From e6692778d3f6507eb1325785cdd424073a945ff7 Mon Sep 17 00:00:00 2001 From: Elichai Turkel Date: Wed, 21 Oct 2020 14:39:52 +0300 Subject: [PATCH 1/2] Modify bitcoin_secp.m4's openssl check to call all the functions that we use in the tests/benchmarks. That way linking will fail if those symbols are missing --- build-aux/m4/bitcoin_secp.m4 | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/build-aux/m4/bitcoin_secp.m4 b/build-aux/m4/bitcoin_secp.m4 index 57595f4499d8e..ece3d655edc30 100644 --- a/build-aux/m4/bitcoin_secp.m4 +++ b/build-aux/m4/bitcoin_secp.m4 @@ -36,16 +36,39 @@ if test x"$has_libcrypto" = x"yes" && test x"$has_openssl_ec" = x; then CPPFLAGS_TEMP="$CPPFLAGS" CPPFLAGS="$CRYPTO_CPPFLAGS $CPPFLAGS" AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ + #include #include #include #include ]],[[ - EC_KEY *eckey = EC_KEY_new_by_curve_name(NID_secp256k1); - ECDSA_sign(0, NULL, 0, NULL, NULL, eckey); + # if OPENSSL_VERSION_NUMBER < 0x10100000L + void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) {(void)sig->r; (void)sig->s;} + # endif + + unsigned int zero = 0; + const unsigned char *zero_ptr = (unsigned char*)&zero; + EC_KEY_free(EC_KEY_new_by_curve_name(NID_secp256k1)); + EC_KEY *eckey = EC_KEY_new(); + EC_GROUP *group = EC_GROUP_new_by_curve_name(NID_secp256k1); + EC_KEY_set_group(eckey, group); + ECDSA_sign(0, NULL, 0, NULL, &zero, eckey); ECDSA_verify(0, NULL, 0, NULL, 0, eckey); + o2i_ECPublicKey(&eckey, &zero_ptr, 0); + d2i_ECPrivateKey(&eckey, &zero_ptr, 0); + EC_KEY_check_key(eckey); EC_KEY_free(eckey); + EC_GROUP_free(group); ECDSA_SIG *sig_openssl; sig_openssl = ECDSA_SIG_new(); + d2i_ECDSA_SIG(&sig_openssl, &zero_ptr, 0); + i2d_ECDSA_SIG(sig_openssl, NULL); + ECDSA_SIG_get0(sig_openssl, NULL, NULL); ECDSA_SIG_free(sig_openssl); + const BIGNUM *bignum = BN_value_one(); + BN_is_negative(bignum); + BN_num_bits(bignum); + if (sizeof(zero) >= BN_num_bytes(bignum)) { + BN_bn2bin(bignum, (unsigned char*)&zero); + } ]])],[has_openssl_ec=yes],[has_openssl_ec=no]) AC_MSG_RESULT([$has_openssl_ec]) CPPFLAGS="$CPPFLAGS_TEMP" From 3734b68200ee37f5eea80f47d611e9b5a65548fe Mon Sep 17 00:00:00 2001 From: Elichai Turkel Date: Tue, 27 Oct 2020 13:09:15 +0200 Subject: [PATCH 2/2] Configure echo if openssl tests are enabled --- configure.ac | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 60f629c49d8ce..eb3b449becaad 100644 --- a/configure.ac +++ b/configure.ac @@ -395,8 +395,8 @@ esac if test x"$use_tests" = x"yes"; then SECP_OPENSSL_CHECK - if test x"$has_openssl_ec" = x"yes"; then - if test x"$enable_openssl_tests" != x"no"; then + if test x"$enable_openssl_tests" != x"no" && test x"$has_openssl_ec" = x"yes"; then + enable_openssl_tests=yes AC_DEFINE(ENABLE_OPENSSL_TESTS, 1, [Define this symbol if OpenSSL EC functions are available]) SECP_TEST_INCLUDES="$SSL_CFLAGS $CRYPTO_CFLAGS $CRYPTO_CPPFLAGS" SECP_TEST_LIBS="$CRYPTO_LIBS" @@ -406,16 +406,17 @@ if test x"$use_tests" = x"yes"; then SECP_TEST_LIBS="$SECP_TEST_LIBS -lgdi32" ;; esac - fi else if test x"$enable_openssl_tests" = x"yes"; then AC_MSG_ERROR([OpenSSL tests requested but OpenSSL with EC support is not available]) fi + enable_openssl_tests=no fi else if test x"$enable_openssl_tests" = x"yes"; then AC_MSG_ERROR([OpenSSL tests requested but tests are not enabled]) fi + enable_openssl_tests=no fi if test x"$set_bignum" = x"gmp"; then @@ -503,6 +504,8 @@ echo "Build Options:" echo " with ecmult precomp = $set_precomp" echo " with external callbacks = $use_external_default_callbacks" echo " with benchmarks = $use_benchmark" +echo " with tests = $use_tests" +echo " with openssl tests = $enable_openssl_tests" echo " with coverage = $enable_coverage" echo " module ecdh = $enable_module_ecdh" echo " module recovery = $enable_module_recovery"