Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0:Ports
tboot
tboot-ssl-broken.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tboot-ssl-broken.patch of Package tboot
Index: tboot-1.9.6/lcptools-v2/crtpollist.c =================================================================== --- tboot-1.9.6.orig/lcptools-v2/crtpollist.c +++ tboot-1.9.6/lcptools-v2/crtpollist.c @@ -132,6 +132,7 @@ static lcp_signature_t2 *read_rsa_pubkey if ( fp == NULL ) { ERROR("Error: failed to open .pem file %s: %s\n", file, strerror(errno)); + fclose(fp); return NULL; } @@ -141,6 +142,7 @@ static lcp_signature_t2 *read_rsa_pubkey ERROR("Error: failed to read .pem file %s: %s\n", file, ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); + fclose(fp); return NULL; } @@ -148,6 +150,7 @@ static lcp_signature_t2 *read_rsa_pubkey if ( keysize == 0 ) { ERROR("Error: public key size is 0\n"); RSA_free(pubkey); + fclose(fp); return NULL; } @@ -155,19 +158,20 @@ static lcp_signature_t2 *read_rsa_pubkey if ( sig == NULL ) { ERROR("Error: failed to allocate sig\n"); RSA_free(pubkey); + fclose(fp); return NULL; } memset(sig, 0, sizeof(lcp_rsa_signature_t) + 2*keysize); sig->rsa_signature.pubkey_size = keysize; + const BIGNUM *modulus = NULL; /* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L - BIGNUM *modulus = BN_new(); - RSA_get0_key(pubkey, (const BIGNUM **)&modulus, NULL, NULL); + RSA_get0_key(pubkey, &modulus, NULL, NULL); #else - BIGNUM *modulus = BN_dup(pubkey->n); + modulus = pubkey->n; #endif unsigned char key[keysize]; @@ -183,8 +187,8 @@ static lcp_signature_t2 *read_rsa_pubkey } LOG("read rsa pubkey succeed!\n"); - BN_free(modulus); RSA_free(pubkey); + fclose(fp); return sig; } @@ -386,13 +390,13 @@ static bool ecdsa_sign_tpm20_list_data(l return false; } - BIGNUM *r = BN_new(); - BIGNUM *s = BN_new(); - + const BIGNUM *r = NULL; + const BIGNUM *s = NULL; + /* OpenSSL Version 1.1.0 and later don't allow direct access to ECDSA_SIG stuct */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L - ECDSA_SIG_get0(ecdsasig, (const BIGNUM **)&r, (const BIGNUM **)&s); + ECDSA_SIG_get0(ecdsasig, &r, &s); #else r = ecdsasig->r; s = ecdsasig->s; @@ -415,8 +419,7 @@ static bool ecdsa_sign_tpm20_list_data(l display_tpm20_signature(" ", sig, pollist->sig_alg, false); } - BN_free(r); - BN_free(s); + ECDSA_SIG_free(ecdsasig); return true; } return false; Index: tboot-1.9.6/lcptools-v2/lcputils.c =================================================================== --- tboot-1.9.6.orig/lcptools-v2/lcputils.c +++ tboot-1.9.6/lcptools-v2/lcputils.c @@ -371,9 +371,8 @@ bool verify_signature(const uint8_t *dat return false; } - BIGNUM *modulus = BN_new(); + BIGNUM *modulus = BN_bin2bn(key, pubkey_size, NULL); BIGNUM *exponent = BN_new(); - modulus = BN_bin2bn(key, pubkey_size, NULL); /* uses fixed exponent (LCP_SIG_EXPONENT) */ char exp[32]; @@ -384,8 +383,8 @@ bool verify_signature(const uint8_t *dat #if OPENSSL_VERSION_NUMBER >= 0x10100000L RSA_set0_key(rsa_pubkey, modulus, exponent, NULL); #else - rsa_pubkey->n = BN_dup(modulus); - rsa_pubkey->e = BN_dup(exponent); + rsa_pubkey->n = modulus; + rsa_pubkey->e = exponent; rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL; #endif @@ -407,8 +406,6 @@ bool verify_signature(const uint8_t *dat tb_hash_t digest; if ( !hash_buffer(data, data_size, &digest, hashalg) ) { ERROR("Error: failed