Date: Wed, 17 Oct 2018 22:37:06 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r482307 - in branches/2018Q4/devel/android-tools-adb: . files Message-ID: <201810172237.w9HMb60n025098@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Wed Oct 17 22:37:06 2018 New Revision: 482307 URL: https://svnweb.freebsd.org/changeset/ports/482307 Log: MFH: r482120 r482122 devel/android-tools-adb: unbreak with OpenSSL 1.1 adb/../libcrypto_utils/android_pubkey.c:84:10: error: incomplete definition of type 'struct rsa_st' new_key->n = BN_bin2bn(modulus_buffer, sizeof(modulus_buffer), NULL); ~~~~~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:85:15: error: incomplete definition of type 'struct rsa_st' if (!new_key->n) { ~~~~~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:90:10: error: incomplete definition of type 'struct rsa_st' new_key->e = BN_new(); ~~~~~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:91:15: error: incomplete definition of type 'struct rsa_st' if (!new_key->e || !BN_set_word(new_key->e, key_struct->exponent)) { ~~~~~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:91:42: error: incomplete definition of type 'struct rsa_st' if (!new_key->e || !BN_set_word(new_key->e, key_struct->exponent)) { ~~~~~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:138:18: error: incomplete definition of type 'struct bignum_st' BN_ULONG l = in->d[constant_time_select_ulong( ~~^ /usr/include/openssl/ossl_typ.h:80:16: note: forward declaration of 'struct bignum_st' typedef struct bignum_st BIGNUM; ^ adb/../libcrypto_utils/android_pubkey.c:139:33: error: incomplete definition of type 'struct bignum_st' constant_time_le_size_t(in->dmax, i), in->dmax - 1, i)]; ~~^ /usr/include/openssl/ossl_typ.h:80:16: note: forward declaration of 'struct bignum_st' typedef struct bignum_st BIGNUM; ^ adb/../libcrypto_utils/android_pubkey.c:139:47: error: incomplete definition of type 'struct bignum_st' constant_time_le_size_t(in->dmax, i), in->dmax - 1, i)]; ~~^ /usr/include/openssl/ossl_typ.h:80:16: note: forward declaration of 'struct bignum_st' typedef struct bignum_st BIGNUM; ^ adb/../libcrypto_utils/android_pubkey.c:142:63: error: incomplete definition of type 'struct bignum_st' return constant_time_select_ulong(constant_time_le_size_t(in->top, i), 0, l); ~~^ /usr/include/openssl/ossl_typ.h:80:16: note: forward declaration of 'struct bignum_st' typedef struct bignum_st BIGNUM; ^ adb/../libcrypto_utils/android_pubkey.c:157:17: error: incomplete definition of type 'struct bignum_st' if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) { ~~^ /usr/include/openssl/ossl_typ.h:80:16: note: forward declaration of 'struct bignum_st' typedef struct bignum_st BIGNUM; ^ adb/../libcrypto_utils/android_pubkey.c:210:25: error: incomplete definition of type 'struct rsa_st' !BN_mod(n0inv, key->n, r32, ctx) || ~~~^ /usr/include/openssl/bn.h:247:49: note: expanded from macro 'BN_mod' # define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) ^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:217:40: error: incomplete definition of type 'struct rsa_st' if (!android_pubkey_encode_bignum(key->n, key_struct->modulus)) { ~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:223:30: error: incomplete definition of type 'struct rsa_st' !BN_mod_sqr(rr, rr, key->n, ctx) || ~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ adb/../libcrypto_utils/android_pubkey.c:229:51: error: incomplete definition of type 'struct rsa_st' key_struct->exponent = (uint32_t)BN_get_word(key->e); ~~~^ /usr/include/openssl/ossl_typ.h:110:16: note: forward declaration of 'struct rsa_st' typedef struct rsa_st RSA; ^ Reported by: pkg-fallout Approved by: ports-secteam blanket Modified: branches/2018Q4/devel/android-tools-adb/Makefile branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c Directory Properties: branches/2018Q4/ (props changed) Modified: branches/2018Q4/devel/android-tools-adb/Makefile ============================================================================== --- branches/2018Q4/devel/android-tools-adb/Makefile Wed Oct 17 22:35:36 2018 (r482306) +++ branches/2018Q4/devel/android-tools-adb/Makefile Wed Oct 17 22:37:06 2018 (r482307) @@ -3,7 +3,7 @@ PORTNAME= android-tools-adb DISTVERSIONPREFIX= android- DISTVERSION?