Changeset 73665 in vbox for trunk/src/VBox/Runtime/common
- Timestamp:
- Aug 14, 2018 5:49:23 PM (7 years ago)
- svn:sync-xref-src-repo-rev:
- 124340
- Location:
- trunk/src/VBox/Runtime/common
- Files:
-
- 5 added
- 7 edited
-
crypto/key-file.cpp (added)
-
crypto/key-internal.h (added)
-
crypto/key-openssl.cpp (added)
-
crypto/key.cpp (added)
-
crypto/pkcs7-verify.cpp (modified) (2 diffs)
-
crypto/pkix-sign.cpp (added)
-
crypto/pkix-signature-builtin.cpp (modified) (1 diff)
-
crypto/pkix-signature-core.cpp (modified) (11 diffs)
-
crypto/pkix-signature-rsa.cpp (modified) (11 diffs)
-
crypto/pkix-verify.cpp (modified) (11 diffs)
-
crypto/x509-verify.cpp (modified) (3 diffs)
-
math/bignum.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Runtime/common/crypto/pkcs7-verify.cpp
r69111 r73665 35 35 #include <iprt/string.h> 36 36 #include <iprt/crypto/digest.h> 37 #include <iprt/crypto/key.h> 37 38 #include <iprt/crypto/pkix.h> 38 39 #include <iprt/crypto/store.h> … … 477 478 if (RT_SUCCESS(rc)) 478 479 { 479 RTCRPKIXSIGNATURE hSignature; 480 rc = RTCrPkixSignatureCreateByObjId(&hSignature, 481 &pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm, 482 false /*fSigning*/, 483 &pSignerCert->TbsCertificate.SubjectPublicKeyInfo.SubjectPublicKey, 484 &pSignerInfo->DigestEncryptionAlgorithm.Parameters); 480 RTCRKEY hKey; 481 rc = RTCrKeyCreateFromSubjectPublicKeyInfo(&hKey, &pSignerCert->TbsCertificate.SubjectPublicKeyInfo, 482 pErrInfo, "pkcs7"); 485 483 if (RT_SUCCESS(rc)) 486 484 { 487 /** @todo Check that DigestEncryptionAlgorithm is compatible with hSignature 488 * (this is not vital). */ 489 rc = RTCrPkixSignatureVerifyOctetString(hSignature, hDigest, &pSignerInfo->EncryptedDigest); 490 if (RT_FAILURE(rc)) 491 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNATURE_VERIFICATION_FAILED, 492 "Signature verficiation failed: %Rrc", rc); 493 RTCrPkixSignatureRelease(hSignature); 485 RTCRPKIXSIGNATURE hSignature; 486 rc = RTCrPkixSignatureCreateByObjId(&hSignature, &pSignerInfo->DigestEncryptionAlgorithm.Algorithm, 487 hKey, &pSignerInfo->DigestEncryptionAlgorithm.Parameters, false /*fSigning*/); 488 RTCrKeyRelease(hKey); 489 if (RT_SUCCESS(rc)) 490 { 491 /** @todo Check that DigestEncryptionAlgorithm is compatible with hSignature 492 * (this is not vital). */ 493 rc = RTCrPkixSignatureVerifyOctetString(hSignature, hDigest, &pSignerInfo->EncryptedDigest); 494 if (RT_FAILURE(rc)) 495 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_SIGNATURE_VERIFICATION_FAILED, 496 "Signature verficiation failed: %Rrc", rc); 497 RTCrPkixSignatureRelease(hSignature); 498 } 499 else 500 rc = RTErrInfoSetF(pErrInfo, rc, "Failure to instantiate public key algorithm [IPRT]: %s (%s)", 501 pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId, 502 pSignerInfo->DigestEncryptionAlgorithm.Algorithm.szObjId); 494 503 } 495 else496 rc = RTErrInfoSetF(pErrInfo, rc, "Failure to instantiate public key algorithm [IPRT]: %s (%s)",497 pSignerCert->TbsCertificate.SubjectPublicKeyInfo.Algorithm.Algorithm.szObjId,498 pSignerInfo->DigestEncryptionAlgorithm.Algorithm.szObjId);499 504 } 500 505 -
trunk/src/VBox/Runtime/common/crypto/pkix-signature-builtin.cpp
r69111 r73665 116 116 117 117 118 RTDECL(int) RTCrPkixSignatureCreateByObjIdString(PRTCRPKIXSIGNATURE phSignature, const char *pszObjId, bool fSigning,119 PCRTASN1BITSTRING pKey,PCRTASN1DYNTYPE pParams)118 RTDECL(int) RTCrPkixSignatureCreateByObjIdString(PRTCRPKIXSIGNATURE phSignature, const char *pszObjId, 119 RTCRKEY hKey, PCRTASN1DYNTYPE pParams, bool fSigning) 120 120 { 121 121 void *pvOpaque; 122 122 PCRTCRPKIXSIGNATUREDESC pDesc = RTCrPkixSignatureFindByObjIdString(pszObjId, &pvOpaque); 123 123 if (pDesc) 124 return RTCrPkixSignatureCreate(phSignature, pDesc, pvOpaque, fSigning, pKey, pParams);124 return RTCrPkixSignatureCreate(phSignature, pDesc, pvOpaque, fSigning, hKey, pParams); 125 125 return VERR_NOT_FOUND; 126 126 } 127 127 128 128 129 RTDECL(int) RTCrPkixSignatureCreateByObjId(PRTCRPKIXSIGNATURE