From c7fc8d6daa1128187f9925215fc03c9c0700a2c9 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 17 Oct 2016 13:06:36 +0200 Subject: [PATCH] do not break contract on return value when using dsa_builtin_paramgen2() --- openssl-1.1.0-fips.patch | 20 +++++++++++++++++++- openssl.spec | 5 ++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index 215ef87..fac9fbf 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -388,7 +388,16 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, const unsigned char *seed_in, -@@ -315,6 +344,20 @@ int dsa_builtin_paramgen2(DSA *ret, size +@@ -301,7 +330,7 @@ int dsa_builtin_paramgen2(DSA *ret, size + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb) + { +- int ok = -1; ++ int ok = 0; + unsigned char *seed = NULL, *seed_tmp = NULL; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdsize; +@@ -318,6 +347,20 @@ int dsa_builtin_paramgen2(DSA *ret, size if (mctx == NULL) goto err; @@ -409,6 +418,15 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge if (evpmd == NULL) { if (N == 160) evpmd = EVP_sha1(); +@@ -579,7 +622,7 @@ int dsa_builtin_paramgen2(DSA *ret, size + BN_free(ret->g); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { +- ok = -1; ++ ok = 0; + goto err; + } + if (counter_ret != NULL) diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_key.c --- openssl-1.1.0/crypto/dsa/dsa_key.c.fips 2016-08-25 17:29:20.000000000 +0200 +++ openssl-1.1.0/crypto/dsa/dsa_key.c 2016-09-08 11:37:38.735459940 +0200 diff --git a/openssl.spec b/openssl.spec index e397c23..48fc0d3 100644 --- a/openssl.spec +++ b/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.0b -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -425,6 +425,9 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Wed Oct 12 2016 Tomáš Mráz 1.1.0b-3 +- do not break contract on return value when using dsa_builtin_paramgen2() + * Wed Oct 12 2016 Tomáš Mráz 1.1.0b-2 - fix afalg failure on big endian