= 9.0.0_r3 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= devel comms MAINTAINER= jbeich@FreeBSD.org Modified: branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c ============================================================================== --- branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c Wed Oct 17 22:35:36 2018 (r482306) +++ branches/2018Q4/devel/android-tools-adb/files/patch-libcrypto__utils_android__pubkey.c Wed Oct 17 22:37:06 2018 (r482307) @@ -1,14 +1,101 @@ --- libcrypto_utils/android_pubkey.c.orig 2016-04-16 00:01:39 UTC +++ libcrypto_utils/android_pubkey.c -@@ -110,6 +110,76 @@ cleanup: +@@ -61,10 +61,49 @@ static void reverse_bytes(uint8_t* buffer, size_t size + } + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++// http://github.com/google/boringssl/commit/5a91503826ad ++static void RSA_get0_key(const RSA *rsa, const BIGNUM **out_n, const BIGNUM **out_e, ++ const BIGNUM **out_d) { ++ if (out_n != NULL) { ++ *out_n = rsa->n; ++ } ++ if (out_e != NULL) { ++ *out_e = rsa->e; ++ } ++ if (out_d != NULL) { ++ *out_d = rsa->d; ++ } ++} ++ ++static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d) { ++ if ((rsa->n == NULL && n == NULL) || ++ (rsa->e == NULL && e == NULL)) { ++ return 0; ++ } ++ ++ if (n != NULL) { ++ BN_free(rsa->n); ++ rsa->n = n; ++ } ++ if (e != NULL) { ++ BN_free(rsa->e); ++ rsa->e = e; ++ } ++ if (d != NULL) { ++ BN_free(rsa->d); ++ rsa->d = d; ++ } ++ ++ return 1; ++} ++#endif ++ + bool android_pubkey_decode(const uint8_t* key_buffer, size_t size, RSA** key) { + const RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer; + bool ret = false; + uint8_t modulus_buffer[ANDROID_PUBKEY_MODULUS_SIZE]; ++ BIGNUM *new_key_n, *new_key_e; + RSA* new_key = RSA_new(); + if (!new_key) { + goto cleanup; +@@ -81,14 +120,14 @@ bool android_pubkey_decode(const uint8_t* key_buffer, + // Convert the modulus to big-endian byte order as expected by BN_bin2bn. + memcpy(modulus_buffer, key_struct->modulus, sizeof(modulus_buffer)); + reverse_bytes(modulus_buffer, sizeof(modulus_buffer)); +- new_key->n = BN_bin2bn(modulus_buffer, sizeof(modulus_buffer), NULL); +- if (!new_key->n) { ++ new_key_n = BN_bin2bn(modulus_buffer, sizeof(modulus_buffer), NULL); ++ if (!new_key_n) { + goto cleanup; + } + + // Read the exponent. +- new_key->e = BN_new(); +- if (!new_key->e || !BN_set_word(new_key->e, key_struct->exponent)) { ++ new_key_e = BN_new(); ++ if (!new_key_e || !BN_set_word(new_key_e, key_struct->exponent)) { + goto cleanup; + } + +@@ -100,6 +139,7 @@ bool android_pubkey_decode(const uint8_t* key_buffer, + // be added here if/when we want the additional speedup from using the + // pre-computed montgomery parameters. + ++ RSA_set0_key(new_key, new_key_n, new_key_e, NULL); + *key = new_key; + ret = true; + +@@ -110,6 +150,83 @@ cleanup: return ret; } +#if !defined(OPENSSL_IS_BORINGSSL) +// https://android.googlesource.com/platform/external/chromium_org/third_party/boringssl/src/+/6887edb%5E!/ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++struct bignum_st { ++ BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks in little-endian ++ order. */ ++ int top; // Index of last used element in |d|, plus one. ++ int dmax; // Size of |d|, in words. ++ int neg; // one if the number is negative ++ int flags; // bitmask of BN_FLG_* values ++}; ++#endif + -+/* constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its -+ * behavior is undefined if |v| takes any other value. */ ++// constant_time_select_ulong returns |x| if |v| is 1 and |y| if |v| is 0. Its ++// behavior is undefined if |v| takes any other value. +static BN_ULONG constant_time_select_ulong(int v, BN_ULONG x, BN_ULONG y) { + BN_ULONG mask = v; + mask--; @@ -16,58 +103,55 @@ + return (~mask & x) | (mask & y); +} + -+/* constant_time_le_size_t returns 1 if |x| <= |y| and 0 otherwise. |x| and |y| -+ * must not have their MSBs set. */ ++// constant_time_le_size_t returns 1 if |x| <= |y| and 0 otherwise. |x| and |y| ++// must not have their MSBs set. +static int constant_time_le_size_t(size_t x, size_t y) { + return ((x - y - 1) >> (sizeof(size_t) * 8 - 1)) & 1; +} + -+/* read_word_padded returns the |i|'th word of |in|, if it is not out of -+ * bounds. Otherwise, it returns 0. It does so without branches on the size of -+ * |in|, however it necessarily does not have the same memory access pattern. If -+ * the access would be out of bounds, it reads the last word of |in|. |in| must -+ * not be zero. */ ++// read_word_padded