Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
openssl
openssl-CVE-2018-0737-fips.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssl-CVE-2018-0737-fips.patch of Package openssl
Adjustments to fips_rsa_builtin_keygen along the lines of the CVE-2018-0737 fix which consists of commits: 9db724cfede4ba7a3668bff533973ee70145ec07 011f82e66f4bf131c733fd41a8390039859aafb2 7150a4720af7913cae16f2e4eaf768b578c0b298 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Index: openssl-1.0.1i/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.0.1i.orig/crypto/rsa/rsa_gen.c 2018-11-14 19:50:36.559337518 +0100 +++ openssl-1.0.1i/crypto/rsa/rsa_gen.c 2018-11-14 19:55:00.017023333 +0100 @@ -179,6 +179,7 @@ static int FIPS_rsa_builtin_keygen(RSA * int n = 0; int test = 0; int pbits = bits/2; + unsigned long error = 0; if(FIPS_selftest_failed()) { @@ -236,6 +237,10 @@ retry: if (!BN_one(r3)) goto err; if (!BN_lshift(r3, r3, pbits - 100)) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); + BN_set_flags(r2, BN_FLG_CONSTTIME); + /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { @@ -249,13 +254,22 @@ retry: } if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err; - if (BN_is_one(r1)) - { + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ int r; r = BN_is_prime_fasttest_ex(rsa->p, pbits>1024?4:5, ctx, 0, cb); if (r == -1 || (test && r <= 0)) goto err; if (r > 0) break; + } else { + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } } if(!BN_GENCB_call(cb, 2, n++)) @@ -287,13 +301,22 @@ retry: } if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) goto err; - if (BN_is_one(r1)) - { + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ int r; r = BN_is_prime_fasttest_ex(rsa->q, pbits>1024?4:5, ctx, 0, cb); if (r == -1 || (test && r <= 0)) goto err; if (r > 0) break; + } else { + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } } if(!BN_GENCB_call(cb, 2, n++))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor