Debian Bug report logs - #440538
openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.

version graph

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Kurt Roeckx <kurt@roeckx.be>

Date: Sun, 2 Sep 2007 15:39:04 UTC

Severity: important

Tags: help, unreproducible

Found in versions openssl/0.9.8o-3, 0.9.8k-4

Fixed in version openssl/1.0.0f-1

Done: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: submit@bugs.debian.org
Subject: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.
Date: Sun, 2 Sep 2007 17:37:22 +0200
Package: openssl
Version: 0.9.8e-7
Severity: serious

While building openssl on i386 with gcc 4.2 I get the following error:
sect239k1: ...... failed

ECDSA test failed
8348:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1294:
8348:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:830:
8348:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
error:tasn_dec.c:749:Field=r, Type=ECDSA_SIG
make[2]: *** [test_ecdsa] Error 1

This doesn't happen with all the -march values.  I'm suspecting this is
a gcc bug at this point.


Kurt




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 440538@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: 440538@bugs.debian.org
Subject: Re: Bug#440538: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.
Date: Sun, 2 Sep 2007 19:11:43 +0200
tags 440538 + unreproducible
thanks

On Sun, Sep 02, 2007 at 05:37:22PM +0200, Kurt Roeckx wrote:
> Package: openssl
> Version: 0.9.8e-7
> Severity: serious
> 
> While building openssl on i386 with gcc 4.2 I get the following error:
> sect239k1: ...... failed
> 
> ECDSA test failed
> 8348:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1294:
> 8348:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:830:
> 8348:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
> error:tasn_dec.c:749:Field=r, Type=ECDSA_SIG
> make[2]: *** [test_ecdsa] Error 1

I can't seem to reproduce this anymore, same version of everything,
doing exactly the same.


Kurt




Tags added: unreproducible Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sun, 02 Sep 2007 17:21:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #17 received at 440538@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: 440538@bugs.debian.org
Subject: Re: [Pkg-openssl-devel] Bug#440538: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.
Date: Wed, 5 Sep 2007 18:42:19 +0200
On Sun, Sep 02, 2007 at 07:11:43PM +0200, Kurt Roeckx wrote:
> tags 440538 + unreproducible
> thanks
> 
> On Sun, Sep 02, 2007 at 05:37:22PM +0200, Kurt Roeckx wrote:
> > Package: openssl
> > Version: 0.9.8e-7
> > Severity: serious
> > 
> > While building openssl on i386 with gcc 4.2 I get the following error:
> > sect239k1: ...... failed
> > 
> > ECDSA test failed
> > 8348:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1294:
> > 8348:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:830:
> > 8348:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
> > error:tasn_dec.c:749:Field=r, Type=ECDSA_SIG
> > make[2]: *** [test_ecdsa] Error 1
> 
> I can't seem to reproduce this anymore, same version of everything,
> doing exactly the same.

It failed to build on sparc with a simular error:
testing ECDSA_sign() and ECDSA_verify() with some internal curves:
secp160k1: ....... ok
secp160r1: ....... ok
secp160r2: ....... ok
secp192k1: ....... ok
secp224k1: ....... ok
secp224r1: ....... ok
secp256k1: ....... ok
secp384r1: ....... ok
secp521r1: ....... ok
prime192v1: ....... ok
prime192v2: ....... ok
prime192v3: ....... ok
prime239v1: ....... ok
prime239v2: ... failed

ECDSA test failed
make[2]: *** [test_ecdsa] Error 1
make[2]: Leaving directory `/build/buildd/openssl-0.9.8e/test'
make[1]: *** [tests] Error 2


In this case it was during the v9 build, while the static and v8
versions didn't show the problems.


