forked from rpms/openssl
		
	Abort on PCT failure
Related: rhbz#2168324
This commit is contained in:
		
							parent
							
								
									dd6f0d33c8
								
							
						
					
					
						commit
						960e6deebf
					
				| @ -129,7 +129,7 @@ diff -up openssl-3.0.7/providers/implementations/keymgmt/ec_kmgmt.c.pairwise ope | ||||
| +    /* Pairwise consistency test */
 | ||||
| +    if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
 | ||||
| +        && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
 | ||||
| +        goto err;
 | ||||
| +        abort();
 | ||||
| +#endif
 | ||||
|   | ||||
|      if (gctx->group_check != NULL) | ||||
| @ -263,7 +263,7 @@ diff -up openssl-3.0.7/providers/implementations/keymgmt/rsa_kmgmt.c.pairwise op | ||||
| +#ifdef FIPS_MODULE
 | ||||
| +    /* Pairwise consistency test */
 | ||||
| +    if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
 | ||||
| +        goto err;
 | ||||
| +        abort();
 | ||||
| +#endif
 | ||||
|   err: | ||||
|      BN_GENCB_free(gencb); | ||||
| @ -316,7 +316,7 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op | ||||
|  { | ||||
|      PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; | ||||
|   | ||||
| @@ -1504,6 +1504,35 @@ static const OSSL_PARAM *rsa_settable_ct
 | ||||
| @@ -1504,6 +1504,45 @@ static const OSSL_PARAM *rsa_settable_ct
 | ||||
|      return EVP_MD_settable_ctx_params(prsactx->md); | ||||
|  } | ||||
|   | ||||
| @ -324,8 +324,9 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op | ||||
| +int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
 | ||||
| +{
 | ||||
| +    static const char data[32];
 | ||||
| +    unsigned char sigbuf[256];
 | ||||
| +    size_t siglen = sizeof(sigbuf);
 | ||||
| +    unsigned char *sigbuf = NULL;
 | ||||
| +    size_t siglen = 0;
 | ||||
| +    int ret = 0;
 | ||||
| +
 | ||||
| +    if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
 | ||||
| +        return 0;
 | ||||
| @ -333,19 +334,28 @@ diff -up openssl-3.0.7/providers/implementations/signature/rsa_sig.c.pairwise op | ||||
| +    if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
 | ||||
| +        return 0;
 | ||||
| +
 | ||||
| +    if (rsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
 | ||||
| +    if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
 | ||||
| +        return 0;
 | ||||
| +
 | ||||
| +    if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
 | ||||
| +        return 0;
 | ||||
| +
 | ||||
| +    if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
 | ||||
| +        goto err;
 | ||||
| +
 | ||||
| +    if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
 | ||||
| +        return 0;
 | ||||
| +        goto err;
 | ||||
| +
 | ||||
| +    if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
 | ||||
| +        return 0;
 | ||||
| +        goto err;
 | ||||
| +
 | ||||
| +    if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
 | ||||
| +        return 0;
 | ||||
| +        goto err;
 | ||||
| +    ret = 1;
 | ||||
| +
 | ||||
| +    return 1;
 | ||||
| + err:
 | ||||
| +    OPENSSL_free(sigbuf);
 | ||||
| +    return ret;
 | ||||
| +}
 | ||||
| +#endif
 | ||||
| +
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user