Errored: openssl/openssl#35591 (master - d4bf0d5)
Travis CI
builds at travis-ci.com
Sun Jun 21 13:57:10 UTC 2020
Build Update for openssl/openssl
-------------------------------------
Build: #35591
Status: Errored
Duration: 1 hr, 46 mins, and 44 secs
Commit: d4bf0d5 (master)
Author: Nicola Tuveri
Message: Flag RSA secret BNs as consttime on keygen and checks
<https://github.com/openssl/openssl/pull/11765> switched the default
code path for keygen.
External testing through TriggerFlow highlighted that in several places
we failed (once more!) to set the `BN_FLG_CONSTTIME` flag on critical
secret values (either long term or temporary values).
This commit tries to make sure that the secret BN values inside the
`rsa struct` are always flagged on creation, and that temporary values
derived from these secrets are flagged when allocated from a BN_CTX.
Acknowledgments
---------------
Thanks to @Voker57, @bbbrumley, @sohhas, @cpereida for the
[OpenSSL Triggerflow CI] ([paper]) through which this defect was detected and
tested, and for providing early feedback to fix the issue!
[OpenSSL Triggerflow CI]: https://gitlab.com/nisec/openssl-triggerflow-ci
[paper]: https://eprint.iacr.org/2019/366
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12167)
View the changeset: https://github.com/openssl/openssl/compare/200ae2ee8e1c...d4bf0d57a84a
View the full build log and details: https://travis-ci.com/github/openssl/openssl/builds/172375463?utm_medium=notification&utm_source=email
--
You can unsubscribe from build emails from the openssl/openssl repository going to https://travis-ci.com/account/preferences/unsubscribe?repository=13885459&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.com/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-commits/attachments/20200621/28fd412f/attachment-0001.html>
More information about the openssl-commits
mailing list