Kurt




Tags added: help Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Fri, 07 Sep 2007 18:03:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #24 received at 440538@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: debian-sparc@lists.debian.org
Cc: 440538@bugs.debian.org
Subject: openssl testsuite failure on sparc.
Date: Mon, 24 Sep 2007 20:34:28 +0200
Hi,

Can someone please take a look at bug #440538.  There doesn't seem to be
any sparc developers machines available.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to kurt@roeckx.be (Kurt Roeckx):
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #29 received at 440538@bugs.debian.org (full text, mbox):

From: kurt@roeckx.be (Kurt Roeckx)
To: control@bugs.debian.org
Cc: 440538@bugs.debian.org
Subject: notfound 440538 in 0.9.8e-7, tagging 440538
Date: Sat, 29 Sep 2007 17:22:52 +0200 (CEST)
# Automatically generated email from bts, devscripts version 2.10.8
# If it's related to gcc-4.2, testing is affected now too
notfound 440538 0.9.8e-7
tags 440538 + lenny sid




Bug no longer marked as found in version 0.9.8e-7. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sat, 29 Sep 2007 15:33:06 GMT) Full text and rfc822 format available.

Tags added: lenny, sid Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sat, 29 Sep 2007 15:33:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Jurij Smakov <jurij@wooyd.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #38 received at 440538@bugs.debian.org (full text, mbox):

From: Jurij Smakov <jurij@wooyd.org>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: debian-sparc@lists.debian.org, 440538@bugs.debian.org
Subject: Re: openssl testsuite failure on sparc.
Date: Sun, 30 Sep 2007 22:58:21 +0100
On Mon, Sep 24, 2007 at 08:34:28PM +0200, Kurt Roeckx wrote:
> Hi,
> 
> Can someone please take a look at bug #440538.  There doesn't seem to be
> any sparc developers machines available.

According to the latest log [0], openssl built successfully on sparc 2 
days ago. I have also successfully built it locally against the latest 
sid.

[0] http://buildd.debian.org/fetch.cgi?pkg=openssl&arch=sparc&ver=0.9.8e-9&stamp=1191016043&file=log&as=raw 

Best regards,
-- 
Jurij Smakov                                           jurij@wooyd.org
Key: http://www.wooyd.org/pgpkey/                      KeyID: C99E03CC




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #43 received at 440538@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: Jurij Smakov <jurij@wooyd.org>
Cc: debian-sparc@lists.debian.org, 440538@bugs.debian.org
Subject: Re: openssl testsuite failure on sparc.
Date: Mon, 1 Oct 2007 00:27:42 +0200
On Sun, Sep 30, 2007 at 10:58:21PM +0100, Jurij Smakov wrote:
> On Mon, Sep 24, 2007 at 08:34:28PM +0200, Kurt Roeckx wrote:
> > Hi,
> > 
> > Can someone please take a look at bug #440538.  There doesn't seem to be
> > any sparc developers machines available.
> 
> According to the latest log [0], openssl built successfully on sparc 2 
> days ago. I have also successfully built it locally against the latest 
> sid.

It seems to be rather unreproducible, which is rather annoying.


Kurt





Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to kurt@roeckx.be (Kurt Roeckx):
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #48 received at 440538@bugs.debian.org (full text, mbox):

From: kurt@roeckx.be (Kurt Roeckx)
To: control@bugs.debian.org
Cc: 440538@bugs.debian.org
Subject: severity of 440538 is important
Date: Sat, 24 Nov 2007 20:34:04 +0100 (CET)
# Automatically generated email from bts, devscripts version 2.10.10
# I haven't seen this recently, so I'll assume it's no longer a problem.
severity 440538 important




Severity set to `important' from `serious' Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sat, 24 Nov 2007 19:36:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. Full text and rfc822 format available.

Acknowledgement sent to Kurt Roeckx <kurt@roeckx.be>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #55 received at 440538@bugs.debian.org (full text, mbox):

From: Kurt Roeckx <kurt@roeckx.be>
To: mipsel@buildd.debian.org
Cc: 440538@bugs.debian.org
Subject: openssl_0.9.8g-10.1: Reschedule.
Date: Mon, 2 Jun 2008 00:49:03 +0200
Hi,

It seems that openssl_0.9.8g-10.1 failed to build on mipsel like this:
c2pnb208w1: ....... ok
c2tnb239v1: ...... failed

ECDSA test failed
[...]

This seems to be yet an other instance of #440538.  I haven't been
able to reproduce this.  And it always seems to be in an other of
the tests.

Can you please reschedule the package?


Kurt





Tags added: squeeze Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Sat, 21 Feb 2009 15:18:26 GMT) Full text and rfc822 format available.

