rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

do not break contract on return value when using dsa_builtin_paramgen2()

Browse Source
This commit is contained in:
Tomas Mraz 2016-10-17 13:06:36 +02:00
parent d2220322f3
commit c7fc8d6daa
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
openssl-1.1.0-fips.patch
View File

@ -388,7 +388,16 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
const EVP_MD *evpmd, const unsigned char *seed_in, const EVP_MD *evpmd, const unsigned char *seed_in,
@@ -315,6 +344,20 @@ int dsa_builtin_paramgen2(DSA *ret, size @@ -301,7 +330,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
int *counter_ret, unsigned long *h_ret,
BN_GENCB *cb)
{
- int ok = -1;
+ int ok = 0;
unsigned char *seed = NULL, *seed_tmp = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
int mdsize;
@@ -318,6 +347,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
if (mctx == NULL) if (mctx == NULL)
goto err; goto err;
@ -409,6 +418,15 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
if (evpmd == NULL) { if (evpmd == NULL) {
if (N == 160) if (N == 160)
evpmd = EVP_sha1(); evpmd = EVP_sha1();
@@ -579,7 +622,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
BN_free(ret->g);
ret->g = BN_dup(g);
if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
- ok = -1;
+ ok = 0;
goto err;
}
if (counter_ret != NULL)
diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_key.c diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_key.c
--- openssl-1.1.0/crypto/dsa/dsa_key.c.fips 2016-08-25 17:29:20.000000000 +0200 --- openssl-1.1.0/crypto/dsa/dsa_key.c.fips 2016-08-25 17:29:20.000000000 +0200
+++ openssl-1.1.0/crypto/dsa/dsa_key.c 2016-09-08 11:37:38.735459940 +0200 +++ openssl-1.1.0/crypto/dsa/dsa_key.c 2016-09-08 11:37:38.735459940 +0200

5
openssl.spec
View File

@ -22,7 +22,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.1.0b Version: 1.1.0b
Release: 2%{?dist} Release: 3%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -425,6 +425,9 @@ export LD_LIBRARY_PATH
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-3
- do not break contract on return value when using dsa_builtin_paramgen2()
* Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-2 * Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-2
- fix afalg failure on big endian - fix afalg failure on big endian