Update to openssl 1.0.2j

Signed-off-by: Gary Lin <glin@suse.com>
author: Gary Lin <glin@suse.com> 2016-10-13 15:57:25 +0800
committer: Peter Jones <pjones@redhat.com> 2016-11-30 12:57:34 -0500
commit: b371a682fb67ff945a8095437b9b33cab549bb49 (patch)
tree: 55aa1f4552b1c96dbfd1b110e210cb7471ee06e4 /Cryptlib/OpenSSL/crypto/rsa
parent: 43ad947f6e7d1e899d86fd8ca66a55ffbc3ed2b2 (diff)
download: efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.tar.gz
efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.zip
4 files changed, 38 insertions, 58 deletions
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
index ddead3d7..951e1d5c 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
@@ -768,7 +768,6 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
     return 2;
 }
 
-#ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
                                         X509_ALGOR **pmaskHash)
 {
@@ -792,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
     return pss;
 }
 
+#ifndef OPENSSL_NO_CMS
 static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
 {
     EVP_PKEY_CTX *pkctx;
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
index 607faa00..475dfc56 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
@@ -56,7 +56,6 @@ int RSA_check_key(const RSA *key)
 {
     BIGNUM *i, *j, *k, *l, *m;
     BN_CTX *ctx;
-    int r;
     int ret = 1;
 
     if (!key->p || !key->q || !key->n || !key->e || !key->d) {
@@ -70,75 +69,68 @@ int RSA_check_key(const RSA *key)
     l = BN_new();
     m = BN_new();
     ctx = BN_CTX_new();
-    if (i == NULL || j == NULL || k == NULL || l == NULL ||
-        m == NULL || ctx == NULL) {
+    if (i == NULL || j == NULL || k == NULL || l == NULL
+            || m == NULL || ctx == NULL) {
         ret = -1;
         RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
         goto err;
     }
 
+    if (BN_is_one(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
+    }
+    if (!BN_is_odd(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
+    }
+
     /* p prime? */
-    r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
-    if (r != 1) {
-        ret = r;
-        if (r != 0)
-            goto err;
+    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL) != 1) {
+        ret = 0;
         RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
     }
 
     /* q prime? */
-    r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
-    if (r != 1) {
-        ret = r;
-        if (r != 0)
-            goto err;
+    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL) != 1) {
+        ret = 0;
         RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
     }
 
     /* n = p*q? */
-    r = BN_mul(i, key->p, key->q, ctx);
-    if (!r) {
+    if (!BN_mul(i, key->p, key->q, ctx)) {
         ret = -1;
         goto err;
     }
-
     if (BN_cmp(i, key->n) != 0) {
         ret = 0;
         RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
     }
 
     /* d*e = 1  mod lcm(p-1,q-1)? */
-
-    r = BN_sub(i, key->p, BN_value_one());
-    if (!r) {
+    if (!BN_sub(i, key->p, BN_value_one())) {
         ret = -1;
         goto err;
     }
-    r = BN_sub(j, key->q, BN_value_one());
-    if (!r) {
+    if (!BN_sub(j, key->q, BN_value_one())) {
         ret = -1;
         goto err;
     }
 
     /* now compute k = lcm(i,j) */
-    r = BN_mul(l, i, j, ctx);
-    if (!r) {
+    if (!BN_mul(l, i, j, ctx)) {
         ret = -1;
         goto err;
     }
-    r = BN_gcd(m, i, j, ctx);
-    if (!r) {
+    if (!BN_gcd(m, i, j, ctx)) {
         ret = -1;
         goto err;
     }
-    r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-    if (!r) {
+    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
         ret = -1;
         goto err;
     }
-
-    r = BN_mod_mul(i, key->d, key->e, k, ctx);
-    if (!r) {
+    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
         ret = -1;
         goto err;
     }
@@ -150,36 +142,28 @@ int RSA_check_key(const RSA *key)
 
     if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
         /* dmp1 = d mod (p-1)? */
-        r = BN_sub(i, key->p, BN_value_one());
-        if (!r) {
+        if (!BN_sub(i, key->p, BN_value_one())) {
             ret = -1;
             goto err;
         }
-
-        r = BN_mod(j, key->d, i, ctx);
-        if (!r) {
+        if (!BN_mod(j, key->d, i, ctx)) {
             ret = -1;
             goto err;
         }
-
         if (BN_cmp(j, key->dmp1) != 0) {
             ret = 0;
             RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
         }
 
         /* dmq1 = d mod (q-1)? */
-        r = BN_sub(i, key->q, BN_value_one());
-        if (!r) {
+        if (!BN_sub(i, key->q, BN_value_one())) {
             ret = -1;
             goto err;
         }
-
-        r = BN_mod(j, key->d, i, ctx);
-        if (!r) {
+        if (!BN_mod(j, key->d, i, ctx)) {
             ret = -1;
             goto err;
         }
-
         if (BN_cmp(j, key->dmq1) != 0) {
             ret = 0;
             RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
@@ -190,7 +174,6 @@ int RSA_check_key(const RSA *key)
             ret = -1;
             goto err;
         }
-
         if (BN_cmp(i, key->iqmp) != 0) {
             ret = 0;
             RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
@@ -198,17 +181,11 @@ int RSA_check_key(const RSA *key)
     }
 
  err:
-    if (i != NULL)
-        BN_free(i);
-    if (j != NULL)
-        BN_free(j);
-    if (k != NULL)
-        BN_free(k);
-    if (l != NULL)
-        BN_free(l);
-    if (m != NULL)
-        BN_free(m);
-    if (ctx != NULL)
-        BN_CTX_free(ctx);
-    return (ret);
+    BN_free(i);
+    BN_free(j);
+    BN_free(k);
+    BN_free(l);
+    BN_free(m);
+    BN_CTX_free(ctx);
+    return ret;
 }
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
index a6805deb..6ea6b40d 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
@@ -143,6 +143,7 @@ RSA *RSA_new_method(ENGINE *engine)
         RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
+    memset(ret,0,sizeof(RSA));
 
     ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c
index 20363559..94db87a0 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c
@@ -545,8 +545,10 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         return 1;
 
     case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
-        if (!p2)
+        if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
             return -2;
+        }
         BN_free(rctx->pub_exp);
         rctx->pub_exp = p2;
         return 1;
author	Gary Lin <glin@suse.com>	2016-10-13 15:57:25 +0800
committer	Peter Jones <pjones@redhat.com>	2016-11-30 12:57:34 -0500
commit	b371a682fb67ff945a8095437b9b33cab549bb49 (patch)
tree	55aa1f4552b1c96dbfd1b110e210cb7471ee06e4 /Cryptlib/OpenSSL/crypto/rsa
parent	43ad947f6e7d1e899d86fd8ca66a55ffbc3ed2b2 (diff)
download	efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.tar.gz efi-boot-shim-b371a682fb67ff945a8095437b9b33cab549bb49.zip