phSignature, PCRTASN1OBJID pObjId, bool fSigning,130 PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams)129 RTDECL(int) RTCrPkixSignatureCreateByObjId(PRTCRPKIXSIGNATURE phSignature, PCRTASN1OBJID pObjId, 130 RTCRKEY hKey, PCRTASN1DYNTYPE pParams, bool fSigning) 131 131 { 132 132 void *pvOpaque; 133 133 PCRTCRPKIXSIGNATUREDESC pDesc = RTCrPkixSignatureFindByObjId(pObjId, &pvOpaque); 134 134 if (pDesc) 135 return RTCrPkixSignatureCreate(phSignature, pDesc, pvOpaque, fSigning, pKey, pParams);135 return RTCrPkixSignatureCreate(phSignature, pDesc, pvOpaque, fSigning, hKey, pParams); 136 136 return VERR_NOT_FOUND; 137 137 } -
trunk/src/VBox/Runtime/common/crypto/pkix-signature-core.cpp
r73097 r73665 38 38 #include <iprt/string.h> 39 39 #include <iprt/crypto/digest.h> 40 #include <iprt/crypto/key.h> 40 41 41 42 … … 54 55 /** Pointer to the message digest descriptor. */ 55 56 PCRTCRPKIXSIGNATUREDESC pDesc; 57 /** Key being used (referrenced of course). */ 58 RTCRKEY hKey; 56 59 /** The operation this instance is licensed for. */ 57 60 bool fSigning; 58 61 /** State. */ 59 62 uint32_t uState; 60 #if ARCH_BITS == 3261 uint32_t uPadding;62 #endif63 63 64 64 /** Opaque data specific to the message digest algorithm, size given by … … 86 86 87 87 RTDECL(int) RTCrPkixSignatureCreate(PRTCRPKIXSIGNATURE phSignature, PCRTCRPKIXSIGNATUREDESC pDesc, void *pvOpaque, 88 bool fSigning, PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams)88 bool fSigning, RTCRKEY hKey, PCRTASN1DYNTYPE pParams) 89 89 { 90 90 /* … … 93 93 AssertPtrReturn(phSignature, VERR_INVALID_POINTER); 94 94 AssertPtrReturn(pDesc, VERR_INVALID_POINTER); 95 AssertPtrReturn(pKey, VERR_INVALID_POINTER);96 AssertReturn(RTAsn1BitString_IsPresent(pKey), VERR_INVALID_PARAMETER);97 95 if (pParams) 98 96 { … … 102 100 pParams = NULL; 103 101 } 102 uint32_t cKeyRefs = RTCrKeyRetain(hKey); 103 AssertReturn(cKeyRefs != UINT32_MAX, VERR_INVALID_HANDLE); 104 104 105 105 /* … … 116 116 pThis->fSigning = fSigning; 117 117 pThis->uState = RTCRPKIXSIGNATURE_STATE_READY; 118 pThis->hKey = hKey; 118 119 if (pDesc->pfnInit) 119 rc = pDesc->pfnInit(pDesc, pThis->abState, pvOpaque, fSigning, pKey, pParams);120 rc = pDesc->pfnInit(pDesc, pThis->abState, pvOpaque, fSigning, hKey, pParams); 120 121 if (RT_SUCCESS(rc)) 121 122 { … … 128 129 else 129 130 rc = VERR_NO_MEMORY; 131 RTCrKeyRelease(hKey); 130 132 return rc; 131 133 … … 142 144 Assert(cRefs < 64); 143 145 return cRefs; 146 } 147 148 149 /** 150 * Destructor worker. 151 */ 152 static uint32_t rtCrPkixSignatureDestructor(PRTCRPKIXSIGNATUREINT pThis) 153 { 154 pThis->u32Magic = ~RTCRPKIXSIGNATUREINT_MAGIC; 155 if (pThis->pDesc->pfnDelete) 156 pThis->pDesc->pfnDelete(pThis->pDesc, pThis->abState, pThis->fSigning); 157 158 RTCrKeyRelease(pThis->hKey); 159 pThis->hKey = NIL_RTCRKEY; 160 161 size_t cbToWipe = RT_UOFFSETOF_DYN(RTCRPKIXSIGNATUREINT, abState[pThis->pDesc->cbState]); 162 RTMemWipeThoroughly(pThis, cbToWipe, 6); 163 164 RTMemFree(pThis); 165 return 0; 144 166 } 145 167 … … 156 178 Assert(cRefs < 64); 157 179 if (!cRefs) 158 { 159 pThis->u32Magic = ~RTCRPKIXSIGNATUREINT_MAGIC; 160 if (pThis->pDesc->pfnDelete) 161 pThis->pDesc->pfnDelete(pThis->pDesc, pThis->abState, pThis->fSigning); 162 163 size_t cbToWipe = RT_UOFFSETOF_DYN(RTCRPKIXSIGNATUREINT, abState[pThis->pDesc->cbState]); 164 RTMemWipeThoroughly(pThis, cbToWipe, 6); 165 166 RTMemFree(pThis); 167 } 180 return rtCrPkixSignatureDestructor(pThis); 168 181 return cRefs; 169 182 } … … 211 224 if (RT_SUCCESS(rc)) 212 225 { 213 rc = pThis->pDesc->pfnVerify(pThis->pDesc, pThis->abState, hDigest, pvSignature, cbSignature);226 rc = pThis->pDesc->pfnVerify(pThis->pDesc, pThis->abState, pThis->hKey, hDigest, pvSignature, cbSignature); 214 227 pThis->uState = RTCRPKIXSIGNATURE_STATE_DONE; 215 228 } … … 265 278 if (RT_SUCCESS(rc)) 266 279 { 267 rc = pThis->pDesc->pfnSign(pThis->pDesc, pThis->abState, hDigest, pvSignature, pcbSignature);280 rc = pThis->pDesc->pfnSign(pThis->pDesc, pThis->abState, pThis->hKey, hDigest, pvSignature, pcbSignature); 268 281 if (rc != VERR_BUFFER_OVERFLOW) 269 282 pThis->uState = RTCRPKIXSIGNATURE_STATE_DONE; -
