fix segfault in openssl speed hmac in the FIPS mode

2013-09-19 15:16:50 +02:00 · 2013-09-19 15:16:50 +02:00 · 8c28623e94
commit 8c28623e94
parent d907abae39
2 changed files with 12 additions and 1 deletions
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
@ -123,6 +123,14 @@ diff -up openssl-1.0.1e/apps/speed.c.fips openssl-1.0.1e/apps/speed.c
 #endif
 #ifndef OPENSSL_NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
@@ -1564,6 +1596,7 @@ int MAIN(int argc, char **argv)
 		HMAC_CTX hctx;
 		HMAC_CTX_init(&hctx);
 +		HMAC_CTX_set_flags(&hctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
 			16,EVP_md5(), NULL);
 diff -up openssl-1.0.1e/Configure.fips openssl-1.0.1e/Configure
 --- openssl-1.0.1e/Configure.fips	2013-02-19 12:47:33.670117470 +0100
 +++ openssl-1.0.1e/Configure	2013-02-19 12:47:33.716118405 +0100
--- a/openssl.spec
+++ b/openssl.spec
@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 22%{?dist}
+Release: 23%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -473,6 +473,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
 %changelog
 * Thu Sep 19 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-23
 - fix segfault in openssl speed hmac in the FIPS mode
 * Thu Sep 12 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-22
 - document the nextprotoneg option in manual pages
  original patch by Hubert Kario