On Sun, Jun 02, 2019 at 11:00:28PM +0200, Sebastian Andrzej Siewior wrote: > Package: openssl > Version: 1.1.1c-1 > Severity: serious > > The m2crypto test suite fails with c, passes with b. The error log > > https://ci.debian.net/data/autopkgtest/testing/amd64/m/m2crypto/2436983/log.gz > > The testsuite complains about a missing error / the exception is not > raised. The bisect says, this happens since > > |commit f61c68043d3bd2ad9718d356e7988ee2fdfc3621 > | Author: Bernd Edlinger <bernd.edlin...@hotmail.de> > | Date: Thu Feb 28 10:08:18 2019 +0100 > | > | Fix memory overrun in rsa padding check functions > | > | Fixes #8364 and #8357 > | > | Reviewed-by: Kurt Roeckx <k...@roeckx.be> > | (Merged from https://github.com/openssl/openssl/pull/8365) > | > | (cherry picked from commit d7f5e5ae6d53f1387a42d210806cf5e9ed0882d6) > > Kurt, can you check if this is an error in the testsuite or something > legal?
Looking at the log, this is about SSLv23 padding. >From the review, Bernd wrote: > While doing that I found an issue in RSA_padding_check_SSLv23 > It does the 03 check the wrong way round. But there is no test coverage, > so it was not noticed. [...] > So, I added a small test for RSA_SSLV23_PADDING, as an extra commit, > since it will likely not cherry-pick in stable branches. It's about this change: - good &= constant_time_lt(threes_in_row, 8); + good &= constant_time_ge(threes_in_row, 8); (That should probably have been a separate commit.) Can you confirm that that is the reason for the change in behaviour? I don't understand the m2crypto code, so I have no idea what it's testing. Kurt