trunk/src/VBox/Runtime/common/crypto/pkix-signature-rsa.cpp
r69111 r73665 41 41 #include "rsa-internal.h" 42 42 #include "pkix-signature-builtin.h" 43 #include "key-internal.h" 43 44 44 45 … … 53 54 /** Set if we're signing, clear if verifying. */ 54 55 bool fSigning; 55 /** The modulus. */56 RTBIGNUM Modulus;57 /** The exponent. */58 RTBIGNUM Exponent;59 56 60 57 /** Temporary big number for use when signing or verifiying. */ … … 138 135 /** @impl_interface_method{RTCRPKIXSIGNATUREDESC,pfnInit} */ 139 136 static DECLCALLBACK(int) rtCrPkixSignatureRsa_Init(PCRTCRPKIXSIGNATUREDESC pDesc, void *pvState, void *pvOpaque, 140 bool fSigning, PCRTASN1BITSTRING pKey, PCRTASN1DYNTYPE pParams)137 bool fSigning, RTCRKEY hKey, PCRTASN1DYNTYPE pParams) 141 138 { 142 139 RT_NOREF_PV(pDesc); RT_NOREF_PV(pvState); RT_NOREF_PV(pvOpaque); … … 145 142 return VERR_CR_PKIX_SIGNATURE_TAKES_NO_PARAMETERS; 146 143 144 RTCRKEYTYPE enmKeyType = RTCrKeyGetType(hKey); 145 if (fSigning) 146 AssertReturn(enmKeyType == RTCRKEYTYPE_RSA_PRIVATE, VERR_CR_PKIX_NOT_RSA_PRIVATE_KEY); 147 else 148 AssertReturn(enmKeyType == RTCRKEYTYPE_RSA_PUBLIC, VERR_CR_PKIX_NOT_RSA_PUBLIC_KEY); 149 147 150 PRTCRPKIXSIGNATURERSA pThis = (PRTCRPKIXSIGNATURERSA)pvState; 148 151 pThis->fSigning = fSigning; 149 152 150 /* 151 * Decode the key and pick the bits we really need from it. 152 */ 153 RTASN1CURSORPRIMARY PrimaryCursor; 154 RTAsn1CursorInitPrimary(&PrimaryCursor, RTASN1BITSTRING_GET_BIT0_PTR(pKey), RTASN1BITSTRING_GET_BYTE_SIZE(pKey), 155 NULL, &g_RTAsn1DefaultAllocator, RTASN1CURSOR_FLAGS_DER, "rsa"); 156 int rc; 157 if (!fSigning) 158 { 159 rc = RTCrRsaPublicKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &pThis->Scratch.PublicKey, "PublicKey"); 160 if (RT_SUCCESS(rc)) 161 { 162 rc = RTAsn1Integer_ToBigNum(&pThis->Scratch.PublicKey.Modulus, &pThis->Modulus, 0); 163 if (RT_SUCCESS(rc)) 164 { 165 rc = RTAsn1Integer_ToBigNum(&pThis->Scratch.PublicKey.PublicExponent, &pThis->Exponent, 0); 166 if (RT_SUCCESS(rc)) 167 { 168 RTAsn1VtDelete(&pThis->Scratch.PublicKey.SeqCore.Asn1Core); 169 return VINF_SUCCESS; 170 } 171 RTBigNumDestroy(&pThis->Modulus); 172 } 173 RTAsn1VtDelete(&pThis->Scratch.PublicKey.SeqCore.Asn1Core); 174 } 175 } 176 else 177 { 178 rc = RTCrRsaPrivateKey_DecodeAsn1(&PrimaryCursor.Cursor, 0, &pThis->Scratch.PrivateKey, "PrivateKey"); 179 if (RT_SUCCESS(rc)) 180 { 181 rc = RTAsn1Integer_ToBigNum(&pThis->Scratch.PrivateKey.Modulus, &pThis->Modulus, RTBIGNUMINIT_F_SENSITIVE); 182 if (RT_SUCCESS(rc)) 183 { 184 rc = RTAsn1Integer_ToBigNum(&pThis->Scratch.PrivateKey.PublicExponent, &pThis->Exponent, RTBIGNUMINIT_F_SENSITIVE); 185 if (RT_SUCCESS(rc)) 186 { 187 RTAsn1VtDelete(&pThis->Scratch.PrivateKey.SeqCore.Asn1Core); 188 return VINF_SUCCESS; 189 } 190 RTBigNumDestroy(&pThis->Modulus); 191 } 192 RTAsn1VtDelete(&pThis->Scratch.PrivateKey.SeqCore.Asn1Core); 193 } 194 } 195 return rc; 153 return VINF_SUCCESS; 196 154 } 197 155 … … 213 171 RT_NOREF_PV(fSigning); RT_NOREF_PV(pDesc); 214 172 Assert(pThis->fSigning == fSigning); 215 216 RTBigNumDestroy(&pThis->Modulus);217 RTBigNumDestroy(&pThis->Exponent);218 173 } 219 174 … … 246 201 * Figure out which hash and select the associate prebaked DigestInfo. 247 202 */ 248 RTDIGESTTYPE const enmDigest 203 RTDIGESTTYPE const enmDigest = RTCrDigestGetType(hDigest); 249 204 AssertReturn(enmDigest != RTDIGESTTYPE_INVALID && enmDigest != RTDIGESTTYPE_UNKNOWN, VERR_CR_PKIX_UNKNOWN_DIGEST_TYPE); 250 205 uint8_t const *pbDigestInfoStart = NULL; … … 297 252 298 253 /** @impl_interface_method{RTCRPKIXSIGNATUREDESC,pfnVerify} */ 299 static DECLCALLBACK(int) rtCrPkixSignatureRsa_Verify(PCRTCRPKIXSIGNATUREDESC pDesc, void *pvState, 254 static DECLCALLBACK(int) rtCrPkixSignatureRsa_Verify(PCRTCRPKIXSIGNATUREDESC pDesc, void *pvState, RTCRKEY hKey, 300 255 RTCRDIGEST hDigest, void const *pvSignature, size_t cbSignature) 301 256 { … … 307 262 308 263 /* 309 * 8.2.2.1 - Length check. 310 */ 311 if (cbSignature != RTBigNumByteWidth(&pThis->Modulus)) 264 * Get the key bits we need. 265 */ 266 Assert(RTCrKeyGetType(hKey) == RTCRKEYTYPE_RSA_PUBLIC); 267 PRTBIGNUM pModulus = &hKey->u.RsaPublic.Modulus; 268 PRTBIGNUM pExponent = &hKey->u.RsaPublic.Exponent; 269 270 /* 271 * 8.2.2.1 - Length check. (RFC-3447) 272 */ 273 if (cbSignature != RTBigNumByteWidth(pModulus)) 312 274 return VERR_CR_PKIX_INVALID_SIGNATURE_LENGTH; 313 275 … … 321 283 return rc; 322 284 /* b) RSAVP1 - 5.2.2.2: Range check (0 <= s < n). */ 323 if (RTBigNumCompare(&pThis->TmpBigNum1, &pThis->Modulus) < 0)285 if (RTBigNumCompare(&pThis->TmpBigNum1, pModulus) < 0) 324 286 { 325 287 if (RTBigNumCompareWithU64(&pThis->TmpBigNum1, 0) >= 0) … … 329 291 if (RT_SUCCESS(rc)) 330 292 { 331 rc = RTBigNumModExp(&pThis->TmpBigNum2, &pThis->TmpBigNum1, &pThis->Exponent, &pThis->Modulus);293 rc = RTBigNumModExp(&pThis->TmpBigNum2, &pThis->TmpBigNum1, pExponent, pModulus); 332 294 if (RT_SUCCESS(rc)) 333 295 { … … 387 349 388 350 /** @impl_interface_method{RTCRPKIXSIGNATUREDESC,pfnSign} */ 389 static DECLCALLBACK(int) rtCrPkixSignatureRsa_Sign(PCRTCRPKIXSIGNATUREDESC pDesc, void *pvState, 351 static DECLCALLBACK(int) rtCrPkixSignatureRsa_Sign(PCRTCRPKIXSIGNATUREDESC pDesc, void *pvState, RTCRKEY hKey, 390 352 RTCRDIGEST hDigest, void *pvSignature, size_t *pcbSignature) 391 353 { 392 354 PRTCRPKIXSIGNATURERSA pThis = (PRTCRPKIXSIGNATURERSA)pvState; 393 RT_NOREF_PV(pDesc); RT_NOREF_PV(hDigest); RT_NOREF_PV(pvSignature); RT_NOREF_PV(pcbSignature); 394 Assert(pThis->fSigning); NOREF(pThis); 395 return VERR_NOT_IMPLEMENTED; 355 RT_NOREF_PV(pDesc); 356 Assert(pThis->fSigning); 357 358 /* 359 * Get the key bits we need. 360 */ 361 Assert(RTCrKeyGetType(hKey) == RTCRKEYTYPE_RSA_PRIVATE); 362 PRTBIGNUM pModulus = &hKey->u.RsaPrivate.Modulus; 363 PRTBIGNUM pExponent = &hKey->u.RsaPrivate.PrivateExponent; 364 365 /* 366 * Calc signature length and return if destination buffer isn't big enough. 367 */ 368 size_t const cbDst = *pcbSignature; 369 size_t const cbEncodedMsg = RTBigNumByteWidth(pModulus); 370 *pcbSignature = cbEncodedMsg; 371 if (cbEncodedMsg > sizeof(pThis->Scratch) / 2) 372 return VERR_CR_PKIX_SIGNATURE_TOO_LONG; 373 if (!pvSignature || cbDst < cbEncodedMsg) 374 return VERR_BUFFER_OVERFLOW; 375 376 /* 377 * 8.1.1.1 - EMSA-PSS encoding. (RFC-3447) 378 */ 379 int rc = rtCrPkixSignatureRsa_EmsaPkcs1V15Encode(pThis, hDigest, cbEncodedMsg, false /* fNoDigestInfo */); 380 if (RT_FAILURE(rc)) 381 return rc; 382 383 /* 384 * 8.1.1.2 - RSA signature. 385 */ 386 /* a) m = OS2IP(EM) -- Convert the encoded message (EM) to integer. */ 387 rc = RTBigNumInit(&pThis->TmpBigNum1, RTBIGNUMINIT_F_ENDIAN_BIG | RTBIGNUMINIT_F_UNSIGNED, 388 pThis->Scratch.abSignature, cbEncodedMsg); 389 if (RT_FAILURE(rc)) 390 return rc; 391 392 /* b) s = RSASP1(K, m = EM) - 5.2.1.1: Range check (0 <= m < n). */ 393 if (RTBigNumCompare(&pThis->TmpBigNum1, pModulus) < 0) 394 { 395 /* b) s = RSAVP1(K, m = EM) - 5.2.1.2.a: s = m^d mod n */ 396 rc = RTBigNumInitZero(&pThis->TmpBigNum2, 0); 397 if (RT_SUCCESS(rc)) 398 { 399 rc = RTBigNumModExp(&pThis->TmpBigNum2, &pThis->TmpBigNum1, pExponent, pModulus); 400 if (RT_SUCCESS(rc)) 401 { 402 /* c) S = I2OSP(s, k) -- Convert the result to bytes. */ 403 rc = RTBigNumToBytesBigEndian(&pThis->TmpBigNum2, pvSignature, cbEncodedMsg); 404 AssertStmt(RT_SUCCESS(rc) || rc != VERR_BUFFER_OVERFLOW, rc = VERR_CR_PKIX_INTERNAL_ERROR); 405 } 406 RTBigNumDestroy(&pThis->TmpBigNum2); 407 } 408 } 409 else 410 rc = VERR_CR_PKIX_SIGNATURE_GE_KEY; 411 RTBigNumDestroy(&pThis->TmpBigNum1); 412 return rc; 396 413 } 397 414 -
trunk/src/VBox/Runtime/common/crypto/pkix-verify.cpp
r69111 r73665 35 35 #include <iprt/string.h> 36 36 #include <iprt/crypto/digest.h> 37 #include <iprt/crypto/key.h> 37 38 38 39 #ifdef IPRT_WITH_OPENSSL … … 45 46 46 47 47 RTDECL(int) RTCrPkixPubKeyVerifySignature(PCRTASN1OBJID pAlgorithm, PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey, 48 49 RTDECL(int) RTCrPkixPubKeyVerifySignature(PCRTASN1OBJID pAlgorithm, RTCRKEY hPublicKey, PCRTASN1DYNTYPE pParameters, 48 50 PCRTASN1BITSTRING pSignatureValue, const void *pvData, size_t cbData, 49 51 PRTERRINFO pErrInfo) … … 62 64 } 63 65 64 AssertPtrReturn( pPublicKey, VERR_INVALID_POINTER);65 Assert Return(RTAsn1BitString_IsPresent(pPublicKey), VERR_INVALID_POINTER);66 AssertPtrReturn(hPublicKey, VERR_INVALID_POINTER); 67 Assert(RTCrKeyHasPublicPart(hPublicKey)); 66 68 67 69 AssertPtrReturn(pSignatureValue, VERR_INVALID_POINTER); … … 82 84 */ 83 85 RTCRPKIXSIGNATURE hSignature; 84 int rcIprt = RTCrPkixSignatureCreateByObjId(&hSignature, pAlgorithm, false /*fSigning*/, pPublicKey, pParameters);86 int rcIprt = RTCrPkixSignatureCreateByObjId(&hSignature, pAlgorithm, hPublicKey, pParameters, false /*fSigning*/); 85 87 if (RT_FAILURE(rcIprt)) 86 88 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_CIPHER_ALGO_NOT_KNOWN, … … 111 113 * Validate using OpenSSL EVP. 112 114 */ 113 rtCrOpenSslInit(); 114 115 /* Translate the algorithm ID into a EVP message digest type pointer. */ 116 int iAlgoNid = OBJ_txt2nid(pAlgorithm->szObjId); 117 if (iAlgoNid == NID_undef) 118 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN, 119 "Unknown public key algorithm [OpenSSL]: %s", pAlgorithm->szObjId); 120 const char *pszAlgoSn = OBJ_nid2sn(iAlgoNid); 121 122 # if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER) 123 int idAlgoPkey = 0; 124 int idAlgoMd = 0; 125 if (!OBJ_find_sigid_algs(iAlgoNid, &idAlgoMd, &idAlgoPkey)) 126 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP, 127 "OBJ_find_sigid_algs failed on %u (%s, %s)", iAlgoNid, pszAlgoSn, pAlgorithm->szObjId); 128 const EVP_MD *pEvpMdType = EVP_get_digestbynid(idAlgoMd); 129 if (!pEvpMdType) 130 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP, 131 "EVP_get_digestbynid failed on %d (%s, %s)", idAlgoMd, pszAlgoSn, pAlgorithm->szObjId); 132 # else 133 const EVP_MD *pEvpMdType = EVP_get_digestbyname(pszAlgoSn); 134 if (!pEvpMdType) 135 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP, 136 "EVP_get_digestbyname failed on %s (%s)", pszAlgoSn, pAlgorithm->szObjId); 137 # endif 138 139 EVP_MD_CTX *pEvpMdCtx = EVP_MD_CTX_create(); 140 if (!pEvpMdCtx) 141 return RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_MD_CTX_create failed"); 142 int rcOssl; 143 if (EVP_VerifyInit_ex(pEvpMdCtx, pEvpMdType, NULL /*engine*/)) 144 { 145 /* Create an EVP public key. */ 146 EVP_PKEY *pEvpPublicKey = EVP_PKEY_new(); 147 if (pEvpPublicKey) 115 /* Create an EVP public key. */ 116 EVP_PKEY *pEvpPublicKey = NULL; 117 const EVP_MD *pEvpMdType = NULL; 118 int rcOssl = rtCrKeyToOpenSslKey(hPublicKey, true /*fNeedPublic*/, pAlgorithm->szObjId, &pEvpPublicKey, &pEvpMdType, pErrInfo); 119 if (RT_SUCCESS(rcOssl)) 120 { 121 EVP_MD_CTX *pEvpMdCtx = EVP_MD_CTX_create(); 122 if (pEvpMdCtx) 148 123 { 149 # if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER) 150 if (EVP_PKEY_set_type(pEvpPublicKey, idAlgoPkey)) 124 if (EVP_VerifyInit_ex(pEvpMdCtx, pEvpMdType, NULL /*engine*/)) 151 125 { 152 int idKeyType = EVP_PKEY_base_id(pEvpPublicKey); 153 # else 154 int idKeyType = pEvpPublicKey->type = EVP_PKEY_type(pEvpMdType->required_pkey_type[0]); 155 # endif 156 if (idKeyType != NID_undef) 157 { 158 const unsigned char *puchPublicKey = RTASN1BITSTRING_GET_BIT0_PTR(pPublicKey); 159 if (d2i_PublicKey(idKeyType, &pEvpPublicKey, &puchPublicKey, RTASN1BITSTRING_GET_BYTE_SIZE(pPublicKey))) 160 { 161 /* Digest the data. */ 162 EVP_VerifyUpdate(pEvpMdCtx, pvData, cbData); 163 164 /* Verify the signature. */ 165 if (EVP_VerifyFinal(pEvpMdCtx, 166 RTASN1BITSTRING_GET_BIT0_PTR(pSignatureValue), 167 RTASN1BITSTRING_GET_BYTE_SIZE(pSignatureValue), 168 pEvpPublicKey) > 0) 169 rcOssl = VINF_SUCCESS; 170 else 171 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED, "EVP_VerifyFinal failed"); 172 } 173 else 174 