap", len, data); - print_bignum_var(bio_out, q, "dsaq", len, data); - print_bignum_var(bio_out, g, "dsag", len, data); + print_bignum_var(bio_out, p, "dsap", bits_p, data); + print_bignum_var(bio_out, q, "dsaq", bits_p, data); + print_bignum_var(bio_out, g, "dsag", bits_p, data); BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" + " BIGNUM *p, *q, *g;\n" "\n"); BIO_printf(bio_out, " if (dsa == NULL)\n" " return NULL;\n"); - BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n" - " DSA_free(dsa);\n" + BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n", + bits_p, bits_p); + BIO_printf(bio_out, " DSA_free(dsa);\n" + " BN_free(p);\n" + " BN_free(q);\n" + " BN_free(g);\n" " return NULL;\n" " }\n" - " return(dsa);\n}\n"); + " return dsa;\n}\n"); OPENSSL_free(data); } From appro at openssl.org Sun Jul 22 13:16:15 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Jul 2018 13:16:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532265375.723916.6957.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1ef7cb279ccb69f5c3adde8aa961b72c05094237 (commit) from a0d893f9b403e2e435b39b4adf14ebffadd4ea89 (commit) - Log ----------------------------------------------------------------- commit 1ef7cb279ccb69f5c3adde8aa961b72c05094237 Author: Andy Polyakov Date: Sat Jul 21 13:50:14 2018 +0200 apps/dsaparam.c: fix -C output. Reviewed-by: Matthias St. Pierre Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6758) (cherry picked from commit 708c28f2f0598af6bccbeb60fb46086784aed7da) ----------------------------------------------------------------------- Summary of changes: apps/dsaparam.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 5c3c8f8..46e3abc 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -227,24 +227,27 @@ int dsaparam_main(int argc, char **argv) data = app_malloc(len + 20, "BN space"); BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); - print_bignum_var(bio_out, p, "dsap", len, data); - print_bignum_var(bio_out, q, "dsaq", len, data); - print_bignum_var(bio_out, g, "dsag", len, data); + print_bignum_var(bio_out, p, "dsap", bits_p, data); + print_bignum_var(bio_out, q, "dsaq", bits_p, data); + print_bignum_var(bio_out, g, "dsag", bits_p, data); BIO_printf(bio_out, " DSA *dsa = DSA_new();\n" + " BIGNUM *p, *q, *g;\n" "\n"); BIO_printf(bio_out, " if (dsa == NULL)\n" " return NULL;\n"); - BIO_printf(bio_out, " dsa->p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " dsa->g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL);\n", - bits_p, bits_p); - BIO_printf(bio_out, " if (!dsa->p || !dsa->q || !dsa->g) {\n" - " DSA_free(dsa);\n" + BIO_printf(bio_out, " if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n", + bits_p, bits_p); + BIO_printf(bio_out, " g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n", + bits_p, bits_p); + BIO_printf(bio_out, " DSA_free(dsa);\n" + " BN_free(p);\n" + " BN_free(q);\n" + " BN_free(g);\n" " return NULL;\n" " }\n" - " return(dsa);\n}\n"); + " return dsa;\n}\n"); OPENSSL_free(data); } From appro at openssl.org Sun Jul 22 13:22:36 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Jul 2018 13:22:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532265756.143490.8160.nullmailer@dev.openssl.org> The branch master has been updated via 8fc4aeb9521270ac74b29ce7f569939b0b39e685 (commit) via 87a75b3e5c04a1696208c279f32d1114b862cfed (commit) via f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1 (commit) from 708c28f2f0598af6bccbeb60fb46086784aed7da (commit) - Log ----------------------------------------------------------------- commit 8fc4aeb9521270ac74b29ce7f569939b0b39e685 Author: Andy Polyakov Date: Wed Jul 18 15:22:07 2018 +0200 ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine. ecp_nistz256_set_from_affine is called when application attempts to use custom generator, i.e. rarely. Even though it was wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6738) commit 87a75b3e5c04a1696208c279f32d1114b862cfed Author: Andy Polyakov Date: Wed Jul 18 15:14:44 2018 +0200 ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function. The ecp_nistz256_scatter_w7 function is called when application attempts to use custom generator, i.e. rarely. Even though non-x86_64 versions were wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6738) commit f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1 Author: Andy Polyakov Date: Wed Jul 18 15:13:27 2018 +0200 bn/bn_intern.c: const-ify bn_set_{static}_words. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6738) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_intern.c | 10 +++++++--- crypto/ec/asm/ecp_nistz256-armv4.pl | 8 ++++---- crypto/ec/asm/ecp_nistz256-armv8.pl | 16 ++++++++-------- crypto/ec/asm/ecp_nistz256-ppc64.pl | 16 ++++++++-------- crypto/ec/asm/ecp_nistz256-sparcv9.pl | 8 ++++---- crypto/ec/asm/ecp_nistz256-x86.pl | 2 +- crypto/ec/ecp_nistz256.c | 28 ++++++---------------------- crypto/include/internal/bn_int.h | 4 ++-- 8 files changed, 40 insertions(+), 52 deletions(-) diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 2524eb2..faebdc8 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -172,16 +172,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a) return a->d; } -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size) { - a->d = words; + /* + * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA + * flag, which effectively means "read-only data". + */ + a->d = (BN_ULONG *)words; a->dmax = a->top = size; a->neg = 0; a->flags |= BN_FLG_STATIC_DATA; bn_correct_top(a); } -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words) { if (bn_wexpand(a, num_words) == NULL) { BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index 84dcb6e..83abbdd 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -894,13 +894,13 @@ ecp_nistz256_scatter_w7: .Loop_scatter_w7: ldr $mask,[$inp],#4 subs $index,$index,#1 - strb $mask,[$out,#64*0-1] + strb $mask,[$out,#64*0] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*1-1] + strb $mask,[$out,#64*1] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*2-1] + strb $mask,[$out,#64*2] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*3-1] + strb $mask,[$out,#64*3] add $out,$out,#64*4 bne .Loop_scatter_w7 diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index 2705d7c..1361cb3 100644 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1776,21 +1776,21 @@ ecp_nistz256_scatter_w7: prfm pstl1strm,[$out,#4096+64*5] prfm pstl1strm,[$out,#4096+64*6] prfm pstl1strm,[$out,#4096+64*7] - strb w3,[$out,#64*0-1] + strb w3,[$out,#64*0] lsr x3,x3,#8 - strb w3,[$out,#64*1-1] + strb w3,[$out,#64*1] lsr x3,x3,#8 - strb w3,[$out,#64*2-1] + strb w3,[$out,#64*2] lsr x3,x3,#8 - strb w3,[$out,#64*3-1] + strb w3,[$out,#64*3] lsr x3,x3,#8 - strb w3,[$out,#64*4-1] + strb w3,[$out,#64*4] lsr x3,x3,#8 - strb w3,[$out,#64*5-1] + strb w3,[$out,#64*5] lsr x3,x3,#8 - strb w3,[$out,#64*6-1] + strb w3,[$out,#64*6] lsr x3,x3,#8 - strb w3,[$out,#64*7-1] + strb w3,[$out,#64*7] add $out,$out,#64*8 b.ne .Loop_scatter_w7 diff --git a/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/ec/asm/ecp_nistz256-ppc64.pl index 0c3c186..116792f 100755 --- a/crypto/ec/asm/ecp_nistz256-ppc64.pl +++ b/crypto/ec/asm/ecp_nistz256-ppc64.pl @@ -2297,21 +2297,21 @@ ecp_nistz256_scatter_w7: .Loop_scatter_w7: ldu r0,8($inp) - stb r0,64*0-1($out) + stb r0,64*0($out) srdi r0,r0,8 - stb r0,64*1-1($out) + stb r0,64*1($out) srdi r0,r0,8 - stb r0,64*2-1($out) + stb r0,64*2($out) srdi r0,r0,8 - stb r0,64*3-1($out) + stb r0,64*3($out) srdi r0,r0,8 - stb r0,64*4-1($out) + stb r0,64*4($out) srdi r0,r0,8 - stb r0,64*5-1($out) + stb r0,64*5($out) srdi r0,r0,8 - stb r0,64*6-1($out) + stb r0,64*6($out) srdi r0,r0,8 - stb r0,64*7-1($out) + stb r0,64*7($out) addi $out,$out,64*8 bdnz .Loop_scatter_w7 diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 9af1fae..59df0f7 100755 --- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1531,13 +1531,13 @@ ecp_nistz256_scatter_w7: ld [$inp],%l0 add $inp,4,$inp subcc $index,1,$index - stb %l0,[$out+64*0-1] + stb %l0,[$out+64*0] srl %l0,8,%l1 - stb %l1,[$out+64*1-1] + stb %l1,[$out+64*1] srl %l0,16,%l2 - stb %l2,[$out+64*2-1] + stb %l2,[$out+64*2] srl %l0,24,%l3 - stb %l3,[$out+64*3-1] + stb %l3,[$out+64*3] bne .Loop_scatter_w7 add $out,64*4,$out diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl index a89a9f9..8fdd76b 100755 --- a/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1179,7 +1179,7 @@ for ($i=0;$i<7;$i++) { &mov ("esi",&wparam(1)); &mov ("ebp",&wparam(2)); - &lea ("edi",&DWP(-1,"edi","ebp")); + &lea ("edi",&DWP(0,"edi","ebp")); &mov ("ebp",64/4); &set_label("scatter_w7_loop"); &mov ("eax",&DWP(0,"esi")); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 4b5fc62..54c9ed2 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1104,28 +1104,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr const P256_POINT_AFFINE *in, BN_CTX *ctx) { - BIGNUM *x, *y; - BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; int ret = 0; - x = BN_new(); - if (x == NULL) - return 0; - y = BN_new(); - if (y == NULL) { - BN_free(x); - return 0; - } - memcpy(d_x, in->X, sizeof(d_x)); - bn_set_static_words(x, d_x, P256_LIMBS); - - memcpy(d_y, in->Y, sizeof(d_y)); - bn_set_static_words(y, d_y, P256_LIMBS); - - ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); - - BN_free(x); - BN_free(y); + if ((ret = bn_set_words(out->X, in->X, P256_LIMBS)) + && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS)) + && (ret = bn_set_words(out->Z, ONE, P256_LIMBS))) + out->Z_is_one = 1; return ret; } @@ -1181,9 +1165,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, if (pre_comp_generator == NULL) goto err; + ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1); if (!ecp_nistz256_set_from_affine(pre_comp_generator, - group, pre_comp->precomp[0], - ctx)) { + group, &p.a, ctx)) { EC_POINT_free(pre_comp_generator); goto err; } diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index f7d37d5..f592912 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -47,7 +47,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a); * Set the internal data words in a to point to words which contains size * elements. The BN_FLG_STATIC_DATA flag is set */ -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); /* * Copy words into the BIGNUM |a|, reallocating space as necessary. @@ -58,7 +58,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); * |num_words| is int because bn_expand2 takes an int. This is an internal * function so we simply trust callers not to pass negative values. */ -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); /* * Some BIGNUM functions assume most significant limb to be non-zero, which From appro at openssl.org Sun Jul 22 13:25:10 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 22 Jul 2018 13:25:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532265910.497710.9189.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via eff1c8a2d8c625b36e6ed33bd49ac09f37f1bf22 (commit) via 5c2bac9289e97b47dc1fd1603efe09d3e10ce9cb (commit) via 08a1d30e6051afc78780f92e80b9809ba1bdaac3 (commit) from 1ef7cb279ccb69f5c3adde8aa961b72c05094237 (commit) - Log ----------------------------------------------------------------- commit eff1c8a2d8c625b36e6ed33bd49ac09f37f1bf22 Author: Andy Polyakov Date: Wed Jul 18 15:22:07 2018 +0200 ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine. ecp_nistz256_set_from_affine is called when application attempts to use custom generator, i.e. rarely. Even though it was wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6738) (cherry picked from commit 8fc4aeb9521270ac74b29ce7f569939b0b39e685) commit 5c2bac9289e97b47dc1fd1603efe09d3e10ce9cb Author: Andy Polyakov Date: Wed Jul 18 15:14:44 2018 +0200 ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function. The ecp_nistz256_scatter_w7 function is called when application attempts to use custom generator, i.e. rarely. Even though non-x86_64 versions were wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6738) (cherry picked from commit 87a75b3e5c04a1696208c279f32d1114b862cfed) commit 08a1d30e6051afc78780f92e80b9809ba1bdaac3 Author: Andy Polyakov Date: Wed Jul 18 15:13:27 2018 +0200 bn/bn_intern.c: const-ify bn_set_{static}_words. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6738) (cherry picked from commit f40e0a342cbca8bb71d0fe3f19e1b4bfd853aff1) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_intern.c | 10 +++++++--- crypto/ec/asm/ecp_nistz256-armv4.pl | 8 ++++---- crypto/ec/asm/ecp_nistz256-armv8.pl | 16 ++++++++-------- crypto/ec/asm/ecp_nistz256-sparcv9.pl | 8 ++++---- crypto/ec/asm/ecp_nistz256-x86.pl | 2 +- crypto/ec/ecp_nistz256.c | 28 ++++++---------------------- crypto/include/internal/bn_int.h | 4 ++-- 7 files changed, 32 insertions(+), 44 deletions(-) diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 2c97064..92f1cb7 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -177,16 +177,20 @@ BN_ULONG *bn_get_words(const BIGNUM *a) return a->d; } -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size) +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size) { - a->d = words; + /* + * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA + * flag, which effectively means "read-only data". + */ + a->d = (BN_ULONG *)words; a->dmax = a->top = size; a->neg = 0; a->flags |= BN_FLG_STATIC_DATA; bn_correct_top(a); } -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words) +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words) { if (bn_wexpand(a, num_words) == NULL) { BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE); diff --git a/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/ec/asm/ecp_nistz256-armv4.pl index 39d4cb9..4b58135 100755 --- a/crypto/ec/asm/ecp_nistz256-armv4.pl +++ b/crypto/ec/asm/ecp_nistz256-armv4.pl @@ -894,13 +894,13 @@ ecp_nistz256_scatter_w7: .Loop_scatter_w7: ldr $mask,[$inp],#4 subs $index,$index,#1 - strb $mask,[$out,#64*0-1] + strb $mask,[$out,#64*0] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*1-1] + strb $mask,[$out,#64*1] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*2-1] + strb $mask,[$out,#64*2] mov $mask,$mask,lsr#8 - strb $mask,[$out,#64*3-1] + strb $mask,[$out,#64*3] add $out,$out,#64*4 bne .Loop_scatter_w7 diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index cdc9161..a726cc3 100644 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -1477,21 +1477,21 @@ ecp_nistz256_scatter_w7: prfm pstl1strm,[$out,#4096+64*5] prfm pstl1strm,[$out,#4096+64*6] prfm pstl1strm,[$out,#4096+64*7] - strb w3,[$out,#64*0-1] + strb w3,[$out,#64*0] lsr x3,x3,#8 - strb w3,[$out,#64*1-1] + strb w3,[$out,#64*1] lsr x3,x3,#8 - strb w3,[$out,#64*2-1] + strb w3,[$out,#64*2] lsr x3,x3,#8 - strb w3,[$out,#64*3-1] + strb w3,[$out,#64*3] lsr x3,x3,#8 - strb w3,[$out,#64*4-1] + strb w3,[$out,#64*4] lsr x3,x3,#8 - strb w3,[$out,#64*5-1] + strb w3,[$out,#64*5] lsr x3,x3,#8 - strb w3,[$out,#64*6-1] + strb w3,[$out,#64*6] lsr x3,x3,#8 - strb w3,[$out,#64*7-1] + strb w3,[$out,#64*7] add $out,$out,#64*8 b.ne .Loop_scatter_w7 diff --git a/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/ec/asm/ecp_nistz256-sparcv9.pl index 97201cb..8bad859 100755 --- a/crypto/ec/asm/ecp_nistz256-sparcv9.pl +++ b/crypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -1531,13 +1531,13 @@ ecp_nistz256_scatter_w7: ld [$inp],%l0 add $inp,4,$inp subcc $index,1,$index - stb %l0,[$out+64*0-1] + stb %l0,[$out+64*0] srl %l0,8,%l1 - stb %l1,[$out+64*1-1] + stb %l1,[$out+64*1] srl %l0,16,%l2 - stb %l2,[$out+64*2-1] + stb %l2,[$out+64*2] srl %l0,24,%l3 - stb %l3,[$out+64*3-1] + stb %l3,[$out+64*3] bne .Loop_scatter_w7 add $out,64*4,$out diff --git a/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/ec/asm/ecp_nistz256-x86.pl index 1d9e006..4fa27fc 100755 --- a/crypto/ec/asm/ecp_nistz256-x86.pl +++ b/crypto/ec/asm/ecp_nistz256-x86.pl @@ -1179,7 +1179,7 @@ for ($i=0;$i<7;$i++) { &mov ("esi",&wparam(1)); &mov ("ebp",&wparam(2)); - &lea ("edi",&DWP(-1,"edi","ebp")); + &lea ("edi",&DWP(0,"edi","ebp")); &mov ("ebp",64/4); &set_label("scatter_w7_loop"); &mov ("eax",&DWP(0,"esi")); diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 153f390..0dbcfc2 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1110,28 +1110,12 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr const P256_POINT_AFFINE *in, BN_CTX *ctx) { - BIGNUM *x, *y; - BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; int ret = 0; - x = BN_new(); - if (x == NULL) - return 0; - y = BN_new(); - if (y == NULL) { - BN_free(x); - return 0; - } - memcpy(d_x, in->X, sizeof(d_x)); - bn_set_static_words(x, d_x, P256_LIMBS); - - memcpy(d_y, in->Y, sizeof(d_y)); - bn_set_static_words(y, d_y, P256_LIMBS); - - ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); - - BN_free(x); - BN_free(y); + if ((ret = bn_set_words(out->X, in->X, P256_LIMBS)) + && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS)) + && (ret = bn_set_words(out->Z, ONE, P256_LIMBS))) + out->Z_is_one = 1; return ret; } @@ -1210,9 +1194,9 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, if (pre_comp_generator == NULL) goto err; + ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1); if (!ecp_nistz256_set_from_affine(pre_comp_generator, - group, pre_comp->precomp[0], - ctx)) { + group, &p.a, ctx)) { EC_POINT_free(pre_comp_generator); goto err; } diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index 9c984ba..4e0c9a4 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -53,7 +53,7 @@ BN_ULONG *bn_get_words(const BIGNUM *a); * Set the internal data words in a to point to words which contains size * elements. The BN_FLG_STATIC_DATA flag is set */ -void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); +void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size); /* * Copy words into the BIGNUM |a|, reallocating space as necessary. @@ -64,7 +64,7 @@ void bn_set_static_words(BIGNUM *a, BN_ULONG *words, int size); * |num_words| is int because bn_expand2 takes an int. This is an internal * function so we simply trust callers not to pass negative values. */ -int bn_set_words(BIGNUM *a, BN_ULONG *words, int num_words); +int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words); size_t bn_sizeof_BIGNUM(void); From openssl at openssl.org Mon Jul 23 05:06:54 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 23 Jul 2018 05:06:54 +0000 Subject: [openssl-commits] FAILED build of OpenSSL branch master with options -d --strict-warnings no-md5 Message-ID: <1532322414.104918.18273.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-md5 Commit log since last time: 8fc4aeb ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine. 87a75b3 ec/asm/ecp_nistz256-{!x86_64}.pl: fix scatter_w7 function. f40e0a3 bn/bn_intern.c: const-ify bn_set_{static}_words. 708c28f apps/dsaparam.c: fix -C output. ddbe700 Configure: Display error/warning on deprecated/unsupported options after loop b709bab PKCS12: change safeContentsBag from a SET OF to a SEQUENCE OF c5d1fb7 Add TODO comment for a nonsensical public API 1c4aa31 Normalize SNI hostname handling for SSL and SSL_SESSION 4cc968d const-ify some input SSL * arguments f20aa69 crypto/*: address standard-compilance nits. f36e9f1 bio/bss_dgram.c: harmonize usage of OPENSSL_USE_IPV6 with the rest. 89310b8 include/openssl/e_os2.h: define last-resort SSIZE_MAX. 756c91b ec/ec_lcl.h: fix pre-C9x compilation problems. d1e1940 .travis.yml: exercise -std=c89 in order to catch corresponding problems. d8434cf Validate legacy_version d6ce9da Update the TLSv1.3 test vectors Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-md5 Operating system: x86_64-whatever-linux2 ***** Unsupported options: no-md5 $ make clean make: *** No rule to make target 'clean'. Stop. From matt at openssl.org Mon Jul 23 08:37:16 2018 From: matt at openssl.org (Matt Caswell) Date: Mon, 23 Jul 2018 08:37:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532335036.757865.11547.nullmailer@dev.openssl.org> The branch master has been updated via b5cd751c695602cba4fbe67e590fc8112bf5d8fa (commit) from 8fc4aeb9521270ac74b29ce7f569939b0b39e685 (commit) - Log ----------------------------------------------------------------- commit b5cd751c695602cba4fbe67e590fc8112bf5d8fa Author: Matt Caswell Date: Wed Jul 18 15:22:06 2018 +0100 Add a note about aborts encountered while sending early_data In some circumstances it is possible for a client to have a session reporting a max early data value that is greater than the server will support. In such cases the client could encounter an aborted connection. Fixes #6735 Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6740) ----------------------------------------------------------------------- Summary of changes: doc/man3/SSL_read_early_data.pod | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod index 27c127d..9769aa7 100644 --- a/doc/man3/SSL_read_early_data.pod +++ b/doc/man3/SSL_read_early_data.pod @@ -267,6 +267,19 @@ Nagle's algorithm. If an application opts to disable Nagle's algorithm consideration should be given to turning it back on again after the handshake is complete if appropriate. +In rare circumstances, it may be possible for a client to have a session that +reports a max early data value greater than 0, but where the server does not +support this. For example, this can occur if a server has had its configuration +changed to accept a lower max early data value such as by calling +SSL_CTX_set_recv_max_early_data(). Another example is if a server used to +support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such +a server will cause the connection to abort. Clients that encounter an aborted +connection while sending early data may want to retry the connection without +sending early data as this does not happen automatically. A client will have to +establish a new transport layer connection to the server and attempt the SSL/TLS +connection again but without sending early data. Note that it is inadvisable to +retry with a lower maximum protocol version. + =head1 REPLAY PROTECTION When early data is in use the TLS protocol provides no security guarantees that From levitte at openssl.org Mon Jul 23 16:33:55 2018 From: levitte at openssl.org (Richard Levitte) Date: Mon, 23 Jul 2018 16:33:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532363635.754899.31710.nullmailer@dev.openssl.org> The branch master has been updated via d8356e1b0f3635f6bd71814272c1d067fc9381bb (commit) from b5cd751c695602cba4fbe67e590fc8112bf5d8fa (commit) - Log ----------------------------------------------------------------- commit d8356e1b0f3635f6bd71814272c1d067fc9381bb Author: Richard Levitte Date: Mon Jul 23 13:25:45 2018 +0200 Make sure the 'tsget' script is called 'tsget.pl' everywhere The result is that we don't have to produce different names on different platforms, and we won't have confusion on Windows depending on if the script was built with mingw or with MSVC. Partial fix for #3254 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6764) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++++ Configurations/unix-Makefile.tmpl | 21 +++++++++++++++++---- apps/build.info | 7 +++---- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/CHANGES b/CHANGES index ae59f92..3cf312a 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,12 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when + moving between systems, and to avoid confusion when a Windows build is + done with mingw vs with MSVC. For POSIX installs, there's still a + symlink or copy named 'tsget' to avoid that confusion as well. + [Richard Levitte] + *) Revert blinding in ECDSA sign and instead make problematic addition length-invariant. Switch even to fixed-length Montgomery multiplication. [Andy Polyakov] diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl index 2423ad2..c492740 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -121,7 +121,7 @@ INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines} INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -} {- output_off() if $disabled{apps}; "" -} BIN_SCRIPTS=$(BLDDIR)/tools/c_rehash -MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget +MISC_SCRIPTS=$(BLDDIR)/apps/CA.pl $(BLDDIR)/apps/tsget.pl:tsget {- output_on() if $disabled{apps}; "" -} APPS_OPENSSL={- use File::Spec::Functions; @@ -452,12 +452,25 @@ install_ssldirs: @$(PERL) $(SRCDIR)/util/mkdir-p.pl $(DESTDIR)$(OPENSSLDIR)/misc @set -e; for x in dummy $(MISC_SCRIPTS); do \ if [ "$$x" = "dummy" ]; then continue; fi; \ - fn=`basename $$x`; \ - $(ECHO) "install $$x -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ - cp $$x $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ + x1=`echo "$$x" | cut -f1 -d:`; \ + x2=`echo "$$x" | cut -f2 -d:`; \ + fn=`basename $$x1`; \ + $(ECHO) "install $$x1 -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + cp $$x1 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ chmod 755 $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new; \ mv -f $(DESTDIR)$(OPENSSLDIR)/misc/$$fn.new \ $(DESTDIR)$(OPENSSLDIR)/misc/$$fn; \ + if [ "$$x1" != "$$x2" ]; then \ + ln=`basename "$$x2"`; \ + : {- output_off() unless windowsdll(); "" -}; \ + $(ECHO) "copy $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + cp $(DESTDIR)$(OPENSSLDIR)/misc/$$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + : {- output_on() unless windowsdll(); + output_off() if windowsdll(); "" -}; \ + $(ECHO) "link $(DESTDIR)$(OPENSSLDIR)/misc/$$ln -> $(DESTDIR)$(OPENSSLDIR)/misc/$$fn"; \ + ln -sf $$fn $(DESTDIR)$(OPENSSLDIR)/misc/$$ln; \ + : {- output_on() if windowsdll(); "" -}; \ + fi; \ done @$(ECHO) "install $(SRCDIR)/apps/openssl.cnf -> $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.dist" @cp $(SRCDIR)/apps/openssl.cnf $(DESTDIR)$(OPENSSLDIR)/openssl.cnf.new diff --git a/apps/build.info b/apps/build.info index 4a11a18..751d8da 100644 --- a/apps/build.info +++ b/apps/build.info @@ -1,5 +1,4 @@ -{- our $tsget_name = $config{target} =~ /^(VC|vms)-/ ? "tsget.pl" : "tsget"; - our @apps_openssl_src = +{- our @apps_openssl_src = qw(openssl.c asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c dgst.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c errstr.c gendsa.c @@ -33,7 +32,7 @@ ENDIF GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) DEPEND[progs.h]=../configdata.pm - SCRIPTS=CA.pl {- $tsget_name -} + SCRIPTS=CA.pl tsget.pl SOURCE[CA.pl]=CA.pl.in - SOURCE[{- $tsget_name -}]=tsget.in + SOURCE[tsget.pl]=tsget.in ENDIF From appro at openssl.org Mon Jul 23 19:45:22 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 23 Jul 2018 19:45:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532375122.763392.20759.nullmailer@dev.openssl.org> The branch master has been updated via 275bfc56a6c4efa7e80c8cbb11fda0c3f9be818d (commit) from d8356e1b0f3635f6bd71814272c1d067fc9381bb (commit) - Log ----------------------------------------------------------------- commit 275bfc56a6c4efa7e80c8cbb11fda0c3f9be818d Author: Andy Polyakov Date: Sun Jul 22 11:51:38 2018 +0200 .travis.yml: omit linux-ppc64le target. Build jobs keep timing out initializing... Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 51fd563..e9e5aa2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,10 +31,10 @@ env: matrix: include: - - os: linux-ppc64le - sudo: false - compiler: clang - env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES" + #- os: linux-ppc64le + # sudo: false + # compiler: clang + # env: CONFIG_OPTS="--strict-warnings -D__NO_STRING_INLINES" - os: linux addons: apt: From appro at openssl.org Mon Jul 23 19:48:24 2018 From: appro at openssl.org (Andy Polyakov) Date: Mon, 23 Jul 2018 19:48:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1532375304.448789.21837.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a8a9745257a5071b03d06b82d4b05cabb38d9718 (commit) from 7ccc506b56c3f20f08565b5aff268cb2f3bd046d (commit) - Log ----------------------------------------------------------------- commit a8a9745257a5071b03d06b82d4b05cabb38d9718 Author: Andy Polyakov Date: Sun Jul 22 16:28:20 2018 +0200 ec/ecp_nistz256.c: fix ecp_nistz256_set_from_affine. ecp_nistz256_set_from_affine is called when application attempts to use custom generator, i.e. rarely. Even though it was wrong, it didn't affect point operations, they were just not as fast as expected. Reviewed-by: Paul Dale Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6761) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistz256.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 9a53a39..0579cac 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1118,23 +1118,32 @@ static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, const P256_POINT_AFFINE *in, BN_CTX *ctx) { - BIGNUM x, y; - BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; + BIGNUM x, y, z; int ret = 0; - memcpy(d_x, in->X, sizeof(d_x)); - x.d = d_x; + /* + * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA + * flag, which effectively means "read-only data". + */ + x.d = (BN_ULONG *)in->X; x.dmax = x.top = P256_LIMBS; x.neg = 0; x.flags = BN_FLG_STATIC_DATA; - memcpy(d_y, in->Y, sizeof(d_y)); - y.d = d_y; + y.d = (BN_ULONG *)in->Y; y.dmax = y.top = P256_LIMBS; y.neg = 0; y.flags = BN_FLG_STATIC_DATA; - ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx); + z.d = (BN_ULONG *)ONE; + z.dmax = z.top = P256_LIMBS; + z.neg = 0; + z.flags = BN_FLG_STATIC_DATA; + + if ((ret = (BN_copy(&out->X, &x) != NULL)) + && (ret = (BN_copy(&out->Y, &y) != NULL)) + && (ret = (BN_copy(&out->Z, &z) != NULL))) + out->Z_is_one = 1; return ret; } From openssl at openssl.org Tue Jul 24 05:03:36 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Tue, 24 Jul 2018 05:03:36 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-md5 Message-ID: <1532408616.814247.31909.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-md5 Commit log since last time: 275bfc5 .travis.yml: omit linux-ppc64le target. d8356e1 Make sure the 'tsget' script is called 'tsget.pl' everywhere b5cd751 Add a note about aborts encountered while sending early_data Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-md5 Operating system: x86_64-whatever-linux2 ***** Unsupported options: no-md5 $ make clean make: *** No rule to make target 'clean'. Stop. From levitte at openssl.org Tue Jul 24 07:51:03 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Jul 2018 07:51:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532418663.148208.1215.nullmailer@dev.openssl.org> The branch master has been updated via 85aebfcc6eedceaed34012a8b2c27c43ef402f95 (commit) from 275bfc56a6c4efa7e80c8cbb11fda0c3f9be818d (commit) - Log ----------------------------------------------------------------- commit 85aebfcc6eedceaed34012a8b2c27c43ef402f95 Author: Richard Levitte Date: Mon Jul 23 22:29:22 2018 +0200 def_load_bio(): Free |biosk| more carefully If there's anything in the |biosk| stack, the first element is always the input BIO. It should never be freed in this function, so we must take careful steps not to do so inadvertently when freeing the stack. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6769) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_def.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 676540c..7f0d70e 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -424,12 +424,26 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } BUF_MEM_free(buff); OPENSSL_free(section); - sk_BIO_pop_free(biosk, BIO_vfree); + /* + * No need to pop, since we only get here if the stack is empty. + * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE! + */ + sk_BIO_free(biosk); return 1; err: BUF_MEM_free(buff); OPENSSL_free(section); - sk_BIO_pop_free(biosk, BIO_vfree); + /* + * Since |in| is the first element of the stack and should NOT be freed + * here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one + * BIO at a time, making sure that the last one popped isn't. + */ + while (sk_BIO_num(biosk) > 0) { + BIO *popped = sk_BIO_pop(biosk); + BIO_vfree(in); + in = popped; + } + sk_BIO_free(biosk); #ifndef OPENSSL_NO_POSIX_IO OPENSSL_free(dirpath); if (dirctx != NULL) From levitte at openssl.org Tue Jul 24 10:30:10 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Jul 2018 10:30:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532428210.822728.18960.nullmailer@dev.openssl.org> The branch master has been updated via 675fa85413a130607ec780ce9edaa6dd7ee1500f (commit) from 85aebfcc6eedceaed34012a8b2c27c43ef402f95 (commit) - Log ----------------------------------------------------------------- commit 675fa85413a130607ec780ce9edaa6dd7ee1500f Author: neighbads <16126598+neighbads at users.noreply.github.com> Date: Wed Jul 11 15:40:03 2018 +0800 Update sm2_crypt.c asn1_encode : x, y => 0 | x?0 | y (because of DER encoding rules when x and y have high bit set) CLA: Trivial Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6694) ----------------------------------------------------------------------- Summary of changes: crypto/sm2/sm2_crypt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index aedf905..d6f9c81 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -95,7 +95,7 @@ int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, if (field_size == 0 || md_size < 0) return 0; - *ct_size = 10 + 2 * field_size + (size_t)md_size + msg_len; + *ct_size = 12 + 2 * field_size + (size_t)md_size + msg_len; return 1; } From levitte at openssl.org Tue Jul 24 14:28:43 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Jul 2018 14:28:43 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532442523.837287.18075.nullmailer@dev.openssl.org> The branch master has been updated via 8937a4ed8ac3fd64be61e9ce7a16bccccf3d2273 (commit) from 675fa85413a130607ec780ce9edaa6dd7ee1500f (commit) - Log ----------------------------------------------------------------- commit 8937a4ed8ac3fd64be61e9ce7a16bccccf3d2273 Author: Richard Levitte Date: Tue Jul 24 10:45:05 2018 +0200 Configure: print generic advice when dying On the same note, change the 'NASM not found' message to give specific advice on how to handle the failure. Fixes #6765 Reviewed-by: Tim Hudson Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6771) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 4 ++-- Configure | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 62b4c9d..5cf345d 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -17,7 +17,7 @@ sub vc_win64a_info { asflags => "/c /Cp /Cx", asoutflag => "/Fo" }; } else { - $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win64a_info = { AS => "{unknown}", ASFLAGS => "", asflags => "", @@ -46,7 +46,7 @@ sub vc_win32_info { asoutflag => "/Fo", perlasm_scheme => "win32" }; } else { - $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win32_info = { AS => "{unknown}", ASFLAGS => "", asflags => "", diff --git a/Configure b/Configure index de226f1..653d777 100755 --- a/Configure +++ b/Configure @@ -21,6 +21,9 @@ use OpenSSL::Glob; # see INSTALL for instructions. +my $orig_death_handler = $SIG{__DIE__}; +$SIG{__DIE__} = \&death_handler; + my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: @@ -2679,6 +2682,8 @@ my %builders = ( $builders{$builder}->($builder_platform, @builder_opts); +$SIG{__DIE__} = $orig_death_handler; + print <<"EOF" if ($disabled{threads} eq "unavailable"); The library could not be configured for supporting multi-threaded @@ -2714,6 +2719,19 @@ exit(0); # Helpers and utility functions # +# Death handler, to print a helpful message in case of failure ####### +# +sub death_handler { + my $build_file = $target{build_file} // "build file"; + print STDERR <<"_____"; + +Failure! $build_file wasn't produced. +Please read INSTALL and associated NOTES files. You may also have to look over +your available compiler tool chain or change your configuration. + +_____ +} + # Configuration file reading ######################################### # Note: All of the helper functions are for lazy evaluation. They all From levitte at openssl.org Tue Jul 24 14:32:14 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Jul 2018 14:32:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532442734.851689.19274.