diff options
Diffstat (limited to 'pkgs/os-specific/linux/chromium-os/libbrillo/0003-libbrillo-Use-a-unique_ptr-for-EVP_MD_CTX.patch')
-rw-r--r-- | pkgs/os-specific/linux/chromium-os/libbrillo/0003-libbrillo-Use-a-unique_ptr-for-EVP_MD_CTX.patch | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/chromium-os/libbrillo/0003-libbrillo-Use-a-unique_ptr-for-EVP_MD_CTX.patch b/pkgs/os-specific/linux/chromium-os/libbrillo/0003-libbrillo-Use-a-unique_ptr-for-EVP_MD_CTX.patch new file mode 100644 index 00000000000..ceb9b8746d2 --- /dev/null +++ b/pkgs/os-specific/linux/chromium-os/libbrillo/0003-libbrillo-Use-a-unique_ptr-for-EVP_MD_CTX.patch @@ -0,0 +1,86 @@ +From d79343f36918fd99861426f658fdfb53237661f0 Mon Sep 17 00:00:00 2001 +From: Daniel Kurtz <djkurtz@chromium.org> +Date: Thu, 17 Oct 2019 20:45:53 +1100 +Subject: [PATCH 3/9] libbrillo: Use a unique_ptr for EVP_MD_CTX + +In OpenSSL 1.1, the EVP_MD_CTX struct will become opaque, and therefore +it will not be possible to allocate on the stack. + +Replace this stack allocation with a heap allocated EVP_MD_CTX using the +existing OpenSSL 1.0.2 create/destroy APIs, and manage its lifetime using +a unique_ptr<>. + +Note: There are cases (sludge, tael, tatl), where libbrillo is built +against a libchrome that has been built w/out libbase-crypto (ie, +USE="-crypto"). For this reason, we don't use the equivalent +crypto::ScopedEVP_MD_CTX type for this one instance of this in libbrillo. + +BUG=chromium:737445 +TEST=cros_workon --board=sarien start libbrillo +TEST=w/ openssl-1.0.2t: FEATURES=test emerge-sarien libbrillo +TEST=w/ openssl-1.1.0j: FEATURES=test emerge-sarien libbrillo + => Both build and pass all unittests + +Change-Id: Ic0a43b9c85fcb967c1b381b1602c03f48ac5dcef +Reviewed-on: https://chromium-review.googlesource.com/1866378 +Tested-by: Daniel Kurtz <djkurtz@chromium.org> +Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> +Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org> +Reviewed-by: Mike Frysinger <vapier@chromium.org> +Reviewed-by: Nick Crews <ncrews@chromium.org> +--- + libbrillo/policy/device_policy_impl.cc | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/libbrillo/policy/device_policy_impl.cc b/libbrillo/policy/device_policy_impl.cc +index 958b7ebb7..eaf90c96a 100644 +--- a/libbrillo/policy/device_policy_impl.cc ++++ b/libbrillo/policy/device_policy_impl.cc +@@ -55,36 +55,34 @@ bool ReadPublicKeyFromFile(const base::FilePath& key_file, + bool VerifySignature(const std::string& signed_data, + const std::string& signature, + const std::string& public_key) { +- EVP_MD_CTX ctx; +- EVP_MD_CTX_init(&ctx); ++ std::unique_ptr<EVP_MD_CTX, void (*)(EVP_MD_CTX *)> ctx(EVP_MD_CTX_create(), ++ EVP_MD_CTX_destroy); ++ if (!ctx) ++ return false; + + const EVP_MD* digest = EVP_sha1(); + + char* key = const_cast<char*>(public_key.data()); + BIO* bio = BIO_new_mem_buf(key, public_key.length()); +- if (!bio) { +- EVP_MD_CTX_cleanup(&ctx); ++ if (!bio) + return false; +- } + + EVP_PKEY* public_key_ssl = d2i_PUBKEY_bio(bio, nullptr); + if (!public_key_ssl) { + BIO_free_all(bio); +- EVP_MD_CTX_cleanup(&ctx); + return false; + } + + const unsigned char* sig = + reinterpret_cast<const unsigned char*>(signature.data()); +- int rv = EVP_VerifyInit_ex(&ctx, digest, nullptr); ++ int rv = EVP_VerifyInit_ex(ctx.get(), digest, nullptr); + if (rv == 1) { +- EVP_VerifyUpdate(&ctx, signed_data.data(), signed_data.length()); +- rv = EVP_VerifyFinal(&ctx, sig, signature.length(), public_key_ssl); ++ EVP_VerifyUpdate(ctx.get(), signed_data.data(), signed_data.length()); ++ rv = EVP_VerifyFinal(ctx.get(), sig, signature.length(), public_key_ssl); + } + + EVP_PKEY_free(public_key_ssl); + BIO_free_all(bio); +- EVP_MD_CTX_cleanup(&ctx); + + return rv == 1; + } +-- +2.23.0 + |