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED, "d2i_PublicKey failed"); 175 } 126 /* Digest the data. */ 127 EVP_VerifyUpdate(pEvpMdCtx, pvData, cbData); 128 129 /* Verify the signature. */ 130 if (EVP_VerifyFinal(pEvpMdCtx, 131 RTASN1BITSTRING_GET_BIT0_PTR(pSignatureValue), 132 RTASN1BITSTRING_GET_BYTE_SIZE(pSignatureValue), 133 pEvpPublicKey) > 0) 134 rcOssl = VINF_SUCCESS; 176 135 else 177 # if OPENSSL_VERSION_NUMBER < 0x10001000 || defined(LIBRESSL_VERSION_NUMBER) 178 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_type() failed"); 179 # else 180 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_base_id() failed"); 136 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED, "EVP_VerifyFinal failed"); 137 138 /* Cleanup and return: */ 181 139 } 182 140 else 183 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 184 "EVP_PKEY_set_type(%u) failed (sig algo %s)", idAlgoPkey, pszAlgoSn); 185 # endif 186 /* Cleanup and return.*/ 187 EVP_PKEY_free(pEvpPublicKey); 141 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALOG_INIT_FAILED, 142 "EVP_VerifyInit_ex failed (algorithm type is %s)", pAlgorithm->szObjId); 143 EVP_MD_CTX_destroy(pEvpMdCtx); 188 144 } 189 145 else 190 rcOssl = RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", iAlgoNid); 191 } 192 else 193 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALOG_INIT_FAILED, 194 "EVP_VerifyInit_ex failed (algorithm type is %s / %s)", pszAlgoSn, pAlgorithm->szObjId); 195 EVP_MD_CTX_destroy(pEvpMdCtx); 146 rcOssl = RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_MD_CTX_create failed"); 147 EVP_PKEY_free(pEvpPublicKey); 148 } 196 149 197 150 /* … … 211 164 212 165 213 RTDECL(int) RTCrPkixPubKeyVerifySignedDigest(PCRTASN1OBJID pAlgorithm, PCRTASN1DYNTYPE pParameters, PCRTASN1BITSTRING pPublicKey,166 RTDECL(int) RTCrPkixPubKeyVerifySignedDigest(PCRTASN1OBJID pAlgorithm, RTCRKEY hPublicKey, PCRTASN1DYNTYPE pParameters, 214 167 void const *pvSignedDigest, size_t cbSignedDigest, RTCRDIGEST hDigest, 215 168 PRTERRINFO pErrInfo) … … 228 181 } 229 182 230 AssertPtrReturn( pPublicKey, VERR_INVALID_POINTER);231 Assert Return(RTAsn1BitString_IsPresent(pPublicKey), VERR_INVALID_POINTER);183 AssertPtrReturn(hPublicKey, VERR_INVALID_POINTER); 184 Assert(RTCrKeyHasPublicPart(hPublicKey)); 232 185 233 186 AssertPtrReturn(pvSignedDigest, VERR_INVALID_POINTER); … … 247 200 */ 248 201 RTCRPKIXSIGNATURE hSignature; 249 int rcIprt = RTCrPkixSignatureCreateByObjId(&hSignature, pAlgorithm, false /*fSigning*/, pPublicKey, pParameters);202 int rcIprt = RTCrPkixSignatureCreateByObjId(&hSignature, pAlgorithm, hPublicKey, pParameters, false /*fSigning*/); 250 203 if (RT_FAILURE(rcIprt)) 251 204 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_CIPHER_ALGO_NOT_KNOWN, … … 263 216 * Validate using OpenSSL EVP. 264 217 */ 265 rtCrOpenSslInit(); 266 218 /* Combine encryption and digest if the algorithm doesn't specify the digest type. */ 267 219 const char *pszAlgObjId = pAlgorithm->szObjId; 268 220 if (!strcmp(pszAlgObjId, RTCRX509ALGORITHMIDENTIFIERID_RSA)) … … 274 226 } 275 227 276 /* Translate the algorithm ID into a EVP message digest type pointer. */277 int iAlgoNid = OBJ_txt2nid(pszAlgObjId);278 if (iAlgoNid == NID_undef)279 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN,280 "Unknown public key algorithm [OpenSSL]: %s", pszAlgObjId);281 const char *pszAlgoSn = OBJ_nid2sn(iAlgoNid);282 283 # if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER)284 int idAlgoPkey = 0;285 int idAlgoMd = 0;286 if (!OBJ_find_sigid_algs(iAlgoNid, &idAlgoMd, &idAlgoPkey))287 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,288 "OBJ_find_sigid_algs failed on %u (%s, %s)", iAlgoNid, pszAlgoSn, pAlgorithm->szObjId);289 const EVP_MD *pEvpMdType = EVP_get_digestbynid(idAlgoMd);290 if (!pEvpMdType)291 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,292 "EVP_get_digestbynid failed on %d (%s, %s)", idAlgoMd, pszAlgoSn, pAlgorithm->szObjId);293 # else294 const EVP_MD *pEvpMdType = EVP_get_digestbyname(pszAlgoSn);295 