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via bb8befc66003c765c227f01b1b4d60e19db86fc7 (commit) from eff1c8a2d8c625b36e6ed33bd49ac09f37f1bf22 (commit) - Log ----------------------------------------------------------------- commit bb8befc66003c765c227f01b1b4d60e19db86fc7 Author: Richard Levitte Date: Tue Jul 24 10:45:05 2018 +0200 Configure: print generic advice when dying On the same note, change the 'NASM not found' message to give specific advice on how to handle the failure. Fixes #6765 Reviewed-by: Tim Hudson Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6771) (cherry picked from commit 8937a4ed8ac3fd64be61e9ce7a16bccccf3d2273) ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 4 ++-- Configure | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 7e66705..6c05c28 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -14,7 +14,7 @@ sub vc_win64a_info { asflags => "/c /Cp /Cx /Zi", asoutflag => "/Fo" }; } else { - $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win64a_info = { as => "{unknown}", asflags => "", asoutflag => "" }; @@ -39,7 +39,7 @@ sub vc_win32_info { asoutflag => "/Fo", perlasm_scheme => "win32" }; } else { - $die->("NASM not found - please read INSTALL and NOTES.WIN for further details\n"); + $die->("NASM not found - make sure it's installed and available on %PATH%\n"); $vc_win32_info = { as => "{unknown}", asflags => "", asoutflag => "", diff --git a/Configure b/Configure index f819cab..19bab07 100755 --- a/Configure +++ b/Configure @@ -20,6 +20,9 @@ use OpenSSL::Glob; # see INSTALL for instructions. +my $orig_death_handler = $SIG{__DIE__}; +$SIG{__DIE__} = \&death_handler; + my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n"; # Options: @@ -2127,6 +2130,8 @@ my %builders = ( $builders{$builder}->($builder_platform, @builder_opts); +$SIG{__DIE__} = $orig_death_handler; + print <<"EOF"; Configured for $target. @@ -2155,6 +2160,19 @@ exit(0); # Helpers and utility functions # +# Death handler, to print a helpful message in case of failure ####### +# +sub death_handler { + my $build_file = $target{build_file} // "build file"; + print STDERR <<"_____"; + +Failure! $build_file wasn't produced. +Please read INSTALL and associated NOTES files. You may also have to look over +your available compiler tool chain or change your configuration. + +_____ +} + # Configuration file reading ######################################### # Note: All of the helper functions are for lazy evaluation. They all From davidben at google.com Tue Jul 24 15:54:01 2018 From: davidben at google.com (davidben at google.com) Date: Tue, 24 Jul 2018 15:54:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532447641.955556.28766.nullmailer@dev.openssl.org> The branch master has been updated via 61ac9fc5c44718bf61ab68328333cc158230d090 (commit) from 8937a4ed8ac3fd64be61e9ce7a16bccccf3d2273 (commit) - Log ----------------------------------------------------------------- commit 61ac9fc5c44718bf61ab68328333cc158230d090 Author: David Benjamin Date: Tue Jul 17 13:20:28 2018 -0400 Remove zero special-case in BN_mod_exp_mont. A number intended to treat the base as secret should not be branching on whether it is zero. Test-wise, this is covered by existing tests in bnmod.txt. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6733) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_exp.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 4e24c94..2c92d7e 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -356,11 +356,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, aa = val[0]; } else aa = a; - if (BN_is_zero(aa)) { - BN_zero(rr); - ret = 1; - goto err; - } if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ From levitte at openssl.org Tue Jul 24 20:14:21 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Jul 2018 20:14:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532463261.654112.27998.nullmailer@dev.openssl.org> The branch master has been updated via eb807d5383fd228a5c4cf9afc2fec487e0d22cee (commit) via 88accfe6dccf904fec5a17db4a59cd2c4c480382 (commit) via 1a6c30029802179ebe0ec1eedfdc9d78bb6dc4dd (commit) from 61ac9fc5c44718bf61ab68328333cc158230d090 (commit) - Log ----------------------------------------------------------------- commit eb807d5383fd228a5c4cf9afc2fec487e0d22cee Author: Richard Levitte Date: Tue Jul 24 21:46:55 2018 +0200 Configure death handler: instead of printing directly, amend the message This is done by calling die again, just make sure to reset the __DIE__ handler first. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6776) commit 88accfe6dccf904fec5a17db4a59cd2c4c480382 Author: Richard Levitte Date: Tue Jul 24 19:29:49 2018 +0200 Configure death handler: remember to call original death handler Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6776) commit 1a6c30029802179ebe0ec1eedfdc9d78bb6dc4dd Author: Richard Levitte Date: Tue Jul 24 19:29:06 2018 +0200 Configure death handler: bail out early when run in eval block Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6776) ----------------------------------------------------------------------- Summary of changes: Configure | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 653d777..9f728b9 100755 --- a/Configure +++ b/Configure @@ -2722,14 +2722,19 @@ exit(0); # Death handler, to print a helpful message in case of failure ####### # sub death_handler { + die @_ if $^S; # To prevent the added message in eval blocks my $build_file = $target{build_file} // "build file"; - print STDERR <<"_____"; + my @message = ( <<"_____", @_ ); Failure! $build_file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. _____ + + # Dying is terminal, so it's ok to reset the signal handler here. + $SIG{__DIE__} = $orig_death_handler; + die @message; } # Configuration file reading ######################################### From levitte at openssl.org Tue Jul 24 20:15:37 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 24 Jul 2018 20:15:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532463337.583868.28997.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 36e732b00c8a22d50f88ee59d8790d5667ff72e2 (commit) via f65389acaad600e816dcd9c231ea70d505d027a4 (commit) via 64eae7475e6caa669cd6369770ba4853ecaff8d1 (commit) from bb8befc66003c765c227f01b1b4d60e19db86fc7 (commit) - Log ----------------------------------------------------------------- commit 36e732b00c8a22d50f88ee59d8790d5667ff72e2 Author: Richard Levitte Date: Tue Jul 24 21:46:55 2018 +0200 Configure death handler: instead of printing directly, amend the message This is done by calling die again, just make sure to reset the __DIE__ handler first. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6776) (cherry picked from commit eb807d5383fd228a5c4cf9afc2fec487e0d22cee) commit f65389acaad600e816dcd9c231ea70d505d027a4 Author: Richard Levitte Date: Tue Jul 24 19:29:49 2018 +0200 Configure death handler: remember to call original death handler Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6776) (cherry picked from commit 88accfe6dccf904fec5a17db4a59cd2c4c480382) commit 64eae7475e6caa669cd6369770ba4853ecaff8d1 Author: Richard Levitte Date: Tue Jul 24 19:29:06 2018 +0200 Configure death handler: bail out early when run in eval block Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6776) (cherry picked from commit 1a6c30029802179ebe0ec1eedfdc9d78bb6dc4dd) ----------------------------------------------------------------------- Summary of changes: Configure | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 19bab07..7e482f7 100755 --- a/Configure +++ b/Configure @@ -2163,14 +2163,19 @@ exit(0); # Death handler, to print a helpful message in case of failure ####### # sub death_handler { + die @_ if $^S; # To prevent the added message in eval blocks my $build_file = $target{build_file} // "build file"; - print STDERR <<"_____"; + my @message = ( <<"_____", @_ ); Failure! $build_file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. _____ + + # Dying is terminal, so it's ok to reset the signal handler here. + $SIG{__DIE__} = $orig_death_handler; + die @message; } # Configuration file reading ######################################### From no-reply at appveyor.com Wed Jul 25 03:38:36 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 25 Jul 2018 03:38:36 +0000 Subject: [openssl-commits] Build failed: openssl master.19099 Message-ID: <20180725033836.1.F280EF400A914E5E@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Wed Jul 25 04:32:01 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 25 Jul 2018 04:32:01 +0000 Subject: [openssl-commits] Build failed: openssl master.19102 Message-ID: <20180725043201.1.9BD36F91397412A4@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Wed Jul 25 05:08:45 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Wed, 25 Jul 2018 05:08:45 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-md5 Message-ID: <1532495325.228620.10738.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-md5 Commit log since last time: eb807d5 Configure death handler: instead of printing directly, amend the message 88accfe Configure death handler: remember to call original death handler 1a6c300 Configure death handler: bail out early when run in eval block 61ac9fc Remove zero special-case in BN_mod_exp_mont. 8937a4e Configure: print generic advice when dying 675fa85 Update sm2_crypt.c 85aebfc def_load_bio(): Free |biosk| more carefully Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-md5 Operating system: x86_64-whatever-linux2 Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. ***** Unsupported options: no-md5 $ make clean make: *** No rule to make target 'clean'. Stop. From no-reply at appveyor.com Wed Jul 25 05:49:43 2018 From: no-reply at appveyor.com (AppVeyor) Date: Wed, 25 Jul 2018 05:49:43 +0000 Subject: [openssl-commits] Build completed: openssl master.19103 Message-ID: <20180725054943.1.5BE4B45B04A802D7@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Wed Jul 25 08:39:25 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 25 Jul 2018 08:39:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532507965.471633.22581.nullmailer@dev.openssl.org> The branch master has been updated via d6b50b6e2ebc0c198877b5c56ae0a54cb9036088 (commit) from eb807d5383fd228a5c4cf9afc2fec487e0d22cee (commit) - Log ----------------------------------------------------------------- commit d6b50b6e2ebc0c198877b5c56ae0a54cb9036088 Author: Andy Polyakov Date: Mon Jul 23 22:26:30 2018 +0200 apps/dsaparam.c: make dsaparam -C output strict-warnings-friendly. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/dsaparam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index ca072bb..9d8af9e 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -179,7 +179,7 @@ int dsaparam_main(int argc, char **argv) data = app_malloc(len + 20, "BN space"); - BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); + BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p); print_bignum_var(bio_out, p, "dsap", bits_p, data); print_bignum_var(bio_out, q, "dsaq", bits_p, data); print_bignum_var(bio_out, g, "dsag", bits_p, data); From appro at openssl.org Wed Jul 25 08:40:44 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 25 Jul 2018 08:40:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532508044.794911.23677.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 793e7eafd46a39f6345d7113a517c5ee5c2c6884 (commit) from 36e732b00c8a22d50f88ee59d8790d5667ff72e2 (commit) - Log ----------------------------------------------------------------- commit 793e7eafd46a39f6345d7113a517c5ee5c2c6884 Author: Andy Polyakov Date: Mon Jul 23 22:26:30 2018 +0200 apps/dsaparam.c: make dsaparam -C output strict-warnings-friendly. Reviewed-by: Rich Salz (cherry picked from commit d6b50b6e2ebc0c198877b5c56ae0a54cb9036088) ----------------------------------------------------------------------- Summary of changes: apps/dsaparam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 46e3abc..20891cf 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -226,7 +226,7 @@ int dsaparam_main(int argc, char **argv) data = app_malloc(len + 20, "BN space"); - BIO_printf(bio_out, "DSA *get_dsa%d()\n{\n", bits_p); + BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p); print_bignum_var(bio_out, p, "dsap", bits_p, data); print_bignum_var(bio_out, q, "dsaq", bits_p, data); print_bignum_var(bio_out, g, "dsag", bits_p, data); From appro at openssl.org Wed Jul 25 13:45:43 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 25 Jul 2018 13:45:43 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532526343.708306.12294.nullmailer@dev.openssl.org> The branch master has been updated via 7b953da40d0dee56f360902f872dc8989f6a3e1f (commit) from d6b50b6e2ebc0c198877b5c56ae0a54cb9036088 (commit) - Log ----------------------------------------------------------------- commit 7b953da40d0dee56f360902f872dc8989f6a3e1f Author: Andy Polyakov Date: Tue Jul 24 15:48:15 2018 +0200 ec/ecp_nistz256.c: fix Coverity nit. |ctx| recently became unconditionally non-NULL and is already dereferenced earlier. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistz256.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 54c9ed2..b0564bd 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1339,8 +1339,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, ret = 1; err: - if (ctx) - BN_CTX_end(ctx); + BN_CTX_end(ctx); OPENSSL_free(new_points); OPENSSL_free(new_scalars); return ret; From appro at openssl.org Wed Jul 25 13:48:19 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 25 Jul 2018 13:48:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532526499.253811.13565.nullmailer@dev.openssl.org> The branch master has been updated via f529b5cf05139c20f298f553446122123c012317 (commit) from 7b953da40d0dee56f360902f872dc8989f6a3e1f (commit) - Log ----------------------------------------------------------------- commit f529b5cf05139c20f298f553446122123c012317 Author: Andy Polyakov Date: Tue Jul 24 15:02:32 2018 +0200 INSTALL,NOTES.WIN: classify no-asm as non-production option. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6773) ----------------------------------------------------------------------- Summary of changes: INSTALL | 6 ++++-- NOTES.WIN | 9 +++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/INSTALL b/INSTALL index 51141ef..98c34d6 100644 --- a/INSTALL +++ b/INSTALL @@ -256,8 +256,10 @@ no-shared option. no-asm - Do not use assembler code. On some platforms a small amount - of assembler code may still be used. + Do not use assembler code. This should be viewed as + debugging/trouble-shooting option rather than production. + On some platforms a small amount of assembler code may + still be used even with this option. no-async Do not build support for async operations. diff --git a/NOTES.WIN b/NOTES.WIN index 014036c..4d39d06 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -47,10 +47,11 @@ the other hand oldest one is known not to work. Everything between falls into best-effort category. - - Netwide Assembler, a.k.a. NASM, available from http://www.nasm.us, - is required if you intend to utilize assembler modules. Note that NASM - is the only supported assembler. The Microsoft provided assembler is NOT - supported. + - Netwide Assembler, a.k.a. NASM, available from https://www.nasm.us, + is required. Note that NASM is the only supported assembler. Even + though Microsoft provided assembler is NOT supported, contemporary + 64-bit version is exercised through continuous integration of + VC-WIN64A-masm target. Installation directories From appro at openssl.org Wed Jul 25 14:39:39 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 25 Jul 2018 14:39:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532529579.222714.22000.nullmailer@dev.openssl.org> The branch master has been updated via 80ae7285e1994d35c84519bf9e038b11d9942875 (commit) via ceb8e32cbc9f6ddd17c5639a721f5314eb1f3acc (commit) via 9e4a1c3f65863b0175ddc534e232e63c4f82ea5c (commit) via b86d57bb0b23253c720db38ab18ca97cb888f701 (commit) from f529b5cf05139c20f298f553446122123c012317 (commit) - Log ----------------------------------------------------------------- commit 80ae7285e1994d35c84519bf9e038b11d9942875 Author: Andy Polyakov Date: Fri Jul 20 13:23:42 2018 +0200 crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop. Problem was that Windows threads that were terminating before libcrypto was initialized were referencing uninitialized or possibly even unrelated thread local storage index. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6752) commit ceb8e32cbc9f6ddd17c5639a721f5314eb1f3acc Author: Andy Polyakov Date: Fri Jul 20 13:22:24 2018 +0200 crypto/dllmain.c: remove unused OPENSSL_NONPIC_relocated variable. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6752) commit 9e4a1c3f65863b0175ddc534e232e63c4f82ea5c Author: Andy Polyakov Date: Fri Jul 20 13:19:11 2018 +0200 crypto/cryptlib.c: resolve possible race in OPENSSL_isservice. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6752) commit b86d57bb0b23253c720db38ab18ca97cb888f701 Author: Andy Polyakov Date: Fri Jul 20 13:15:48 2018 +0200 crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6752) ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 108 +++++++++++++++++++++++++++++++++++--------- crypto/dllmain.c | 15 ------ crypto/init.c | 54 ++++++++++++++-------- include/internal/cryptlib.h | 1 - 4 files changed, 122 insertions(+), 56 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 0470597..b1e535a 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -19,29 +19,97 @@ extern unsigned int OPENSSL_ia32cap_P[4]; # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#include + +/* + * Purpose of these minimalistic and character-type-agnostic subroutines + * is to break dependency on MSVCRT (on Windows) and locale. This makes + * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type- + * agnostic" means that they work with either wide or 8-bit characters, + * exploiting the fact that first 127 characters can be simply casted + * between the sets, while the rest would be simply rejected by ossl_is* + * subroutines. + */ +# ifdef _WIN32 +typedef WCHAR variant_char; + +static variant_char *ossl_getenv(const char *name) +{ + /* + * Since we pull only one environment variable, it's simpler to + * to just ignore |name| and use equivalent wide-char L-literal. + * As well as to ignore excessively long values... + */ + static WCHAR value[48]; + DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48); + + return (len > 0 && len < 48) ? value : NULL; +} +# else +typedef char variant_char; +# define ossl_getenv getenv +# endif + +# include "internal/ctype.h" + +static int todigit(variant_char c) +{ + if (ossl_isdigit(c)) + return c - '0'; + else if (ossl_isxdigit(c)) + return ossl_tolower(c) - 'a' + 10; + + /* return largest base value to make caller terminate the loop */ + return 16; +} + +static uint64_t ossl_strtouint64(const variant_char *str) +{ + uint64_t ret = 0; + unsigned int digit, base = 10; + + if (*str == '0') { + base = 8, str++; + if (ossl_tolower(*str) == 'x') + base = 16, str++; + } + + while((digit = todigit(*str++)) < base) + ret = ret * base + digit; + + return ret; +} + +static variant_char *ossl_strchr(const variant_char *str, char srch) +{ variant_char c; + + while((c = *str)) { + if (c == srch) + return (variant_char *)str; + str++; + } + + return NULL; +} + # define OPENSSL_CPUID_SETUP typedef uint64_t IA32CAP; + void OPENSSL_cpuid_setup(void) { static int trigger = 0; IA32CAP OPENSSL_ia32_cpuid(unsigned int *); IA32CAP vec; - char *env; + const variant_char *env; if (trigger) return; trigger = 1; - if ((env = getenv("OPENSSL_ia32cap"))) { + if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) { int off = (env[0] == '~') ? 1 : 0; -# if defined(_WIN32) - if (!sscanf(env + off, "%I64i", &vec)) - vec = strtoul(env + off, NULL, 0); -# else - if (!sscanf(env + off, "%lli", (long long *)&vec)) - vec = strtoul(env + off, NULL, 0); -# endif + + vec = ossl_strtouint64(env + off); + if (off) { IA32CAP mask = vec; vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; @@ -60,17 +128,12 @@ void OPENSSL_cpuid_setup(void) vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); } - if ((env = strchr(env, ':'))) { + if ((env = ossl_strchr(env, ':')) != NULL) { IA32CAP vecx; + env++; off = (env[0] == '~') ? 1 : 0; -# if defined(_WIN32) - if (!sscanf(env + off, "%I64i", &vecx)) - vecx = strtoul(env + off, NULL, 0); -# else - if (!sscanf(env + off, "%lli", (long long *)&vecx)) - vecx = strtoul(env + off, NULL, 0); -# endif + vecx = ossl_strtouint64(env + off); if (off) { OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx; OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32); @@ -98,7 +161,6 @@ void OPENSSL_cpuid_setup(void) unsigned int OPENSSL_ia32cap_P[4]; # endif #endif -int OPENSSL_NONPIC_relocated = 0; #if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) void OPENSSL_cpuid_setup(void) { @@ -142,10 +204,14 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); + FARPROC f; + if (mod != NULL) - _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice"); - if (_OPENSSL_isservice.p == NULL) + f = GetProcAddress(mod, "_OPENSSL_isservice"); + if (f == NULL) _OPENSSL_isservice.p = (void *)-1; + else + _OPENSSL_isservice.f = f; } if (_OPENSSL_isservice.p != (void *)-1) diff --git a/crypto/dllmain.c b/crypto/dllmain.c index 81bcb2d..c23b06b 100644 --- a/crypto/dllmain.c +++ b/crypto/dllmain.c @@ -31,21 +31,6 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) switch (fdwReason) { case DLL_PROCESS_ATTACH: OPENSSL_cpuid_setup(); -# if defined(_WIN32_WINNT) - { - IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL; - IMAGE_NT_HEADERS *nt_headers; - - if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) { - nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header - + dos_header->e_lfanew); - if (nt_headers->Signature == IMAGE_NT_SIGNATURE && - hinstDLL != - (HINSTANCE) (nt_headers->OptionalHeader.ImageBase)) - OPENSSL_NONPIC_relocated = 1; - } - } -# endif break; case DLL_THREAD_ATTACH: break; diff --git a/crypto/init.c b/crypto/init.c index 2c8b48f..7b69927 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -30,11 +30,25 @@ static int stopped = 0; -static void ossl_init_thread_stop(struct thread_local_inits_st *locals); +/* + * Since per-thread-specific-data destructors are not universally + * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key + * is assumed to have destructor associated. And then an effort is made + * to call this single destructor on non-pthread platform[s]. + * + * Initial value is "impossible". It is used as guard value to shortcut + * destructor for threads terminating before libcrypto is initialized or + * after it's de-initialized. Access to the key doesn't have to be + * serialized for the said threads, because they didn't use libcrypto + * and it doesn't matter if they pick "impossible" or derefernce real + * key value and pull NULL past initialization in the first thread that + * intends to use libcrypto. + */ +static CRYPTO_THREAD_LOCAL destructor_key = (CRYPTO_THREAD_LOCAL)-1; -static CRYPTO_THREAD_LOCAL threadstopkey; +static void ossl_init_thread_stop(struct thread_local_inits_st *locals); -static void ossl_init_thread_stop_wrap(void *local) +static void ossl_init_thread_destructor(void *local) { ossl_init_thread_stop((struct thread_local_inits_st *)local); } @@ -42,17 +56,17 @@ static void ossl_init_thread_stop_wrap(void *local) static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) { struct thread_local_inits_st *local = - CRYPTO_THREAD_get_local(&threadstopkey); + CRYPTO_THREAD_get_local(&destructor_key); - if (local == NULL && alloc) { - local = OPENSSL_zalloc(sizeof(*local)); - if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) { + if (alloc) { + if (local == NULL + && (local = OPENSSL_zalloc(sizeof(*local))) != NULL + && !CRYPTO_THREAD_set_local(&destructor_key, local)) { OPENSSL_free(local); return NULL; } - } - if (!alloc) { - CRYPTO_THREAD_set_local(&threadstopkey, NULL); + } else { + CRYPTO_THREAD_set_local(&destructor_key, NULL); } return local; @@ -71,17 +85,15 @@ static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; static int base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_base) { + CRYPTO_THREAD_LOCAL key; + #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); #endif #ifndef OPENSSL_NO_CRYPTO_MDEBUG ossl_malloc_setup_failures(); #endif - /* - * We use a dummy thread local key here. We use the destructor to detect - * when the thread is going to stop (where that feature is available) - */ - if (!CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap)) + if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) return 0; if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) goto err; @@ -91,6 +103,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) #endif OPENSSL_cpuid_setup(); + destructor_key = key; base_inited = 1; return 1; @@ -101,7 +114,7 @@ err: CRYPTO_THREAD_lock_free(init_lock); init_lock = NULL; - CRYPTO_THREAD_cleanup_local(&threadstopkey); + CRYPTO_THREAD_cleanup_local(&key); return 0; } @@ -396,8 +409,8 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) void OPENSSL_thread_stop(void) { - ossl_init_thread_stop( - (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); + if (destructor_key != (CRYPTO_THREAD_LOCAL)-1) + ossl_init_thread_stop(ossl_init_get_thread_local(0)); } int ossl_init_thread_start(uint64_t opts) @@ -442,6 +455,7 @@ int ossl_init_thread_start(uint64_t opts) void OPENSSL_cleanup(void) { OPENSSL_INIT_STOP *currhandler, *lasthandler; + CRYPTO_THREAD_LOCAL key; /* If we've not been inited then no need to deinit */ if (!base_inited) @@ -501,7 +515,9 @@ void OPENSSL_cleanup(void) err_free_strings_int(); } - CRYPTO_THREAD_cleanup_local(&threadstopkey); + key = destructor_key; + destructor_key = (CRYPTO_THREAD_LOCAL)-1; + CRYPTO_THREAD_cleanup_local(&key); #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 2808fe7..a608735 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -78,7 +78,6 @@ DEFINE_LHASH_OF(MEM); void OPENSSL_cpuid_setup(void); extern unsigned int OPENSSL_ia32cap_P[]; void OPENSSL_showfatal(const char *fmta, ...); -extern int OPENSSL_NONPIC_relocated; void crypto_cleanup_all_ex_data_int(void); int openssl_init_fork_handlers(void); From appro at openssl.org Wed Jul 25 14:52:15 2018 From: appro at openssl.org (Andy Polyakov) Date: Wed, 25 Jul 2018 14:52:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532530335.249212.24762.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 1de6818a30fa11350460aa148e1ee30cad0a9b10 (commit) from 793e7eafd46a39f6345d7113a517c5ee5c2c6884 (commit) - Log ----------------------------------------------------------------- commit 1de6818a30fa11350460aa148e1ee30cad0a9b10 Author: Andy Polyakov Date: Fri Jul 20 13:19:11 2018 +0200 crypto/cryptlib.c: resolve possible race in OPENSSL_isservice. Reviewed-by: Kurt Roeckx (Merged from https://github.com/openssl/openssl/pull/6752) (cherry picked from commit 9e4a1c3f65863b0175ddc534e232e63c4f82ea5c) ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index d93bcd3..bf73244 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -128,10 +128,14 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p == NULL) { HANDLE mod = GetModuleHandle(NULL); + FARPROC f; + if (mod != NULL) - _OPENSSL_isservice.f = GetProcAddress(mod, "_OPENSSL_isservice"); - if (_OPENSSL_isservice.p == NULL) + f = GetProcAddress(mod, "_OPENSSL_isservice"); + if (f == NULL) _OPENSSL_isservice.p = (void *)-1; + else + _OPENSSL_isservice.f = f; } if (_OPENSSL_isservice.p != (void *)-1) From rsalz at openssl.org Wed Jul 25 20:09:34 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 25 Jul 2018 20:09:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532549374.170152.23205.nullmailer@dev.openssl.org> The branch master has been updated via 037241bf046be8cfc7e9216959393dd20b06fc21 (commit) from 80ae7285e1994d35c84519bf9e038b11d9942875 (commit) - Log ----------------------------------------------------------------- commit 037241bf046be8cfc7e9216959393dd20b06fc21 Author: Rich Salz Date: Wed Jul 25 15:57:18 2018 -0400 Check for failures, to avoid memory leak Thanks to Jiecheng Wu, Zuxing Gu for the report. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6791) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_ameth.c | 11 ++++++----- crypto/x509v3/v3_tlsf.c | 7 +++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 6fc6146..2130268 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -92,19 +92,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static EC_KEY *eckey_type2param(int ptype, const void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { const ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { const ASN1_OBJECT *poid = pval; - EC_GROUP *group; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -129,6 +129,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval) ecerr: EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c index 5f2d5d2..61c1638 100644 --- a/crypto/x509v3/v3_tlsf.c +++ b/crypto/x509v3/v3_tlsf.c @@ -122,13 +122,12 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, } } - ai = ASN1_INTEGER_new(); - if (ai == NULL) { + if ((ai = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ai, tlsextid) + || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); goto err; } - ASN1_INTEGER_set(ai, tlsextid); - sk_ASN1_INTEGER_push(tlsf, ai); } return tlsf; From rsalz at openssl.org Wed Jul 25 20:09:48 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 25 Jul 2018 20:09:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532549388.395966.24032.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via e18da726ed60b502f19fa35fca20201759f371d9 (commit) from 1de6818a30fa11350460aa148e1ee30cad0a9b10 (commit) - Log ----------------------------------------------------------------- commit e18da726ed60b502f19fa35fca20201759f371d9 Author: Rich Salz Date: Wed Jul 25 15:57:18 2018 -0400 Check for failures, to avoid memory leak Thanks to Jiecheng Wu, Zuxing Gu for the report. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6791) (cherry picked from commit 037241bf046be8cfc7e9216959393dd20b06fc21) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_ameth.c | 11 ++++++----- crypto/x509v3/v3_tlsf.c | 7 +++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index b66adf2..49d0739 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -92,19 +92,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static EC_KEY *eckey_type2param(int ptype, const void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { const ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { const ASN1_OBJECT *poid = pval; - EC_GROUP *group; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -129,6 +129,7 @@ static EC_KEY *eckey_type2param(int ptype, const void *pval) ecerr: EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } diff --git a/crypto/x509v3/v3_tlsf.c b/crypto/x509v3/v3_tlsf.c index fec6724..2d30ea6 100644 --- a/crypto/x509v3/v3_tlsf.c +++ b/crypto/x509v3/v3_tlsf.c @@ -121,13 +121,12 @@ static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method, } } - ai = ASN1_INTEGER_new(); - if (ai == NULL) { + if ((ai = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ai, tlsextid) + || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) { X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE); goto err; } - ASN1_INTEGER_set(ai, tlsextid); - sk_ASN1_INTEGER_push(tlsf, ai); } return tlsf; From rsalz at openssl.org Wed Jul 25 20:12:09 2018 From: rsalz at openssl.org (Rich Salz) Date: Wed, 25 Jul 2018 20:12:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1532549529.777986.25322.