to hash list\n"); - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -451,8 +448,6 @@ bool verify_signature(const uint8_t *dat ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -467,8 +462,6 @@ bool verify_signature(const uint8_t *dat ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -483,8 +476,6 @@ bool verify_signature(const uint8_t *dat ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -499,8 +490,6 @@ bool verify_signature(const uint8_t *dat ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -508,13 +497,10 @@ bool verify_signature(const uint8_t *dat default : LOG("unknown hash alg\n"); - BN_free(modulus); - BN_free(exponent); + RSA_free(rsa_pubkey); return false; } - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return true; } Index: tboot-1.9.6/lcptools/crtpollist.c =================================================================== --- tboot-1.9.6.orig/lcptools/crtpollist.c +++ tboot-1.9.6/lcptools/crtpollist.c @@ -156,13 +156,14 @@ static lcp_signature_t *read_pubkey_file memset(sig, 0, sizeof(*sig) + 2*keysize); sig->pubkey_size = keysize; + const BIGNUM *modulus = NULL; + /* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L - BIGNUM *modulus = BN_new(); - RSA_get0_key(pubkey, (const BIGNUM **)&modulus, NULL, NULL); + RSA_get0_key(pubkey, &modulus, NULL, NULL); #else - BIGNUM *modulus = BN_dup(pubkey->n); + modulus = pubkey->n; #endif unsigned char key[keysize]; BN_bn2bin(modulus, key); @@ -175,8 +176,7 @@ static lcp_signature_t *read_pubkey_file LOG("signature:\n"); display_signature(" ", sig, false); } - - BN_free(modulus); + RSA_free(pubkey); return sig; } Index: tboot-1.9.6/lcptools/lcputils2.c =================================================================== --- tboot-1.9.6.orig/lcptools/lcputils2.c +++ tboot-1.9.6/lcptools/lcputils2.c @@ -274,31 +274,29 @@ bool verify_signature(const uint8_t *dat ERROR("Error: failed to allocate key\n"); return false; } - BIGNUM *modulus = BN_new(); + + BIGNUM *modulus = BN_bin2bn(key, pubkey_size, NULL); BIGNUM *exponent = BN_new(); - modulus = BN_bin2bn(key, pubkey_size, NULL); /* uses fixed exponent (LCP_SIG_EXPONENT) */ char exp[32]; snprintf(exp, sizeof(exp), "%u", LCP_SIG_EXPONENT); BN_dec2bn(&exponent, exp); - + /* OpenSSL Version 1.1.0 and later don't allow direct access to RSA stuct */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L - RSA_set0_key(rsa_pubkey, modulus, exponent, NULL); + RSA_set0_key(rsa_pubkey, modulus, exponent, NULL); #else - rsa_pubkey->n = BN_dup(modulus); - rsa_pubkey->e = BN_dup(exponent); - rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL; + rsa_pubkey->n = modulus; + rsa_pubkey->e = exponent; + rsa_pubkey->d = rsa_pubkey->p = rsa_pubkey->q = NULL; #endif /* first create digest of data */ tb_hash_t digest; if ( !hash_buffer(data, data_size, &digest, TB_HALG_SHA1_LG) ) { ERROR("Error: failed to hash list\n"); - BN_free(modulus); - BN_free(exponent); RSA_free(rsa_pubkey); return false; } @@ -339,14 +337,10 @@ bool verify_signature(const uint8_t *dat ERROR("Error: failed to verify list: %s\n", ERR_error_string(ERR_get_error(), NULL)); ERR_free_strings(); - BN_free(modulus); - BN_free(exponent); - RSA_free(rsa_pubkey); + RSA_free(rsa_pubkey); return false; } - - BN_free(modulus); - BN_free(exponent); + RSA_free(rsa_pubkey); return true; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