if (!pEvpMdType)296 return RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_CIPHER_ALGO_NOT_KNOWN_EVP,297 "EVP_get_digestbyname failed on %s (%s)", pszAlgoSn, pszAlgObjId);298 # endif299 300 228 /* Create an EVP public key. */ 301 int rcOssl; 302 EVP_PKEY *pEvpPublicKey = EVP_PKEY_new(); 303 if (pEvpPublicKey) 304 { 305 # if OPENSSL_VERSION_NUMBER >= 0x10001000 && !defined(LIBRESSL_VERSION_NUMBER) 306 if (EVP_PKEY_set_type(pEvpPublicKey, idAlgoPkey)) 229 EVP_PKEY *pEvpPublicKey = NULL; 230 const EVP_MD *pEvpMdType = NULL; 231 int rcOssl = rtCrKeyToOpenSslKey(hPublicKey, true /*fNeedPublic*/, pszAlgObjId, &pEvpPublicKey, &pEvpMdType, pErrInfo); 232 if (RT_SUCCESS(rcOssl)) 233 { 234 /* Create an EVP public key context we can use to validate the digest. */ 235 EVP_PKEY_CTX *pEvpPKeyCtx = EVP_PKEY_CTX_new(pEvpPublicKey, NULL); 236 if (pEvpPKeyCtx) 307 237 { 308 int idKeyType = EVP_PKEY_base_id(pEvpPublicKey); 309 # else 310 int idKeyType = pEvpPublicKey->type = EVP_PKEY_type(pEvpMdType->required_pkey_type[0]); 311 # endif 312 if (idKeyType != NID_undef) 313 238 rcOssl = EVP_PKEY_verify_init(pEvpPKeyCtx); 239 if (rcOssl > 0) 314 240 { 315 const unsigned char *puchPublicKey = RTASN1BITSTRING_GET_BIT0_PTR(pPublicKey);316 if ( d2i_PublicKey(idKeyType, &pEvpPublicKey, &puchPublicKey, RTASN1BITSTRING_GET_BYTE_SIZE(pPublicKey)))241 rcOssl = EVP_PKEY_CTX_set_signature_md(pEvpPKeyCtx, pEvpMdType); 242 if (rcOssl > 0) 317 243 { 318 /* Create an EVP public key context we can use to validate the digest. */ 319 EVP_PKEY_CTX *pEvpPKeyCtx = EVP_PKEY_CTX_new(pEvpPublicKey, NULL); 320 if (pEvpPKeyCtx) 321 { 322 rcOssl = EVP_PKEY_verify_init(pEvpPKeyCtx); 323 if (rcOssl > 0) 324 { 325 rcOssl = EVP_PKEY_CTX_set_signature_md(pEvpPKeyCtx, pEvpMdType); 326 if (rcOssl > 0) 327 { 328 /* Get the digest from hDigest and verify it. */ 329 rcOssl = EVP_PKEY_verify(pEvpPKeyCtx, 330 (uint8_t const *)pvSignedDigest, 331 cbSignedDigest, 332 RTCrDigestGetHash(hDigest), 333 RTCrDigestGetHashSize(hDigest)); 334 if (rcOssl > 0) 335 rcOssl = VINF_SUCCESS; 336 else 337 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED, 338 "EVP_PKEY_verify failed (%d)", rcOssl); 339 } 340 else 341 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 342 "EVP_PKEY_CTX_set_signature_md failed (%d)", rcOssl); 343 } 344 else 345 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 346 "EVP_PKEY_verify_init failed (%d)", rcOssl); 347 EVP_PKEY_CTX_free(pEvpPKeyCtx); 348 } 244 /* Get the digest from hDigest and verify it. */ 245 rcOssl = EVP_PKEY_verify(pEvpPKeyCtx, 246 (uint8_t const *)pvSignedDigest, 247 cbSignedDigest, 248 RTCrDigestGetHash(hDigest), 249 RTCrDigestGetHashSize(hDigest)); 250 if (rcOssl > 0) 251 rcOssl = VINF_SUCCESS; 349 252 else 350 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_CTX_new failed"); 253 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_VERIFY_FINAL_FAILED, 254 "EVP_PKEY_verify failed (%d)", rcOssl); 255 /* Cleanup and return: */ 351 256 } 352 257 else 353 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_D2I_PUBLIC_KEY_FAILED, "d2i_PublicKey failed"); 258 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 259 "EVP_PKEY_CTX_set_signature_md failed (%d)", rcOssl); 354 260 } 355 261 else 356 # if OPENSSL_VERSION_NUMBER < 0x10001000 || defined(LIBRESSL_VERSION_NUMBER) 357 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_type() failed"); 358 # else 359 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_base_id() failed"); 262 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 263 "EVP_PKEY_verify_init failed (%d)", rcOssl); 264 EVP_PKEY_CTX_free(pEvpPKeyCtx); 360 265 } 361 266 else 362 rcOssl = RTErrInfoSetF(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, 363 "EVP_PKEY_set_type(%u) failed (sig algo %s)", idAlgoPkey, pszAlgoSn); 364 # endif 365 366 /* Cleanup and return.