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9df990cdef581f7330205aef975055e23d8e8d43 (commit) from a8a9745257a5071b03d06b82d4b05cabb38d9718 (commit) - Log ----------------------------------------------------------------- commit 9df990cdef581f7330205aef975055e23d8e8d43 Author: Rich Salz Date: Wed Jul 25 15:57:18 2018 -0400 Check for failures, to avoid memory leak Thanks to Jiecheng Wu, Zuxing Gu for the report. Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6791) (cherry picked from commit 037241bf046be8cfc7e9216959393dd20b06fc21) (Only the EC part) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_ameth.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 2c41c6e..479b307 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -143,19 +143,19 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) static EC_KEY *eckey_type2param(int ptype, void *pval) { EC_KEY *eckey = NULL; + EC_GROUP *group = NULL; + if (ptype == V_ASN1_SEQUENCE) { - ASN1_STRING *pstr = pval; - const unsigned char *pm = NULL; - int pmlen; - pm = pstr->data; - pmlen = pstr->length; - if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { + const ASN1_STRING *pstr = pval; + const unsigned char *pm = pstr->data; + int pmlen = pstr->length; + + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } } else if (ptype == V_ASN1_OBJECT) { - ASN1_OBJECT *poid = pval; - EC_GROUP *group; + const ASN1_OBJECT *poid = pval; /* * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID @@ -179,8 +179,8 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) return eckey; ecerr: - if (eckey) - EC_KEY_free(eckey); + EC_KEY_free(eckey); + EC_GROUP_free(group); return NULL; } From paul.dale at oracle.com Wed Jul 25 21:18:13 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Wed, 25 Jul 2018 21:18:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532553493.279052.2414.nullmailer@dev.openssl.org> The branch master has been updated via 7c226dfc434dcd0c8a3240df166b7561a8b51b0f (commit) from 037241bf046be8cfc7e9216959393dd20b06fc21 (commit) - Log ----------------------------------------------------------------- commit 7c226dfc434dcd0c8a3240df166b7561a8b51b0f Author: Shane Lontis Date: Wed Jul 25 11:08:48 2018 +1000 Fixed issue where DRBG_CTR fails if NO_DF is used - when entropy is called Reviewed-by: Paul Dale Reviewed-by: Tim Hudson Reviewed-by: Kurt Roeckx Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/6778) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index d31735c..6123d14 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -174,7 +174,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, if (RAND_DRBG_generate(drbg->parent, buffer, bytes_needed, prediction_resistance, - (unsigned char *)drbg, sizeof(*drbg)) != 0) + NULL, 0) != 0) bytes = bytes_needed; rand_drbg_unlock(drbg->parent); From kurt at openssl.org Thu Jul 26 04:27:38 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 04:27:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532579258.697295.9132.nullmailer@dev.openssl.org> The branch master has been updated via feac7a1c8be49fbcb76fcb721ec9f02fdd91030e (commit) via 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8 (commit) from 7c226dfc434dcd0c8a3240df166b7561a8b51b0f (commit) - Log ----------------------------------------------------------------- commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e Author: Kurt Roeckx Date: Wed Jul 25 18:55:16 2018 +0200 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 Fixes: #6012 commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8 Author: Kurt Roeckx Date: Wed Apr 25 21:47:20 2018 +0200 Change the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 ----------------------------------------------------------------------- Summary of changes: CHANGES | 10 +++++ doc/man3/BN_generate_prime.pod | 12 +++++- include/openssl/bn.h | 87 +++++++++++++++++++++++++++++++++--------- include/openssl/dsa.h | 8 ++-- 4 files changed, 95 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index 3cf312a..cab58c0 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,16 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when moving between systems, and to avoid confusion when a Windows build is done with mingw vs with MSVC. For POSIX installs, there's still a diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index f833d5c..4b085e7 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -101,7 +101,17 @@ If B, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B iterations. If B, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, +2^-192 at 3747 bit and 2^-256 at 6394 bit. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B should be set to +64. If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 4678bb0..8af05d0 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -107,25 +107,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index f347f71..822eff3 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -141,10 +141,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) From kurt at openssl.org Thu Jul 26 04:36:14 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 04:36:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532579774.767477.12836.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 707efcd64129c8010e192bd209bace0bc6d18ac9 (commit) via acaa6ae936194362cb8011a2c145eb87aae1d1fa (commit) from e18da726ed60b502f19fa35fca20201759f371d9 (commit) - Log ----------------------------------------------------------------- commit 707efcd64129c8010e192bd209bace0bc6d18ac9 Author: Kurt Roeckx Date: Wed Jul 25 18:55:16 2018 +0200 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 Fixes: #6012 (cherry picked from commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e) commit acaa6ae936194362cb8011a2c145eb87aae1d1fa Author: Kurt Roeckx Date: Wed Apr 25 21:47:20 2018 +0200 Change the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 (cherry picked from commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8) ----------------------------------------------------------------------- Summary of changes: CHANGES | 10 +++++ doc/crypto/BN_generate_prime.pod | 12 +++++- include/openssl/bn.h | 87 +++++++++++++++++++++++++++++++--------- include/openssl/dsa.h | 8 ++-- 4 files changed, 95 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index b16a1be..148960a 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,16 @@ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index c97536b..4adc3c8 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -100,7 +100,17 @@ If B, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B iterations. If B, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, +2^-192 at 3747 bit and 2^-256 at 6394 bit. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B should be set to +64. If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 54ae760..7b2e4fa 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -119,25 +119,76 @@ void *BN_GENCB_get_arg(BN_GENCB *cb); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) diff --git a/include/openssl/dsa.h b/include/openssl/dsa.h index e75c839..3bd5f17 100644 --- a/include/openssl/dsa.h +++ b/include/openssl/dsa.h @@ -146,10 +146,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) From kurt at openssl.org Thu Jul 26 04:45:29 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 04:45:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1532580329.771509.15754.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via be4e1f79f631e49c76d02fe4644b52f907c374b2 (commit) via 7a23bff90ef4466d741e46c5cf9e467b25c6ad4f (commit) from 9df990cdef581f7330205aef975055e23d8e8d43 (commit) - Log ----------------------------------------------------------------- commit be4e1f79f631e49c76d02fe4644b52f907c374b2 Author: Kurt Roeckx Date: Wed Jul 25 18:55:16 2018 +0200 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime The old numbers where all generated for an 80 bit security level. But the number should depend on security level you want to reach. For bigger primes we want a higher security level and so need to do more tests. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 Fixes: #6012 (cherry picked from commit feac7a1c8be49fbcb76fcb721ec9f02fdd91030e) commit 7a23bff90ef4466d741e46c5cf9e467b25c6ad4f Author: Kurt Roeckx Date: Wed Apr 25 21:47:20 2018 +0200 Change the number of Miller-Rabin test for DSA generation to 64 This changes the security level from 100 to 128 bit. We only have 1 define, this sets it to the highest level supported for DSA, and needed for keys larger than 3072 bit. Reviewed-by: Richard Levitte Reviewed-by: Matthias St. Pierre Reviewed-by: Paul Dale GH: #6075 (cherry picked from commit 74ee379651fb2bb12c6f7eb9fa10e70be89ac7c8) ----------------------------------------------------------------------- Summary of changes: CHANGES | 10 +++++ crypto/bn/bn.h | 87 +++++++++++++++++++++++++++++++--------- crypto/dsa/dsa.h | 8 ++-- doc/crypto/BN_generate_prime.pod | 12 +++++- 4 files changed, 95 insertions(+), 22 deletions(-) diff --git a/CHANGES b/CHANGES index f9562dd..1bf0f0b 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,16 @@ Changes between 1.0.2o and 1.0.2p [xx XXX xxxx] + *) Change generating and checking of primes so that the error rate of not + being prime depends on the intended use based on the size of the input. + For larger primes this will result in more rounds of Miller-Rabin. + The maximal error rate for primes with more than 1080 bits is lowered + to 2^-128. + [Kurt Roeckx, Annie Yousar] + + *) Increase the number of Miller-Rabin rounds for DSA key generating to 64. + [Kurt Roeckx] + *) Add blinding to ECDSA and DSA signatures to protect against side channel attacks discovered by Keegan Ryan (NCC Group). [Matt Caswell] diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 633d1b1..c056bba 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -375,25 +375,76 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b); * on the size of the number */ /* - * number of Miller-Rabin iterations for an error rate of less than 2^-80 for - * random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook of - * Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; - * original paper: Damgaard, Landrock, Pomerance: Average case error - * estimates for the strong probable prime test. -- Math. Comp. 61 (1993) - * 177-194) + * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations + * that will be done for checking that a random number is probably prime. The + * error rate for accepting a composite number as prime depends on the size of + * the prime |b|. The error rates used are for calculating an RSA key with 2 primes, + * and so the level is what you would expect for a key of double the size of the + * prime. + * + * This table is generated using the algorithm of FIPS PUB 186-4 + * Digital Signature Standard (DSS), section F.1, page 117. + * (https://dx.doi.org/10.6028/NIST.FIPS.186-4) + * + * The following magma script was used to generate the output: + * securitybits:=125; + * k:=1024; + * for t:=1 to 65 do + * for M:=3 to Floor(2*Sqrt(k-1)-1) do + * S:=0; + * // Sum over m + * for m:=3 to M do + * s:=0; + * // Sum over j + * for j:=2 to m do + * s+:=(RealField(32)!2)^-(j+(k-1)/j); + * end for; + * S+:=2^(m-(m-1)*t)*s; + * end for; + * A:=2^(k-2-M*t); + * B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S; + * pkt:=2.00743*Log(2)*k*2^-k*(A+B); + * seclevel:=Floor(-Log(2,pkt)); + * if seclevel ge securitybits then + * printf "k: %5o, security: %o bits (t: %o, M: %o)\n",k,seclevel,t,M; + * break; + * end if; + * end for; + * if seclevel ge securitybits then break; end if; + * end for; + * + * It can be run online at: + * http://magma.maths.usyd.edu.au/calc + * + * And will output: + * k: 1024, security: 129 bits (t: 6, M: 23) + * + * k is the number of bits of the prime, securitybits is the level we want to + * reach. + * + * prime length | RSA key size | # MR tests | security level + * -------------+--------------|------------+--------------- + * (b) >= 6394 | >= 12788 | 3 | 256 bit + * (b) >= 3747 | >= 7494 | 3 | 192 bit + * (b) >= 1345 | >= 2690 | 4 | 128 bit + * (b) >= 1080 | >= 2160 | 5 | 128 bit + * (b) >= 852 | >= 1704 | 5 | 112 bit + * (b) >= 476 | >= 952 | 5 | 80 bit + * (b) >= 400 | >= 800 | 6 | 80 bit + * (b) >= 347 | >= 694 | 7 | 80 bit + * (b) >= 308 | >= 616 | 8 | 80 bit + * (b) >= 55 | >= 110 | 27 | 64 bit + * (b) >= 6 | >= 12 | 34 | 64 bit */ -# define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ - (b) >= 850 ? 3 : \ - (b) >= 650 ? 4 : \ - (b) >= 550 ? 5 : \ - (b) >= 450 ? 6 : \ - (b) >= 400 ? 7 : \ - (b) >= 350 ? 8 : \ - (b) >= 300 ? 9 : \ - (b) >= 250 ? 12 : \ - (b) >= 200 ? 15 : \ - (b) >= 150 ? 18 : \ - /* b >= 100 */ 27) + +# define BN_prime_checks_for_size(b) ((b) >= 3747 ? 3 : \ + (b) >= 1345 ? 4 : \ + (b) >= 476 ? 5 : \ + (b) >= 400 ? 6 : \ + (b) >= 347 ? 7 : \ + (b) >= 308 ? 8 : \ + (b) >= 55 ? 27 : \ + /* b >= 6 */ 34) # define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 7f8346d..3e6984e 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -249,10 +249,12 @@ int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); # endif -# define DSS_prime_checks 50 +# define DSS_prime_checks 64 /* - * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of - * Rabin-Miller + * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only + * have one value here we set the number of checks to 64 which is the 128 bit + * security level that is the highest level and valid for creating a 3072 bit + * DSA key. */ # define DSA_is_prime(n, callback, cb_arg) \ BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index bf1b530..0079f17 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -90,7 +90,17 @@ If B, this test is skipped. Both BN_is_prime_ex() and BN_is_prime_fasttest_ex() perform a Miller-Rabin probabilistic primality test with B iterations. If B, a number of iterations is used that -yields a false positive rate of at most 2^-80 for random input. +yields a false positive rate of at most 2^-64 for random input. +The error rate depends on the size of the prime and goes down for bigger primes. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, +2^-192 at 3747 bit and 2^-256 at 6394 bit. + +When the source of the prime is not random or not trusted, the number +of checks needs to be much higher to reach the same level of assurance: +It should equal half of the targeted security level in bits (rounded up to the +next integer if necessary). +For instance, to reach the 128 bit security level, B should be set to +64. If B is not B, B is called after the j-th iteration (j = 0, 1, ...). B is a From kurt at openssl.org Thu Jul 26 05:10:02 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 05:10:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532581802.113967.21418.nullmailer@dev.openssl.org> The branch master has been updated via 9e4c97774861949f6f987772c0b579fe8a9c7d5a (commit) from feac7a1c8be49fbcb76fcb721ec9f02fdd91030e (commit) - Log ----------------------------------------------------------------- commit 9e4c97774861949f6f987772c0b579fe8a9c7d5a Author: Paul Yang Date: Fri Jul 20 00:55:20 2018 +0800 Fix a trivial coding style nit in sm2_sign.c Reviewed-by: Kurt Roeckx Reviewed-by: Andy Polyakov GH: #6787 ----------------------------------------------------------------------- Summary of changes: crypto/sm2/sm2_sign.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index adde952..1244c05 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -111,7 +111,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) for (;;) { if (!BN_priv_rand_range(k, order)) { SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); - goto done; + goto done; } if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) From openssl at openssl.org Thu Jul 26 05:17:25 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Thu, 26 Jul 2018 05:17:25 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-md5 Message-ID: <1532582245.450560.26481.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-md5 Commit log since last time: 7c226df Fixed issue where DRBG_CTR fails if NO_DF is used - when entropy is called 037241b Check for failures, to avoid memory leak 80ae728 crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop. ceb8e32 crypto/dllmain.c: remove unused OPENSSL_NONPIC_relocated variable. 9e4a1c3 crypto/cryptlib.c: resolve possible race in OPENSSL_isservice. b86d57b crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor. f529b5c INSTALL,NOTES.WIN: classify no-asm as non-production option. 7b953da ec/ecp_nistz256.c: fix Coverity nit. d6b50b6 apps/dsaparam.c: make dsaparam -C output strict-warnings-friendly. Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-md5 Operating system: x86_64-whatever-linux2 Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. ***** Unsupported options: no-md5 $ make clean make: *** No rule to make target 'clean'. Stop. From kurt at openssl.org Thu Jul 26 09:26:14 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 09:26:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532597174.885352.30941.nullmailer@dev.openssl.org> The branch master has been updated via b9e54e98066c1ff8adab5d68b6c114b14d2f74e5 (commit) from 9e4c97774861949f6f987772c0b579fe8a9c7d5a (commit) - Log ----------------------------------------------------------------- commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5 Author: Kurt Roeckx Date: Thu Jul 26 11:10:24 2018 +0200 Fix inconsisten use of bit vs bits Reviewed-by: Tim Hudson GH: #6794 ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_generate_prime.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index 4b085e7..7cfa96e 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -103,8 +103,8 @@ probabilistic primality test with B iterations. If B, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, -2^-192 at 3747 bit and 2^-256 at 6394 bit. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: From kurt at openssl.org Thu Jul 26 09:29:29 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 09:29:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532597369.850205.32517.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 616153f2f9c07f51212fb5e85170e89a4ebaadbb (commit) from 707efcd64129c8010e192bd209bace0bc6d18ac9 (commit) - Log ----------------------------------------------------------------- commit 616153f2f9c07f51212fb5e85170e89a4ebaadbb Author: Kurt Roeckx Date: Thu Jul 26 11:10:24 2018 +0200 Fix inconsistent use of bit vs bits Reviewed-by: Tim Hudson GH: #6794 (cherry picked from commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_generate_prime.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 4adc3c8..849df07 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -102,8 +102,8 @@ probabilistic primality test with B iterations. If B, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, -2^-192 at 3747 bit and 2^-256 at 6394 bit. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: From kurt at openssl.org Thu Jul 26 09:30:04 2018 From: kurt at openssl.org (Kurt Roeckx) Date: Thu, 26 Jul 2018 09:30:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1532597404.391946.1124.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d69f31fcc38878769c8c917f8724c5aef10fd847 (commit) from be4e1f79f631e49c76d02fe4644b52f907c374b2 (commit) - Log ----------------------------------------------------------------- commit d69f31fcc38878769c8c917f8724c5aef10fd847 Author: Kurt Roeckx Date: Thu Jul 26 11:10:24 2018 +0200 Fix inconsistent use of bit vs bits Reviewed-by: Tim Hudson GH: #6794 (cherry picked from commit b9e54e98066c1ff8adab5d68b6c114b14d2f74e5) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BN_generate_prime.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index 0079f17..003d123 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -92,8 +92,8 @@ probabilistic primality test with B iterations. If B, a number of iterations is used that yields a false positive rate of at most 2^-64 for random input. The error rate depends on the size of the prime and goes down for bigger primes. -The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bit, 2^-128 at 1080 bits, -2^-192 at 3747 bit and 2^-256 at 6394 bit. +The rate is 2^-80 starting at 308 bits, 2^-112 at 852 bits, 2^-128 at 1080 bits, +2^-192 at 3747 bits and 2^-256 at 6394 bits. When the source of the prime is not random or not trusted, the number of checks needs to be much higher to reach the same level of assurance: From appro at openssl.org Thu Jul 26 11:48:59 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 26 Jul 2018 11:48:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532605739.744298.26096.nullmailer@dev.openssl.org> The branch master has been updated via 06deb93286ac5f125fc81ddc9260b9de2311c7f3 (commit) from b9e54e98066c1ff8adab5d68b6c114b14d2f74e5 (commit) - Log ----------------------------------------------------------------- commit 06deb93286ac5f125fc81ddc9260b9de2311c7f3 Author: Andy Polyakov Date: Wed Jul 25 11:13:58 2018 +0200 apps/apps.c: harmonize print_bignum_var output with coding style. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 2740275..4090e60 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1188,16 +1188,15 @@ void print_bignum_var(BIO *out, const BIGNUM *in, const char *var, { BIO_printf(out, " static unsigned char %s_%d[] = {", var, len); if (BN_is_zero(in)) { - BIO_printf(out, "\n\t0x00"); + BIO_printf(out, "\n 0x00"); } else { int i, l; l = BN_bn2bin(in, buffer); for (i = 0; i < l; i++) { - if ((i % 10) == 0) - BIO_printf(out, "\n\t"); + BIO_printf(out, (i % 10) == 0 ? "\n " : " "); if (i < l - 1) - BIO_printf(out, "0x%02X, ", buffer[i]); + BIO_printf(out, "0x%02X,", buffer[i]); else BIO_printf(out, "0x%02X", buffer[i]); } From appro at openssl.org Thu Jul 26 11:56:47 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 26 Jul 2018 11:56:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532606207.422076.28659.nullmailer@dev.openssl.org> The branch master has been updated via 70a579ae2f37437a1e02331eeaa84e1b68ba021e (commit) from 06deb93286ac5f125fc81ddc9260b9de2311c7f3 (commit) - Log ----------------------------------------------------------------- commit 70a579ae2f37437a1e02331eeaa84e1b68ba021e Author: Andy Polyakov Date: Wed Jul 25 10:29:51 2018 +0200 bn/bn_mod.c: harmonize BN_mod_add_quick with original implementation. New implementation failed to correctly reset r->neg flag. Spotted by OSSFuzz. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6783) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_mod.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 463d2d6..d8e2e12 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -83,6 +83,7 @@ int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ((volatile BN_ULONG *)tp)[i] = 0; } r->top = mtop; + r->neg = 0; if (tp != storage) OPENSSL_free(tp); From appro at openssl.org Thu Jul 26 12:02:45 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 26 Jul 2018 12:02:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532606565.425185.32364.nullmailer@dev.openssl.org> The branch master has been updated via 793f19e47c69558e39c702da75c27e0509baf379 (commit) via 8e8307231014bded6eb9562262ef09a76d4bfe87 (commit) from 70a579ae2f37437a1e02331eeaa84e1b68ba021e (commit) - Log ----------------------------------------------------------------- commit 793f19e47c69558e39c702da75c27e0509baf379 Author: Andy Polyakov Date: Wed Jul 25 10:24:42 2018 +0200 00-base-templates.conf: engage x25519-ppc64 module. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6782) commit 8e8307231014bded6eb9562262ef09a76d4bfe87 Author: Andy Polyakov Date: Wed Jul 25 10:24:09 2018 +0200 Add ec/asm/x25519-ppc64.pl module. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6782) ----------------------------------------------------------------------- Summary of changes: Configurations/00-base-templates.conf | 2 +- crypto/ec/asm/x25519-ppc64.pl | 824 ++++++++++++++++++++++++++++++++++ crypto/ec/build.info | 1 + 3 files changed, 826 insertions(+), 1 deletion(-) create mode 100755 crypto/ec/asm/x25519-ppc64.pl diff --git a/Configurations/00-base-templates.conf b/Configurations/00-base-templates.conf index 4a1645f..516e3cd 100644 --- a/Configurations/00-base-templates.conf +++ b/Configurations/00-base-templates.conf @@ -344,7 +344,7 @@ my %targets=( ppc64_asm => { inherit_from => [ "ppc32_asm" ], template => 1, - ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s", + ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s x25519-ppc64.s", keccak1600_asm_src => "keccak1600-ppc64.s", }, ); diff --git a/crypto/ec/asm/x25519-ppc64.pl b/crypto/ec/asm/x25519-ppc64.pl new file mode 100755 index 0000000..3773cb2 --- /dev/null +++ b/crypto/ec/asm/x25519-ppc64.pl @@ -0,0 +1,824 @@ +#! /usr/bin/env perl +# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# X25519 lower-level primitives for PPC64. +# +# July 2018. +# +# Base 2^64 is faster than base 2^51 on pre-POWER8, most notably ~15% +# faster on PPC970/G5. POWER8 on the other hand seems to trip on own +# shoelaces when handling longer carry chains. As base 2^51 has just +# single-carry pairs, it's 25% faster than base 2^64. Since PPC970 is +# pretty old, base 2^64 implementation is not engaged. Comparison to +# compiler-generated code is complicated by the fact that not all +# compilers support 128-bit integers. When compiler doesn't, like xlc, +# this module delivers more than 2x improvement, and when it does, +# from 12% to 30% improvement was measured... + +$flavour = shift; +while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my $sp = "r1"; +my ($rp,$ap,$bp) = map("r$_",3..5); + +####################################################### base 2^64 +if (0) { +my ($bi,$a0,$a1,$a2,$a3,$t0,$t1, $t2,$t3, + $acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7) = + map("r$_",(6..12,22..31)); +my $zero = "r0"; +my $FRAME = 16*8; + +$code.=<<___; +.text + +.globl x25519_fe64_mul +.type x25519_fe64_mul,\@function +.align 5 +x25519_fe64_mul: + stdu $sp,-$FRAME($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $bi,0($bp) + ld $a0,0($ap) + xor $zero,$zero,$zero + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + mulld $acc0,$a0,$bi # a[0]*b[0] + mulhdu $t0,$a0,$bi + mulld $acc1,$a1,$bi # a[1]*b[0] + mulhdu $t1,$a1,$bi + mulld $acc2,$a2,$bi # a[2]*b[0] + mulhdu $t2,$a2,$bi + mulld $acc3,$a3,$bi # a[3]*b[0] + mulhdu $t3,$a3,$bi +___ +for(my @acc=($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7), + my $i=1; $i<4; shift(@acc), $i++) { +my $acc4 = $i==1? $zero : @acc[4]; + +$code.=<<___; + ld $bi,`8*$i`($bp) + addc @acc[1], at acc[1],$t0 # accumulate high parts + mulld $t0,$a0,$bi + adde @acc[2], at acc[2],$t1 + mulld $t1,$a1,$bi + adde @acc[3], at acc[3],$t2 + mulld $t2,$a2,$bi + adde @acc[4],$acc4,$t3 + mulld $t3,$a3,$bi + addc @acc[1], at acc[1],$t0 # accumulate low parts + mulhdu $t0,$a0,$bi + adde @acc[2], at acc[2],$t1 + mulhdu $t1,$a1,$bi + adde @acc[3], at acc[3],$t2 + mulhdu $t2,$a2,$bi + adde @acc[4], at acc[4],$t3 + mulhdu $t3,$a3,$bi + adde @acc[5],$zero,$zero +___ +} +$code.=<<___; + li $bi,38 + addc $acc4,$acc4,$t0 + mulld $t0,$acc4,$bi + adde $acc5,$acc5,$t1 + mulld $t1,$acc5,$bi + adde $acc6,$acc6,$t2 + mulld $t2,$acc6,$bi + adde $acc7,$acc7,$t3 + mulld $t3,$acc7,$bi + + addc $acc0,$acc0,$t0 + mulhdu $t0,$acc4,$bi + adde $acc1,$acc1,$t1 + mulhdu $t1,$acc5,$bi + adde $acc2,$acc2,$t2 + mulhdu $t2,$acc6,$bi + adde $acc3,$acc3,$t3 + mulhdu $t3,$acc7,$bi + adde $acc4,$zero,$zero + + addc $acc1,$acc1,$t0 + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$t2 + adde $acc4,$acc4,$t3 + + mulld $acc4,$acc4,$bi + + addc $acc0,$acc0,$acc4 + addze $acc1,$acc1 + addze $acc2,$acc2 + addze $acc3,$acc3 + + subfe $acc4,$acc4,$acc4 # carry -> ~mask + std $acc1,8($rp) + andc $acc4,$bi,$acc4 + std $acc2,16($rp) + add $acc0,$acc0,$acc4 + std $acc3,24($rp) + std $acc0,0($rp) + + ld r22,`$FRAME-8*10`($sp) + ld r23,`$FRAME-8*9`($sp) + ld r24,`$FRAME-8*8`($sp) + ld r25,`$FRAME-8*7`($sp) + ld r26,`$FRAME-8*6`($sp) + ld r27,`$FRAME-8*5`($sp) + ld r28,`$FRAME-8*4`($sp) + ld r29,`$FRAME-8*3`($sp) + ld r30,`$FRAME-8*2`($sp) + ld r31,`$FRAME-8*1`($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,10,3,0 + .long 0 +.size x25519_fe64_mul,.-x25519_fe64_mul + +.globl x25519_fe64_sqr +.type x25519_fe64_sqr,\@function +.align 5 +x25519_fe64_sqr: + stdu $sp,-$FRAME($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $a0,0($ap) + xor $zero,$zero,$zero + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + + ################################ + # | | | | | |a1*a0| | + # | | | | |a2*a0| | | + # | |a3*a2|a3*a0| | | | + # | | | |a2*a1| | | | + # | | |a3*a1| | | | | + # *| | | | | | | | 2| + # +|a3*a3|a2*a2|a1*a1|a0*a0| + # |--+--+--+--+--+--+--+--| + # |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx + # + # "can't overflow" below mark carrying into high part of + # multiplication result, which can't overflow, because it + # can never be all ones. + + mulld $acc1,$a1,$a0 # a[1]*a[0] + mulhdu $t1,$a1,$a0 + mulld $acc2,$a2,$a0 # a[2]*a[0] + mulhdu $t2,$a2,$a0 + mulld $acc3,$a3,$a0 # a[3]*a[0] + mulhdu $acc4,$a3,$a0 + + addc $acc2,$acc2,$t1 # accumulate high parts of multiplication + mulld $t0,$a2,$a1 # a[2]*a[1] + mulhdu $t1,$a2,$a1 + adde $acc3,$acc3,$t2 + mulld $t2,$a3,$a1 # a[3]*a[1] + mulhdu $t3,$a3,$a1 + addze $acc4,$acc4 # can't overflow + + mulld $acc5,$a3,$a2 # a[3]*a[2] + mulhdu $acc6,$a3,$a2 + + addc $t1,$t1,$t2 # accumulate high parts of multiplication + mulld $acc0,$a0,$a0 # a[0]*a[0] + addze $t2,$t3 # can't overflow + + addc $acc3,$acc3,$t0 # accumulate low parts of multiplication + mulhdu $a0,$a0,$a0 + adde $acc4,$acc4,$t1 + mulld $t1,$a1,$a1 # a[1]*a[1] + adde $acc5,$acc5,$t2 + mulhdu $a1,$a1,$a1 + addze $acc6,$acc6 # can't overflow + + addc $acc1,$acc1,$acc1 # acc[1-6]*=2 + mulld $t2,$a2,$a2 # a[2]*a[2] + adde $acc2,$acc2,$acc2 + mulhdu $a2,$a2,$a2 + adde $acc3,$acc3,$acc3 + mulld $t3,$a3,$a3 # a[3]*a[3] + adde $acc4,$acc4,$acc4 + mulhdu $a3,$a3,$a3 + adde $acc5,$acc5,$acc5 + adde $acc6,$acc6,$acc6 + addze $acc7,$zero + + addc $acc1,$acc1,$a0 # +a[i]*a[i] + li $bi,38 + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$a1 + adde $acc4,$acc4,$t2 + adde $acc5,$acc5,$a2 + adde $acc6,$acc6,$t3 + adde $acc7,$acc7,$a3 + + mulld $t0,$acc4,$bi + mulld $t1,$acc5,$bi + mulld $t2,$acc6,$bi + mulld $t3,$acc7,$bi + + addc $acc0,$acc0,$t0 + mulhdu $t0,$acc4,$bi + adde $acc1,$acc1,$t1 + mulhdu $t1,$acc5,$bi + adde $acc2,$acc2,$t2 + mulhdu $t2,$acc6,$bi + adde $acc3,$acc3,$t3 + mulhdu $t3,$acc7,$bi + addze $acc4,$zero + + addc $acc1,$acc1,$t0 + adde $acc2,$acc2,$t1 + adde $acc3,$acc3,$t2 + adde $acc4,$acc4,$t3 + + mulld $acc4,$acc4,$bi + + addc $acc0,$acc0,$acc4 + addze $acc1,$acc1 + addze $acc2,$acc2 + addze $acc3,$acc3 + + subfe $acc4,$acc4,$acc4 # carry -> ~mask + std $acc1,8($rp) + andc $acc4,$bi,$acc4 + std $acc2,16($rp) + add $acc0,$acc0,$acc4 + std $acc3,24($rp) + std $acc0,0($rp) + + ld r22,`$FRAME-8*10`($sp) + ld r23,`$FRAME-8*9`($sp) + ld r24,`$FRAME-8*8`($sp) + ld r25,`$FRAME-8*7`($sp) + ld r26,`$FRAME-8*6`($sp) + ld r27,`$FRAME-8*5`($sp) + ld r28,`$FRAME-8*4`($sp) + ld r29,`$FRAME-8*3`($sp) + ld r30,`$FRAME-8*2`($sp) + ld r31,`$FRAME-8*1`($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,10,2,0 + .long 0 +.size x25519_fe64_sqr,.-x25519_fe64_sqr + +.globl x25519_fe64_mul121666 +.type x25519_fe64_mul121666,\@function +.align 5 +x25519_fe64_mul121666: + lis $bi,`65536>>16` + ori $bi,$bi,`121666-65536` + + ld $t0,0($ap) + ld $t1,8($ap) + ld $bp,16($ap) + ld $ap,24($ap) + + mulld $a0,$t0,$bi + mulhdu $t0,$t0,$bi + mulld $a1,$t1,$bi + mulhdu $t1,$t1,$bi + mulld $a2,$bp,$bi + mulhdu $bp,$bp,$bi + mulld $a3,$ap,$bi + mulhdu $ap,$ap,$bi + + addc $a1,$a1,$t0 + adde $a2,$a2,$t1 + adde $a3,$a3,$bp + addze $ap, $ap + + mulli $ap,$ap,38 + + addc $a0,$a0,$ap + addze $a1,$a1 + addze $a2,$a2 + addze $a3,$a3 + + subfe $t1,$t1,$t1 # carry -> ~mask + std $a1,8($rp) + andc $t0,$t0,$t1 + std $a2,16($rp) + add $a0,$a0,$t0 + std $a3,24($rp) + std $a0,0($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,2,0 + .long 0 +.size x25519_fe64_mul121666,.-x25519_fe64_mul121666 + +.globl x25519_fe64_add +.type x25519_fe64_add,\@function +.align 5 +x25519_fe64_add: + ld $a0,0($ap) + ld $t0,0($bp) + ld $a1,8($ap) + ld $t1,8($bp) + ld $a2,16($ap) + ld $bi,16($bp) + ld $a3,24($ap) + ld $bp,24($bp) + + addc $a0,$a0,$t0 + adde $a1,$a1,$t1 + adde $a2,$a2,$bi + adde $a3,$a3,$bp + + li $t0,38 + subfe $t1,$t1,$t1 # carry -> ~mask + andc $t1,$t0,$t1 + + addc $a0,$a0,$t1 + addze $a1,$a1 + addze $a2,$a2 + addze $a3,$a3 + + subfe $t1,$t1,$t1 # carry -> ~mask + std $a1,8($rp) + andc $t0,$t0,$t1 + std $a2,16($rp) + add $a0,$a0,$t0 + std $a3,24($rp) + std $a0,0($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size x25519_fe64_add,.-x25519_fe64_add + +.globl x25519_fe64_sub +.type x25519_fe64_sub,\@function +.align 5 +x25519_fe64_sub: + ld $a0,0($ap) + ld $t0,0($bp) + ld $a1,8($ap) + ld $t1,8($bp) + ld $a2,16($ap) + ld $bi,16($bp) + ld $a3,24($ap) + ld $bp,24($bp) + + subfc $a0,$t0,$a0 + subfe $a1,$t1,$a1 + subfe $a2,$bi,$a2 + subfe $a3,$bp,$a3 + + li $t0,38 + subfe $t1,$t1,$t1 # borrow -> mask + xor $zero,$zero,$zero + and $t1,$t0,$t1 + + subfc $a0,$t1,$a0 + subfe $a1,$zero,$a1 + subfe $a2,$zero,$a2 + subfe $a3,$zero,$a3 + + subfe $t1,$t1,$t1 # borrow -> mask + std $a1,8($rp) + and $t0,$t0,$t1 + std $a2,16($rp) + subf $a0,$t0,$a0 + std $a3,24($rp) + std $a0,0($rp) + + blr + .long 0 + .byte 0,12,0x14,0,0,0,3,0 + .long 0 +.size x25519_fe64_sub,.-x25519_fe64_sub + +.globl x25519_fe64_tobytes +.type x25519_fe64_tobytes,\@function +.align 5 +x25519_fe64_tobytes: + ld $a3,24($ap) + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + + sradi $t0,$a3,63 # most significant bit -> mask + li $t1,19 + and $t0,$t0,$t1 + sldi $a3,$a3,1 + add $t0,$t0,$t1 # compare to modulus in the same go + srdi $a3,$a3,1 # most signifcant bit cleared + + addc $a0,$a0,$t0 + addze $a1,$a1 + addze $a2,$a2 + addze $a3,$a3 + + xor $zero,$zero,$zero + sradi $t0,$a3,63 # most significant bit -> mask + sldi $a3,$a3,1 + andc $t0,$t1,$t0 + srdi $a3,$a3,1 # most signifcant bit cleared + + subi $rp,$rp,1 + subfc $a0,$t0,$a0 + subfe $a1,$zero,$a1 + subfe $a2,$zero,$a2 + subfe $a3,$zero,$a3 + +___ +for (my @a=($a0,$a1,$a2,$a3), my $i=0; $i<4; shift(@a), $i++) { +$code.=<<___; + srdi $t0, at a[0],8 + stbu @a[0],1($rp) + srdi @a[0], at a[0],16 + stbu $t0,1($rp) + srdi $t0, at a[0],8 + stbu @a[0],1($rp) + srdi @a[0], at a[0],16 + stbu $t0,1($rp) + srdi $t0, at a[0],8 + stbu @a[0],1($rp) + srdi @a[0], at a[0],16 + stbu $t0,1($rp) + srdi $t0, at a[0],8 + stbu @a[0],1($rp) + stbu $t0,1($rp) +___ +} +$code.=<<___; + blr + .long 0 + .byte 0,12,0x14,0,0,0,2,0 + .long 0 +.size x25519_fe64_tobytes,.-x25519_fe64_tobytes +___ +} +####################################################### base 2^51 +{ +my ($bi,$a0,$a1,$a2,$a3,$a4,$t0, $t1, + $h0lo,$h0hi,$h1lo,$h1hi,$h2lo,$h2hi,$h3lo,$h3hi,$h4lo,$h4hi) = + map("r$_",(6..12,21..31)); +my $mask = "r0"; +my $FRAME = 18*8; + +$code.=<<___; +.text + +.globl x25519_fe51_mul +.type x25519_fe51_mul,\@function +.align 5 +x25519_fe51_mul: + stdu $sp,-$FRAME($sp) + std r21,`$FRAME-8*11`($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $bi,0($bp) + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + ld $a4,32($ap) + + mulld $h0lo,$a0,$bi # a[0]*b[0] + mulhdu $h0hi,$a0,$bi + + mulld $h1lo,$a1,$bi # a[1]*b[0] + mulhdu $h1hi,$a1,$bi + + mulld $h4lo,$a4,$bi # a[4]*b[0] + mulhdu $h4hi,$a4,$bi + ld $ap,8($bp) + mulli $a4,$a4,19 + + mulld $h2lo,$a2,$bi # a[2]*b[0] + mulhdu $h2hi,$a2,$bi + + mulld $h3lo,$a3,$bi # a[3]*b[0] + mulhdu $h3hi,$a3,$bi +___ +for(my @a=($a0,$a1,$a2,$a3,$a4), + my $i=1; $i<4; $i++) { + ($ap,$bi) = ($bi,$ap); +$code.=<<___; + mulld $t0, at a[4],$bi + mulhdu $t1, at a[4],$bi + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 + + mulld $t0, at a[0],$bi + mulhdu $t1, at a[0],$bi + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + + mulld $t0, at a[3],$bi + mulhdu $t1, at a[3],$bi + ld $ap,`8*($i+1)`($bp) + mulli @a[3], at a[3],19 + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + + mulld $t0, at a[1],$bi + mulhdu $t1, at a[1],$bi + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + + mulld $t0, at a[2],$bi + mulhdu $t1, at a[2],$bi + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 +___ + unshift(@a,pop(@a)); +} + ($ap,$bi) = ($bi,$ap); +$code.=<<___; + mulld $t0,$a1,$bi + mulhdu $t1,$a1,$bi + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 + + mulld $t0,$a2,$bi + mulhdu $t1,$a2,$bi + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + + mulld $t0,$a3,$bi + mulhdu $t1,$a3,$bi + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + + mulld $t0,$a4,$bi + mulhdu $t1,$a4,$bi + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 + + mulld $t0,$a0,$bi + mulhdu $t1,$a0,$bi + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + +.Lfe51_reduce: + li $mask,-1 + srdi $mask,$mask,13 # 0x7ffffffffffff + + srdi $t0,$h2lo,51 + and $a2,$h2lo,$mask + insrdi $t0,$h2hi,51,0 # h2>>51 + srdi $t1,$h0lo,51 + and $a0,$h0lo,$mask + insrdi $t1,$h0hi,51,0 # h0>>51 + addc $h3lo,$h3lo,$t0 + addze $h3hi,$h3hi + addc $h1lo,$h1lo,$t1 + addze $h1hi,$h1hi + + srdi $t0,$h3lo,51 + and $a3,$h3lo,$mask + insrdi $t0,$h3hi,51,0 # h3>>51 + srdi $t1,$h1lo,51 + and $a1,$h1lo,$mask + insrdi $t1,$h1hi,51,0 # h1>>51 + addc $h4lo,$h4lo,$t0 + addze $h4hi,$h4hi + add $a2,$a2,$t1 + + srdi $t0,$h4lo,51 + and $a4,$h4lo,$mask + insrdi $t0,$h4hi,51,0 + mulli $t0,$t0,19 # (h4 >> 51) * 19 + + add $a0,$a0,$t0 + + srdi $t1,$a2,51 + and $a2,$a2,$mask + add $a3,$a3,$t1 + + srdi $t0,$a0,51 + and $a0,$a0,$mask + add $a1,$a1,$t0 + + std $a2,16($rp) + std $a3,24($rp) + std $a4,32($rp) + std $a0,0($rp) + std $a1,8($rp) + + ld r21,`$FRAME-8*11`($sp) + ld r22,`$FRAME-8*10`($sp) + ld r23,`$FRAME-8*9`($sp) + ld r24,`$FRAME-8*8`($sp) + ld r25,`$FRAME-8*7`($sp) + ld r26,`$FRAME-8*6`($sp) + ld r27,`$FRAME-8*5`($sp) + ld r28,`$FRAME-8*4`($sp) + ld r29,`$FRAME-8*3`($sp) + ld r30,`$FRAME-8*2`($sp) + ld r31,`$FRAME-8*1`($sp) + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,0,0x80,11,3,0 + .long 0 +.size x25519_fe51_mul,.-x25519_fe51_mul +___ +{ +my ($a0,$a1,$a2,$a3,$a4,$t0,$t1) = ($a0,$a1,$a2,$a3,$a4,$t0,$t1); +$code.=<<___; +.globl x25519_fe51_sqr +.type x25519_fe51_sqr,\@function +.align 5 +x25519_fe51_sqr: + stdu $sp,-$FRAME($sp) + std r21,`$FRAME-8*11`($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + ld $a4,32($ap) + + add $bi,$a0,$a0 # a[0]*2 + mulli $t1,$a4,19 # a[4]*19 + + mulld $h0lo,$a0,$a0 + mulhdu $h0hi,$a0,$a0 + mulld $h1lo,$a1,$bi + mulhdu $h1hi,$a1,$bi + mulld $h2lo,$a2,$bi + mulhdu $h2hi,$a2,$bi + mulld $h3lo,$a3,$bi + mulhdu $h3hi,$a3,$bi + mulld $h4lo,$a4,$bi + mulhdu $h4hi,$a4,$bi + add $bi,$a1,$a1 # a[1]*2 +___ + ($a4,$t1) = ($t1,$a4); +$code.=<<___; + mulld $t0,$t1,$a4 + mulhdu $t1,$t1,$a4 + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 + + mulli $bp,$a3,19 # a[3]*19 + + mulld $t0,$a1,$a1 + mulhdu $t1,$a1,$a1 + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + mulld $t0,$a2,$bi + mulhdu $t1,$a2,$bi + addc $h3lo,$h3lo,$t0 + adde $h3hi,$h3hi,$t1 + mulld $t0,$a3,$bi + mulhdu $t1,$a3,$bi + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + mulld $t0,$a4,$bi + mulhdu $t1,$a4,$bi + add $bi,$a3,$a3 # a[3]*2 + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 +___ + ($a3,$t1) = ($bp,$a3); +$code.=<<___; + mulld $t0,$t1,$a3 + mulhdu $t1,$t1,$a3 + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + mulld $t0,$bi,$a4 + mulhdu $t1,$bi,$a4 + add $bi,$a2,$a2 # a[2]*2 + addc $h2lo,$h2lo,$t0 + adde $h2hi,$h2hi,$t1 + + mulld $t0,$a2,$a2 + mulhdu $t1,$a2,$a2 + addc $h4lo,$h4lo,$t0 + adde $h4hi,$h4hi,$t1 + mulld $t0,$a3,$bi + mulhdu $t1,$a3,$bi + addc $h0lo,$h0lo,$t0 + adde $h0hi,$h0hi,$t1 + mulld $t0,$a4,$bi + mulhdu $t1,$a4,$bi + addc $h1lo,$h1lo,$t0 + adde $h1hi,$h1hi,$t1 + + b .Lfe51_reduce + .long 0 + .byte 0,12,4,0,0x80,11,2,0 + .long 0 +.size x25519_fe51_sqr,.-x25519_fe51_sqr +___ +} +$code.=<<___; +.globl x25519_fe51_mul121666 +.type x25519_fe51_mul121666,\@function +.align 5 +x25519_fe51_mul121666: + stdu $sp,-$FRAME($sp) + std r21,`$FRAME-8*11`($sp) + std r22,`$FRAME-8*10`($sp) + std r23,`$FRAME-8*9`($sp) + std r24,`$FRAME-8*8`($sp) + std r25,`$FRAME-8*7`($sp) + std r26,`$FRAME-8*6`($sp) + std r27,`$FRAME-8*5`($sp) + std r28,`$FRAME-8*4`($sp) + std r29,`$FRAME-8*3`($sp) + std r30,`$FRAME-8*2`($sp) + std r31,`$FRAME-8*1`($sp) + + lis $bi,`65536>>16` + ori $bi,$bi,`121666-65536` + ld $a0,0($ap) + ld $a1,8($ap) + ld $a2,16($ap) + ld $a3,24($ap) + ld $a4,32($ap) + + mulld $h0lo,$a0,$bi # a[0]*121666 + mulhdu $h0hi,$a0,$bi + mulld $h1lo,$a1,$bi # a[1]*121666 + mulhdu $h1hi,$a1,$bi + mulld $h2lo,$a2,$bi # a[2]*121666 + mulhdu $h2hi,$a2,$bi + mulld $h3lo,$a3,$bi # a[3]*121666 + mulhdu $h3hi,$a3,$bi + mulld $h4lo,$a4,$bi # a[4]*121666 + mulhdu $h4hi,$a4,$bi + + b .Lfe51_reduce + .long 0 + .byte 0,12,4,0,0x80,11,2,0 + .long 0 +.size x25519_fe51_mul121666,.-x25519_fe51_mul121666 +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/crypto/ec/build.info b/crypto/ec/build.info index db506c5..a1e673e 100644 --- a/crypto/ec/build.info +++ b/crypto/ec/build.info @@ -27,6 +27,7 @@ INCLUDE[ecp_nistz256-armv8.o]=.. GENERATE[ecp_nistz256-ppc64.s]=asm/ecp_nistz256-ppc64.pl $(PERLASM_SCHEME) GENERATE[x25519-x86_64.s]=asm/x25519-x86_64.pl $(PERLASM_SCHEME) +GENERATE[x25519-ppc64.s]=asm/x25519-ppc64.pl $(PERLASM_SCHEME) BEGINRAW[Makefile] {- $builddir -}/ecp_nistz256-%.S: {- $sourcedir -}/asm/ecp_nistz256-%.pl From appro at openssl.org Thu Jul 26 12:20:29 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 26 Jul 2018 12:20:29 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532607629.206671.4429.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 2f19065bd35dc84492c4c47ff5b706340300866f (commit) via b7862891fed4cfb5ec36a31d35e14b51bf26d01e (commit) from 616153f2f9c07f51212fb5e85170e89a4ebaadbb (commit) - Log ----------------------------------------------------------------- commit 2f19065bd35dc84492c4c47ff5b706340300866f Author: Andy Polyakov Date: Fri Jul 6 15:13:15 2018 +0200 bn/bn_{mont|exp}.c: switch to zero-padded intermediate vectors. Note that exported functions maintain original behaviour, so that external callers won't observe difference. While internally we can now perform Montogomery multiplication on fixed-length vectors, fixed at modulus size. The new functions, bn_to_mont_fixed_top and bn_mul_mont_fixed_top, are declared in bn_int.h, because one can use them even outside bn, e.g. in RSA, DSA, ECDSA... Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6707) (cherry picked from commit 71883868ea5b33416ae8283bcc38dd2d97e5006b) Resolved conflicts: crypto/bn/bn_exp.c crypto/bn/bn_mont.c crypto/include/internal/bn_int.h commit b7862891fed4cfb5ec36a31d35e14b51bf26d01e Author: Andy Polyakov Date: Fri Jul 6 15:02:29 2018 +0200 bn/bn_lib.c: add BN_FLG_FIXED_TOP flag. The new flag marks vectors that were not treated with bn_correct_top, in other words such vectors are permitted to be zero padded. For now it's BN_DEBUG-only flag, as initial use case for zero-padded vectors would be controlled Montgomery multiplication/exponentiation, not general purpose. For general purpose use another type might be more appropriate. Advantage of this suggestion is that it's possible to back-port it... bn/bn_div.c: fix memory sanitizer problem. bn/bn_sqr.c: harmonize with BN_mul. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6707) (cherry picked from commit 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb) Resolved conflicts: crypto/bn/bn_lcl.h ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_div.c | 1 + crypto/bn/bn_exp.c | 47 ++++++++++++++++++++++------------------ crypto/bn/bn_lcl.h | 21 ++++++++++++++---- crypto/bn/bn_lib.c | 15 +++++++++---- crypto/bn/bn_mont.c | 45 ++++++++++++++++++++++++++++---------- crypto/bn/bn_sqr.c | 10 ++------- crypto/include/internal/bn_int.h | 11 ++++++++++ 7 files changed, 102 insertions(+), 48 deletions(-) diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 5e620b2..aa13ce6 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -240,6 +240,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, wnum.neg = 0; wnum.d = &(snum->d[loop]); wnum.top = div_n; + wnum.flags = BN_FLG_STATIC_DATA; /* * only needed when BN_ucmp messes up the values between top and max */ diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index dac3640..a6ad475 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -371,17 +371,17 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; goto err; } - if (!BN_to_montgomery(val[0], aa, mont, ctx)) + if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx)) goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); if (window > 1) { - if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) + if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx)) goto err; /* 2 */ j = 1 << (window - 1); for (i = 1; i < j; i++) { if (((val[i] = BN_CTX_get(ctx)) == NULL) || - !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx)) + !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx)) goto err; } } @@ -403,19 +403,15 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, for (i = 1; i < j; i++) r->d[i] = (~m->d[i]) & BN_MASK2; r->top = j; - /* - * Upper words will be zero if the corresponding words of 'm' were - * 0xfff[...], so decrement r->top accordingly. - */ - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; } else #endif - if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx)) goto err; for (;;) { if (BN_is_bit_set(p, wstart) == 0) { if (!start) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } if (wstart == 0) @@ -446,12 +442,12 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* add the 'bytes above' */ if (!start) for (i = 0; i < j; i++) { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx)) goto err; } /* wvalue will be an odd number < 2^window */ - if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) + if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx)) goto err; /* move the 'window' down further */ @@ -461,6 +457,11 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (wstart < 0) break; } + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { j = mont->N.top; /* borrow j */ @@ -587,7 +588,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, } b->top = top; - bn_correct_top(b); + b->flags |= BN_FLG_FIXED_TOP; return 1; } @@ -757,16 +758,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, tmp.top = top; } else #endif - if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx)) goto err; /* prepare a^1 in Montgomery domain */ if (a->neg || BN_ucmp(a, m) >= 0) { if (!BN_mod(&am, a, m, ctx)) goto err; - if (!BN_to_montgomery(&am, &am, mont, ctx)) + if (!bn_to_mont_fixed_top(&am, &am, mont, ctx)) goto err; - } else if (!BN_to_montgomery(&am, a, mont, ctx)) + } else if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; #if defined(SPARC_T4_MONT) @@ -1033,14 +1034,14 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, * performance advantage of sqr over mul). */ if (window > 1) { - if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, window)) goto err; for (i = 3; i < numPowers; i++) { /* Calculate a^i = a^(i-1) * a */ - if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, window)) @@ -1064,7 +1065,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, /* Scan the window, squaring the result as we go */ for (i = 0; i < window; i++, bits--) { - if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx)) goto err; wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); } @@ -1077,12 +1078,16 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; /* Multiply the result into the intermediate result */ - if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx)) goto err; } } - /* Convert the final result from montgomery to standard format */ + /* + * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery + * removes padding [if any] and makes return value suitable for public + * API consumer. + */ #if defined(SPARC_T4_MONT) if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) { am.d[0] = 1; /* borrow am */ diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 5fb3814..0f80888 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -145,7 +145,16 @@ extern "C" { */ # ifdef BN_DEBUG - +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 # ifdef BN_DEBUG_RAND /* To avoid "make update" cvs wars due to BN_DEBUG, use some tricks */ # ifndef RAND_bytes @@ -177,8 +186,10 @@ int RAND_bytes(unsigned char *buf, int num); do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - OPENSSL_assert(((_bnum2->top == 0) && !_bnum2->neg) || \ - (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ + int _top = _bnum2->top; \ + OPENSSL_assert((_top == 0 && !_bnum2->neg) || \ + (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[_top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -197,6 +208,7 @@ int RAND_bytes(unsigned char *buf, int num); # else /* !BN_DEBUG */ +# define BN_FLG_FIXED_TOP 0 # define bn_pollute(a) # define bn_check_top(a) # define bn_fix_top(a) bn_correct_top(a) @@ -228,7 +240,8 @@ struct bignum_st { /* Used for montgomery multiplication */ struct bn_mont_ctx_st { int ri; /* number of bits in R */ - BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM RR; /* used to convert to montgomery form, + possibly zero-padded */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 (Ni is only * stored for bignum algorithm) */ diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 6c57a53..25eac39 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -375,15 +375,17 @@ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif - a->top = b->top; a->neg = b->neg; + a->top = b->top; + a->flags |= b->flags & BN_FLG_FIXED_TOP; bn_check_top(a); return (a); } #define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \ | BN_FLG_CONSTTIME \ - | BN_FLG_SECURE)) + | BN_FLG_SECURE \ + | BN_FLG_FIXED_TOP)) #define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED)) void BN_swap(BIGNUM *a, BIGNUM *b) @@ -424,8 +426,9 @@ void BN_clear(BIGNUM *a) bn_check_top(a); if (a->d != NULL) OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax); - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } BN_ULONG BN_get_word(const BIGNUM *a) @@ -446,6 +449,7 @@ int BN_set_word(BIGNUM *a, BN_ULONG w) a->neg = 0; a->d[0] = w; a->top = (w ? 1 : 0); + a->flags &= ~BN_FLG_FIXED_TOP; bn_check_top(a); return (1); } @@ -687,6 +691,7 @@ int BN_set_bit(BIGNUM *a, int n) for (k = a->top; k < i + 1; k++) a->d[k] = 0; a->top = i + 1; + a->flags &= ~BN_FLG_FIXED_TOP; } a->d[i] |= (((BN_ULONG)1) << j); @@ -919,8 +924,9 @@ int BN_security_bits(int L, int N) void BN_zero_ex(BIGNUM *a) { - a->top = 0; a->neg = 0; + a->top = 0; + a->flags &= ~BN_FLG_FIXED_TOP; } int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w) @@ -1044,5 +1050,6 @@ void bn_correct_top(BIGNUM *a) } if (a->top == 0) a->neg = 0; + a->flags &= ~BN_FLG_FIXED_TOP; bn_pollute(a); } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index e1d2973..3ccf8ea 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -20,12 +20,23 @@ #define MONT_WORD /* use the faster word-based algorithm */ #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); #endif int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx) { + int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx); + + bn_correct_top(r); + bn_check_top(r); + + return ret; +} + +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) +{ BIGNUM *tmp; int ret = 0; int num = mont->N.top; @@ -37,7 +48,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { r->neg = a->neg ^ b->neg; r->top = num; - bn_correct_top(r); + r->flags |= BN_FLG_FIXED_TOP; return (1); } } @@ -61,13 +72,12 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } /* reduce from aRR to aR */ #ifdef MONT_WORD - if (!BN_from_montgomery_word(r, tmp, mont)) + if (!bn_from_montgomery_word(r, tmp, mont)) goto err; #else if (!BN_from_montgomery(r, tmp, mont, ctx)) goto err; #endif - bn_check_top(r); ret = 1; err: BN_CTX_end(ctx); @@ -75,7 +85,7 @@ int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, } #ifdef MONT_WORD -static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) { BIGNUM *n; BN_ULONG *ap, *np, *rp, n0, v, carry; @@ -102,6 +112,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) memset(&rp[r->top], 0, sizeof(*rp) * i); r->top = max; + r->flags |= BN_FLG_FIXED_TOP; n0 = mont->n0[0]; /* @@ -120,6 +131,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) if (bn_wexpand(ret, nl) == NULL) return (0); ret->top = nl; + ret->flags |= BN_FLG_FIXED_TOP; ret->neg = r->neg; rp = ret->d; @@ -140,9 +152,6 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp[i] = (carry & ap[i]) | (~carry & rp[i]); ap[i] = 0; } - bn_correct_top(r); - bn_correct_top(ret); - bn_check_top(ret); return (1); } @@ -156,8 +165,11 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, BIGNUM *t; BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) - retn = BN_from_montgomery_word(ret, t, mont); + if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) { + retn = bn_from_montgomery_word(ret, t, mont); + bn_correct_top(ret); + bn_check_top(ret); + } BN_CTX_end(ctx); #else /* !MONT_WORD */ BIGNUM *t1, *t2; @@ -195,6 +207,12 @@ int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, return (retn); } +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) +{ + return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx); +} + BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; @@ -231,7 +249,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) { - int ret = 0; + int i, ret = 0; BIGNUM *Ri, *R; if (BN_is_zero(mod)) @@ -366,6 +384,11 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) goto err; + for (i = mont->RR.top, ret = mont->N.top; i < ret; i++) + mont->RR.d[i] = 0; + mont->RR.top = ret; + mont->RR.flags |= BN_FLG_FIXED_TOP; + ret = 1; err: BN_CTX_end(ctx); diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index 44e7332..7371232 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -82,14 +82,8 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) } rr->neg = 0; - /* - * If the most-significant half of the top word of 'a' is zero, then the - * square of 'a' will max-1 words. - */ - if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) - rr->top = max - 1; - else - rr->top = max; + rr->top = max; + bn_correct_top(rr); if (r != rr && BN_copy(r, rr) == NULL) goto err; diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index 4e0c9a4..3501ffb 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -74,6 +74,17 @@ size_t bn_sizeof_BIGNUM(void); */ BIGNUM *bn_array_el(BIGNUM *base, int el); +/* + * Some BIGNUM functions assume most significant limb to be non-zero, which + * is customarily arranged by bn_correct_top. Output from below functions + * is not processed with bn_correct_top, and for this reason it may not be + * returned out of public API. It may only be passed internally into other + * functions known to support non-minimal or zero-padded BIGNUMs. + */ +int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx); #ifdef __cplusplus } From appro at openssl.org Thu Jul 26 17:42:29 2018 From: appro at openssl.org (Andy Polyakov) Date: Thu, 26 Jul 2018 17:42:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532626949.232039.10045.nullmailer@dev.openssl.org> The branch master has been updated via 9d91530d2d7da1447b7be8631b269599023430e7 (commit) from 793f19e47c69558e39c702da75c27e0509baf379 (commit) - Log ----------------------------------------------------------------- commit 9d91530d2d7da1447b7be8631b269599023430e7 Author: Billy Brumley Date: Thu Jul 19 11:16:07 2018 +0300 EC GFp ladder This commit leverages the Montgomery ladder scaffold introduced in #6690 (alongside a specialized Lopez-Dahab ladder for binary curves) to provide a specialized differential addition-and-double implementation to speedup prime curves, while keeping all the features of `ec_scalar_mul_ladder` against SCA attacks. The arithmetic in ladder_pre, ladder_step and ladder_post is auto generated with tooling, from the following formulae: - `ladder_pre`: Formula 3 for doubling from Izu-Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", as described at https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2 - `ladder_step`: differential addition-and-doubling Eq. (8) and (10) from Izu-Takagi "A fast parallel elliptic curve multiplication resistant against side channel attacks", as described at https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-3 - `ladder_post`: y-coordinate recovery using Eq. (8) from Brier-Joye "Weierstrass Elliptic Curves and Side-Channel Attacks", modified to work in projective coordinates. Co-authored-by: Nicola Tuveri Reviewed-by: Andy Polyakov Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6772) ----------------------------------------------------------------------- Summary of changes: CHANGES | 11 ++- crypto/ec/ec_lcl.h | 13 ++- crypto/ec/ecp_mont.c | 6 +- crypto/ec/ecp_nist.c | 6 +- crypto/ec/ecp_smpl.c | 228 +++++++++++++++++++++++++++++++++++++++++++++++++-- 5 files changed, 249 insertions(+), 15 deletions(-) diff --git a/CHANGES b/CHANGES index cab58c0..7805912 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Changes between 1.1.0h and 1.1.1 [xx XXX xxxx] + *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder + step for prime curves. The new implementation is based on formulae from + differential addition-and-doubling in homogeneous projective coordinates + from Izu-Takagi "A fast parallel elliptic curve multiplication resistant + against side channel attacks" and Brier-Joye "Weierstrass Elliptic Curves + and Side-Channel Attacks" Eq. (8) for y-coordinate recovery, modified + to work in projective coordinates. + [Billy Bob Brumley, Nicola Tuveri] + *) Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. For larger primes this will result in more rounds of Miller-Rabin. @@ -30,7 +39,7 @@ [Andy Polyakov] *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder - step for binary curves. The new implementation is based on formulas from + step for binary curves. The new implementation is based on formulae from differential addition-and-doubling in mixed Lopez-Dahab projective coordinates, modified to independently blind the operands. [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri] diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 217392e..c706a84 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -301,7 +301,6 @@ struct ec_point_st { * special case */ }; - static ossl_inline int ec_point_is_compat(const EC_POINT *point, const EC_GROUP *group) { @@ -314,7 +313,6 @@ static ossl_inline int ec_point_is_compat(const EC_POINT *point, return 1; } - NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *); NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *); NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *); @@ -394,7 +392,16 @@ int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, - BN_CTX *ctx); + BN_CTX *ctx); +int ec_GFp_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx); /* method functions in ecp_mont.c */ int ec_GFp_mont_group_init(EC_GROUP *); diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index fda9a23..36682e5 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -64,9 +64,9 @@ const EC_METHOD *EC_GFp_mont_method(void) ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ ec_GFp_simple_blind_coordinates, - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ + ec_GFp_simple_ladder_pre, + ec_GFp_simple_ladder_step, + ec_GFp_simple_ladder_post }; return &ret; diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 2c23525..f53de1a 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -66,9 +66,9 @@ const EC_METHOD *EC_GFp_nist_method(void) ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ ec_GFp_simple_blind_coordinates, - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ + ec_GFp_simple_ladder_pre, + ec_GFp_simple_ladder_step, + ec_GFp_simple_ladder_post }; return &ret; diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 768922a..18d16dd 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -65,9 +65,9 @@ const EC_METHOD *EC_GFp_simple_method(void) ecdh_simple_compute_key, 0, /* field_inverse_mod_ord */ ec_GFp_simple_blind_coordinates, - 0, /* ladder_pre */ - 0, /* ladder_step */ - 0 /* ladder_post */ + ec_GFp_simple_ladder_pre, + ec_GFp_simple_ladder_step, + ec_GFp_simple_ladder_post }; return &ret; @@ -1418,6 +1418,224 @@ int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, ret = 1; err: - BN_CTX_end(ctx); - return ret; + BN_CTX_end(ctx); + return ret; +} + +/*- + * Set s := p, r := 2p. + * + * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve + * multiplication resistant against side channel attacks" appendix, as described + * at + * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2 + * + * The input point p will be in randomized Jacobian projective coords: + * x = X/Z**2, y=Y/Z**3 + * + * The output points p, s, and r are converted to standard (homogeneous) + * projective coords: + * x = X/Z, y=Y/Z + */ +int ec_GFp_simple_ladder_pre(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + BIGNUM *t1, *t2, *t3, *t4, *t5, *t6 = NULL; + + t1 = r->Z; + t2 = r->Y; + t3 = s->X; + t4 = r->X; + t5 = s->Y; + t6 = s->Z; + + /* convert p: (X,Y,Z) -> (XZ,Y,Z**3) */ + if (!group->meth->field_mul(group, p->X, p->X, p->Z, ctx) + || !group->meth->field_sqr(group, t1, p->Z, ctx) + || !group->meth->field_mul(group, p->Z, p->Z, t1, ctx) + /* r := 2p */ + || !group->meth->field_sqr(group, t2, p->X, ctx) + || !group->meth->field_sqr(group, t3, p->Z, ctx) + || !group->meth->field_mul(group, t4, t3, group->a, ctx) + || !BN_mod_sub_quick(t5, t2, t4, group->field) + || !BN_mod_add_quick(t2, t2, t4, group->field) + || !group->meth->field_sqr(group, t5, t5, ctx) + || !group->meth->field_mul(group, t6, t3, group->b, ctx) + || !group->meth->field_mul(group, t1, p->X, p->Z, ctx) + || !group->meth->field_mul(group, t4, t1, t6, ctx) + || !BN_mod_lshift_quick(t4, t4, 3, group->field) + /* r->X coord output */ + || !BN_mod_sub_quick(r->X, t5, t4, group->field) + || !group->meth->field_mul(group, t1, t1, t2, ctx) + || !group->meth->field_mul(group, t2, t3, t6, ctx) + || !BN_mod_add_quick(t1, t1, t2, group->field) + /* r->Z coord output */ + || !BN_mod_lshift_quick(r->Z, t1, 2, group->field) + || !EC_POINT_copy(s, p)) + return 0; + + r->Z_is_one = 0; + s->Z_is_one = 0; + p->Z_is_one = 0; + + return 1; +} + +/*- + * Differential addition-and-doubling using Eq. (8) and (10) from Izu-Takagi + * "A fast parallel elliptic curve multiplication resistant against side channel + * attacks", as described at + * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-ladd-2002-it-3 + */ +int ec_GFp_simple_ladder_step(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6, *t7 = NULL; + + BN_CTX_start(ctx); + t0 = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t3 = BN_CTX_get(ctx); + t4 = BN_CTX_get(ctx); + t5 = BN_CTX_get(ctx); + t6 = BN_CTX_get(ctx); + t7 = BN_CTX_get(ctx); + + if (t7 == NULL + || !group->meth->field_mul(group, t0, r->X, s->X, ctx) + || !group->meth->field_mul(group, t1, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t2, r->X, s->Z, ctx) + || !group->meth->field_mul(group, t3, r->Z, s->X, ctx) + || !group->meth->field_mul(group, t4, group->a, t1, ctx) + || !BN_mod_sub_quick(t4, t0, t4, group->field) + || !BN_mod_add_quick(t5, t3, t2, group->field) + || !group->meth->field_sqr(group, t4, t4, ctx) + || !group->meth->field_mul(group, t5, t1, t5, ctx) + || !BN_mod_lshift_quick(t0, group->b, 2, group->field) + || !group->meth->field_mul(group, t5, t0, t5, ctx) + || !BN_mod_sub_quick(t5, t4, t5, group->field) + /* s->X coord output */ + || !group->meth->field_mul(group, s->X, t5, p->Z, ctx) + || !BN_mod_sub_quick(t3, t2, t3, group->field) + || !group->meth->field_sqr(group, t3, t3, ctx) + /* s->Z coord output */ + || !group->meth->field_mul(group, s->Z, t3, p->X, ctx) + || !group->meth->field_sqr(group, t2, r->X, ctx) + || !group->meth->field_sqr(group, t4, r->Z, ctx) + || !group->meth->field_mul(group, t1, t4, group->a, ctx) + || !BN_mod_add_quick(t6, r->X, r->Z, group->field) + || !group->meth->field_sqr(group, t6, t6, ctx) + || !BN_mod_sub_quick(t6, t6, t2, group->field) + || !BN_mod_sub_quick(t6, t6, t4, group->field) + || !BN_mod_sub_quick(t7, t2, t1, group->field) + || !group->meth->field_sqr(group, t7, t7, ctx) + || !group->meth->field_mul(group, t5, t4, t6, ctx) + || !group->meth->field_mul(group, t5, t0, t5, ctx) + /* r->X coord output */ + || !BN_mod_sub_quick(r->X, t7, t5, group->field) + || !BN_mod_add_quick(t2, t2, t1, group->field) + || !group->meth->field_sqr(group, t5, t4, ctx) + || !group->meth->field_mul(group, t5, t5, t0, ctx) + || !group->meth->field_mul(group, t6, t6, t2, ctx) + || !BN_mod_lshift1_quick(t6, t6, group->field) + /* r->Z coord output */ + || !BN_mod_add_quick(r->Z, t5, t6, group->field)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +/*- + * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass + * Elliptic Curves and Side-Channel Attacks", modified to work in projective + * coordinates and return r in Jacobian projective coordinates. + * + * X4 = two*Y1*X2*Z3*Z2*Z1; + * Y4 = two*b*Z3*SQR(Z2*Z1) + Z3*(a*Z2*Z1+X1*X2)*(X1*Z2+X2*Z1) - X3*SQR(X1*Z2-X2*Z1); + * Z4 = two*Y1*Z3*SQR(Z2)*Z1; + * + * Z4 != 0 because: + * - Z1==0 implies p is at infinity, which would have caused an early exit in + * the caller; + * - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch); + * - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch); + * - Y1==0 implies p has order 2, so either r or s are infinity and handled by + * one of the BN_is_zero(...) branches. + */ +int ec_GFp_simple_ladder_post(const EC_GROUP *group, + EC_POINT *r, EC_POINT *s, + EC_POINT *p, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL; + + if (BN_is_zero(r->Z)) + return EC_POINT_set_to_infinity(group, r); + + if (BN_is_zero(s->Z)) { + /* (X,Y,Z) -> (XZ,YZ**2,Z) */ + if (!group->meth->field_mul(group, r->X, p->X, p->Z, ctx) + || !group->meth->field_sqr(group, r->Z, p->Z, ctx) + || !group->meth->field_mul(group, r->Y, p->Y, r->Z, ctx) + || !BN_copy(r->Z, p->Z) + || !EC_POINT_invert(group, r, ctx)) + return 0; + return 1; + } + + BN_CTX_start(ctx); + t0 = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t3 = BN_CTX_get(ctx); + t4 = BN_CTX_get(ctx); + t5 = BN_CTX_get(ctx); + t6 = BN_CTX_get(ctx); + + if (t6 == NULL + || !BN_mod_lshift1_quick(t0, p->Y, group->field) + || !group->meth->field_mul(group, t1, r->X, p->Z, ctx) + || !group->meth->field_mul(group, t2, r->Z, s->Z, ctx) + || !group->meth->field_mul(group, t2, t1, t2, ctx) + || !group->meth->field_mul(group, t3, t2, t0, ctx) + || !group->meth->field_mul(group, t2, r->Z, p->Z, ctx) + || !group->meth->field_sqr(group, t4, t2, ctx) + || !BN_mod_lshift1_quick(t5, group->b, group->field) + || !group->meth->field_mul(group, t4, t4, t5, ctx) + || !group->meth->field_mul(group, t6, t2, group->a, ctx) + || !group->meth->field_mul(group, t5, r->X, p->X, ctx) + || !BN_mod_add_quick(t5, t6, t5, group->field) + || !group->meth->field_mul(group, t6, r->Z, p->X, ctx) + || !BN_mod_add_quick(t2, t6, t1, group->field) + || !group->meth->field_mul(group, t5, t5, t2, ctx) + || !BN_mod_sub_quick(t6, t6, t1, group->field) + || !group->meth->field_sqr(group, t6, t6, ctx) + || !group->meth->field_mul(group, t6, t6, s->X, ctx) + || !BN_mod_add_quick(t4, t5, t4, group->field) + || !group->meth->field_mul(group, t4, t4, s->Z, ctx) + || !BN_mod_sub_quick(t4, t4, t6, group->field) + || !group->meth->field_sqr(group, t5, r->Z, ctx) + || !group->meth->field_mul(group, r->Z, p->Z, s->Z, ctx) + || !group->meth->field_mul(group, r->Z, t5, r->Z, ctx) + || !group->meth->field_mul(group, r->Z, r->Z, t0, ctx) + /* t3 := X, t4 := Y */ + /* (X,Y,Z) -> (XZ,YZ**2,Z) */ + || !group->meth->field_mul(group, r->X, t3, r->Z, ctx) + || !group->meth->field_sqr(group, t3, r->Z, ctx) + || !group->meth->field_mul(group, r->Y, t4, t3, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; } From no-reply at appveyor.com Thu Jul 26 18:34:59 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 26 Jul 2018 18:34:59 +0000 Subject: [openssl-commits] Build failed: openssl master.19140 Message-ID: <20180726183459.1.75EF7512A7DCBFCC@appveyor.com> An HTML attachment was scrubbed... URL: From rsalz at openssl.org Thu Jul 26 19:01:09 2018 From: rsalz at openssl.org (Rich Salz) Date: Thu, 26 Jul 2018 19:01:09 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1532631669.322166.28433.nullmailer@dev.openssl.org> The branch master has been updated via 45331ed59e3bd3c16808ceed54e35a98a3fea79b (commit) from 3c0d5cabf30bc2367a5574b3b9bfd5639396533f (commit) - Log ----------------------------------------------------------------- commit 45331ed59e3bd3c16808ceed54e35a98a3fea79b Author: Rich Salz Date: Thu Jul 26 15:00:58 2018 -0400 Add GeneralName question Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/64) ----------------------------------------------------------------------- Summary of changes: docs/faq-3-prog.txt | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/faq-3-prog.txt b/docs/faq-3-prog.txt index a471f5e..bb6790a 100644 --- a/docs/faq-3-prog.txt +++ b/docs/faq-3-prog.txt @@ -154,6 +154,25 @@ Rules (DER): these uniquely specify how a given structure is encoded. Therefore, because DER is a special case of BER, DER is an acceptable encoding for BER. +* The encoding for GeneralName is wrong; why is the SEQUENCE tag missing? + +In RFC 5280 GeneralName is defined in the module in Appendix A.2, and that +module specifies the use of IMPLICIT tagging. This means that there is not an +explicit SEQUENCE (30) tag following the A0 tag (you just know from the ASN.1 +that what follows the A1 tag is a SEQUENCE). This is in contrast to the value +field within OtherName (test at kerberose-domain.internal), where the tag for +UTF8String (0C) follows the A0 tag, since EXPLICIT tagging is specified for +that particular field. + +You will notice the same thing if you look at other choices within +GeneralName. If you look at the DNS names encoded in the subjectAltName +extension, the 82 tag (corresponding to [2]) is not followed by a tag for +IA5String (22). It is not needed since the ASN.1 indicates that what follows +the 82 tag is an IA5String. However, if the module specified EXPLICIT +encoding, then there would be a 16 tag after the 82 tag. + +(Thanks to David Cooper for this text.) + * I tried to set a cipher list with a valid cipher, but the call fails, why? OpenSSL 1.1.0 introduced the concept of a “security level”, allowing From kaduk at mit.edu Thu Jul 26 20:36:53 2018 From: kaduk at mit.edu (kaduk at mit.edu) Date: Thu, 26 Jul 2018 20:36:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532637413.667255.20099.nullmailer@dev.openssl.org> The branch master has been updated via a75be9fd34b5d66f349186f21cd8d063d2fa87a4 (commit) via 45a2353056da3f357a924131578ad0a4a2e5fbb7 (commit) from 9d91530d2d7da1447b7be8631b269599023430e7 (commit) - Log ----------------------------------------------------------------- commit a75be9fd34b5d66f349186f21cd8d063d2fa87a4 Author: Benjamin Kaduk Date: Wed Jul 25 21:00:45 2018 -0500 Improve backwards compat for SSL_get_servername() Commit 1c4aa31d79821dee9be98e915159d52cc30d8403 changed how we process and store SNI information during the handshake, so that a hostname is only saved in the SSL_SESSION structure if that SNI value has actually been negotiated. SSL_get_servername() was adjusted to match, with a new conditional being added to handle the case when the handshake processing is ongoing, and a different location should be consulted for the offered SNI value. This was done in an attempt to preserve the historical behavior of SSL_get_servername(), a function whose behavior only mostly matches its documentation, and whose documentation is both lacking and does not necessarily reflect the actual desired behavior for such an API. Unfortunately, sweeping changes that would bring more sanity to this space are not possible until OpenSSL 1.2.0, for ABI compatibility reasons, so we must attempt to maintain the existing behavior to the extent possible. The above-mentioned commit did not take into account the behavior of SSL_get_servername() during resumption handshakes for TLS 1.2 and prior, where no SNI negotiation is performed. In that case we would not properly parse the incoming SNI and erroneously return NULL as the servername, when instead the logical session is associated with the SNI value cached in the SSL_SESSION. (Note that in some cases an SNI callback may not need to do anything in a TLS 1.2 or prior resumption flow, but we are calling the callbacks and did not provide any guidance that they should no-op if the connection is being resumed, so we must handle this case in a usable fashion.) Update our behavior accordingly to return the session's cached value during the handshake, when resuming. This fixes the boringssl tests. [extended tests] Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6792) commit 45a2353056da3f357a924131578ad0a4a2e5fbb7 Author: Benjamin Kaduk Date: Wed Jul 25 14:48:30 2018 -0500 Fix ossl_shim SNI handling To start with, actually set an SNI callback (copied from bssl_shim); we weren't actually testing much otherwise (and just happened to have been passing due to buggy libssl behavior prior to commit 1c4aa31d79821dee9be98e915159d52cc30d8403). Also use proper C++ code for handling C strings -- when a C API (SSL_get_servername()) returns NULL instead of a string, special-case that instead of blindly trying to compare NULL against a std::string, and perform the comparsion using the std::string operators instead of falling back to pointer comparison. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/6792) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 5 ++++- test/ossl_shim/ossl_shim.cc | 21 ++++++++++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 10a7694..15380e1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2618,8 +2618,11 @@ const char *SSL_get_servername(const SSL *s, const int type) * peer send" and "what was actually negotiated"; we should have * a clear distinction amongst those three. */ - if (SSL_in_init(s)) + if (SSL_in_init(s)) { + if (s->hit) + return s->session->ext.hostname; return s->ext.hostname; + } return (s->session != NULL && s->ext.hostname == NULL) ? s->session->ext.hostname : s->ext.hostname; } diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc index b1067e8..90d1f1e 100644 --- a/test/ossl_shim/ossl_shim.cc +++ b/test/ossl_shim/ossl_shim.cc @@ -459,6 +459,20 @@ static int CustomExtensionParseCallback(SSL *ssl, unsigned extension_value, return 1; } +static int ServerNameCallback(SSL *ssl, int *out_alert, void *arg) { + // SNI must be accessible from the SNI callback. + const TestConfig *config = GetTestConfig(ssl); + const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + if (server_name == nullptr || + std::string(server_name) != config->expected_server_name) { + fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, + config->expected_server_name.c_str()); + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + return SSL_TLSEXT_ERR_OK; +} + // Connect returns a new socket connected to localhost on |port| or -1 on // error. static int Connect(uint16_t port) { @@ -645,6 +659,10 @@ static bssl::UniquePtr SetupCtx(const TestConfig *config) { sizeof(sess_id_ctx) - 1)) return nullptr; + if (!config->expected_server_name.empty()) { + SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), ServerNameCallback); + } + return ssl_ctx; } @@ -809,7 +827,8 @@ static bool CheckHandshakeProperties(SSL *ssl, bool is_resume) { if (!config->expected_server_name.empty()) { const char *server_name = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); - if (server_name != config->expected_server_name) { + if (server_name == nullptr || + std::string(server_name) != config->expected_server_name) { fprintf(stderr, "servername mismatch (got %s; want %s)\n", server_name, config->expected_server_name.c_str()); return false; From no-reply at appveyor.com Thu Jul 26 21:30:21 2018 From: no-reply at appveyor.com (AppVeyor) Date: Thu, 26 Jul 2018 21:30:21 +0000 Subject: [openssl-commits] Build completed: openssl master.19141 Message-ID: <20180726213021.1.1517DC8E03B961B6@appveyor.com> An HTML attachment was scrubbed... URL: From openssl at openssl.org Fri Jul 27 05:36:31 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Fri, 27 Jul 2018 05:36:31 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-md5 Message-ID: <1532669791.338073.16834.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-md5 Commit log since last time: a75be9f Improve backwards compat for SSL_get_servername() 45a2353 Fix ossl_shim SNI handling 9d91530 EC GFp ladder 793f19e 00-base-templates.conf: engage x25519-ppc64 module. 8e83072 Add ec/asm/x25519-ppc64.pl module. 70a579a bn/bn_mod.c: harmonize BN_mod_add_quick with original implementation. 06deb93 apps/apps.c: harmonize print_bignum_var output with coding style. b9e54e9 Fix inconsisten use of bit vs bits 9e4c977 Fix a trivial coding style nit in sm2_sign.c feac7a1 Make number of Miller-Rabin tests for a prime tests depend on the security level of the prime 74ee379 Change the number of Miller-Rabin test for DSA generation to 64 Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-md5 Operating system: x86_64-whatever-linux2 Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. ***** Unsupported options: no-md5 $ make clean make: *** No rule to make target 'clean'. Stop. From appro at openssl.org Fri Jul 27 12:51:20 2018 From: appro at openssl.org (Andy Polyakov) Date: Fri, 27 Jul 2018 12:51:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532695880.875860.23777.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 9da6f31c7e61b484dda6c0a59d46c76410981e13 (commit) via ed04bcf67426888e8f8556b9eb37e9e2cf4eb04b (commit) via e1c495db1d48c4a8c467d4a5e692e991528d8618 (commit) via 63ad27165f9abd4f9e55d1a2e8c9bbdb01073a4f (commit) via 6040bd3f7109dcae508c3194232e7b8ee8654dc0 (commit) from 2f19065bd35dc84492c4c47ff5b706340300866f (commit) - Log ----------------------------------------------------------------- commit 9da6f31c7e61b484dda6c0a59d46c76410981e13 Author: Andy Polyakov Date: Thu Jul 26 14:38:53 2018 +0200 CHANGES: mention blinding reverting in ECDSA. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6796) commit ed04bcf67426888e8f8556b9eb37e9e2cf4eb04b Author: Andy Polyakov Date: Wed Jul 25 10:29:51 2018 +0200 bn/bn_mod.c: harmonize BN_mod_add_quick with original implementation. New implementation failed to correctly reset r->neg flag. Spotted by OSSFuzz. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit 70a579ae2f37437a1e02331eeaa84e1b68ba021e) commit e1c495db1d48c4a8c467d4a5e692e991528d8618 Author: Andy Polyakov Date: Thu Jul 12 22:27:43 2018 +0200 ec/ecdsa_ossl.c: switch to fixed-length Montgomery multiplication. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit 37132c9702328940a99b1307f742ab094ef754a7) commit 63ad27165f9abd4f9e55d1a2e8c9bbdb01073a4f Author: Andy Polyakov Date: Fri Jul 6 16:13:29 2018 +0200 ec/ecdsa_ossl.c: formatting and readability fixes. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit fff7a0dcf6e3135c7f93e6cb5fb35e37dd0b384d) commit 6040bd3f7109dcae508c3194232e7b8ee8654dc0 Author: Andy Polyakov Date: Fri Jul 6 15:55:34 2018 +0200 ec/ecdsa_ossl.c: revert blinding in ECDSA signature. Originally suggested solution for "Return Of the Hidden Number Problem" is arguably too expensive. While it has marginal impact on slower curves, none to ~6%, optimized implementations suffer real penalties. Most notably sign with P-256 went more than 2 times[!] slower. Instead, just implement constant-time BN_mod_add_quick. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6796) (cherry picked from commit 3fc7a9b96cbed0c3da6f53c08e34d8d0c982745f) Resolved conflicts: crypto/ec/ecdsa_ossl.c ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++ crypto/bn/bn_mod.c | 67 ++++++++++++++++++-- crypto/ec/ecdsa_ossl.c | 130 +++++++++++---------------------------- crypto/include/internal/bn_int.h | 2 + 4 files changed, 104 insertions(+), 99 deletions(-) diff --git a/CHANGES b/CHANGES index 148960a..277654d 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,10 @@ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx] + *) Revert blinding in ECDSA sign and instead make problematic addition + length-invariant. Switch even to fixed-length Montgomery multiplication. + [Andy Polyakov] + *) Change generating and checking of primes so that the error rate of not being prime depends on the intended use based on the size of the input. For larger primes this will result in more rounds of Miller-Rabin. diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index 13b583f..e33e3f3 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -35,18 +35,73 @@ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, /* * BN_mod_add variant that may be used if both a and b are non-negative and - * less than m + * less than m. The original algorithm was + * + * if (!BN_uadd(r, a, b)) + * return 0; + * if (BN_ucmp(r, m) >= 0) + * return BN_usub(r, r, m); + * + * which is replaced with addition, subtracting modulus, and conditional + * move depending on whether or not subtraction borrowed. */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m) +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) { - if (!BN_uadd(r, a, b)) + size_t i, ai, bi, mtop = m->top; + BN_ULONG storage[1024 / BN_BITS2]; + BN_ULONG carry, temp, mask, *rp, *tp = storage; + const BN_ULONG *ap, *bp; + + if (bn_wexpand(r, mtop) == NULL) return 0; - if (BN_ucmp(r, m) >= 0) - return BN_usub(r, r, m); + + if (mtop > sizeof(storage) / sizeof(storage[0]) + && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL) + return 0; + + ap = a->d != NULL ? a->d : tp; + bp = b->d != NULL ? b->d : tp; + + for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) { + mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1)); + temp = ((ap[ai] & mask) + carry) & BN_MASK2; + carry = (temp < carry); + + mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1)); + tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2; + carry += (tp[i] < temp); + + i++; + ai += (i - a->dmax) >> (8 * sizeof(i) - 1); + bi += (i - b->dmax) >> (8 * sizeof(i) - 1); + } + rp = r->d; + carry -= bn_sub_words(rp, tp, m->d, mtop); + for (i = 0; i < mtop; i++) { + rp[i] = (carry & tp[i]) | (~carry & rp[i]); + ((volatile BN_ULONG *)tp)[i] = 0; + } + r->top = mtop; + r->neg = 0; + + if (tp != storage) + OPENSSL_free(tp); + return 1; } +int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) +{ + int ret = bn_mod_add_fixed_top(r, a, b, m); + + if (ret) + bn_correct_top(r); + + return ret; +} + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) { diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index c103917..bf6f1bc 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -10,9 +10,8 @@ #include #include #include -#include #include -#include +#include "internal/bn_int.h" #include "ec_lcl.h" int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, @@ -53,13 +52,12 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, return 0; } - if (ctx_in == NULL) { + if ((ctx = ctx_in) == NULL) { if ((ctx = BN_CTX_new()) == NULL) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE); return 0; } - } else - ctx = ctx_in; + } k = BN_new(); /* this value is later returned in *kinvp */ r = BN_new(); /* this value is later returned in *rp */ @@ -73,10 +71,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } /* Preallocate space */ order_bits = BN_num_bits(order); @@ -87,23 +81,23 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, do { /* get random k */ - do + do { if (dgst != NULL) { - if (!BN_generate_dsa_nonce - (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, - ctx)) { + if (!BN_generate_dsa_nonce(k, order, + EC_KEY_get0_private_key(eckey), + dgst, dlen, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } else { if (!BN_rand_range(k, order)) { ECerr(EC_F_ECDSA_SIGN_SETUP, - EC_R_RANDOM_NUMBER_GENERATION_FAILED); + EC_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } } - while (BN_is_zero(k)); + } while (BN_is_zero(k)); /* * We do not want timing information to leak the length of k, so we @@ -129,18 +123,16 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp - (group, tmp_point, X, NULL, ctx)) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } } #ifndef OPENSSL_NO_EC2M else { /* NID_X9_62_characteristic_two_field */ - - if (!EC_POINT_get_affine_coordinates_GF2m(group, - tmp_point, X, NULL, - ctx)) { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, + NULL, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } @@ -150,8 +142,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; } - } - while (BN_is_zero(r)); + } while (BN_is_zero(r)); /* compute the inverse of k */ if (EC_GROUP_get_mont_data(group) != NULL) { @@ -210,8 +201,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, EC_KEY *eckey) { int ok = 0, i; - BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *blind = NULL; - BIGNUM *blindm = NULL; + BIGNUM *kinv = NULL, *s, *m = NULL; const BIGNUM *order, *ckinv; BN_CTX *ctx = NULL; const EC_GROUP *group; @@ -244,27 +234,13 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } s = ret->s; - ctx = BN_CTX_secure_new(); - if (ctx == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); - goto err; - } - - BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - m = BN_CTX_get(ctx); - blind = BN_CTX_get(ctx); - blindm = BN_CTX_get(ctx); - if (blindm == NULL) { + if ((ctx = BN_CTX_new()) == NULL + || (m = BN_new()) == NULL) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE); goto err; } order = EC_GROUP_get0_order(group); - if (order == NULL) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_EC_LIB); - goto err; - } i = BN_num_bits(order); /* * Need to truncate digest if it is too long: first truncate whole bytes. @@ -275,7 +251,7 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - /* If still too long truncate remaining bits with a shift */ + /* If still too long, truncate remaining bits with a shift */ if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; @@ -296,59 +272,27 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, } /* - * The normal signature calculation is: - * - * s := k^-1 * (m + r * priv_key) mod order - * - * We will blind this to protect against side channel attacks - * - * s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod order + * With only one multiplicant being in Montgomery domain + * multiplication yields real result without post-conversion. + * Also note that all operations but last are performed with + * zero-padded vectors. Last operation, BN_mod_mul_montgomery + * below, returns user-visible value with removed zero padding. */ - - /* Generate a blinding value */ - do { - if (!BN_rand(blind, BN_num_bits(order) - 1, BN_RAND_TOP_ANY, - BN_RAND_BOTTOM_ANY)) - goto err; - } while (BN_is_zero(blind)); - BN_set_flags(blind, BN_FLG_CONSTTIME); - BN_set_flags(blindm, BN_FLG_CONSTTIME); - BN_set_flags(tmp, BN_FLG_CONSTTIME); - - /* tmp := blind * priv_key * r mod order */ - if (!BN_mod_mul(tmp, blind, priv_key, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - if (!BN_mod_mul(tmp, tmp, ret->r, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* blindm := blind * m mod order */ - if (!BN_mod_mul(blindm, blind, m, order, ctx)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* s : = (blind * priv_key * r) + (blind * m) mod order */ - if (!BN_mod_add_quick(s, tmp, blindm, order)) { - ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); - goto err; - } - - /* s := s * k^-1 mod order */ - if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx) + || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - - /* s:= s * blind^-1 mod order */ - if (BN_mod_inverse(blind, blind, order, ctx) == NULL) { + if (!bn_mod_add_fixed_top(s, s, m, order)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } - if (!BN_mod_mul(s, s, blind, order, ctx)) { + /* + * |s| can still be larger than modulus, because |m| can be. In + * such case we count on Montgomery reduction to tie it up. + */ + if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx) + || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) { ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB); goto err; } @@ -362,11 +306,11 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES); goto err; } - } else + } else { /* s != 0 => we have a valid signature */ break; - } - while (1); + } + } while (1); ok = 1; err: @@ -374,8 +318,8 @@ ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } - BN_CTX_end(ctx); BN_CTX_free(ctx); + BN_clear_free(m); BN_clear_free(kinv); return ret; } diff --git a/crypto/include/internal/bn_int.h b/crypto/include/internal/bn_int.h index 3501ffb..32eb581 100644 --- a/crypto/include/internal/bn_int.h +++ b/crypto/include/internal/bn_int.h @@ -85,6 +85,8 @@ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_MONT_CTX *mont, BN_CTX *ctx); int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont, BN_CTX *ctx); +int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m); #ifdef __cplusplus } From matt at openssl.org Sat Jul 28 08:29:56 2018 From: matt at openssl.org (Matt Caswell) Date: Sat, 28 Jul 2018 08:29:56 +0000 Subject: [openssl-commits] [tools] master update Message-ID: <1532766596.855642.15855.nullmailer@dev.openssl.org> The branch master has been updated via 4e85c274b47997105dad347852584d464e2cef02 (commit) from cab68a3abe9fa4d8b8837b98540bb0d25ee4f55b (commit) - Log ----------------------------------------------------------------- commit 4e85c274b47997105dad347852584d464e2cef02 Author: Matt Caswell Date: Mon Jul 23 09:44:03 2018 +0100 Don't test no-md5 no-md5 is not a valid option so we shouldn't be testing it Reviewed-by: Rich Salz (Merged from https://github.com/openssl/tools/pull/25) ----------------------------------------------------------------------- Summary of changes: run-checker/run-checker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run-checker/run-checker.sh b/run-checker/run-checker.sh index ab8910e..a04b68f 100755 --- a/run-checker/run-checker.sh +++ b/run-checker/run-checker.sh @@ -34,7 +34,7 @@ no-heartbeats no-md2 no-msan no-rc5 no-sctp no-ssl no-ssl-trace no-tests no-tls13downgrade no-ubsan no-ui-console no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic enable-fuzz-afl enable-fuzz-libfuzzer enable-heartbeats no-hw no-hw-padlock -no-idea no-makedepend enable-md2 no-md4 no-md5 no-mdc2 no-gost no-multiblock +no-idea no-makedepend enable-md2 no-md4 no-mdc2 no-gost no-multiblock no-nextprotoneg no-ocb no-ocsp no-pic no-poly1305 no-posix-io no-psk no-rc2 no-rc4 enable-rc5 no-rdrand no-rfc3779 no-ripemd no-rmd160 no-scrypt enable-sctp no-seed no-shared no-sock no-srp no-srtp no-sse2 enable-ssl-trace From rsalz at openssl.org Sat Jul 28 20:56:48 2018 From: rsalz at openssl.org (Rich Salz) Date: Sat, 28 Jul 2018 20:56:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532811408.275930.9713.nullmailer@dev.openssl.org> The branch master has been updated via bd93f1ac2750450033dbfa76b5f1597b0145b585 (commit) from a75be9fd34b5d66f349186f21cd8d063d2fa87a4 (commit) - Log ----------------------------------------------------------------- commit bd93f1ac2750450033dbfa76b5f1597b0145b585 Author: Beat Bolli Date: Sat Jul 28 16:45:22 2018 -0400 doc/BN_generate_prime: update doc about other callback values This here page only documents the callback values 0 to 2, but the callers of BN_generate_prime_ex() call it with the value 3. The list of manual pages in the SEE ALSO section was extended with the output from git grep BN_GENCB_call.*[3-9] while in the doc/man3 directory. Signed-off-by: Beat Bolli Reviewed-by: Matthias St. Pierre Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6802) ----------------------------------------------------------------------- Summary of changes: doc/man3/BN_generate_prime.pod | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod index 7cfa96e..08158c1 100644 --- a/doc/man3/BN_generate_prime.pod +++ b/doc/man3/BN_generate_prime.pod @@ -72,6 +72,11 @@ B is called as described below. When a prime has been found, B is called. +=item * + +The callers of BN_generate_prime_ex() may call B with +other values as described in their respective man pages; see L. + =back The prime may have to fulfill additional requirements for use in @@ -187,7 +192,8 @@ Instead applications should create a BN_GENCB structure using BN_GENCB_new: =head1 SEE ALSO -L, L +L, L, +L, L, L =head1 HISTORY From scan-admin at coverity.com Sun Jul 29 09:04:35 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 29 Jul 2018 09:04:35 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for openssl/openssl Message-ID: <5b5d832317cd6_ffb2ab1dd750f587145e@node1.mail> Your request for analysis of openssl/openssl has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEcf-2B75FkFkxwwFKGZV8c1xA-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I2ZRS51r1beS405I5-2Bt7yA72N927qmu-2B0dYMqnwCyPNGvk1oDQuv0-2FdZNZNSGN7frBw0BjQ-2F3VuQKZ3hIgS5ZhIQSTU9rQuFWTNLJSVNGeyAI6OjuHvzaXHq37ecCw2BUwT-2ByWDcwpm5tWuaPlYr-2F-2FkyNFh4HfApcI2May2dCXDQL2rGmMFmOtGU6RM9TxHKVM-3D Build ID: 221310 Analysis Summary: New defects found: 0 Defects eliminated: 1 From scan-admin at coverity.com Sun Jul 29 09:08:57 2018 From: scan-admin at coverity.com (scan-admin at coverity.com) Date: Sun, 29 Jul 2018 09:08:57 +0000 (UTC) Subject: [openssl-commits] Coverity Scan: Analysis completed for OpenSSL-1.0.2 Message-ID: <5b5d8428c2442_12872ab1dd750f587149b@node1.mail> Your request for analysis of OpenSSL-1.0.2 has been completed successfully. The results are available at https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRakUl6QyjujEohY7rPpoYUEeuRTZVWU4ku8PUBnVPw8PQ-3D-3D_19DGMz38yO7VfzGQuXkecdlEmzBoDG4v8Dvyanv-2F1I3FRsji5o3tTO2lebZ3wr2NnGLOBoexb-2FkVVNe1Acnsy4vAwoKPpo-2BqvRlA6fIuhyhb-2FXmEh0gGVzTxumm7i2Jn39xnY0tNLn4Jqi3XzSDkF2Ei2VqaHQEgC1ZvmVC63FXAcoXXO-2F9IAehPz2idDMytdZ5v6RTUCBQZ4-2Fi6BaollkoOXwKQkC5aExgIUW2r4As-3D Build ID: 221313 Analysis Summary: New defects found: 0 Defects eliminated: 0 From no-reply at appveyor.com Sun Jul 29 12:45:29 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 29 Jul 2018 12:45:29 +0000 Subject: [openssl-commits] Build failed: openssl master.19150 Message-ID: <20180729124529.1.05885976B9FE341C@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Sun Jul 29 13:13:22 2018 From: no-reply at appveyor.com (AppVeyor) Date: Sun, 29 Jul 2018 13:13:22 +0000 Subject: [openssl-commits] Build completed: openssl master.19151 Message-ID: <20180729131322.1.FDC14849638233A8@appveyor.com> An HTML attachment was scrubbed... URL: From appro at openssl.org Sun Jul 29 19:09:15 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 29 Jul 2018 19:09:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532891355.448629.2738.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 3c0addb71c66adf729f48050c3a75f68c44b23b6 (commit) via 811162832e875576c13139493d949b3157a1c8cf (commit) from 9da6f31c7e61b484dda6c0a59d46c76410981e13 (commit) - Log ----------------------------------------------------------------- commit 3c0addb71c66adf729f48050c3a75f68c44b23b6 Author: Andy Polyakov Date: Fri Jul 20 13:23:42 2018 +0200 crypto/init.c: use destructor_key even as guard in OPENSSL_thread_stop. Problem was that Windows threads that were terminating before libcrypto was initialized were referencing uninitialized or possibly even unrelated thread local storage index. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6799) (cherry picked from commit 80ae7285e1994d35c84519bf9e038b11d9942875) Resolved conflicts: crypto/init.c commit 811162832e875576c13139493d949b3157a1c8cf Author: Andy Polyakov Date: Fri Jul 20 13:15:48 2018 +0200 crypto/cryptlib.c: make OPENSS_cpuid_setup safe to use as constructor. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6799) (cherry picked from commit b86d57bb0b23253c720db38ab18ca97cb888f701) Resolved conflicts: crypto/cryptlib.c ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 104 +++++++++++++++++++++++++++++++++++++++++++++--------- crypto/init.c | 54 ++++++++++++++++++---------- 2 files changed, 122 insertions(+), 36 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index bf73244..3b878cd 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -23,29 +23,97 @@ extern unsigned int OPENSSL_ia32cap_P[4]; # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) -#include + +/* + * Purpose of these minimalistic and character-type-agnostic subroutines + * is to break dependency on MSVCRT (on Windows) and locale. This makes + * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type- + * agnostic" means that they work with either wide or 8-bit characters, + * exploiting the fact that first 127 characters can be simply casted + * between the sets, while the rest would be simply rejected by ossl_is* + * subroutines. + */ +# ifdef _WIN32 +typedef WCHAR variant_char; + +static variant_char *ossl_getenv(const char *name) +{ + /* + * Since we pull only one environment variable, it's simpler to + * to just ignore |name| and use equivalent wide-char L-literal. + * As well as to ignore excessively long values... + */ + static WCHAR value[48]; + DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48); + + return (len > 0 && len < 48) ? value : NULL; +} +# else +typedef char variant_char; +# define ossl_getenv getenv +# endif + +static int todigit(variant_char c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + else if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + else if (c >= 'a' && c <= 'f') + return c - 'a' + 10; + + /* return largest base value to make caller terminate the loop */ + return 16; +} + +static uint64_t ossl_strtouint64(const variant_char *str) +{ + uint64_t ret = 0; + unsigned int digit, base = 10; + + if (*str == '0') { + base = 8, str++; + if (*str == 'x' || *str == 'X') + base = 16, str++; + } + + while((digit = todigit(*str++)) < base) + ret = ret * base + digit; + + return ret; +} + +static variant_char *ossl_strchr(const variant_char *str, char srch) +{ variant_char c; + + while((c = *str)) { + if (c == srch) + return (variant_char *)str; + str++; + } + + return NULL; +} + # define OPENSSL_CPUID_SETUP typedef uint64_t IA32CAP; + void OPENSSL_cpuid_setup(void) { static int trigger = 0; IA32CAP OPENSSL_ia32_cpuid(unsigned int *); IA32CAP vec; - char *env; + const variant_char *env; if (trigger) return; trigger = 1; - if ((env = getenv("OPENSSL_ia32cap"))) { + if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) { int off = (env[0] == '~') ? 1 : 0; -# if defined(_WIN32) - if (!sscanf(env + off, "%I64i", &vec)) - vec = strtoul(env + off, NULL, 0); -# else - if (!sscanf(env + off, "%lli", (long long *)&vec)) - vec = strtoul(env + off, NULL, 0); -# endif + + vec = ossl_strtouint64(env + off); + if (off) { IA32CAP mask = vec; vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask; @@ -64,15 +132,17 @@ void OPENSSL_cpuid_setup(void) vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P); } - if ((env = strchr(env, ':'))) { - unsigned int vecx; + if ((env = ossl_strchr(env, ':')) != NULL) { + IA32CAP vecx; + env++; off = (env[0] == '~') ? 