Bug Marked as found in versions 0.9.8k-4. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Fri, 14 Aug 2009 11:48:06 GMT) Full text and rfc822 format available.

Bug Marked as found in versions openssl/0.9.8o-3. Request was from kurt@roeckx.be (Kurt Roeckx) to control@bugs.debian.org. (Tue, 16 Nov 2010 23:09:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. (Thu, 18 Nov 2010 20:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sebastian Andrzej Siewior <sebastian@breakpoint.cc>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Thu, 18 Nov 2010 20:09:03 GMT) Full text and rfc822 format available.

Message #66 received at 440538@bugs.debian.org (full text, mbox):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: 440538@bugs.debian.org
Subject: Re: Bug#440538: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.
Date: Thu, 18 Nov 2010 21:05:57 +0100
* Kurt Roeckx | 2007-09-02 19:11:43 [+0200]:

>> While building openssl on i386 with gcc 4.2 I get the following error:
>> sect239k1: ...... failed
>
>I can't seem to reproduce this anymore, same version of everything,
>doing exactly the same.

Good news. I have here amd64 with an up to date sid environment and I
can trigger this (finally) reliably. So now I'm going hunting, the days
of this bug are numbered :)

>Kurt

Sebastian




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. (Sat, 20 Nov 2010 10:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sebastian Andrzej Siewior <sebastian@breakpoint.cc>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Sat, 20 Nov 2010 10:03:03 GMT) Full text and rfc822 format available.

Message #71 received at 440538@bugs.debian.org (full text, mbox):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: openssl-dev@openssl.org
Cc: 440538@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>
Subject: openssl: sect239k1 testsuite failure, looks like a weak key
Date: Sat, 20 Nov 2010 11:00:49 +0100
the following got reported as Debian bug #440538 [0]. I tried to track
it down with latest release of openssl available in Debian (0.9.8o-3).
Here is what I got so far:

ecdsatest.c has a test function named test_builtin() which does the
following (the important part):
1. create a random digest (RAND_pseudo_bytes, digest)
2. select a curve. In this case curve 31, sect239k1
3. create a key (eckey, EC_KEY_generate_key)
4. create a signature with key & digest (ECDSA_sign)
5. compute offset (signature[10] % sig_len)
6. compute dirt (signature[11])
7. xor signature[offset] with dirt
8. verify the modified signature (ECDSA_verify)

Now, the test fails because step 8 returns "correct" which should be
wrong because the signature got modified.
Here are the data structures I recoved from the test case at the time it
went wrong:
- the digest:
        0x57, 0x1b, 0xce, 0x73, 0x44, 0x75, 0x43, 0x6f, 0xbe, 0xa5,
        0xc7, 0x74, 0xa3, 0xe1, 0x06, 0x60, 0xd1, 0xae, 0x61, 0x17

- the eckey dumped with EC_KEY_print:
   Private-Key: (238 bit)
                priv:
                    16:b0:3e:78:68:7b:1b:b3:0b:04:dc:c6:e6:f7:c2:
                    e3:5e:31:f1:08:99:00:f3:97:0a:a9:ea:f1:f0:23
                pub: 
                    04:4a:57:e5:9f:6a:be:e0:97:d3:6a:c2:07:e0:e5:
                    27:0b:db:8a:56:9a:f9:08:61:fd:75:2b:8f:cd:00:
                    0b:3b:7b:63:92:71:b7:b2:ef:13:a7:89:14:1d:c7:
                    bb:b6:0c:d2:05:f9:2f:01:9b:ed:93:a3:43:05:db:
                    e0
                Field Type: characteristic-two-field
                Basis Type: tpBasis
                Polynomial:
                    00:80:00:00:00:00:00:00:00:00:00:40:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    01
                A:    0
                B:    1 (0x1)
                Generator (uncompressed):
                    04:29:a0:b6:a8:87:a9:83:e9:73:09:88:a6:87:27:
                    a8:b2:d1:26:c4:4c:c2:cc:7b:2a:65:55:19:30:35:
                    dc:76:31:08:04:f1:2e:54:9b:db:01:1c:10:30:89:
                    e7:35:10:ac:b2:75:fc:31:2a:5d:c6:b7:65:53:f0:
                    ca
                Order: 
                    20:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    5a:79:fe:c6:7c:b6:e9:1f:1c:1d:a8:00:e4:78:a5
                Cofactor:  4 (0x4)

