7b50483ad7
ECDSA signing has a retry loop for the exceptionally unlikely case that S==0. S is not a secret at this point and this case is so rare that it will never be observed but branching on it will trip up tools analysing if the code is constant time with respect to secrets. Derandomized ECDSA can also loop on k being zero or overflowing, and while k is a secret these cases are too rare (1:2^255) to ever observe and are also of no concern. This adds a function for marking memory as no-longer-secret and sets it up for use with the valgrind memcheck constant-time test.
88 lines
3.2 KiB
YAML
88 lines
3.2 KiB
YAML
language: c
|
|
os: linux
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- libgmp-dev
|
|
- valgrind
|
|
compiler:
|
|
- clang
|
|
- gcc
|
|
env:
|
|
global:
|
|
- FIELD=auto BIGNUM=auto SCALAR=auto ENDOMORPHISM=no STATICPRECOMPUTATION=yes ECMULTGENPRECISION=auto ASM=no BUILD=check EXTRAFLAGS= HOST= ECDH=no RECOVERY=no EXPERIMENTAL=no
|
|
matrix:
|
|
- SCALAR=32bit RECOVERY=yes
|
|
- SCALAR=32bit FIELD=32bit ECDH=yes EXPERIMENTAL=yes
|
|
- SCALAR=64bit
|
|
- FIELD=64bit RECOVERY=yes
|
|
- FIELD=64bit ENDOMORPHISM=yes
|
|
- FIELD=64bit ENDOMORPHISM=yes ECDH=yes EXPERIMENTAL=yes
|
|
- FIELD=64bit ASM=x86_64
|
|
- FIELD=64bit ENDOMORPHISM=yes ASM=x86_64
|
|
- FIELD=32bit ENDOMORPHISM=yes
|
|
- BIGNUM=no
|
|
- BIGNUM=no ENDOMORPHISM=yes RECOVERY=yes EXPERIMENTAL=yes
|
|
- BIGNUM=no STATICPRECOMPUTATION=no
|
|
- BUILD=distcheck
|
|
- EXTRAFLAGS=CPPFLAGS=-DDETERMINISTIC
|
|
- EXTRAFLAGS=CFLAGS=-O0
|
|
- ECMULTGENPRECISION=2
|
|
- ECMULTGENPRECISION=8
|
|
matrix:
|
|
fast_finish: true
|
|
include:
|
|
- compiler: clang
|
|
env: HOST=i686-linux-gnu ENDOMORPHISM=yes
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gcc-multilib
|
|
- libgmp-dev:i386
|
|
- compiler: clang
|
|
env: HOST=i686-linux-gnu
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gcc-multilib
|
|
- compiler: gcc
|
|
env: HOST=i686-linux-gnu ENDOMORPHISM=yes
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gcc-multilib
|
|
- compiler: gcc
|
|
env: HOST=i686-linux-gnu
|
|
addons:
|
|
apt:
|
|
packages:
|
|
- gcc-multilib
|
|
- libgmp-dev:i386
|
|
- compiler: gcc
|
|
env:
|
|
- BIGNUM=no ENDOMORPHISM=yes ASM=x86_64 EXPERIMENTAL=yes ECDH=yes RECOVERY=yes
|
|
- VALGRIND=yes EXTRAFLAGS="--disable-openssl-tests CPPFLAGS=-DVALGRIND" BUILD=
|
|
- compiler: gcc
|
|
env: # The same as above but without endomorphism.
|
|
- BIGNUM=no ENDOMORPHISM=no ASM=x86_64 EXPERIMENTAL=yes ECDH=yes RECOVERY=yes
|
|
- VALGRIND=yes EXTRAFLAGS="--disable-openssl-tests CPPFLAGS=-DVALGRIND" BUILD=
|
|
|
|
before_script: ./autogen.sh
|
|
|
|
script:
|
|
- if [ -n "$HOST" ]; then export USE_HOST="--host=$HOST"; fi
|
|
- if [ "x$HOST" = "xi686-linux-gnu" ]; then export CC="$CC -m32"; fi
|
|
- ./configure --enable-experimental=$EXPERIMENTAL --enable-endomorphism=$ENDOMORPHISM --with-field=$FIELD --with-bignum=$BIGNUM --with-asm=$ASM --with-scalar=$SCALAR --enable-ecmult-static-precomputation=$STATICPRECOMPUTATION --with-ecmult-gen-precision=$ECMULTGENPRECISION --enable-module-ecdh=$ECDH --enable-module-recovery=$RECOVERY $EXTRAFLAGS $USE_HOST
|
|
- if [ -n "$BUILD" ]; then make -j2 $BUILD; fi
|
|
- # travis_wait extends the 10 minutes without output allowed (https://docs.travis-ci.com/user/common-build-problems/#build-times-out-because-no-output-was-received)
|
|
- # the `--error-exitcode` is required to make the test fail if valgrind found errors, otherwise it'll return 0 (http://valgrind.org/docs/manual/manual-core.html)
|
|
- if [ -n "$VALGRIND" ]; then
|
|
make -j2 &&
|
|
travis_wait 30 valgrind --error-exitcode=42 ./tests 16 &&
|
|
travis_wait 30 valgrind --error-exitcode=42 ./exhaustive_tests;
|
|
fi
|
|
|
|
after_script:
|
|
- cat ./tests.log
|
|
- cat ./exhaustive_tests.log
|