Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moves to OpenSSL 1.1.1 #60

Merged
merged 11 commits into from
Oct 16, 2019
+252 −278
Merged

Moves to OpenSSL 1.1.1 #60

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
83fc377
Initial attempt to move to openssl 1.1.0
SalusaSecondus Jul 23, 2019
f7e027d
Add explicit pthread requirement
SalusaSecondus Jul 24, 2019
14b3e08
Bump version to 1.2.0
SalusaSecondus Sep 11, 2019
11b9e89
Merge branch 'develop' into ossl1.1.0
SalusaSecondus Oct 2, 2019
a5f369b
Move to openssl 1.1.1d
SalusaSecondus Oct 2, 2019
5cbf65d
Merge branch 'develop' into ossl1.1.0
SalusaSecondus Oct 3, 2019
cac101b
Merge branch 'develop' into ossl1.1.0
SalusaSecondus Oct 3, 2019
9fcca4a
Merge branch 'develop' into ossl1.1.0
SalusaSecondus Oct 11, 2019
ffa6fc7
Ignore IntelliJ files
SalusaSecondus Oct 14, 2019
904d924
Fix possible memory leak in rsa_cipher.cpp
SalusaSecondus Oct 14, 2019
f887558
Remove duplicate word in comment
SalusaSecondus Oct 15, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions csrc/bn.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,20 @@ class BigNumObj {
return m_pBN;
}

void releaseOwnership() {
m_pBN = NULL;
}

static BigNumObj fromJavaArray(raii_env &env, jbyteArray array) {
BigNumObj result;

if (array) {
result.ensure_init();
jarr2bn(env, array, result.m_pBN);
}
return result;
}

#ifdef HAVE_CPP11
BigNumObj(const BigNumObj &) = delete;
BigNumObj &operator=(const BigNumObj &) = delete;
Expand Down
72 changes: 28 additions & 44 deletions csrc/rsa_cipher.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,26 +12,6 @@

using namespace AmazonCorrettoCryptoProvider;

namespace {

BIGNUM *opt_jarr2bn(raii_env &env, jbyteArray array) {
BIGNUM *ret = NULL;
if (array) {
ret = BN_new();

try {
jarr2bn(env, array, ret);
} catch (...) {
BN_clear_free(ret);
throw;
}
}

return ret;
}

} // anonymous namespace

/*
* Class: com_amazon_corretto_crypto_provider_RsaCipher
* Method: releaseNativeKey
Expand Down Expand Up @@ -70,49 +50,52 @@ JNIEXPORT jint JNICALL Java_com_amazon_corretto_crypto_provider_RsaCipher_cipher

)
{

try {
raii_env env(pEnv);

RSA_auto backing; // Used for auto-cleanup
RSA* r = (RSA *) backing;
BIGNUM *bn_n;
BIGNUM *bn_e;
BIGNUM *bn_d;
BIGNUM *bn_p;
BIGNUM *bn_q;
BIGNUM *bn_dmp1;
BIGNUM *bn_dmq1;
BIGNUM *bn_iqmp;
switch (handleMode) {
case com_amazon_corretto_crypto_provider_RsaCipher_HANDLE_USAGE_IGNORE: // fallthrough
case com_amazon_corretto_crypto_provider_RsaCipher_HANDLE_USAGE_CREATE:
bn_n = opt_jarr2bn(env, n);
bn_e = opt_jarr2bn(env, e);
bn_d = opt_jarr2bn(env, d);
bn_p = opt_jarr2bn(env, p);
bn_q = opt_jarr2bn(env, q);
bn_dmp1 = opt_jarr2bn(env, dmp1);
bn_dmq1 = opt_jarr2bn(env, dmq1);
bn_iqmp = opt_jarr2bn(env, iqmp);

if (!bn_e) {
bn_e = BN_new();
}
if (!bn_d) {
bn_d = BN_new();
}
{
// When used with a set0 method, memory ownership transfers to the receiving object.
// Thus, after successful ownership transfer, we release ownership of the BIGNUMs.
// Once the RSA key owns them, since it is is an RSA_auto class, it cleans itself
SalusaSecondus marked this conversation as resolved.
Show resolved Hide resolved
// up if it remains on the stack.
BigNumObj bn_n = BigNumObj::fromJavaArray(env, n);
BigNumObj bn_e = BigNumObj::fromJavaArray(env, e);
BigNumObj bn_d = BigNumObj::fromJavaArray(env, d);
BigNumObj bn_p = BigNumObj::fromJavaArray(env, p);
BigNumObj bn_q = BigNumObj::fromJavaArray(env, q);
BigNumObj bn_dmp1 = BigNumObj::fromJavaArray(env, dmp1);
BigNumObj bn_dmq1 = BigNumObj::fromJavaArray(env, dmq1);
BigNumObj bn_iqmp = BigNumObj::fromJavaArray(env, iqmp);

if (!RSA_set0_key(r, bn_n, bn_e, bn_d)) {
throw_openssl(EX_RUNTIME_CRYPTO, "Unable to set key parameters");
} else {
bn_n.releaseOwnership();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Per response on openssl/openssl#10178 this looks correct.

bn_e.releaseOwnership();
bn_d.releaseOwnership();
}

if (p && q && !RSA_set0_factors(r, bn_p, bn_q)) {
SalusaSecondus marked this conversation as resolved.
Show resolved Hide resolved
throw_openssl(EX_RUNTIME_CRYPTO, "Unable to set key factors");
} else {
bn_p.releaseOwnership();
bn_q.releaseOwnership();
}

if (dmp1 && dmq1 && iqmp && !RSA_set0_crt_params(r, bn_dmp1, bn_dmq1, bn_iqmp)) {
throw_openssl(EX_RUNTIME_CRYPTO, "Unable to set key crt_params");
} else {
bn_dmp1.releaseOwnership();
bn_dmq1.releaseOwnership();
bn_iqmp.releaseOwnership();
}

// If it is a private key, we check it for consistency, if possible and requested
if (checkPrivateKey && d != NULL && p != NULL && q != NULL) {
if (RSA_check_key(r) != 1) {
Expand All @@ -132,6 +115,7 @@ JNIEXPORT jint JNICALL Java_com_amazon_corretto_crypto_provider_RsaCipher_cipher
RSA_blinding_off(r);
}
break;
}
case com_amazon_corretto_crypto_provider_RsaCipher_HANDLE_USAGE_USE:
jlong tmpPtr;
env->GetLongArrayRegion(keyHandle, 0, 1, &tmpPtr);
Expand Down