*/ 267 rcOssl = RTErrInfoSet(pErrInfo, VERR_CR_PKIX_OSSL_EVP_PKEY_TYPE_ERROR, "EVP_PKEY_CTX_new failed"); 367 268 EVP_PKEY_free(pEvpPublicKey); 368 269 } 369 else370 rcOssl = RTErrInfoSetF(pErrInfo, VERR_NO_MEMORY, "EVP_PKEY_new(%d) failed", iAlgoNid);371 270 372 271 /* … … 385 284 } 386 285 286 287 RTDECL(int) RTCrPkixPubKeyVerifySignedDigestByCertPubKeyInfo(PCRTCRX509SUBJECTPUBLICKEYINFO pCertPubKeyInfo, 288 void const *pvSignedDigest, size_t cbSignedDigest, 289 RTCRDIGEST hDigest, PRTERRINFO pErrInfo) 290 { 291 RTCRKEY hPublicKey; 292 int rc = RTCrKeyCreateFromPublicAlgorithmAndBits(&hPublicKey, &pCertPubKeyInfo->Algorithm.Algorithm, 293 &pCertPubKeyInfo->SubjectPublicKey, pErrInfo, NULL); 294 if (RT_SUCCESS(rc)) 295 { 296 rc = RTCrPkixPubKeyVerifySignedDigest(&pCertPubKeyInfo->Algorithm.Algorithm, hPublicKey, 297 &pCertPubKeyInfo->Algorithm.Parameters, pvSignedDigest, cbSignedDigest, 298 hDigest, pErrInfo); 299 300 uint32_t cRefs = RTCrKeyRelease(hPublicKey); 301 Assert(cRefs == 0); RT_NOREF(cRefs); 302 } 303 return rc; 304 } 305 -
trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp
r69111 r73665 32 32 #include <iprt/crypto/x509.h> 33 33 #include <iprt/crypto/pkix.h> 34 #include <iprt/crypto/key.h> 34 35 35 36 #include <iprt/err.h> … … 76 77 77 78 /* 79 * Wrap up the public key. 80 */ 81 RTCRKEY hPubKey; 82 int rc = RTCrKeyCreateFromPublicAlgorithmAndBits(&hPubKey, pAlgorithm, pPublicKey, pErrInfo, NULL); 83 if (RT_FAILURE(rc)) 84 return rc; 85 86 /* 78 87 * Here we should recode the to-be-signed part as DER, but we'll ASSUME 79 88 * that it's already in DER encoding and only does this if there the … … 82 91 if ( pThis->TbsCertificate.SeqCore.Asn1Core.uData.pu8 83 92 && pThis->TbsCertificate.SeqCore.Asn1Core.cb > 0) 84 return RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey, &pThis->SignatureValue, 85 RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core), 86 RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core), 87 pErrInfo); 93 rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, hPubKey, pParameters, &pThis->SignatureValue, 94 RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core), 95 RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core), 96 pErrInfo); 97 else 98 { 99 uint32_t cbEncoded; 100 int rc = RTAsn1EncodePrepare((PRTASN1CORE)&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo); 101 if (RT_SUCCESS(rc)) 102 { 103 void *pvTbsBits = RTMemTmpAlloc(cbEncoded); 104 if (pvTbsBits) 105 { 106 rc = RTAsn1EncodeToBuffer(&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, 107 pvTbsBits, cbEncoded, pErrInfo); 108 if (RT_SUCCESS(rc)) 109 rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, hPubKey, pParameters, 110 &pThis->SignatureValue, pvTbsBits, cbEncoded, pErrInfo); 111 else 112 AssertRC(rc); 113 RTMemTmpFree(pvTbsBits); 114 } 115 else 116 rc = VERR_NO_TMP_MEMORY; 117 } 118 } 88 119 89 uint32_t cbEncoded; 90 int rc = RTAsn1EncodePrepare((PRTASN1CORE)&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo); 91 if (RT_SUCCESS(rc)) 92 { 93 void *pvTbsBits = RTMemTmpAlloc(cbEncoded); 94 if (pvTbsBits) 95 { 96 rc = RTAsn1EncodeToBuffer(&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, 97 pvTbsBits, cbEncoded, pErrInfo); 98 if (RT_SUCCESS(rc)) 99 rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, pParameters, pPublicKey, 100 &pThis->SignatureValue, pvTbsBits, cbEncoded, pErrInfo); 101 else 102 AssertRC(rc); 103 RTMemTmpFree(pvTbsBits); 104 } 105 else 106 rc = VERR_NO_TMP_MEMORY; 107 } 120 /* Free the public key. */ 121 uint32_t cRefs = RTCrKeyRelease(hPubKey); 122 Assert(cRefs == 0); NOREF(cRefs); 123 108 124 return rc; 109 125 } -
trunk/src/VBox/Runtime/common/math/bignum.cpp
r69111 r73665 840 840 { 841 841 Assert(pBigNum->cAllocated > 0); 842 if (pBigNum->fSensitive) 842 if (!pBigNum->fSensitive) 843 RTMemFree(pBigNum->pauElements); 844 else 843 845 { 844 846 RTMemSaferFree(pBigNum->pauElements, pBigNum->cAllocated * RTBIGNUM_ELEMENT_SIZE); 845 847 RT_ZERO(*pBigNum); 846 848 } 847 RTMemFree(pBigNum->pauElements);848 849 pBigNum->pauElements = NULL; 849 850 }
Note:
See TracChangeset
for help on using the changeset viewer.