returns the |i|'th word of |in|, if it is not out of ++// bounds. Otherwise, it returns 0. It does so without branches on the size of ++// |in|, however it necessarily does not have the same memory access pattern. If ++// the access would be out of bounds, it reads the last word of |in|. |in| must ++// not be zero. +static BN_ULONG read_word_padded(const BIGNUM *in, size_t i) { -+ /* Read |in->d[i]| if valid. Otherwise, read the last word. */ ++ // Read |in->d[i]| if valid. Otherwise, read the last word. + BN_ULONG l = in->d[constant_time_select_ulong( + constant_time_le_size_t(in->dmax, i), in->dmax - 1, i)]; + -+ /* Clamp to zero if above |d->top|. */ ++ // Clamp to zero if above |d->top|. + return constant_time_select_ulong(constant_time_le_size_t(in->top, i), 0, l); +} + -+static int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { -+ size_t i; -+ BN_ULONG l; -+ -+ /* Special case for |in| = 0. Just branch as the probability is negligible. */ ++int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) { ++ // Special case for |in| = 0. Just branch as the probability is negligible. + if (BN_is_zero(in)) { + memset(out, 0, len); + return 1; + } + -+ /* Check if the integer is too big. This case can exit early in non-constant -+ * time. */ ++ // Check if the integer is too big. This case can exit early in non-constant ++ // time. + if ((size_t)in->top > (len + (BN_BYTES - 1)) / BN_BYTES) { + return 0; + } + if ((len % BN_BYTES) != 0) { -+ l = read_word_padded(in, len / BN_BYTES); ++ BN_ULONG l = read_word_padded(in, len / BN_BYTES); + if (l >> (8 * (len % BN_BYTES)) != 0) { + return 0; + } + } + -+ /* Write the bytes out one by one. Serialization is done without branching on -+ * the bits of |in| or on |in->top|, but if the routine would otherwise read -+ * out of bounds, the memory access pattern can't be fixed. However, for an -+ * RSA key of size a multiple of the word size, the probability of BN_BYTES -+ * leading zero octets is low. -+ * -+ * See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. */ -+ i = len; ++ // Write the bytes out one by one. Serialization is done without branching on ++ // the bits of |in| or on |in->top|, but if the routine would otherwise read ++ // out of bounds, the memory access pattern can't be fixed. However, for an ++ // RSA key of size a multiple of the word size, the probability of BN_BYTES ++ // leading zero octets is low. ++ // ++ // See Falko Stenzke, "Manger's Attack revisited", ICICS 2010. ++ size_t i = len; + while (i--) { -+ l = read_word_padded(in, i / BN_BYTES); ++ BN_ULONG l = read_word_padded(in, i / BN_BYTES); + *(out++) = (uint8_t)(l >> (8 * (i % BN_BYTES))) & 0xff; + } + return 1; @@ -77,3 +161,44 @@ static bool android_pubkey_encode_bignum(const BIGNUM* num, uint8_t* buffer) { if (!BN_bn2bin_padded(buffer, ANDROID_PUBKEY_MODULUS_SIZE, num)) { return false; +@@ -120,6 +237,7 @@ static bool android_pubkey_encode_bignum(const BIGNUM* + } + + bool android_pubkey_encode(const RSA* key, uint8_t* key_buffer, size_t size) { ++ const BIGNUM *key_n, *key_e; + RSAPublicKey* key_struct = (RSAPublicKey*)key_buffer; + bool ret = false; + BN_CTX* ctx = BN_CTX_new(); +@@ -136,27 +254,28 @@ bool android_pubkey_encode(const RSA* key, uint8_t* ke + key_struct->modulus_size_words = ANDROID_PUBKEY_MODULUS_SIZE_WORDS; + + // Compute and store n0inv = -1 / N[0] mod 2^32. ++ RSA_get0_key(key, &key_n, &key_e, NULL); + if (!ctx || !r32 || !n0inv || !BN_set_bit(r32, 32) || +- !BN_mod(n0inv, key->n, r32, ctx) || ++ !BN_mod(n0inv, key_n, r32, ctx) || + !BN_mod_inverse(n0inv, n0inv, r32, ctx) || !BN_sub(n0inv, r32, n0inv)) { + goto cleanup; + } + key_struct->n0inv = (uint32_t)BN_get_word(n0inv); + + // Store the modulus. +- if (!android_pubkey_encode_bignum(key->n, key_struct->modulus)) { ++ if (!android_pubkey_encode_bignum(key_n, key_struct->modulus)) { + goto cleanup; + } + + // Compute and store rr = (2^(rsa_size)) ^ 2 mod N. + if (!ctx || !rr || !BN_set_bit(rr, ANDROID_PUBKEY_MODULUS_SIZE * 8) || +- !BN_mod_sqr(rr, rr, key->n, ctx) || ++ !BN_mod_sqr(rr, rr, key_n, ctx) || + !android_pubkey_encode_bignum(rr, key_struct->rr)) { + goto cleanup; + } + + // Store the exponent. +- key_struct->exponent = (uint32_t)BN_get_word(key->e); ++ key_struct->exponent = (uint32_t)BN_get_word(key_e); + + ret = true; +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810172237.w9HMb60n025098>