- the signature:
          40 02 1e 1e cd c7 35 0e 0e a7
          9e a6 0f 7e 02 b9 7c e8 aa eb
          54 47 5e 16 05 31 95 b5 41 11
          7b 2f 1e 02 1e 0b 19 a4 c5 d8
          2d c4 e3 25 dc 53 8e 89 01 5f
          1b 37 32 5a 6b da 2c 17 b5 41
          80 ee 14 60 ea 


- offset	[10] = 0xa7
- dirt		[11] = 0x9e
- modification	[35] = 0x1e => 0x80

Could it be possible that this curve is weak or should just the key be
verified and excluded if such a weakness is discovered?

If one wants a different function / method to dump the key or something
else please say so :)

[0] http://bugs.debian.org/440538

Sebastian




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#440538; Package openssl. (Sun, 02 Jan 2011 22:18:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sebastian Andrzej Siewior <sebastian@breakpoint.cc>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Sun, 02 Jan 2011 22:18:03 GMT) Full text and rfc822 format available.

Message #76 received at 440538@bugs.debian.org (full text, mbox):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: openssl-dev@openssl.org
Cc: 440538@bugs.debian.org, Kurt Roeckx <kurt@roeckx.be>
Subject: [PATCH] ecrypto/ecdsa: fix a zero change in the test suite
Date: Sun, 2 Jan 2011 23:14:45 +0100
At the end of the testsuite in test_builtin() happens the following:
- a previously created signature gets modified at a random spot
- this signature is compared against the data which was used to create the
  signature.

Now, in theory the last step should always fail in reality is passed
sometimes. The modification algorithm did the following:
|	offset = sig[10] % 66;
|	dirt = sig[11];
|	dirt = dirt ? dirt : 1;
|	sig[offset] ^= dirt;

If sig[10] is 0xa7 and sig[11] is 0x9e the last line evolves to:
|	sig[35] ^= 0x9e;

The signature consists of two BIGNUMs encoded as ASN1 string. sig[34] and
sig[35] is the begin of the second and last number. sig[35] contains the
length of this number and its content is 0x1e. Now, 0x9e ^ 0x1e = 0x80
and this is a special value. It means that the length of the value is
"infinite" i.e. everything until the end of the stream. So the ASN1 parser
considers the remaining data as the last element. Since there is nothing
after it, it succeeds. This random modification was a zero change.

This change ensures that something like this does not happen again. If we
do a zero change by accident (R and S are unchanged) we make a third
change and hope that something will change now.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
 crypto/ecdsa/ecdsatest.c |   87 +++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 82 insertions(+), 5 deletions(-)

diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index aa4e148..67db141 100644
--- a/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
@@ -281,6 +281,85 @@ x962_err:
 	return ret;
 	}
 
