rpms/openssl
6
1
Fork 1
Code Issues Pull Requests Releases Activity

- no pairwise key tests in non-fips mode (#479817)

Browse Source
This commit is contained in:
Tomáš Mráz 2009-01-17 19:31:29 +00:00
parent ebd2901e1d
commit 105eb2ce8f
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
openssl-0.9.8j-fips-no-pairwise.patch Normal file
View File

@ -0,0 +1,24 @@
diff -up openssl-0.9.8j/fips/rsa/fips_rsa_gen.c.no-pairwise openssl-0.9.8j/fips/rsa/fips_rsa_gen.c
--- openssl-0.9.8j/fips/rsa/fips_rsa_gen.c.no-pairwise 2009-01-17 20:27:37.000000000 +0100
+++ openssl-0.9.8j/fips/rsa/fips_rsa_gen.c 2009-01-17 20:27:28.000000000 +0100
@@ -288,7 +288,7 @@ static int rsa_builtin_keygen(RSA *rsa,
if (fips_rsa_pairwise_fail)
BN_add_word(rsa->n, 1);
- if(!fips_check_rsa(rsa))
+ if(FIPS_mode() && !fips_check_rsa(rsa))
goto err;
ok=1;
diff -up openssl-0.9.8j/fips/dsa/fips_dsa_key.c.no-pairwise openssl-0.9.8j/fips/dsa/fips_dsa_key.c
--- openssl-0.9.8j/fips/dsa/fips_dsa_key.c.no-pairwise 2008-09-16 12:12:15.000000000 +0200
+++ openssl-0.9.8j/fips/dsa/fips_dsa_key.c 2009-01-17 20:26:20.000000000 +0100
@@ -154,7 +154,7 @@ static int dsa_builtin_keygen(DSA *dsa)
dsa->pub_key=pub_key;
if (fips_dsa_pairwise_fail)
BN_add_word(dsa->pub_key, 1);
- if(!fips_check_dsa(dsa))
+ if(FIPS_mode() && !fips_check_dsa(dsa))
goto err;
ok=1;

7
openssl.spec
View File

@ -23,7 +23,7 @@
Summary: A general purpose cryptography library with TLS implementation Summary: A general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 0.9.8j Version: 0.9.8j
Release: 3%{?dist} Release: 4%{?dist}
# We remove certain patented algorithms from the openssl source tarball # We remove certain patented algorithms from the openssl source tarball
# with the hobble-openssl script which is included below. # with the hobble-openssl script which is included below.
Source: openssl-%{version}-usa.tar.bz2 Source: openssl-%{version}-usa.tar.bz2
@ -63,6 +63,7 @@ Patch45: openssl-0.9.8j-env-nozlib.patch
Patch46: openssl-0.9.8j-eap-fast.patch Patch46: openssl-0.9.8j-eap-fast.patch
Patch47: openssl-0.9.8j-readme-warning.patch Patch47: openssl-0.9.8j-readme-warning.patch
Patch48: openssl-0.9.8j-bad-mime.patch Patch48: openssl-0.9.8j-bad-mime.patch
Patch49: openssl-0.9.8j-fips-no-pairwise.patch
# Backported fixes including security fixes # Backported fixes including security fixes
License: OpenSSL License: OpenSSL
@ -146,6 +147,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch46 -p1 -b .eap-fast %patch46 -p1 -b .eap-fast
%patch47 -p1 -b .warning %patch47 -p1 -b .warning
%patch48 -p1 -b .bad-mime %patch48 -p1 -b .bad-mime
%patch49 -p1 -b .no-pairwise
# Modify the various perl scripts to reference perl in the right location. # Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}` perl util/perlpath.pl `dirname %{__perl}`
@ -412,6 +414,9 @@ fi
/sbin/ldconfig -X /sbin/ldconfig -X
%changelog %changelog
* Sat Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-4
- no pairwise key tests in non-fips mode (#479817)
* Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-3 * Fri Jan 16 2009 Tomas Mraz <tmraz@redhat.com> 0.9.8j-3
- even more robust test for the temporary symlinks - even more robust test for the temporary symlinks