[pkg-opensc-commit] [opensc] 112/295: prkey_fixup_rsa changes for OpenSSL-1.1.0
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:21 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 16591d41822182d6bffcc4741e82a5f6cd059ea1
Author: Doug Engert <deengert at gmail.com>
Date: Tue Oct 25 21:49:48 2016 -0500
prkey_fixup_rsa changes for OpenSSL-1.1.0
Remove restrictions in prkey_fixup_rsa:
/* Not thread safe, but much better than a memory leak */
/* TODO put on stack, or allocate and clear and then free */
Compute dmp1, dmp1 and/or iqmp if not in sc_pkcs15_prkey_rsa
Remove the GETBN macro that was causing problems.
Changes to be committed:
modified: src/pkcs15init/pkcs15-lib.c
-- closes #894
---
src/pkcs15init/pkcs15-lib.c | 43 +++++++++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 72a4b4a..eabcd4f 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -46,6 +46,7 @@
#endif
#include <assert.h>
#ifdef ENABLE_OPENSSL
+#include <openssl/opensslv.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -55,6 +56,7 @@
#include <openssl/pkcs12.h>
#endif
+#include "libopensc/sc-ossl-compat.h"
#include "common/compat_strlcpy.h"
#include "common/libscdl.h"
#include "libopensc/pkcs15.h"
@@ -2162,11 +2164,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
}
#ifdef ENABLE_OPENSSL
-#define GETBN(dst, src, mem) \
- do { dst.len = BN_num_bytes(src); \
- assert(dst.len <= sizeof(mem)); \
- BN_bn2bin(src, dst.data = mem); \
- } while (0)
/* Generate additional parameters.
* At least the GPK seems to need the full set of CRT
@@ -2178,7 +2175,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
/* We don't really need an RSA structure, only the BIGNUMs */
if (!key->dmp1.len || !key->dmq1.len || !key->iqmp.len) {
- static u8 dmp1[256], dmq1[256], iqmp[256];
BIGNUM *aux;
BN_CTX *bn_ctx;
BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_p, *rsa_q, *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
@@ -2206,11 +2202,35 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
BN_clear_free(aux);
BN_CTX_free(bn_ctx);
- /* Not thread safe, but much better than a memory leak */
- /* TODO put on stack, or allocate and clear and then free */
- GETBN(key->dmp1, rsa_dmp1, dmp1);
- GETBN(key->dmq1, rsa_dmq1, dmq1);
- GETBN(key->iqmp, rsa_iqmp, iqmp);
+ /* Do not replace, only fill in missing */
+ if (key->dmp1.data == NULL) {
+ key->dmp1.len = BN_num_bytes(rsa_dmp1);
+ key->dmp1.data = malloc(key->dmp1.len);
+ if (key->dmp1.data) {
+ BN_bn2bin(rsa_dmp1, key->dmp1.data);
+ } else {
+ key->dmp1.len = 0;
+ }
+ }
+
+ if (key->dmq1.data == NULL) {
+ key->dmq1.len = BN_num_bytes(rsa_dmq1);
+ key->dmq1.data = malloc(key->dmq1.len);
+ if (key->dmq1.data) {
+ BN_bn2bin(rsa_dmq1, key->dmq1.data);
+ } else {
+ key->dmq1.len = 0;
+ }
+ }
+ if (key->iqmp.data == NULL) {
+ key->iqmp.len = BN_num_bytes(rsa_iqmp);
+ key->iqmp.data = malloc(key->iqmp.len);
+ if (key->iqmp.data) {
+ BN_bn2bin(rsa_iqmp, key->iqmp.data);
+ } else {
+ key->iqmp.len = 0;
+ }
+ }
BN_clear_free(rsa_n);
BN_clear_free(rsa_e);
@@ -2222,7 +2242,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
BN_clear_free(rsa_iqmp);
}
-#undef GETBN
#endif
return 0;
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list