Changeset 97372 in vbox for trunk/src/libs/openssl-3.0.7/crypto/rsa

Timestamp:

Nov 2, 2022 7:40:16 AM (2 years ago)

Author:

vboxsync

Message:

libs: Switch to openssl-3.0.7, bugref:10317

Location:

trunk/src/libs/openssl-3.0.7

Files:

trunk/src/libs/openssl-3.0.7

Property svn:mergeinfo

-              r94404
+              r97372
         ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
         ASN1_STRING_free(str);
+        OPENSSL_clear_free(rk, rklen);
         return 0;
+    }
 …
     if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
         return NULL;
     if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+    if (EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen) <= 0)
         return NULL;
     if (saltlen == -1) {

-              r95219
+              r97372
             BIGNUM *tmp = NULL;
+            if (!OSSL_PARAM_get_BN(p, &tmp)
+                || sk_BIGNUM_push(numbers, tmp) == 0)
+            if (!OSSL_PARAM_get_BN(p, &tmp))
                 return 0;
+            if (sk_BIGNUM_push(numbers, tmp) == 0) {
+                BN_clear_free(tmp);
+                return 0;
+            }
+        }
+    }

-              r94082
+              r97372
 /*
  * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
 …
     return ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key));
 #else
     return rsa_validate_keypair_multiprime(key, NULL);
+    return rsa_validate_keypair_multiprime(key, NULL) > 0;
 #endif
+}

-              r94082
+              r97372
 /*
  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
 …
     int ok = 0;
+#ifdef FIPS_MODULE
+    ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
+    pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
+#else
     /*
      * Only multi-prime keys or insecure keys with a small key length will use
      * the older rsa_multiprime_keygen().
+     * Only multi-prime keys or insecure keys with a small key length or a
+     * public exponent <= 2^16 will use the older rsa_multiprime_keygen().
      */
+    if (primes == 2 && bits >= 2048)
+    if (primes == 2
+            && bits >= 2048
+            && (e_value == NULL || BN_num_bits(e_value) > 16))
         ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
-#ifndef FIPS_MODULE
     else
         ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb);
 #endif /* FIPS_MODULE */
-#ifdef FIPS_MODULE
-    pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
-#endif
     if (pairwise_test && ok > 0) {
         OSSL_CALLBACK *stcb = NULL;

-              r94082
+              r97372
 /*
  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
 …
+{
     OSSL_PARAM rsa_params[2], *p = rsa_params;
+    int ret;
     if (ctx == NULL || !EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)) {
 …
     *p++ = OSSL_PARAM_construct_end();
+    if (!evp_pkey_ctx_set_params_strict(ctx, rsa_params))
+        return 0;
+    ret = evp_pkey_ctx_set_params_strict(ctx, rsa_params);
+    if (ret <= 0)
+        return ret;
     /* Ownership is supposed to be transfered to the callee. */

Note: See TracChangeset for help on using the changeset viewer.