1 : 0; - vecx = strtoul(env + off, NULL, 0); - if (off) - OPENSSL_ia32cap_P[2] &= ~vecx; - else - OPENSSL_ia32cap_P[2] = vecx; + vecx = ossl_strtouint64(env + off); + if (off) { + OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx; + } else { + OPENSSL_ia32cap_P[2] = (unsigned int)vecx; + } } else { OPENSSL_ia32cap_P[2] = 0; } diff --git a/crypto/init.c b/crypto/init.c index 4eb163e..00a9179 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -27,11 +27,25 @@ static int stopped = 0; -static void ossl_init_thread_stop(struct thread_local_inits_st *locals); +/* + * Since per-thread-specific-data destructors are not universally + * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key + * is assumed to have destructor associated. And then an effort is made + * to call this single destructor on non-pthread platform[s]. + * + * Initial value is "impossible". It is used as guard value to shortcut + * destructor for threads terminating before libcrypto is initialized or + * after it's de-initialized. Access to the key doesn't have to be + * serialized for the said threads, because they didn't use libcrypto + * and it doesn't matter if they pick "impossible" or derefernce real + * key value and pull NULL past initialization in the first thread that + * intends to use libcrypto. + */ +static CRYPTO_THREAD_LOCAL destructor_key = (CRYPTO_THREAD_LOCAL)-1; -static CRYPTO_THREAD_LOCAL threadstopkey; +static void ossl_init_thread_stop(struct thread_local_inits_st *locals); -static void ossl_init_thread_stop_wrap(void *local) +static void ossl_init_thread_destructor(void *local) { ossl_init_thread_stop((struct thread_local_inits_st *)local); } @@ -39,17 +53,17 @@ static void ossl_init_thread_stop_wrap(void *local) static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc) { struct thread_local_inits_st *local = - CRYPTO_THREAD_get_local(&threadstopkey); + CRYPTO_THREAD_get_local(&destructor_key); - if (local == NULL && alloc) { - local = OPENSSL_zalloc(sizeof(*local)); - if (local != NULL && !CRYPTO_THREAD_set_local(&threadstopkey, local)) { + if (alloc) { + if (local == NULL + && (local = OPENSSL_zalloc(sizeof(*local))) != NULL + && !CRYPTO_THREAD_set_local(&destructor_key, local)) { OPENSSL_free(local); return NULL; } - } - if (!alloc) { - CRYPTO_THREAD_set_local(&threadstopkey, NULL); + } else { + CRYPTO_THREAD_set_local(&destructor_key, NULL); } return local; @@ -68,14 +82,12 @@ static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT; static int base_inited = 0; DEFINE_RUN_ONCE_STATIC(ossl_init_base) { + CRYPTO_THREAD_LOCAL key; + #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n"); #endif - /* - * We use a dummy thread local key here. We use the destructor to detect - * when the thread is going to stop (where that feature is available) - */ - if (!CRYPTO_THREAD_init_local(&threadstopkey, ossl_init_thread_stop_wrap)) + if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor)) return 0; if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL) goto err; @@ -85,6 +97,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_base) #endif OPENSSL_cpuid_setup(); + destructor_key = key; base_inited = 1; return 1; @@ -95,7 +108,7 @@ err: CRYPTO_THREAD_lock_free(init_lock); init_lock = NULL; - CRYPTO_THREAD_cleanup_local(&threadstopkey); + CRYPTO_THREAD_cleanup_local(&key); return 0; } @@ -383,8 +396,8 @@ static void ossl_init_thread_stop(struct thread_local_inits_st *locals) void OPENSSL_thread_stop(void) { - ossl_init_thread_stop( - (struct thread_local_inits_st *)ossl_init_get_thread_local(0)); + if (destructor_key != (CRYPTO_THREAD_LOCAL)-1) + ossl_init_thread_stop(ossl_init_get_thread_local(0)); } int ossl_init_thread_start(uint64_t opts) @@ -421,6 +434,7 @@ int ossl_init_thread_start(uint64_t opts) void OPENSSL_cleanup(void) { OPENSSL_INIT_STOP *currhandler, *lasthandler; + CRYPTO_THREAD_LOCAL key; /* If we've not been inited then no need to deinit */ if (!base_inited) @@ -479,7 +493,9 @@ void OPENSSL_cleanup(void) err_free_strings_int(); } - CRYPTO_THREAD_cleanup_local(&threadstopkey); + key = destructor_key; + destructor_key = (CRYPTO_THREAD_LOCAL)-1; + CRYPTO_THREAD_cleanup_local(&key); #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " From appro at openssl.org Sun Jul 29 19:28:00 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 29 Jul 2018 19:28:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532892480.118928.6283.nullmailer@dev.openssl.org> The branch master has been updated via cb809437d391176a1c2e76f6da77a790c9382c4b (commit) via 665d9d1c0655d6f709c99e1211c1e11fcebfeecd (commit) from bd93f1ac2750450033dbfa76b5f1597b0145b585 (commit) - Log ----------------------------------------------------------------- commit cb809437d391176a1c2e76f6da77a790c9382c4b Author: Bryan Donlan Date: Tue Jul 17 13:04:09 2018 -0700 Add test for DSA signatures of raw digests of various sizes Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6749) commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd Author: Bryan Donlan Date: Tue Jul 17 13:38:17 2018 -0700 Remove DSA digest length checks when no digest is passed FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6749) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_pmeth.c | 18 +-- test/build.info | 6 +- test/dsa_no_digest_size_test.c | 245 +++++++++++++++++++++++++++++++++++++++++ test/recipes/15-test_dsa.t | 3 +- 4 files changed, 256 insertions(+), 16 deletions(-) create mode 100644 test/dsa_no_digest_size_test.c diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index f66317b..b4ee5a7 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -77,13 +77,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); @@ -101,13 +96,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); diff --git a/test/build.info b/test/build.info index 8dbe0c2..04014e7 100644 --- a/test/build.info +++ b/test/build.info @@ -33,7 +33,7 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN rc2test rc4test rc5test \ destest mdc2test \ dhtest enginetest casttest \ - bftest ssltest_old dsatest exptest rsa_test \ + bftest ssltest_old dsatest dsa_no_digest_size_test exptest rsa_test \ evp_test evp_extra_test igetest v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test \ conf_include_test \ @@ -152,6 +152,10 @@ INCLUDE_MAIN___test_libtestutil_OLB = /INCLUDE=MAIN INCLUDE[dsatest]=../include DEPEND[dsatest]=../libcrypto libtestutil.a + SOURCE[dsa_no_digest_size_test]=dsa_no_digest_size_test.c + INCLUDE[dsa_no_digest_size_test]=../include + DEPEND[dsa_no_digest_size_test]=../libcrypto libtestutil.a + SOURCE[exptest]=exptest.c INCLUDE[exptest]=../include DEPEND[exptest]=../libcrypto libtestutil.a diff --git a/test/dsa_no_digest_size_test.c b/test/dsa_no_digest_size_test.c new file mode 100644 index 0000000..88c6036 --- /dev/null +++ b/test/dsa_no_digest_size_test.c @@ -0,0 +1,245 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "testutil.h" + +#include +#include +#include + +#ifndef OPENSSL_NO_DSA +#include + +static DSA *dsakey; + +/* + * These parameters are from test/recipes/04-test_pem_data/dsaparam.pem, + * converted using dsaparam -C + */ +static DSA *load_dsa_params(void) +{ + static unsigned char dsap_2048[] = { + 0xAE, 0x35, 0x7D, 0x4E, 0x1D, 0x96, 0xE2, 0x9F, 0x00, 0x96, + 0x60, 0x5A, 0x6E, 0x4D, 0x07, 0x8D, 0xA5, 0x7C, 0xBC, 0xF9, + 0xAD, 0xD7, 0x9F, 0xD5, 0xE9, 0xEE, 0xA6, 0x33, 0x51, 0xDE, + 0x7B, 0x72, 0xD2, 0x75, 0xAA, 0x71, 0x77, 0xF1, 0x63, 0xFB, + 0xB6, 0xEC, 0x5A, 0xBA, 0x0D, 0x72, 0xA2, 0x1A, 0x1C, 0x64, + 0xB8, 0xE5, 0x89, 0x09, 0x6D, 0xC9, 0x6F, 0x0B, 0x7F, 0xD2, + 0xCE, 0x9F, 0xEF, 0x87, 0x5A, 0xB6, 0x67, 0x2F, 0xEF, 0xEE, + 0xEB, 0x59, 0xF5, 0x5E, 0xFF, 0xA8, 0x28, 0x84, 0x9E, 0x5B, + 0x37, 0x09, 0x11, 0x80, 0x7C, 0x08, 0x5C, 0xD5, 0xE1, 0x48, + 0x4B, 0xD2, 0x68, 0xFB, 0x3F, 0x9F, 0x2B, 0x6B, 0x6C, 0x0D, + 0x48, 0x1B, 0x1A, 0x80, 0xC2, 0xEB, 0x11, 0x1B, 0x37, 0x79, + 0xD6, 0x8C, 0x8B, 0x72, 0x3E, 0x67, 0xA5, 0x05, 0x0E, 0x41, + 0x8A, 0x9E, 0x35, 0x50, 0xB4, 0xD2, 0x40, 0x27, 0x6B, 0xFD, + 0xE0, 0x64, 0x6B, 0x5B, 0x38, 0x42, 0x94, 0xB5, 0x49, 0xDA, + 0xEF, 0x6E, 0x78, 0x37, 0xCD, 0x30, 0x89, 0xC3, 0x45, 0x50, + 0x7B, 0x9C, 0x8C, 0xE7, 0x1C, 0x98, 0x70, 0x71, 0x5D, 0x79, + 0x5F, 0xEF, 0xE8, 0x94, 0x85, 0x53, 0x3E, 0xEF, 0xA3, 0x2C, + 0xCE, 0x1A, 0xAB, 0x7D, 0xD6, 0x5E, 0x14, 0xCD, 0x51, 0x54, + 0x89, 0x9D, 0x77, 0xE4, 0xF8, 0x22, 0xF0, 0x35, 0x10, 0x75, + 0x05, 0x71, 0x51, 0x4F, 0x8C, 0x4C, 0x5C, 0x0D, 0x2C, 0x2C, + 0xBE, 0x6C, 0x34, 0xEE, 0x12, 0x82, 0x87, 0x03, 0x19, 0x06, + 0x12, 0xA8, 0xAA, 0xF4, 0x0D, 0x3C, 0x49, 0xCC, 0x70, 0x5A, + 0xD8, 0x32, 0xEE, 0x32, 0x50, 0x85, 0x70, 0xE8, 0x18, 0xFD, + 0x74, 0x80, 0x53, 0x32, 0x57, 0xEE, 0x50, 0xC9, 0xAE, 0xEB, + 0xAE, 0xB6, 0x22, 0x32, 0x16, 0x6B, 0x8C, 0x59, 0xDA, 0xEE, + 0x1D, 0x33, 0xDF, 0x4C, 0xA2, 0x3D + }; + static unsigned char dsaq_2048[] = { + 0xAD, 0x2D, 0x6E, 0x17, 0xB0, 0xF3, 0xEB, 0xC7, 0xB8, 0xEE, + 0x95, 0x78, 0xF2, 0x17, 0xF5, 0x33, 0x01, 0x67, 0xBC, 0xDE, + 0x93, 0xFF, 0xEE, 0x40, 0xE8, 0x7F, 0xF1, 0x93, 0x6D, 0x4B, + 0x87, 0x13 + }; + static unsigned char dsag_2048[] = { + 0x66, 0x6F, 0xDA, 0x63, 0xA5, 0x8E, 0xD2, 0x4C, 0xD5, 0x45, + 0x2D, 0x76, 0x5D, 0x5F, 0xCD, 0x4A, 0xB4, 0x1A, 0x42, 0x35, + 0x86, 0x3A, 0x6F, 0xA9, 0xFA, 0x27, 0xAB, 0xDE, 0x03, 0x21, + 0x36, 0x0A, 0x07, 0x29, 0xC9, 0x2F, 0x6D, 0x49, 0xA8, 0xF7, + 0xC6, 0xF4, 0x92, 0xD7, 0x73, 0xC1, 0xD8, 0x76, 0x0E, 0x61, + 0xA7, 0x0B, 0x6E, 0x96, 0xB8, 0xC8, 0xCB, 0x38, 0x35, 0x12, + 0x20, 0x79, 0xA5, 0x08, 0x28, 0x35, 0x5C, 0xBC, 0x52, 0x16, + 0xAF, 0x52, 0xBA, 0x0F, 0xC3, 0xB1, 0x63, 0x12, 0x27, 0x0B, + 0x74, 0xA4, 0x47, 0x43, 0xD6, 0x30, 0xB8, 0x9C, 0x2E, 0x40, + 0x14, 0xCD, 0x99, 0x7F, 0xE8, 0x8E, 0x37, 0xB0, 0xA9, 0x3F, + 0x54, 0xE9, 0x66, 0x22, 0x61, 0x4C, 0xF8, 0x49, 0x03, 0x57, + 0x14, 0x32, 0x1D, 0x37, 0x3D, 0xE2, 0x92, 0xF8, 0x8E, 0xA0, + 0x6A, 0x66, 0x63, 0xF0, 0xB0, 0x6E, 0x07, 0x2B, 0x3D, 0xBF, + 0xD0, 0x84, 0x6A, 0xAA, 0x1F, 0x30, 0x77, 0x65, 0xE5, 0xFC, + 0xF5, 0xEC, 0x55, 0xCE, 0x73, 0xDB, 0xBE, 0xA7, 0x8D, 0x3A, + 0x9F, 0x7A, 0xED, 0x4F, 0xAF, 0xA2, 0x80, 0x4C, 0x30, 0x9E, + 0x28, 0x49, 0x65, 0x40, 0xF0, 0x03, 0x45, 0x56, 0x99, 0xA2, + 0x93, 0x1B, 0x9C, 0x46, 0xDE, 0xBD, 0xA8, 0xAB, 0x5F, 0x90, + 0x3F, 0xB7, 0x3F, 0xD4, 0x6F, 0x8D, 0x5A, 0x30, 0xE1, 0xD4, + 0x63, 0x3A, 0x6A, 0x7C, 0x8F, 0x24, 0xFC, 0xD9, 0x14, 0x28, + 0x09, 0xE4, 0x84, 0x4E, 0x17, 0x43, 0x56, 0xB8, 0xD4, 0x4B, + 0xA2, 0x29, 0x45, 0xD3, 0x13, 0xF0, 0xC2, 0x76, 0x9B, 0x01, + 0xA0, 0x80, 0x6E, 0x93, 0x63, 0x5E, 0x87, 0x24, 0x20, 0x2A, + 0xFF, 0xBB, 0x9F, 0xA8, 0x99, 0x6C, 0xA7, 0x9A, 0x00, 0xB9, + 0x7D, 0xDA, 0x66, 0xC9, 0xC0, 0x72, 0x72, 0x22, 0x0F, 0x1A, + 0xCC, 0x23, 0xD9, 0xB7, 0x5F, 0x1B + }; + DSA *dsa = DSA_new(); + BIGNUM *p, *q, *g; + + if (dsa == NULL) + return NULL; + if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_2048, sizeof(dsap_2048), NULL), + q = BN_bin2bn(dsaq_2048, sizeof(dsaq_2048), NULL), + g = BN_bin2bn(dsag_2048, sizeof(dsag_2048), NULL))) { + DSA_free(dsa); + BN_free(p); + BN_free(q); + BN_free(g); + return NULL; + } + return dsa; +} + +static int genkeys(void) +{ + if (!TEST_ptr(dsakey = load_dsa_params())) + return 0; + + if (!TEST_int_eq(DSA_generate_key(dsakey), 1)) + return 0; + + return 1; +} + +static int sign_and_verify(int len) +{ + /* + * Per FIPS 186-4, the hash is recommended to be the same length as q. + * If the hash is longer than q, the leftmost N bits are used; if the hash + * is shorter, then we left-pad (see appendix C.2.1). + */ + size_t sigLength; + int digestlen = BN_num_bytes(DSA_get0_q(dsakey)); + int ok = 0; + + unsigned char *dataToSign = OPENSSL_malloc(len); + unsigned char *paddedData = OPENSSL_malloc(digestlen); + unsigned char *signature = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + + if (!TEST_ptr(dataToSign) || + !TEST_ptr(paddedData) || + !TEST_int_eq(RAND_bytes(dataToSign, len), 1)) + goto end; + + memset(paddedData, 0, digestlen); + if (len > digestlen) + memcpy(paddedData, dataToSign, digestlen); + else + memcpy(paddedData + digestlen - len, dataToSign, len); + + if (!TEST_ptr(pkey = EVP_PKEY_new())) + goto end; + EVP_PKEY_set1_DSA(pkey, dsakey); + + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto end; + if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1)) + goto end; + + if (EVP_PKEY_sign(ctx, NULL, &sigLength, dataToSign, len) != 1) { + TEST_error("Failed to get signature length, len=%d", len); + goto end; + } + + if (!TEST_ptr(signature = OPENSSL_malloc(sigLength))) + goto end; + + if (EVP_PKEY_sign(ctx, signature, &sigLength, dataToSign, len) != 1) { + TEST_error("Failed to sign, len=%d", len); + goto end; + } + + /* Check that the signature is okay via the EVP interface */ + if (!TEST_int_eq(EVP_PKEY_verify_init(ctx), 1)) + goto end; + + /* ... using the same data we just signed */ + if (EVP_PKEY_verify(ctx, signature, sigLength, dataToSign, len) != 1) { + TEST_error("EVP verify with unpadded length %d failed\n", len); + goto end; + } + + /* ... padding/truncating the data to the appropriate digest size */ + if (EVP_PKEY_verify(ctx, signature, sigLength, paddedData, digestlen) != 1) { + TEST_error("EVP verify with length %d failed\n", len); + goto end; + } + + /* Verify again using the raw DSA interface */ + if (DSA_verify(0, dataToSign, len, signature, sigLength, dsakey) != 1) { + TEST_error("Verification with unpadded data failed, len=%d", len); + goto end; + } + + if (DSA_verify(0, paddedData, digestlen, signature, sigLength, dsakey) != 1) { + TEST_error("verify with length %d failed\n", len); + goto end; + } + + ok = 1; +end: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + + OPENSSL_free(signature); + OPENSSL_free(paddedData); + OPENSSL_free(dataToSign); + + return ok; +} + +static int dsa_exact_size_test(void) { + /* + * For a 2048-bit p, q should be either 224 or 256 bits per the table in + * FIPS 186-4 4.2. + */ + + return sign_and_verify(224 / 8) && sign_and_verify(256 / 8); +} + +static int dsa_small_digest_test(void) { + return sign_and_verify(16) && sign_and_verify(1); +} + +static int dsa_large_digest_test(void) { + return sign_and_verify(33) && sign_and_verify(64); +} + +void cleanup_tests(void) +{ + DSA_free(dsakey); +} + +#endif /* OPENSSL_NO_DSA */ + +int setup_tests(void) +{ +#ifndef OPENSSL_NO_DSA + if (!genkeys()) + return 0; + + ADD_TEST(dsa_exact_size_test); + ADD_TEST(dsa_small_digest_test); + ADD_TEST(dsa_large_digest_test); +#endif + return 1; +} + diff --git a/test/recipes/15-test_dsa.t b/test/recipes/15-test_dsa.t index 311b9b3..c8f61cc 100644 --- a/test/recipes/15-test_dsa.t +++ b/test/recipes/15-test_dsa.t @@ -16,11 +16,12 @@ use OpenSSL::Test::Utils; setup("test_dsa"); -plan tests => 5; +plan tests => 6; require_ok(srctop_file('test','recipes','tconversion.pl')); ok(run(test(["dsatest"])), "running dsatest"); +ok(run(test(["dsa_no_digest_size_test"])), "running dsa_no_digest_size_test"); SKIP: { skip "Skipping dsa conversion test", 3 From appro at openssl.org Sun Jul 29 19:29:03 2018 From: appro at openssl.org (Andy Polyakov) Date: Sun, 29 Jul 2018 19:29:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1532892543.006805.7270.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94 (commit) from 3c0addb71c66adf729f48050c3a75f68c44b23b6 (commit) - Log ----------------------------------------------------------------- commit 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94 Author: Bryan Donlan Date: Tue Jul 17 13:38:17 2018 -0700 Remove DSA digest length checks when no digest is passed FIPS 186-4 does not specify a hard requirement on DSA digest lengths, and in any case the current check rejects the FIPS recommended digest lengths for key sizes != 1024 bits. Fixes: #6748 Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (Merged from https://github.com/openssl/openssl/pull/6749) (cherry picked from commit 665d9d1c0655d6f709c99e1211c1e11fcebfeecd) ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsa_pmeth.c | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index a1cbaad..a82c4c9 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -76,13 +76,8 @@ static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa); @@ -100,13 +95,8 @@ static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, DSA_PKEY_CTX *dctx = ctx->data; DSA *dsa = ctx->pkey->pkey.dsa; - if (dctx->md) { - if (tbslen != (size_t)EVP_MD_size(dctx->md)) - return 0; - } else { - if (tbslen != SHA_DIGEST_LENGTH) - return 0; - } + if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md)) + return 0; ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa); From paul.dale at oracle.com Sun Jul 29 21:39:37 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Sun, 29 Jul 2018 21:39:37 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1532900377.430963.29721.nullmailer@dev.openssl.org> The branch master has been updated via 201b305a2409d9eb13b5e4bfbd4967e04e155a60 (commit) from cb809437d391176a1c2e76f6da77a790c9382c4b (commit) - Log ----------------------------------------------------------------- commit 201b305a2409d9eb13b5e4bfbd4967e04e155a60 Author: Beat Bolli Date: Mon Jul 30 07:34:32 2018 +1000 apps/dsaparam.c generates code that is intended to be pasted or included into an existing source file: the function is static, and the code doesn't include dsa.h. Match the generated C source style of dsaparam. Adjust apps/dhparam.c to match, and rename the BIGNUMs to their more usual single-letter names. Add an error return in the generated C source. both: simplify the callback function Signed-off-by: Beat Bolli Reviewed-by: Rich Salz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6797) ----------------------------------------------------------------------- Summary of changes: apps/dhparam.c | 35 +++++++++++++---------------------- apps/dsaparam.c | 11 ++--------- 2 files changed, 15 insertions(+), 31 deletions(-) diff --git a/apps/dhparam.c b/apps/dhparam.c index 44160fd..13f7675 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -309,33 +309,31 @@ int dhparam_main(int argc, char **argv) bits = DH_bits(dh); DH_get0_pqg(dh, &pbn, NULL, &gbn); data = app_malloc(len, "print a BN"); - BIO_printf(out, "#ifndef HEADER_DH_H\n" - "# include \n" - "#endif\n" - "\n"); - BIO_printf(out, "DH *get_dh%d()\n{\n", bits); + + BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits); print_bignum_var(out, pbn, "dhp", bits, data); print_bignum_var(out, gbn, "dhg", bits, data); BIO_printf(out, " DH *dh = DH_new();\n" - " BIGNUM *dhp_bn, *dhg_bn;\n" + " BIGNUM *p, *g;\n" "\n" " if (dh == NULL)\n" " return NULL;\n"); - BIO_printf(out, " dhp_bn = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", + BIO_printf(out, " p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n", bits, bits); - BIO_printf(out, " dhg_bn = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", + BIO_printf(out, " g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n", bits, bits); - BIO_printf(out, " if (dhp_bn == NULL || dhg_bn == NULL\n" - " || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {\n" + BIO_printf(out, " if (p == NULL || g == NULL\n" + " || !DH_set0_pqg(dh, p, NULL, g)) {\n" " DH_free(dh);\n" - " BN_free(dhp_bn);\n" - " BN_free(dhg_bn);\n" + " BN_free(p);\n" + " BN_free(g);\n" " return NULL;\n" " }\n"); if (DH_get_length(dh) > 0) BIO_printf(out, " if (!DH_set_length(dh, %ld)) {\n" " DH_free(dh);\n" + " return NULL;\n" " }\n", DH_get_length(dh)); BIO_printf(out, " return dh;\n}\n"); OPENSSL_free(data); @@ -371,16 +369,9 @@ int dhparam_main(int argc, char **argv) static int dh_cb(int p, int n, BN_GENCB *cb) { - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; + static const char symbols[] = ".+*\n"; + char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; + BIO_write(BN_GENCB_get_arg(cb), &c, 1); (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 9d8af9e..b227b76 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -248,16 +248,9 @@ int dsaparam_main(int argc, char **argv) static int dsa_cb(int p, int n, BN_GENCB *cb) { - char c = '*'; + static const char symbols[] = ".+*\n"; + char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?'; - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; BIO_write(BN_GENCB_get_arg(cb), &c, 1); (void)BIO_flush(BN_GENCB_get_arg(cb)); return 1; From openssl at openssl.org Mon Jul 30 06:36:11 2018 From: openssl at openssl.org (OpenSSL run-checker) Date: Mon, 30 Jul 2018 06:36:11 +0000 Subject: [openssl-commits] Still FAILED build of OpenSSL branch master with options -d --strict-warnings no-md5 Message-ID: <1532932571.291495.27532.nullmailer@run.openssl.org> Platform and configuration command: $ uname -a Linux run 4.4.0-119-generic #143-Ubuntu SMP Mon Apr 2 16:08:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ CC=clang ../openssl/config -d --strict-warnings no-md5 Commit log since last time: 201b305 apps/dsaparam.c generates code that is intended to be pasted or included into an existing source file: the function is static, and the code doesn't include dsa.h. Match the generated C source style of dsaparam. cb80943 Add test for DSA signatures of raw digests of various sizes 665d9d1 Remove DSA digest length checks when no digest is passed bd93f1a doc/BN_generate_prime: update doc about other callback values Build log ended with (last 100 lines): $ CC=clang ../openssl/config -d --strict-warnings no-md5 Operating system: x86_64-whatever-linux2 Failure! build file wasn't produced. Please read INSTALL and associated NOTES files. You may also have to look over your available compiler tool chain or change your configuration. ***** Unsupported options: no-md5 $ make clean make: *** No rule to make target 'clean'. Stop. From no-reply at appveyor.com Mon Jul 30 12:05:52 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 30 Jul 2018 12:05:52 +0000 Subject: [openssl-commits] Build failed: openssl OpenSSL_1_0_2-stable.19161 Message-ID: <20180730120552.1.5976841E1710B107@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Mon Jul 30 14:16:49 2018 From: no-reply at appveyor.com (AppVeyor) Date: Mon, 30 Jul 2018 14:16:49 +0000 Subject: [openssl-commits] Build completed: openssl OpenSSL_1_0_2-stable.19162 Message-ID: <20180730141649.1.23DE8A5F3AB234C5@appveyor.com> An HTML attachment was scrubbed... URL: From paul.dale at oracle.com Tue Jul 31 03:10:58 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 31 Jul 2018 03:10:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1533006658.750857.12706.nullmailer@dev.openssl.org> The branch master has been updated via 35c9408108f3608eb572acd7f64a93cf4f43f4f6 (commit) from 201b305a2409d9eb13b5e4bfbd4967e04e155a60 (commit) - Log ----------------------------------------------------------------- commit 35c9408108f3608eb572acd7f64a93cf4f43f4f6 Author: Pauli Date: Tue Jul 31 11:37:05 2018 +1000 Check conversion return in ASN1_INTEGER_print_bio. Also streamline the code by relying on ASN1_INTEGER_to_BN to allocate the BN instead of doing it separately. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6821) ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_lib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index de36e0e..ce2e12c 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,10 +22,9 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) int result = 0; char *hex; - num_bn = BN_new(); + num_bn = ASN1_INTEGER_to_BN(num, NULL); if (num_bn == NULL) return -1; - ASN1_INTEGER_to_BN(num, num_bn); if ((hex = BN_bn2hex(num_bn))) { result = BIO_write(bio, "0x", 2) > 0; result = result && BIO_write(bio, hex, strlen(hex)) > 0; From paul.dale at oracle.com Tue Jul 31 03:19:04 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 31 Jul 2018 03:19:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1533007144.205043.15361.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via 35fa31cc9d480dcd5108d17ccf8dc576bee20f09 (commit) from 34515e8f88e57c13cdf2b1d4ec094ffd4e9f8d94 (commit) - Log ----------------------------------------------------------------- commit 35fa31cc9d480dcd5108d17ccf8dc576bee20f09 Author: Pauli Date: Tue Jul 31 11:37:05 2018 +1000 Check conversion return in ASN1_INTEGER_print_bio. Also streamline the code by relying on ASN1_INTEGER_to_BN to allocate the BN instead of doing it separately. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6821) (cherry picked from commit 35c9408108f3608eb572acd7f64a93cf4f43f4f6) ----------------------------------------------------------------------- Summary of changes: crypto/ts/ts_lib.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index de36e0e..ce2e12c 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -22,10 +22,9 @@ int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) int result = 0; char *hex; - num_bn = BN_new(); + num_bn = ASN1_INTEGER_to_BN(num, NULL); if (num_bn == NULL) return -1; - ASN1_INTEGER_to_BN(num, num_bn); if ((hex = BN_bn2hex(num_bn))) { result = BIO_write(bio, "0x", 2) > 0; result = result && BIO_write(bio, hex, strlen(hex)) > 0; From paul.dale at oracle.com Tue Jul 31 04:50:29 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 31 Jul 2018 04:50:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1533012629.272650.6949.nullmailer@dev.openssl.org> The branch master has been updated via 3d3cbce550ff5d6172cf28dbbf80bda93f6577a9 (commit) from 35c9408108f3608eb572acd7f64a93cf4f43f4f6 (commit) - Log ----------------------------------------------------------------- commit 3d3cbce550ff5d6172cf28dbbf80bda93f6577a9 Author: Pauli Date: Tue Jul 31 13:11:00 2018 +1000 Check return from BN_sub Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6823) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_ossl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index feb1ab4..c441905 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -339,7 +339,8 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, goto err; if (padding == RSA_X931_PADDING) { - BN_sub(f, rsa->n, ret); + if (!BN_sub(f, rsa->n, ret)) + goto err; if (BN_cmp(ret, f) > 0) res = f; else From paul.dale at oracle.com Tue Jul 31 04:51:15 2018 From: paul.dale at oracle.com (paul.dale at oracle.com) Date: Tue, 31 Jul 2018 04:51:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_1_0-stable update Message-ID: <1533012675.372432.7802.nullmailer@dev.openssl.org> The branch OpenSSL_1_1_0-stable has been updated via c0cc23af26d0363dbd164ceae97ed044e3fd8861 (commit) from 35fa31cc9d480dcd5108d17ccf8dc576bee20f09 (commit) - Log ----------------------------------------------------------------- commit c0cc23af26d0363dbd164ceae97ed044e3fd8861 Author: Pauli Date: Tue Jul 31 13:11:00 2018 +1000 Check return from BN_sub Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6823) (cherry picked from commit 3d3cbce550ff5d6172cf28dbbf80bda93f6577a9) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_ossl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 41fafa7..8e81cbb 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -332,7 +332,8 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, goto err; if (padding == RSA_X931_PADDING) { - BN_sub(f, rsa->n, ret); + if (!BN_sub(f, rsa->n, ret)) + goto err; if (BN_cmp(ret, f) > 0) res = f; else From matt at openssl.org Tue Jul 31 08:12:54 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 31 Jul 2018 08:12:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1533024774.142363.25190.nullmailer@dev.openssl.org> The branch master has been updated via 50db81633ece00593b245afed0ed9480d7ffb334 (commit) via 9cc570d4c419e2ca97e2173dc14c484195502dd4 (commit) via de34e45a64f0865264b826255adbe7aee7470780 (commit) via 8e3cced75fb5fee5da59ebef9605d403a999391b (commit) from 3d3cbce550ff5d6172cf28dbbf80bda93f6577a9 (commit) - Log ----------------------------------------------------------------- commit 50db81633ece00593b245afed0ed9480d7ffb334 Author: Matt Caswell Date: Mon Jul 30 16:56:41 2018 +0100 Deprecate the EC curve type specific functions in 1.2.0 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6815) commit 9cc570d4c419e2ca97e2173dc14c484195502dd4 Author: Matt Caswell Date: Mon Jul 30 16:40:18 2018 +0100 Use the new non-curve type specific EC functions internally Fixes #6646 Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6815) commit de34e45a64f0865264b826255adbe7aee7470780 Author: Matt Caswell Date: Mon Jul 30 16:06:12 2018 +0100 Add documentation for the new non-curve type specific EC functions Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6815) commit 8e3cced75fb5fee5da59ebef9605d403a999391b Author: Matt Caswell Date: Mon Jul 30 15:39:41 2018 +0100 Provide EC functions that are not curve type specific Some EC functions exist in *_GFp and *_GF2m forms, in spite of the implementations between the two curve types being identical. This commit provides equivalent generic functions with the *_GFp and *_GF2m forms just calling the generic functions. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/6815) ----------------------------------------------------------------------- Summary of changes: apps/ecparam.c | 2 +- crypto/ec/ec2_oct.c | 11 ++- crypto/ec/ec2_smpl.c | 12 ++-- crypto/ec/ec_asn1.c | 22 ++---- crypto/ec/ec_curve.c | 2 +- crypto/ec/ec_cvt.c | 4 +- crypto/ec/ec_err.c | 8 +++ crypto/ec/ec_key.c | 29 ++------ crypto/ec/ec_lcl.h | 9 ++- crypto/ec/ec_lib.c | 125 ++++++++++++++++------------------ crypto/ec/ec_oct.c | 46 +++++-------- crypto/ec/ecdh_ossl.c | 17 +---- crypto/ec/ecdsa_ossl.c | 39 +++-------- crypto/ec/eck_prn.c | 17 ++--- crypto/ec/ecp_nistp224.c | 2 +- crypto/ec/ecp_nistp256.c | 2 +- crypto/ec/ecp_nistp521.c | 2 +- crypto/ec/ecp_oct.c | 11 ++- crypto/ec/ecp_smpl.c | 4 +- crypto/err/openssl.txt | 5 ++ crypto/sm2/sm2_crypt.c | 12 ++-- crypto/sm2/sm2_sign.c | 4 +- crypto/sm2/sm2_za.c | 10 +-- doc/man3/EC_GROUP_new.pod | 48 ++++++++----- doc/man3/EC_POINT_new.pod | 64 +++++++++++++----- include/openssl/ec.h | 167 +++++++++++++++++++++++++++++++++++----------- include/openssl/ecerr.h | 5 ++ test/ecstresstest.c | 11 ++- test/ectest.c | 131 ++++++++++++++++-------------------- test/sm2_internal_test.c | 4 +- util/libcrypto.num | 25 ++++--- 31 files changed, 450 insertions(+), 400 deletions(-) diff --git a/apps/ecparam.c b/apps/ecparam.c index 2290242..917f1a8 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -299,7 +299,7 @@ int ecparam_main(int argc, char **argv) goto end; } - if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL)) + if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL)) goto end; if ((point = EC_GROUP_get0_generator(group)) == NULL) diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 24c32ae..d515dab 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -94,7 +94,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, } } - if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; ret = 1; @@ -166,7 +166,7 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (yxi == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; buf[0] = form; @@ -301,8 +301,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GF2m - (group, point, x, y_bit, ctx)) + if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) goto err; } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) @@ -321,10 +320,10 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* - * EC_POINT_set_affine_coordinates_GF2m is responsible for checking that + * EC_POINT_set_affine_coordinates is responsible for checking that * the point is on the curve. */ - if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; } diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index 9ce332b..87f7ce5 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -390,7 +390,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_copy(y0, a->Y)) goto err; } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) + if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx)) goto err; } if (b->Z_is_one) { @@ -399,7 +399,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_copy(y1, b->Y)) goto err; } else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) + if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx)) goto err; } @@ -447,7 +447,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, if (!BN_GF2m_add(y2, y2, y1)) goto err; - if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) + if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx)) goto err; ret = 1; @@ -590,9 +590,9 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, if (bY == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) + if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx)) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) + if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx)) goto err; ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; @@ -625,7 +625,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, if (y == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; if (!BN_copy(point->X, x)) goto err; diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index cdc5d38..13c56a6 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -266,7 +266,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) goto err; } /* the parameters are specified by the prime number p */ - if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { + if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) { ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB); goto err; } @@ -365,7 +365,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) { - int ok = 0, nid; + int ok = 0; BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; unsigned char *a_buf = NULL, *b_buf = NULL; size_t len; @@ -378,24 +378,12 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) goto err; } - nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); - /* get a and b */ - if (nid == NID_X9_62_prime_field) { - if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); - goto err; - } + if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) { + ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); + goto err; } -#ifndef OPENSSL_NO_EC2M - else { /* nid == NID_X9_62_characteristic_two_field */ - if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { - ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB); - goto err; - } - } -#endif /* * Per SEC 1, the curve coefficients must be padded up to size. See C.2's * definition of Curve, C.1's definition of FieldElement, and 2.3.5's diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 