+static int compare_sig(unsigned char *osig, unsigned int sig_len, ECDSA_SIG *old_sig)
+{
+	unsigned char *signature = osig;
+	ECDSA_SIG *new_sig = NULL;
+	char *org_r = NULL, *org_s = NULL;
+	char *new_r = NULL, *new_s = NULL;
+	int ret = -1;
+
+	org_r = BN_bn2hex(old_sig->r);
+	org_s = BN_bn2hex(old_sig->s);
+	if (!org_r || !org_s)
+		goto out;
+
+	new_sig = ECDSA_SIG_new();
+	if (!new_sig)
+		goto out;
+	if (!d2i_ECDSA_SIG(&new_sig, (const unsigned char **)&signature, sig_len))
+		goto out;
+
+	new_r = BN_bn2hex(new_sig->r);
+	new_s = BN_bn2hex(new_sig->s);
+	if (!new_r || !new_s)
+		goto out;
+	if ((!strcmp(org_r, new_r)) &&
+			!strcmp(org_s, new_s))
+		/* the signature did not change */
+		ret = 1;
+	else
+		ret = 0;
+out:
+	if (new_sig)
+		ECDSA_SIG_free(new_sig);
+	if (new_r)
+		OPENSSL_free(new_r);
+	if (new_s)
+		OPENSSL_free(new_s);
+	if (org_r)
+		OPENSSL_free(org_r);
+	if (org_s)
+		OPENSSL_free(org_s);
+	return ret;
+}
+
+static void modify_signature(unsigned char *osig, unsigned int sig_len, BIO *out)
+{
+	unsigned char dirt, offset;
+	unsigned char *signature = osig;
+	ECDSA_SIG *org_sig;
+	int ret;
+
+	org_sig = ECDSA_SIG_new();
+	if (!org_sig)
+		return;
+
+	if (!d2i_ECDSA_SIG(&org_sig, (const unsigned char **)&signature, sig_len))
+		goto out;
+
+	signature = osig;
+	offset = signature[10] % sig_len;
+	dirt = signature[11];
+	dirt = dirt ? dirt : 1;
+	signature[offset] ^= dirt;
+
+	ret = compare_sig(osig, sig_len, org_sig);
+	if (ret <= 0)
+		goto out;
+
+	signature[offset] = ~signature[offset];
+	ret = compare_sig(osig, sig_len, org_sig);
+	if (ret <= 0)
+		goto out;
+	BIO_printf(out, "Failed to modify signature. Tried: %02x => %02x => %02x\n",
+			(unsigned char) (~osig[offset] ^ dirt),
+			(unsigned char)~osig[offset], osig[offset]);
+	BIO_printf(out, "at offset 0x%02x and it was always equal.\n", offset);
+out:
+	ECDSA_SIG_free(org_sig);
+}
+
 int test_builtin(BIO *out)
 	{
 	EC_builtin_curve *curves = NULL;
@@ -325,8 +404,6 @@ int test_builtin(BIO *out)
 	/* now create and verify a signature for every curve */
 	for (n = 0; n < crv_len; n++)
 		{
-		unsigned char dirt, offset;
-
 		nid = curves[n].nid;
 		if (nid == NID_ipsec4)
 			continue;
@@ -416,9 +493,9 @@ int test_builtin(BIO *out)
 		BIO_printf(out, ".");
 		(void)BIO_flush(out);
 		/* modify a single byte of the signature */
-		offset = signature[10] % sig_len;
-		dirt   = signature[11];
-		signature[offset] ^= dirt ? dirt : 1; 
+
+		modify_signature(signature, sig_len, out);
+
 		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
 			{
 			BIO_printf(out, " failed\n");
-- 
1.7.2.3





Added tag(s) wheezy. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Wed, 16 Feb 2011 19:03:12 GMT) Full text and rfc822 format available.

Reply sent to Sebastian Andrzej Siewior <sebastian@breakpoint.cc>:
You have taken responsibility. (Sun, 04 Mar 2012 10:15:17 GMT) Full text and rfc822 format available.

Notification sent to Kurt Roeckx <kurt@roeckx.be>:
Bug acknowledged by developer. (Sun, 04 Mar 2012 10:15:23 GMT) Full text and rfc822 format available.

Message #83 received at 440538-done@bugs.debian.org (full text, mbox):

From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
To: Kurt Roeckx <kurt@roeckx.be>
Cc: 440538-done@bugs.debian.org
Subject: Re: Bug#440538: openssl: FTBFS with gcc-4.2: sect239k1 testsuite failure.
Date: Sun, 4 Mar 2012 10:50:42 +0100
Package: openssl
Version: 1.0.0f-1

* Kurt Roeckx | 2007-09-02 19:11:43 [+0200]:

>I can't seem to reproduce this anymore, same version of everything,
>doing exactly the same.

This has been fixed upstream in 1.0.0f according to [0].

[0] http://cvs.openssl.org/chngview?cn=21780

>Kurt

Sebastian




Added tag(s) jessie. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Thu, 18 Apr 2013 17:40:58 GMT) Full text and rfc822 format available.

Removed tag(s) sid, squeeze, wheezy, jessie, and lenny. Request was from Andreas Beckmann <anbe@debian.org> to control@bugs.debian.org. (Fri, 01 Nov 2013 22:31:28 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 30 Nov 2013 07:44:29 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:19:02 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.