File openssl-CVE-2018-0737-fips.patch of Package openssl-1_0_0.16376
Adjustments to fips_rsa_builtin_keygen along the lines
of the CVE-2018-0737 fix which consists of commits:
9db724cfede4ba7a3668bff533973ee70145ec07
011f82e66f4bf131c733fd41a8390039859aafb2
7150a4720af7913cae16f2e4eaf768b578c0b298
6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
Index: openssl-1.0.2p/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.0.2p.orig/crypto/rsa/rsa_gen.c 2018-09-04 11:18:01.208954538 +0200
+++ openssl-1.0.2p/crypto/rsa/rsa_gen.c 2018-09-04 13:50:07.744359213 +0200
@@ -183,6 +183,7 @@ static int FIPS_rsa_builtin_keygen(RSA *
int n = 0;
int test = 0;
int pbits = bits / 2;
+ unsigned long error = 0;
if (FIPS_selftest_failed()) {
FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
@@ -252,6 +253,10 @@ retry:
if (!BN_lshift(r3, r3, pbits - 100))
goto err;
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+ BN_set_flags(r2, BN_FLG_CONSTTIME);
+
/* generate p and q */
for (i = 0; i < 5 * pbits; i++) {
ploop:
@@ -266,9 +271,9 @@ retry:
if (!BN_sub(r2, rsa->p, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
- goto err;
- if (BN_is_one(r1)) {
+ ERR_set_mark();
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+ /* GCD == 1 since inverse exists */
int r;
r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
cb);
@@ -276,6 +281,15 @@ retry:
goto err;
if (r > 0)
break;
+ } else {
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ /* GCD != 1 */
+ ERR_pop_to_mark();
+ } else {
+ goto err;
+ }
}
if (!BN_GENCB_call(cb, 2, n++))
@@ -309,9 +323,9 @@ retry:
if (!BN_sub(r2, rsa->q, BN_value_one()))
goto err;
- if (!BN_gcd(r1, r2, rsa->e, ctx))
- goto err;
- if (BN_is_one(r1)) {
+ ERR_set_mark();
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+ /* GCD == 1 since inverse exists */
int r;
r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
cb);
@@ -319,6 +333,15 @@ retry:
goto err;
if (r > 0)
break;
+ } else {
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+ /* GCD != 1 */
+ ERR_pop_to_mark();
+ } else {
+ goto err;
+ }
}
if (!BN_GENCB_call(cb, 2, n++))