618ec04..bb1ce19 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3078,7 +3078,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { + if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 1321823..7f8bc1c 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -51,7 +51,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { EC_GROUP_clear_free(ret); return NULL; } @@ -72,7 +72,7 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { + if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) { EC_GROUP_clear_free(ret); return NULL; } diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c index cbe204f..8f4911a 100644 --- a/crypto/ec/ec_err.c +++ b/crypto/ec/ec_err.c @@ -146,6 +146,7 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0), "EC_GROUP_check_discriminant"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0), "EC_GROUP_get_curve_GF2m"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0), @@ -168,6 +169,7 @@ static const ERR_STRING_DATA EC_str_functs[] = { "EC_GROUP_new_from_ecparameters"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0), "EC_GROUP_new_from_ecpkparameters"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0), "EC_GROUP_set_curve_GF2m"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0), @@ -203,6 +205,8 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0), + "EC_POINT_get_affine_coordinates"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0), "EC_POINT_get_affine_coordinates_GF2m"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0), @@ -220,10 +224,14 @@ static const ERR_STRING_DATA EC_str_functs[] = { {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0), + "EC_POINT_set_affine_coordinates"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0), "EC_POINT_set_affine_coordinates_GF2m"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0), "EC_POINT_set_affine_coordinates_GFp"}, + {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0), + "EC_POINT_set_compressed_coordinates"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0), "EC_POINT_set_compressed_coordinates_GF2m"}, {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0), diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index c841236..ec10b7e 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -341,9 +341,6 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *tx, *ty; EC_POINT *point = NULL; int ok = 0; -#ifndef OPENSSL_NO_EC2M - int tmp_nid, is_char_two = 0; -#endif if (key == NULL || key->group == NULL || x == NULL || y == NULL) { ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, @@ -365,29 +362,11 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, if (ty == NULL) goto err; -#ifndef OPENSSL_NO_EC2M - tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); - - if (tmp_nid == NID_X9_62_characteristic_two_field) - is_char_two = 1; + if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx)) + goto err; + if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx)) + goto err; - if (is_char_two) { - if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, - x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point, - tx, ty, ctx)) - goto err; - } else -#endif - { - if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, - x, y, ctx)) - goto err; - if (!EC_POINT_get_affine_coordinates_GFp(key->group, point, - tx, ty, ctx)) - goto err; - } /* * Check if retrieved coordinates match originals and are less than field * order: if not values are out of range. diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index c706a84..e055dda 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -50,8 +50,7 @@ struct ec_method_st { void (*group_finish) (EC_GROUP *); void (*group_clear_finish) (EC_GROUP *); int (*group_copy) (EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ - /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ + /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */ int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, @@ -73,9 +72,9 @@ struct ec_method_st { * used by EC_POINT_set_to_infinity, * EC_POINT_set_Jprojective_coordinates_GFp, * EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, - * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: + * EC_POINT_set_affine_coordinates, + * EC_POINT_get_affine_coordinates, + * EC_POINT_set_compressed_coordinates: */ int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *); int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *, diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 457cd35..2204152 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -415,48 +415,52 @@ size_t EC_GROUP_get_seed_len(const EC_GROUP *group) return group->seed_len; } -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx) +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) { if (group->meth->group_set_curve == 0) { - ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ECerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_set_curve(group, p, a, b, ctx); } -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx) +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx) { - if (group->meth->group_get_curve == 0) { - ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + if (group->meth->group_get_curve == NULL) { + ECerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } return group->meth->group_get_curve(group, p, a, b, ctx); } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + return EC_GROUP_set_curve(group, p, a, b, ctx); +} + +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, + BIGNUM *b, BN_CTX *ctx) +{ + return EC_GROUP_get_curve(group, p, a, b, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_set_curve == 0) { - ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_set_curve(group, p, a, b, ctx); + return EC_GROUP_set_curve(group, p, a, b, ctx); } int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { - if (group->meth->group_get_curve == 0) { - ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - return group->meth->group_get_curve(group, p, a, b, ctx); + return EC_GROUP_get_curve(group, p, a, b, ctx); } +# endif #endif int EC_GROUP_get_degree(const EC_GROUP *group) @@ -699,92 +703,79 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, y, z, ctx); } -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - const BIGNUM *y, BN_CTX *ctx) +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, + if (group->meth->point_set_affine_coordinates == NULL) { + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, - EC_R_INCOMPATIBLE_OBJECTS); + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS); return 0; } if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) return 0; if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, - EC_R_POINT_IS_NOT_ON_CURVE); + ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE); return 0; } return 1; } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *point, const BIGNUM *x, + const BIGNUM *y, BN_CTX *ctx) +{ + return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_set_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, + return EC_POINT_set_affine_coordinates(group, point, x, y, ctx); +} +# endif +#endif + +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, BIGNUM *y, + BN_CTX *ctx) +{ + if (group->meth->point_get_affine_coordinates == NULL) { + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx)) - return 0; - - if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, - EC_R_POINT_IS_NOT_ON_CURVE); + ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS); return 0; } - return 1; + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); } -#endif +#if OPENSSL_API_COMPAT < 0x10200000L int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } -#ifndef OPENSSL_NO_EC2M +# ifndef OPENSSL_NO_EC2M int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) { - if (group->meth->point_get_affine_coordinates == 0) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); + return EC_POINT_get_affine_coordinates(group, point, x, y, ctx); } +# endif #endif int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, diff --git a/crypto/ec/ec_oct.c b/crypto/ec/ec_oct.c index c87d495..522f79e 100644 --- a/crypto/ec/ec_oct.c +++ b/crypto/ec/ec_oct.c @@ -15,18 +15,17 @@ #include "ec_lcl.h" -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *point, const BIGNUM *x, - int y_bit, BN_CTX *ctx) +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates == 0 + if (group->meth->point_set_compressed_coordinates == NULL && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; } if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS); return 0; } @@ -37,7 +36,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, else #ifdef OPENSSL_NO_EC2M { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, + ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, EC_R_GF2M_NOT_SUPPORTED); return 0; } @@ -50,33 +49,22 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, y_bit, ctx); } -#ifndef OPENSSL_NO_EC2M +#if OPENSSL_API_COMPAT < 0x10200000L +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *point, const BIGNUM *x, + int y_bit, BN_CTX *ctx) +{ + return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); +} + +# ifndef OPENSSL_NO_EC2M int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, const BIGNUM *x, int y_bit, BN_CTX *ctx) { - if (group->meth->point_set_compressed_coordinates == 0 - && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, - ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (!ec_point_is_compat(point, group)) { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, - EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { - if (group->meth->field_type == NID_X9_62_prime_field) - return ec_GFp_simple_set_compressed_coordinates(group, point, x, - y_bit, ctx); - else - return ec_GF2m_simple_set_compressed_coordinates(group, point, x, - y_bit, ctx); - } - return group->meth->point_set_compressed_coordinates(group, point, x, - y_bit, ctx); + return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx); } +# endif #endif size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, diff --git a/crypto/ec/ecdh_ossl.c b/crypto/ec/ecdh_ossl.c index 1c5db22..bd93793 100644 --- a/crypto/ec/ecdh_ossl.c +++ b/crypto/ec/ecdh_ossl.c @@ -83,21 +83,10 @@ int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen, goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, NULL, ctx)) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { - if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, NULL, ctx)) { - ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) { + ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE); + goto err; } -#endif buflen = (EC_GROUP_get_degree(group) + 7) / 8; len = BN_num_bytes(x); diff --git a/crypto/ec/ecdsa_ossl.c b/crypto/ec/ecdsa_ossl.c index ad7a6f7..e35c760 100644 --- a/crypto/ec/ecdsa_ossl.c +++ b/crypto/ec/ecdsa_ossl.c @@ -104,23 +104,12 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, - NULL, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* NID_X9_62_characteristic_two_field */ - if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp_point, X, - NULL, ctx)) { - ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); - goto err; - } + + if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) { + ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); + goto err; } -#endif + if (!BN_nnmod(r, X, order, ctx)) { ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB); goto err; @@ -408,22 +397,12 @@ int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); goto err; } - if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == - NID_X9_62_prime_field) { - if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) { - ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } - } -#ifndef OPENSSL_NO_EC2M - else { /* NID_X9_62_characteristic_two_field */ - if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) { - ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); - goto err; - } + if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) { + ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB); + goto err; } -#endif + if (!BN_nnmod(u1, X, order, ctx)) { ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB); goto err; diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 2e501b2..cde3090 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -125,19 +125,10 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) reason = ERR_R_MALLOC_FAILURE; goto err; } -#ifndef OPENSSL_NO_EC2M - if (is_char_two) { - if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } - } else /* prime field */ -#endif - { - if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { - reason = ERR_R_EC_LIB; - goto err; - } + + if (!EC_GROUP_get_curve(x, p, a, b, ctx)) { + reason = ERR_R_EC_LIB; + goto err; } if ((point = EC_GROUP_get0_generator(x)) == NULL) { diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index ecae568..555bf30 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1608,7 +1608,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) goto err; BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x); BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) goto err; if ((pre = nistp224_pre_comp_new()) == NULL) goto err; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 22f172b..c87a5e5 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -2238,7 +2238,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) goto err; BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x); BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) goto err; if ((pre = nistp256_pre_comp_new()) == NULL) goto err; diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 06945b5..14f2fee 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -2071,7 +2071,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) goto err; BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x); BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y); - if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx)) goto err; if ((pre = nistp521_pre_comp_new()) == NULL) goto err; diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index a5010bc..2be3c86 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -140,7 +140,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, goto err; } - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; ret = 1; @@ -206,7 +206,7 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (y == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; if ((form == POINT_CONVERSION_COMPRESSED @@ -333,8 +333,7 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } if (form == POINT_CONVERSION_COMPRESSED) { - if (!EC_POINT_set_compressed_coordinates_GFp - (group, point, x, y_bit, ctx)) + if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx)) goto err; } else { if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) @@ -351,10 +350,10 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* - * EC_POINT_set_affine_coordinates_GFp is responsible for checking that + * EC_POINT_set_affine_coordinates is responsible for checking that * the point is on the curve. */ - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 18d16dd..7ac519c 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -1181,9 +1181,9 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, if (y == NULL) goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx)) goto err; - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx)) goto err; if (!point->Z_is_one) { ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index a0dc3c5..90b5c4e 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -570,6 +570,7 @@ EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES:169:\ EC_F_EC_GROUP_CHECK:170:EC_GROUP_check EC_F_EC_GROUP_CHECK_DISCRIMINANT:171:EC_GROUP_check_discriminant EC_F_EC_GROUP_COPY:106:EC_GROUP_copy +EC_F_EC_GROUP_GET_CURVE:291:EC_GROUP_get_curve EC_F_EC_GROUP_GET_CURVE_GF2M:172:EC_GROUP_get_curve_GF2m EC_F_EC_GROUP_GET_CURVE_GFP:130:EC_GROUP_get_curve_GFp EC_F_EC_GROUP_GET_DEGREE:173:EC_GROUP_get_degree @@ -582,6 +583,7 @@ EC_F_EC_GROUP_NEW_BY_CURVE_NAME:174:EC_GROUP_new_by_curve_name EC_F_EC_GROUP_NEW_FROM_DATA:175:ec_group_new_from_data EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS:263:EC_GROUP_new_from_ecparameters EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS:264:EC_GROUP_new_from_ecpkparameters +EC_F_EC_GROUP_SET_CURVE:292:EC_GROUP_set_curve EC_F_EC_GROUP_SET_CURVE_GF2M:176:EC_GROUP_set_curve_GF2m EC_F_EC_GROUP_SET_CURVE_GFP:109:EC_GROUP_set_curve_GFp EC_F_EC_GROUP_SET_GENERATOR:111:EC_GROUP_set_generator @@ -610,6 +612,7 @@ EC_F_EC_POINT_BN2POINT:280:EC_POINT_bn2point EC_F_EC_POINT_CMP:113:EC_POINT_cmp EC_F_EC_POINT_COPY:114:EC_POINT_copy EC_F_EC_POINT_DBL:115:EC_POINT_dbl +EC_F_EC_POINT_GET_AFFINE_COORDINATES:293:EC_POINT_get_affine_coordinates EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M:183:\ EC_POINT_get_affine_coordinates_GF2m EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP:116:EC_POINT_get_affine_coordinates_GFp @@ -623,9 +626,11 @@ EC_F_EC_POINT_NEW:121:EC_POINT_new EC_F_EC_POINT_OCT2POINT:122:EC_POINT_oct2point EC_F_EC_POINT_POINT2BUF:281:EC_POINT_point2buf EC_F_EC_POINT_POINT2OCT:123:EC_POINT_point2oct +EC_F_EC_POINT_SET_AFFINE_COORDINATES:294:EC_POINT_set_affine_coordinates EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M:185:\ EC_POINT_set_affine_coordinates_GF2m EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP:124:EC_POINT_set_affine_coordinates_GFp +EC_F_EC_POINT_SET_COMPRESSED_COORDINATES:295:EC_POINT_set_compressed_coordinates EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M:186:\ EC_POINT_set_compressed_coordinates_GF2m EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP:125:\ diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c index d6f9c81..9e78873 100644 --- a/crypto/sm2/sm2_crypt.c +++ b/crypto/sm2/sm2_crypt.c @@ -48,7 +48,7 @@ static size_t ec_field_size(const EC_GROUP *group) if (p == NULL || a == NULL || b == NULL) goto done; - if (!EC_GROUP_get_curve_GFp(group, p, a, b, NULL)) + if (!EC_GROUP_get_curve(group, p, a, b, NULL)) goto done; field_size = (BN_num_bits(p) + 7) / 8; @@ -176,9 +176,9 @@ int sm2_encrypt(const EC_KEY *key, } if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) - || !EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) + || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx) || !EC_POINT_mul(group, kP, NULL, P, k, ctx) - || !EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx)) { + || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) { SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB); goto done; } @@ -326,11 +326,11 @@ int sm2_decrypt(const EC_KEY *key, goto done; } - if (!EC_POINT_set_affine_coordinates_GFp(group, C1, sm2_ctext->C1x, - sm2_ctext->C1y, ctx) + if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x, + sm2_ctext->C1y, ctx) || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) - || !EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx)) { + || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) { SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB); goto done; } diff --git a/crypto/sm2/sm2_sign.c b/crypto/sm2/sm2_sign.c index 1244c05..f1185c1 100644 --- a/crypto/sm2/sm2_sign.c +++ b/crypto/sm2/sm2_sign.c @@ -115,7 +115,7 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e) } if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx) - || !EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, + || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL, ctx) || !BN_mod_add(r, e, x1, order, ctx)) { SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR); @@ -224,7 +224,7 @@ static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, } if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) - || !EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx)) { + || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) { SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB); goto done; } diff --git a/crypto/sm2/sm2_za.c b/crypto/sm2/sm2_za.c index 8f45082..320bee1 100644 --- a/crypto/sm2/sm2_za.c +++ b/crypto/sm2/sm2_za.c @@ -87,7 +87,7 @@ int sm2_compute_userid_digest(uint8_t *out, goto done; } - if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) { + if (!EC_GROUP_get_curve(group, p, a, b, ctx)) { SM2err(SM2_F_SM2_COMPUTE_USERID_DIGEST, ERR_R_EC_LIB); goto done; } @@ -103,16 +103,16 @@ int sm2_compute_userid_digest(uint8_t *out, || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(b, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EC_POINT_get_affine_coordinates_GFp(group, + || !EC_POINT_get_affine_coordinates(group, EC_GROUP_get0_generator(group), xG, yG, ctx) || BN_bn2binpad(xG, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(yG, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) - || !EC_POINT_get_affine_coordinates_GFp(group, - EC_KEY_get0_public_key(key), - xA, yA, ctx) + || !EC_POINT_get_affine_coordinates(group, + EC_KEY_get0_public_key(key), + xA, yA, ctx) || BN_bn2binpad(xA, buf, p_bytes) < 0 || !EVP_DigestUpdate(hash, buf, p_bytes) || BN_bn2binpad(yA, buf, p_bytes) < 0 diff --git a/doc/man3/EC_GROUP_new.pod b/doc/man3/EC_GROUP_new.pod index e36c3cb..2a722ce 100644 --- a/doc/man3/EC_GROUP_new.pod +++ b/doc/man3/EC_GROUP_new.pod @@ -2,12 +2,22 @@ =head1 NAME -EC_GROUP_get_ecparameters, EC_GROUP_get_ecpkparameters, -EC_GROUP_new, EC_GROUP_new_from_ecparameters, +EC_GROUP_get_ecparameters, +EC_GROUP_get_ecpkparameters, +EC_GROUP_new, +EC_GROUP_new_from_ecparameters, EC_GROUP_new_from_ecpkparameters, -EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_new_curve_GFp, -EC_GROUP_new_curve_GF2m, EC_GROUP_new_by_curve_name, EC_GROUP_set_curve_GFp, -EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m, +EC_GROUP_free, +EC_GROUP_clear_free, +EC_GROUP_new_curve_GFp, +EC_GROUP_new_curve_GF2m, +EC_GROUP_new_by_curve_name, +EC_GROUP_set_curve, +EC_GROUP_get_curve, +EC_GROUP_set_curve_GFp, +EC_GROUP_get_curve_GFp, +EC_GROUP_set_curve_GF2m, +EC_GROUP_get_curve_GF2m, EC_get_builtin_curves - Functions for creating and destroying EC_GROUP objects @@ -27,6 +37,10 @@ objects const BIGNUM *b, BN_CTX *ctx); EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); + int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, @@ -58,22 +72,26 @@ Operations in a binary field are performed relative to an B (see -L). It is then necessary to call either EC_GROUP_set_curve_GFp or -EC_GROUP_set_curve_GF2m as appropriate to create a curve defined over Fp or over F2^m respectively. +L). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters. EC_GROUP_new_from_ecparameters() will create a group from the specified B and EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B. -EC_GROUP_set_curve_GFp sets the curve parameters B

    , B and B for a curve over Fp stored in B. -EC_group_get_curve_GFp obtains the previously set curve parameters. +EC_GROUP_set_curve() sets the curve parameters B

    , B and B. For a curve over Fp B +is the prime for the field. For a curve over F2^m B

    represents the irreducible polynomial - each bit +represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether +the polynomial is a trinomial or a pentanomial. -EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case B

    represents -the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three -or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. -EC_group_get_curve_GF2m obtains the previously set curve parameters. +EC_group_get_curve() obtains the previously set curve parameters. -The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the -appropriate EC_group_set_curve function. An appropriate default implementation method will be used. +EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for +backwards compatibility only and should not be used. + +EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for +backwards compatibility only and should not be used. + +The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the +EC_GROUP_set_curve function. An appropriate default implementation method will be used. Whilst the library can be used to create any curve using the functions described above, there are also a number of predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function diff --git a/doc/man3/EC_POINT_new.pod b/doc/man3/EC_POINT_new.pod index 2d86777..796f666 100644 --- a/doc/man3/EC_POINT_new.pod +++ b/doc/man3/EC_POINT_new.pod @@ -2,16 +2,30 @@ =head1 NAME -EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_point2buf, -EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, -EC_POINT_copy, EC_POINT_dup, EC_POINT_method_of, +EC_POINT_set_Jprojective_coordinates_GFp, +EC_POINT_point2buf, +EC_POINT_new, +EC_POINT_free, +EC_POINT_clear_free, +EC_POINT_copy, +EC_POINT_dup, +EC_POINT_method_of, EC_POINT_set_to_infinity, EC_POINT_get_Jprojective_coordinates_GFp, +EC_POINT_set_affine_coordinates, +EC_POINT_get_affine_coordinates, +EC_POINT_set_compressed_coordinates, EC_POINT_set_affine_coordinates_GFp, -EC_POINT_get_affine_coordinates_GFp, EC_POINT_set_compressed_coordinates_GFp, -EC_POINT_set_affine_coordinates_GF2m, EC_POINT_get_affine_coordinates_GF2m, -EC_POINT_set_compressed_coordinates_GF2m, EC_POINT_point2oct, -EC_POINT_oct2point, EC_POINT_point2bn, EC_POINT_bn2point, EC_POINT_point2hex, +EC_POINT_get_affine_coordinates_GFp, +EC_POINT_set_compressed_coordinates_GFp, +EC_POINT_set_affine_coordinates_GF2m, +EC_POINT_get_affine_coordinates_GF2m, +EC_POINT_set_compressed_coordinates_GF2m, +EC_POINT_point2oct, +EC_POINT_oct2point, +EC_POINT_point2bn, +EC_POINT_bn2point, +EC_POINT_point2hex, EC_POINT_hex2point - Functions for creating, destroying and manipulating EC_POINT objects @@ -34,6 +48,14 @@ EC_POINT_hex2point const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); + int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); @@ -97,12 +119,20 @@ A valid point on a curve is the special point at infinity. A point is set to be at infinity by calling EC_POINT_set_to_infinity(). The affine co-ordinates for a point describe a point in terms of its x and y -position. The functions EC_POINT_set_affine_coordinates_GFp() and -EC_POINT_set_affine_coordinates_GF2m() set the B and B co-ordinates for -the point B

    defined over the curve given in B. The functions -EC_POINT_get_affine_coordinates_GFp() and -EC_POINT_get_affine_coordinates_GF2m() set B and B, either of which may -be NULL, to the corresponding coordinates of B

    . +position. The function EC_POINT_set_affine_coordinates() sets the B and B +co-ordinates for the point B

    defined over the curve given in B. The +function EC_POINT_get_affine_coordinates() sets B and B, either of which +may be NULL, to the corresponding coordinates of B

    . + +The functions EC_POINT_set_affine_coordinates_GFp() and +EC_POINT_set_affine_coordinates_GF2m() are synonyms for +EC_POINT_set_affine_coordinates(). They are defined for backwards compatibility +only and should not be used. + +The functions EC_POINT_get_affine_coordinates_GFp() and +EC_POINT_get_affine_coordinates_GF2m() are synonyms for +EC_POINT_get_affine_coordinates(). They are defined for backwards compatibility +only and should not be used. As well as the affine co-ordinates, a point can alternatively be described in terms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian @@ -119,11 +149,15 @@ EC_POINT_get_Jprojective_coordinates_GFp() respectively. Points can also be described in terms of their compressed co-ordinates. For a point (x, y), for any given value for x such that the point is on the curve there will only ever be two possible values for y. Therefore a point can be set -using the EC_POINT_set_compressed_coordinates_GFp() and -EC_POINT_set_compressed_coordinates_GF2m() functions where B is the x +using the EC_POINT_set_compressed_coordinates() function where B is the x co-ordinate and B is a value 0 or 1 to identify which of the two possible values for y should be used. +The functions EC_POINT_set_compressed_coordinates_GFp() and +EC_POINT_set_compressed_coordinates_GF2m() are synonyms for +EC_POINT_set_compressed_coordinates(). They are defined for backwards +compatibility only and should not be used. + In addition B can be converted to and from various external representations. The octet form is the binary encoding of the B structure (as defined in RFC5480 and used in certificates and TLS records): diff --git a/include/openssl/ec.h b/include/openssl/ec.h index ed2161d..9cbb8b8 100644 --- a/include/openssl/ec.h +++ b/include/openssl/ec.h @@ -223,50 +223,84 @@ unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); size_t EC_GROUP_get_seed_len(const EC_GROUP *); size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); -/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b +/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) * \param group EC_GROUP object - * \param p BIGNUM with the prime number + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM with parameter a of the equation * \param b BIGNUM with parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); +int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx); -/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b +/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp) + * or y^2 + x*y = x^3 + a*x^2 + b (for GF2m) * \param group EC_GROUP object - * \param p BIGNUM for the prime number + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM for parameter a of the equation * \param b BIGNUM for parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx); +int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, + BN_CTX *ctx); + +/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) + +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve + * \param group EC_GROUP object + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) # ifndef OPENSSL_NO_EC2M -/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b +/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve * \param group EC_GROUP object - * \param p BIGNUM with the polynomial defining the underlying field + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM with parameter a of the equation * \param b BIGNUM with parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, - const BIGNUM *b, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx)) -/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b +/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve * \param group EC_GROUP object - * \param p BIGNUM for the polynomial defining the underlying field + * \param p BIGNUM with the prime number (GFp) or the polynomial + * defining the underlying field (GF2m) * \param a BIGNUM for parameter a of the equation * \param b BIGNUM for parameter b of the equation * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, - BIGNUM *b, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, + BIGNUM *a, BIGNUM *b, + BN_CTX *ctx)) # endif /** Returns the number of bits needed to represent a field element * \param group EC_GROUP object @@ -459,7 +493,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); -/** Sets the affine coordinates of a EC_POINT over GFp +/** Sets the affine coordinates of an EC_POINT * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with the x-coordinate @@ -467,11 +501,11 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx); +int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, + BN_CTX *ctx); -/** Gets the affine coordinates of a EC_POINT over GFp +/** Gets the affine coordinates of an EC_POINT. * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM for the x-coordinate @@ -479,11 +513,40 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx); +int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx); -/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) + +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) + +/** Sets the x9.62 compressed coordinates of a EC_POINT * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with x-coordinate @@ -491,11 +554,27 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, - int y_bit, BN_CTX *ctx); +int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, + BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred + */ +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) # ifndef OPENSSL_NO_EC2M -/** Sets the affine coordinates of a EC_POINT over GF2m +/** Sets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_set_affine_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with the x-coordinate @@ -503,11 +582,14 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, - const BIGNUM *x, const BIGNUM *y, - BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + const BIGNUM *y, + BN_CTX *ctx)) -/** Gets the affine coordinates of a EC_POINT over GF2m +/** Gets the affine coordinates of an EC_POINT. A synonym of + * EC_POINT_get_affine_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM for the x-coordinate @@ -515,11 +597,14 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, - const EC_POINT *p, BIGNUM *x, - BIGNUM *y, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, + BIGNUM *x, + BIGNUM *y, + BN_CTX *ctx)) -/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m +/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of + * EC_POINT_set_compressed_coordinates * \param group underlying EC_GROUP object * \param p EC_POINT object * \param x BIGNUM with x-coordinate @@ -527,9 +612,11 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, * \param ctx BN_CTX object (optional) * \return 1 on success and 0 if an error occurred */ -int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, - EC_POINT *p, const BIGNUM *x, - int y_bit, BN_CTX *ctx); +DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, + EC_POINT *p, + const BIGNUM *x, + int y_bit, + BN_CTX *ctx)) # endif /** Encodes a EC_POINT object to a octet string * \param group underlying EC_GROUP object diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h index 967d6e0..8d42938 100644 --- a/include/openssl/ecerr.h +++ b/include/openssl/ecerr.h @@ -103,6 +103,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GROUP_CHECK 170 # define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 # define EC_F_EC_GROUP_COPY 106 +# define EC_F_EC_GROUP_GET_CURVE 291 # define EC_F_EC_GROUP_GET_CURVE_GF2M 172 # define EC_F_EC_GROUP_GET_CURVE_GFP 130 # define EC_F_EC_GROUP_GET_DEGREE 173 @@ -115,6 +116,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_GROUP_NEW_FROM_DATA 175 # define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS 263 # define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS 264 +# define EC_F_EC_GROUP_SET_CURVE 292 # define EC_F_EC_GROUP_SET_CURVE_GF2M 176 # define EC_F_EC_GROUP_SET_CURVE_GFP 109 # define EC_F_EC_GROUP_SET_GENERATOR 111 @@ -142,6 +144,7 @@ int ERR_load_EC_strings(void); # define EC_F_EC_POINT_CMP 113 # define EC_F_EC_POINT_COPY 114 # define EC_F_EC_POINT_DBL 115 +# define EC_F_EC_POINT_GET_AFFINE_COORDINATES 293 # define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 # define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 # define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 @@ -153,8 +156,10 @@ int ERR_load_EC_strings(void); # define EC_F_EC_POINT_OCT2POINT 122 # define EC_F_EC_POINT_POINT2BUF 281 # define EC_F_EC_POINT_POINT2OCT 123 +# define EC_F_EC_POINT_SET_AFFINE_COORDINATES 294 # define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 # define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +# define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES 295 # define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 # define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 # define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 diff --git a/test/ecstresstest.c b/test/ecstresstest.c index 3c6d2d5..fce64e6 100644 --- a/test/ecstresstest.c +++ b/test/ecstresstest.c @@ -45,16 +45,15 @@ static BIGNUM *walk_curve(const EC_GROUP *group, EC_POINT *point, int64_t num) int64_t i; if (!TEST_ptr(scalar = BN_new()) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, point, - scalar, - NULL, NULL))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, point, scalar, + NULL, NULL))) goto err; for (i = 0; i < num; i++) { if (!TEST_true(EC_POINT_mul(group, point, NULL, point, scalar, NULL)) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, point, - scalar, - NULL, NULL))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, point, + scalar, + NULL, NULL))) goto err; } return scalar; diff --git a/test/ectest.c b/test/ectest.c index 2945cd7..2703cb4 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -169,7 +169,7 @@ static int prime_field_tests(void) * that the library gets to choose the EC_METHOD */ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) || !TEST_true(EC_GROUP_copy(tmp, group))) goto err; @@ -177,7 +177,7 @@ static int prime_field_tests(void) group = tmp; tmp = NULL; - if (!TEST_true(EC_GROUP_get_curve_GFp(group, p, a, b, ctx))) + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) goto err; TEST_info("Curve defined by Weierstrass equation"); @@ -200,13 +200,11 @@ static int prime_field_tests(void) || !TEST_ptr(z = BN_new()) || !TEST_ptr(yplusone = BN_new()) || !TEST_true(BN_hex2bn(&x, "D")) - || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, - ctx))) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx))) goto err; if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { - if (!TEST_true(EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, - ctx))) + if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) goto err; TEST_info("Point is not on curve"); test_output_bignum("x", x); @@ -223,8 +221,8 @@ static int prime_field_tests(void) if (EC_POINT_is_at_infinity(group, P)) { TEST_note(" point at infinity"); } else { - if (!TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, - ctx))) + if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, + ctx))) goto err; test_output_bignum("x", x); @@ -293,7 +291,7 @@ static int prime_field_tests(void) "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC")) || !TEST_true(BN_hex2bn(&b, "1C97BEFC" "54BD7A8B65ACF89F81D4D4ADC565FA45")) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_true(BN_hex2bn(&x, "4A96B568" "8EF573284664698968C38BB913CBFC82")) || !TEST_true(BN_hex2bn(&y, "23a62855" @@ -303,14 +301,14 @@ static int prime_field_tests(void) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, - yplusone, ctx)) - || !TEST_true(EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, "0100000000" "000000000001F4C8F927AED3CA752257")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("SEC2 curve secp160r1 -- Generator"); test_output_bignum("x", x); @@ -333,16 +331,15 @@ static int prime_field_tests(void) "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7" "0FA7E9AB72243049FEB8DEECC146B9B1")) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6" "7CBF20EB43A18800F4FF0AFD82FF1012")) - || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, - ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF" "FFFFFFFF99DEF836146BC9B1B4D22831")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("NIST curve P-192 -- Generator"); @@ -357,8 +354,8 @@ static int prime_field_tests(void) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, - yplusone, ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 192) || !group_order_tests(group) || !TEST_ptr(P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) @@ -373,16 +370,15 @@ static int prime_field_tests(void) "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) || !TEST_true(BN_hex2bn(&b, "B4050A850C04B3ABF5413256" "5044B0B7D7BFD8BA270B39432355FFB4")) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_true(BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B9" "4A03C1D356C21122343280D6115C1D21")) - || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, - ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF" "FFFF16A2E0B8F03E13DD29455C5C2A3D")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("NIST curve P-224 -- Generator"); @@ -397,8 +393,8 @@ static int prime_field_tests(void) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, - yplusone, ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 224) || !group_order_tests(group) || !TEST_ptr(P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) @@ -413,17 +409,16 @@ static int prime_field_tests(void) "00000000FFFFFFFFFFFFFFFFFFFFFFFC")) || !TEST_true(BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC" "651D06B0CC53B0F63BCE3C3E27D2604B")) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_true(BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F2" "77037D812DEB33A0F4A13945D898C296")) - || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, - ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFF" "BCE6FAADA7179E84F3B9CAC2FC632551")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("NIST curve P-256 -- Generator"); @@ -438,8 +433,8 @@ static int prime_field_tests(void) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, - yplusone, ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 256) || !group_order_tests(group) || !TEST_ptr(P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) @@ -457,19 +452,18 @@ static int prime_field_tests(void) || !TEST_true(BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19" "181D9C6EFE8141120314088F5013875A" "C656398D8A2ED19D2A85C8EDD3EC2AEF")) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_true(BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD74" "6E1D3B628BA79B9859F741E082542A38" "5502F25DBF55296C3A545E3872760AB7")) - || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, - ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" "FFFFFFFFFFFFFFFFC7634D81F4372DDF" "581A0DB248B0A77AECEC196ACCC52973")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("NIST curve P-384 -- Generator"); @@ -485,8 +479,8 @@ static int prime_field_tests(void) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, - yplusone, ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 384) || !group_order_tests(group) || !TEST_ptr(P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) @@ -509,14 +503,13 @@ static int prime_field_tests(void) "A2DA725B99B315F3B8B489918EF109E1" "56193951EC7E937B1652C0BD3BB1BF07" "3573DF883D2C34F1EF451FD46B503F00")) - || !TEST_true(EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_true(BN_hex2bn(&x, "C6" "858E06B70404E9CD9E3ECB662395B442" "9C648139053FB521F828AF606B4D3DBA" "A14B5E77EFE75928FE1DC127A2FFA8DE" "3348B3C1856A429BF97E7E31C2E5BD66")) - || !TEST_true(EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, - ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 0, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, "1FF" "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" @@ -524,7 +517,7 @@ static int prime_field_tests(void) "51868783BF2F966B7FCC0148F709A5D0" "3BB5C9B8899C47AEBB6FB71E91386409")) || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one())) - || !TEST_true(EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("NIST curve P-521 -- Generator"); @@ -542,8 +535,8 @@ static int prime_field_tests(void) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(group, P, x, - yplusone, ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, + ctx)) || !TEST_int_eq(EC_GROUP_get_degree(group), 521) || !group_order_tests(group) || !TEST_ptr(P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) @@ -552,7 +545,7 @@ static int prime_field_tests(void) /* more tests using the last curve */ /* Restore the point that got mangled in the (x, y + 1) test. */ - || !TEST_true(EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) || !TEST_true(EC_POINT_copy(Q, P)) || !TEST_false(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) @@ -834,7 +827,7 @@ static int char2_curve_test(int n) || !TEST_true(BN_hex2bn(&a, test->a)) || !TEST_true(BN_hex2bn(&b, test->b)) || !TEST_true(group = EC_GROUP_new(EC_GF2m_simple_method())) - || !TEST_true(EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_ptr(P = EC_POINT_new(group)) || !TEST_ptr(Q = EC_POINT_new(group)) || !TEST_ptr(R = EC_POINT_new(group)) @@ -849,17 +842,15 @@ static int char2_curve_test(int n) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (!TEST_false(EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, - ctx)) - || !TEST_true(EC_POINT_set_compressed_coordinates_GF2m(group, P, x, - test->y_bit, - ctx)) + if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, + test->y_bit, + ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, test->order)) || !TEST_true(BN_hex2bn(&cof, test->cof)) || !TEST_true(EC_GROUP_set_generator(group, P, z, cof)) - || !TEST_true(EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, - ctx))) + || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx))) goto err; TEST_info("%s -- Generator", test->name); test_output_bignum("x", x); @@ -873,9 +864,8 @@ static int char2_curve_test(int n) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - if (!TEST_false(EC_POINT_set_affine_coordinates_GF2m(group, P, x, yplusone, - ctx)) - || !TEST_true(EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) + if (!TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0) || !TEST_true(BN_hex2bn(&z, test->order)) || !TEST_true(BN_hex2bn(&cof, test->cof)) @@ -894,8 +884,7 @@ static int char2_curve_test(int n) /* more tests using the last curve */ if (n == OSSL_NELEM(char2_curve_tests) - 1) { - if (!TEST_true(EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, - ctx)) + if (!TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) || !TEST_true(EC_POINT_copy(Q, P)) || !TEST_false(EC_POINT_is_at_infinity(group, Q)) || !TEST_true(EC_POINT_dbl(group, P, P, ctx)) @@ -995,7 +984,7 @@ static int char2_field_tests(void) * so that the library gets * to choose the EC_METHOD */ if (!TEST_ptr(group) - || !TEST_true(EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx)) || !TEST_ptr(tmp = EC_GROUP_new(EC_GROUP_method_of(group))) || !TEST_true(EC_GROUP_copy(tmp, group))) goto err; @@ -1003,7 +992,7 @@ static int char2_field_tests(void) group = tmp; tmp = NULL; - if (!TEST_true(EC_GROUP_get_curve_GF2m(group, p, a, b, ctx))) + if (!TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx))) goto err; TEST_info("Curve defined by Weierstrass equation"); @@ -1031,19 +1020,17 @@ static int char2_field_tests(void) || !TEST_true(BN_hex2bn(&x, "6")) /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP - || !TEST_true(EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, - ctx)) + || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx)) # else || !TEST_true(BN_hex2bn(&y, "8")) - || !TEST_true(EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(group, Q, x, y, ctx)) # endif ) goto err; if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) { /* Change test based on whether binary point compression is enabled or not. */ # ifdef OPENSSL_EC_BIN_PT_COMP - if (!TEST_true(EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, - ctx))) + if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx))) goto err; # endif TEST_info("Point is not on curve"); @@ -1061,8 +1048,8 @@ static int char2_field_tests(void) if (EC_POINT_is_at_infinity(group, P)) TEST_note(" point at infinity"); else { - if (!TEST_true(EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, - ctx))) + if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, + ctx))) goto err; test_output_bignum("x", x); @@ -1306,7 +1293,7 @@ static int nistp_single_test(int idx) || !TEST_int_eq(1, BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) || !TEST_true(BN_hex2bn(&a, test->a)) || !TEST_true(BN_hex2bn(&b, test->b)) - || !TEST_true(EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) + || !TEST_true(EC_GROUP_set_curve(NISTP, p, a, b, ctx)) || !TEST_ptr(G = EC_POINT_new(NISTP)) || !TEST_ptr(P = EC_POINT_new(NISTP)) || !TEST_ptr(Q = EC_POINT_new(NISTP)) @@ -1318,13 +1305,13 @@ static int nistp_single_test(int idx) * When (x, y) is on the curve, (x, y + 1) is, as it happens, not, * and therefore setting the coordinates should fail. */ - || !TEST_false(EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, - yplusone, ctx)) - || !TEST_true(EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, - ctx)) + || !TEST_false(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, + yplusone, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, Q_CHECK, x, y, + ctx)) || !TEST_true(BN_hex2bn(&x, test->Gx)) || !TEST_true(BN_hex2bn(&y, test->Gy)) - || !TEST_true(EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) + || !TEST_true(EC_POINT_set_affine_coordinates(NISTP, G, x, y, ctx)) || !TEST_true(BN_hex2bn(&order, test->order)) || !TEST_true(EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) || !TEST_int_eq(EC_GROUP_get_degree(NISTP), test->degree)) diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c index ea8ac7d..0d145e8 100644 --- a/test/sm2_internal_test.c +++ b/test/sm2_internal_test.c @@ -107,8 +107,8 @@ static EC_GROUP *create_EC_group(const char *p_hex, const char *a_hex, if (!TEST_true(BN_hex2bn(&g_x, x_hex)) || !TEST_true(BN_hex2bn(&g_y, y_hex)) - || !TEST_true(EC_POINT_set_affine_coordinates_GFp(group, generator, - g_x, g_y, NULL))) + || !TEST_true(EC_POINT_set_affine_coordinates(group, generator, g_x, + g_y, NULL))) goto done; if (!TEST_true(BN_hex2bn(&order, order_hex)) diff --git a/util/libcrypto.num b/util/libcrypto.num index f193729..ed8a8f0 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -261,7 +261,7 @@ ASN1_NULL_free 262 1_1_0 EXIST::FUNCTION: EC_KEY_copy 263 1_1_0 EXIST::FUNCTION:EC EVP_des_ede3 264 1_1_0 EXIST::FUNCTION:DES PKCS7_add1_attrib_digest 265 1_1_0 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:EC +EC_POINT_get_affine_coordinates_GFp 266 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC EVP_seed_ecb 267 1_1_0 EXIST::FUNCTION:SEED BIO_dgram_sctp_wait_for_dry 268 1_1_0 EXIST::FUNCTION:DGRAM,SCTP ASN1_OCTET_STRING_NDEF_it 269 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -544,7 +544,7 @@ CONF_get_number 544 1_1_0 EXIST::FUNCTION: X509_EXTENSION_get_object 545 1_1_0 EXIST::FUNCTION: X509_EXTENSIONS_it 546 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSIONS_it 546 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_POINT_set_compressed_coordinates_GF2m 547 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_POINT_set_compressed_coordinates_GF2m 547 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M RSA_sign_ASN1_OCTET_STRING 548 1_1_0 EXIST::FUNCTION:RSA d2i_X509_CRL_fp 549 1_1_0 EXIST::FUNCTION:STDIO i2d_RSA_PUBKEY 550 1_1_0 EXIST::FUNCTION:RSA @@ -638,7 +638,7 @@ X509_REVOKED_it 638 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION: X509_REVOKED_it 638 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_THREAD_write_lock 639 1_1_0 EXIST::FUNCTION: X509V3_NAME_from_section 640 1_1_0 EXIST::FUNCTION: -EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:EC +EC_POINT_set_compressed_coordinates_GFp 641 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC OCSP_SINGLERESP_get0_id 642 1_1_0 EXIST::FUNCTION:OCSP UI_add_info_string 643 1_1_0 EXIST::FUNCTION: OBJ_NAME_remove 644 1_1_0 EXIST::FUNCTION: @@ -1874,7 +1874,7 @@ i2b_PrivateKey_bio 1858 1_1_0 EXIST::FUNCTION:DSA ASN1_STRING_length_set 1859 1_1_0 EXIST::FUNCTION: PEM_write_PKCS8 1860 1_1_0 EXIST::FUNCTION:STDIO PKCS7_digest_from_attributes 1861 1_1_0 EXIST::FUNCTION: -EC_GROUP_set_curve_GFp 1862 1_1_0 EXIST::FUNCTION:EC +EC_GROUP_set_curve_GFp 1862 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC X509_PURPOSE_get0 1863 1_1_0 EXIST::FUNCTION: EVP_PKEY_set1_DSA 1864 1_1_0 EXIST::FUNCTION:DSA X509_NAME_it 1865 1_1_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -1982,7 +1982,7 @@ X509_CRL_it 1966 1_1_0 EXIST:EXPORT_VAR_AS_FUNCTION: d2i_X509_ALGOR 1967 1_1_0 EXIST::FUNCTION: PKCS12_PBE_keyivgen 1968 1_1_0 EXIST::FUNCTION: BIO_test_flags 1969 1_1_0 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_POINT_get_affine_coordinates_GF2m 1970 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M EVP_ENCODE_CTX_num 1971 1_1_0 EXIST::FUNCTION: Camellia_cfb1_encrypt 1972 1_1_0 EXIST::FUNCTION:CAMELLIA NCONF_load_fp 1973 1_1_0 EXIST::FUNCTION:STDIO @@ -2183,7 +2183,7 @@ i2d_ASN1_T61STRING 2156 1_1_0 EXIST::FUNCTION: X509_add1_trust_object 2157 1_1_0 EXIST::FUNCTION: PEM_write_X509 2158 1_1_0 EXIST::FUNCTION:STDIO BN_CTX_free 2159 1_1_0 EXIST::FUNCTION: -EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_GROUP_get_curve_GF2m 2160 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M EVP_MD_flags 2161 1_1_0 EXIST::FUNCTION: OPENSSL_sk_set 2162 1_1_0 EXIST::FUNCTION: OCSP_request_sign 2163 1_1_0 EXIST::FUNCTION:OCSP @@ -2263,7 +2263,7 @@ ENGINE_set_name 2235 1_1_0 EXIST::FUNCTION:ENGINE TS_TST_INFO_get_policy_id 2236 1_1_0 EXIST::FUNCTION:TS PKCS7_SIGNER_INFO_set 2237 1_1_0 EXIST::FUNCTION: PEM_write_bio_PKCS8_PRIV_KEY_INFO 2238 1_1_0 EXIST::FUNCTION: -EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_GROUP_set_curve_GF2m 2239 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M ENGINE_load_builtin_engines 2240 1_1_0 EXIST::FUNCTION:ENGINE SRP_VBASE_init 2241 1_1_0 EXIST::FUNCTION:SRP SHA224_Final 2242 1_1_0 EXIST::FUNCTION: @@ -2983,7 +2983,7 @@ EVP_aes_192_cbc 2936 1_1_0 EXIST::FUNCTION: PKCS8_pkey_set0 2937 1_1_0 EXIST::FUNCTION: X509_get1_email 2938 1_1_0 EXIST::FUNCTION: EC_POINT_point2oct 2939 1_1_0 EXIST::FUNCTION:EC -EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:EC +EC_GROUP_get_curve_GFp 2940 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC ASYNC_block_pause 2941 1_1_0 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2942 1_1_0 EXIST::FUNCTION:OCSP CRYPTO_strdup 2943 1_1_0 EXIST::FUNCTION: @@ -3234,7 +3234,7 @@ X509_NAME_oneline 3186 1_1_0 EXIST::FUNCTION: X509V3_set_nconf 3187 1_1_0 EXIST::FUNCTION: RSAPrivateKey_dup 3188 1_1_0 EXIST::FUNCTION:RSA BN_mod_add 3189 1_1_0 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:EC +EC_POINT_set_affine_coordinates_GFp 3190 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC X509_get_default_cert_file 3191 1_1_0 EXIST::FUNCTION: UI_method_set_flusher 3192 1_1_0 EXIST::FUNCTION: RSA_new_method 3193 1_1_0 EXIST::FUNCTION:RSA @@ -3572,7 +3572,7 @@ PROXY_CERT_INFO_EXTENSION_new 3523 1_1_0 EXIST::FUNCTION: EVP_bf_cbc 3524 1_1_0 EXIST::FUNCTION:BF DSA_do_verify 3525 1_1_0 EXIST::FUNCTION:DSA EC_GROUP_get_seed_len 3526 1_1_0 EXIST::FUNCTION:EC -EC_POINT_set_affine_coordinates_GF2m 3527 1_1_0 EXIST::FUNCTION:EC,EC2M +EC_POINT_set_affine_coordinates_GF2m 3527 1_1_0 EXIST::FUNCTION:DEPRECATEDIN_1_2_0,EC,EC2M TS_REQ_set_policy_id 3528 1_1_0 EXIST::FUNCTION:TS BIO_callback_ctrl 3529 1_1_0 EXIST::FUNCTION: v2i_GENERAL_NAME 3530 1_1_0 EXIST::FUNCTION: @@ -4569,3 +4569,8 @@ EVP_PKEY_asn1_set_get_priv_key 4520 1_1_1 EXIST::FUNCTION: EVP_PKEY_asn1_set_get_pub_key 4521 1_1_1 EXIST::FUNCTION: EVP_PKEY_set_alias_type 4522 1_1_1 EXIST::FUNCTION: RAND_keep_random_devices_open 4523 1_1_1 EXIST::FUNCTION: +EC_POINT_set_compressed_coordinates 4524 1_1_1 EXIST::FUNCTION:EC +EC_POINT_set_affine_coordinates 4525 1_1_1 EXIST::FUNCTION:EC +EC_POINT_get_affine_coordinates 4526 1_1_1 EXIST::FUNCTION:EC +EC_GROUP_set_curve 4527 1_1_1 EXIST::FUNCTION:EC +EC_GROUP_get_curve 4528 1_1_1 EXIST::FUNCTION:EC From matt at openssl.org Tue Jul 31 08:43:36 2018 From: matt at openssl.org (Matt Caswell) Date: Tue, 31 Jul 2018 08:43:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1533026616.775043.905.nullmailer@dev.openssl.org> The branch master has been updated via 43a0f2733a943799060ea275516fcce00d89eb38 (commit) from 50db81633ece00593b245afed0ed9480d7ffb334 (commit) - Log ----------------------------------------------------------------- commit 43a0f2733a943799060ea275516fcce00d89eb38 Author: Matt Caswell Date: Mon Jul 30 09:13:14 2018 +0100 Fix some TLSv1.3 alert issues Ensure that the certificate required alert actually gets sent (and doesn't get translated into handshake failure in TLSv1.3). Ensure that proper reason codes are given for the new TLSv1.3 alerts. Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left over from an earlier TLSv1.3 draft that is no longer used. Fixes #6804 Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/6809) ----------------------------------------------------------------------- Summary of changes: crypto/err/openssl.ec | 2 ++ include/openssl/sslerr.h | 2 ++ include/openssl/tls1.h | 1 - ssl/ssl_err.c | 4 ++++ ssl/tls13_enc.c | 3 ++- test/ssl-tests/04-client_auth.conf | 2 +- test/ssl-tests/04-client_auth.conf.in | 4 +++- test/ssl-tests/26-tls13_client_auth.conf | 2 +- test/ssl-tests/26-tls13_client_auth.conf.in | 2 +- test/ssl_test_ctx.c | 1 + 10 files changed, 17 insertions(+), 6 deletions(-) diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 7fc5788..3e092ea 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -67,10 +67,12 @@ R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 R SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK 1086 R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +R SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 R TLS1_AD_UNKNOWN_PSK_IDENTITY 1115 +R SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 R TLS1_AD_NO_APPLICATION_PROTOCOL 1120 diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h index a5b2c55..87b295c 100644 --- a/include/openssl/sslerr.h +++ b/include/openssl/sslerr.h @@ -695,6 +695,8 @@ int ERR_load_SSL_strings(void); # define SSL_R_SSL_SESSION_ID_TOO_LONG 408 # define SSL_R_SSL_SESSION_VERSION_MISMATCH 210 # define SSL_R_STILL_IN_INIT 121 +# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED 1116 +# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION 1109 # define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 # define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 # define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 37bdc7d..761a86a 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -70,7 +70,6 @@ extern "C" { # define TLS1_AD_USER_CANCELLED 90 # define TLS1_AD_NO_RENEGOTIATION 100 /* TLSv1.3 alerts */ -# define TLS13_AD_END_OF_EARLY_DATA 1 # define TLS13_AD_MISSING_EXTENSION 109 /* fatal */ # define TLS13_AD_CERTIFICATE_REQUIRED 116 /* fatal */ /* codes 110-114 are from RFC3546 */ diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index d3e8056..11331ce 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1137,6 +1137,10 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH), "ssl session version mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), + "tlsv13 alert certificate required"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION), + "tlsv13 alert missing extension"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR), diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 264381b..48990fd 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -701,7 +701,8 @@ int tls13_update_key(SSL *s, int sending) int tls13_alert_code(int code) { - if (code == SSL_AD_MISSING_EXTENSION) + /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */ + if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED) return code; return tls1_alert_code(code); diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf index 5696394..8debb66 100644 --- a/test/ssl-tests/04-client_auth.conf +++ b/test/ssl-tests/04-client_auth.conf @@ -108,7 +108,7 @@ VerifyMode = Peer [test-2] ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure +ExpectedServerAlert = CertificateRequired # =========================================================== diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in index a780e00..b9c014d 100644 --- a/test/ssl-tests/04-client_auth.conf.in +++ b/test/ssl-tests/04-client_auth.conf.in @@ -101,7 +101,9 @@ sub generate_tests() { }, test => { "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "HandshakeFailure", + "ExpectedServerAlert" => + ($protocol_name eq "flex" && !disabled("tls1_3")) + ? "CertificateRequired" : "HandshakeFailure", "Method" => $method, }, }; diff --git a/test/ssl-tests/26-tls13_client_auth.conf b/test/ssl-tests/26-tls13_client_auth.conf index f769b12..55361dd 100644 --- a/test/ssl-tests/26-tls13_client_auth.conf +++ b/test/ssl-tests/26-tls13_client_auth.conf @@ -98,7 +98,7 @@ VerifyMode = Peer [test-2] ExpectedResult = ServerFail -ExpectedServerAlert = HandshakeFailure +ExpectedServerAlert = CertificateRequired # =========================================================== diff --git a/test/ssl-tests/26-tls13_client_auth.conf.in b/test/ssl-tests/26-tls13_client_auth.conf.in index 6da4168..e53cda2 100644 --- a/test/ssl-tests/26-tls13_client_auth.conf.in +++ b/test/ssl-tests/26-tls13_client_auth.conf.in @@ -61,7 +61,7 @@ our @tests = ( }, test => { "ExpectedResult" => "ServerFail", - "ExpectedServerAlert" => "HandshakeFailure", + "ExpectedServerAlert" => "CertificateRequired", }, }, { diff --git a/test/ssl_test_ctx.c b/test/ssl_test_ctx.c index 5b427e5..cb4b860 100644 --- a/test/ssl_test_ctx.c +++ b/test/ssl_test_ctx.c @@ -126,6 +126,7 @@ static const test_enum ssl_alerts[] = { {"UnrecognizedName", SSL_AD_UNRECOGNIZED_NAME}, {"BadCertificate", SSL_AD_BAD_CERTIFICATE}, {"NoApplicationProtocol", SSL_AD_NO_APPLICATION_PROTOCOL}, + {"CertificateRequired", SSL_AD_CERTIFICATE_REQUIRED}, }; __owur static int parse_alert(int *alert, const char *value) From rsalz at openssl.org Tue Jul 31 15:48:27 2018 From: rsalz at openssl.org (Rich Salz) Date: Tue, 31 Jul 2018 15:48:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1533052107.418572.2817.nullmailer@dev.openssl.org> The branch master has been updated via ed4fc85359d40bd06a53af9c8a058b8d3e4e3e39 (commit) from 43a0f2733a943799060ea275516fcce00d89eb38 (commit) - Log ----------------------------------------------------------------- commit ed4fc85359d40bd06a53af9c8a058b8d3e4e3e39 Author: Rich Salz Date: Tue Jul 31 11:36:44 2018 -0400 Some protocol versions are build-time Clarify docs to list that some protocol flags might not be available depending on how OpenSSL was build. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6816) ----------------------------------------------------------------------- Summary of changes: doc/man1/ciphers.pod | 28 +++++----------------------- doc/man1/s_client.pod | 2 ++ doc/man1/s_server.pod | 2 ++ doc/man1/s_time.pod | 7 +++++-- 4 files changed, 14 insertions(+), 25 deletions(-) diff --git a/doc/man1/ciphers.pod b/doc/man1/ciphers.pod index e3278eb..3aea982 100644 --- a/doc/man1/ciphers.pod +++ b/doc/man1/ciphers.pod @@ -73,30 +73,12 @@ L. Like B<-v>, but include the official cipher suite values in hex. -=item B<-tls1_3> +=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3> -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.3 were negotiated. - -=item B<-tls1_2> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.2 were negotiated. - -=item B<-ssl3> - -In combination with the B<-s> option, list the ciphers which would be used if -SSLv3 were negotiated. - -=item B<-tls1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1 were negotiated. - -=item B<-tls1_1> - -In combination with the B<-s> option, list the ciphers which would be used if -TLSv1.1 were negotiated. +In combination with the B<-s> option, list the ciphers which could be used if +the specified protocol were negotiated. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-stdname> diff --git a/doc/man1/s_client.pod b/doc/man1/s_client.pod index 7d92dd8..80152e1 100644 --- a/doc/man1/s_client.pod +++ b/doc/man1/s_client.pod @@ -473,6 +473,8 @@ By default B will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be offered to and accepted from the server. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-dtls>, B<-dtls1>, B<-dtls1_2> diff --git a/doc/man1/s_server.pod b/doc/man1/s_server.pod index 5399096..07016fc 100644 --- a/doc/man1/s_server.pod +++ b/doc/man1/s_server.pod @@ -532,6 +532,8 @@ By default B will negotiate the highest mutually supported protocol version. When a specific TLS version is required, only that version will be accepted from the client. +Note that not all protocols and flags may be available, depending on how +OpenSSL was built. =item B<-bugs> diff --git a/doc/man1/s_time.pod b/doc/man1/s_time.pod index e5b8af4..d17e137 100644 --- a/doc/man1/s_time.pod +++ b/doc/man1/s_time.pod @@ -112,16 +112,19 @@ specified, they are both on by default and executed in sequence. =item B<-ssl3> -These options disable the use of certain SSL or TLS protocols. By default +This option disables the use of SSL version 3. By default the initial handshake uses a method which should be compatible with all servers and permit them to use SSL v3 or TLS as appropriate. + The timing program is not as rich in options to turn protocols on and off as the L program and may not connect to all servers. - Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only work if TLS is turned off with the B<-ssl3> option. +Note that this option may not be available, depending on how +OpenSSL was built. + =item B<-bugs> There are several known bug in SSL and TLS implementations. Adding this From no-reply at appveyor.com Tue Jul 31 17:20:35 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 31 Jul 2018 17:20:35 +0000 Subject: [openssl-commits] Build failed: openssl master.19190 Message-ID: <20180731172035.1.74122B69E308D9DF@appveyor.com> An HTML attachment was scrubbed... URL: From no-reply at appveyor.com Tue Jul 31 18:15:43 2018 From: no-reply at appveyor.com (AppVeyor) Date: Tue, 31 Jul 2018 18:15:43 +0000 Subject: [openssl-commits] Build completed: openssl master.19191 Message-ID: <20180731181543.1.73F031453B82BD8C@appveyor.com> An HTML attachment was scrubbed... URL: From levitte at openssl.org Tue Jul 31 19:50:29 2018 From: levitte at openssl.org (Richard Levitte) Date: Tue, 31 Jul 2018 19:50:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1533066629.860791.31914.nullmailer@dev.openssl.org> The branch master has been updated via bff0f2badc4e692c50757b5632badcba5d94fa04 (commit) from ed4fc85359d40bd06a53af9c8a058b8d3e4e3e39 (commit) - Log ----------------------------------------------------------------- commit bff0f2badc4e692c50757b5632badcba5d94fa04 Author: Richard Levitte Date: Tue Jul 31 07:19:06 2018 +0200 Ensure symbols don't get deprecated too early There are symbols we've marked for deprecation in OpenSSL 1.2.0. We must ensure that they don't actually become deprecated before that. Fixes #6814 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/6824) ----------------------------------------------------------------------- Summary of changes: include/openssl/opensslconf.h.in | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/openssl/opensslconf.h.in b/include/openssl/opensslconf.h.in index b793d48..bc98cad 100644 --- a/include/openssl/opensslconf.h.in +++ b/include/openssl/opensslconf.h.in @@ -9,6 +9,8 @@ * https://www.openssl.org/source/license.html */ +#include + #ifdef __cplusplus extern "C" { #endif @@ -97,7 +99,13 @@ extern "C" { # define OPENSSL_API_COMPAT OPENSSL_MIN_API #endif -#if OPENSSL_API_COMPAT < 0x10200000L +/* + * Do not deprecate things to be deprecated in version 1.2.0 before the + * OpenSSL version number matches. + */ +#if OPENSSL_VERSION_NUMBER < 0x10200000L +# define DEPRECATEDIN_1_2_0(f) f; +#elif OPENSSL_API_COMPAT < 0x10200000L # define DEPRECATEDIN_1_2_0(f) DECLARE_DEPRECATED(f) #else # define DEPRECATEDIN_1_2_0(f)