File openssl-CVE-2018-0737.patch of Package openssl.21015

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2018-0737.patch of Package openssl.21015

Squash of OpenSSL_1_0_2-stable commits:
0b199a883e9170cdfe8e61c150bbaf8d8951f3e7
64eb614ccc7ccf30cc412b736f509f1d82bbf897
0d6710289307d277ebc3354105c965b6e8ba8eb0
349a41da1ad88ad87825414752a8ff5fdd6a6c3f

diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index e48591b..4abee2a 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -433,6 +433,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
     BIGNUM *pr0, *d, *p;
     int bitsp, bitsq, ok = -1, n = 0;
     BN_CTX *ctx = NULL;
+    unsigned long error = 0;
 
 #ifdef OPENSSL_FIPS
     if (FIPS_module_mode()) {
@@ -492,6 +493,9 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
 
     BN_copy(rsa->e, e_value);
 
+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+    BN_set_flags(r2, BN_FLG_CONSTTIME);
     /* generate p and q */
     for (;;) {
         if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
@@ -500,10 +504,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
             continue;
         if (!BN_sub(r2, rsa->p, BN_value_one()))
             goto err;
-        if (!BN_gcd(r1, r2, rsa->e, ctx))
-            goto err;
-        if (BN_is_one(r1))
+        ERR_set_mark();
+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+            /* GCD == 1 since inverse exists */
             break;
+        }
+        error = ERR_peek_last_error();
+        if (ERR_GET_LIB(error) == ERR_LIB_BN
+            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+            /* GCD != 1 */
+            ERR_pop_to_mark();
+        } else {
+            goto err;
+        }
         if (!BN_GENCB_call(cb, 2, n++))
             goto err;
     }
@@ -523,10 +536,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
             continue;
         if (!BN_sub(r2, rsa->q, BN_value_one()))
             goto err;
-        if (!BN_gcd(r1, r2, rsa->e, ctx))
-            goto err;
-        if (BN_is_one(r1))
+        ERR_set_mark();
+        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+            /* GCD == 1 since inverse exists */
             break;
+        }
+        error = ERR_peek_last_error();
+        if (ERR_GET_LIB(error) == ERR_LIB_BN
+            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+            /* GCD != 1 */
+            ERR_pop_to_mark();
+        } else {
+            goto err;
+        }
         if (!BN_GENCB_call(cb, 2, n++))
             goto err;
     }

Places

File openssl-CVE-2018-0737.patch of Package openssl.21015

Places