Accepting request 869986 from home:jsikes:branches:security:tls
Small change to undo another small change. Sorry. OBS-URL: https://build.opensuse.org/request/show/869986 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=84
This commit is contained in:
parent
083820900d
commit
1f67f5cc44
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Feb 6 14:44:12 UTC 2021 - Jason Sikes <jsikes@suse.com>
|
||||
|
||||
- Removed patch because it was causing problems with other servers.
|
||||
* openssl-zero-pad-DHE-public-key.patch
|
||||
* bsc#1181796
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 4 18:23:17 UTC 2021 - Jason Sikes <jsikes@suse.com>
|
||||
|
||||
|
@ -91,7 +91,6 @@ Patch52: openssl-1.1.1-system-cipherlist.patch
|
||||
Patch53: openssl-1_1-seclevel.patch
|
||||
Patch54: openssl-1_1-use-seclevel2-in-tests.patch
|
||||
Patch55: openssl-1_1-disable-test_srp-sslapi.patch
|
||||
Patch56: openssl-zero-pad-DHE-public-key.patch
|
||||
BuildRequires: pkgconfig
|
||||
Conflicts: ssl
|
||||
Provides: ssl
|
||||
|
@ -1,39 +0,0 @@
|
||||
Index: openssl-1.1.1i/ssl/statem/statem_clnt.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1i.orig/ssl/statem/statem_clnt.c
|
||||
+++ openssl-1.1.1i/ssl/statem/statem_clnt.c
|
||||
@@ -3057,9 +3057,9 @@ static int tls_construct_cke_dhe(SSL *s,
|
||||
{
|
||||
#ifndef OPENSSL_NO_DH
|
||||
DH *dh_clnt = NULL;
|
||||
- const BIGNUM *pub_key;
|
||||
EVP_PKEY *ckey = NULL, *skey = NULL;
|
||||
unsigned char *keybytes = NULL;
|
||||
+ int prime_len;
|
||||
|
||||
skey = s->s3->peer_tmp;
|
||||
if (skey == NULL) {
|
||||
@@ -3089,15 +3089,19 @@ static int tls_construct_cke_dhe(SSL *s,
|
||||
}
|
||||
|
||||
/* send off the data */
|
||||
- DH_get0_key(dh_clnt, &pub_key, NULL);
|
||||
- if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
|
||||
- &keybytes)) {
|
||||
+ prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
|
||||
+ /*
|
||||
+ * For interoperability with some versions of the Microsoft TLS
|
||||
+ * stack, we need to zero pad the DHE pub key to the same length
|
||||
+ * as the prime, so use the length of the prime here.
|
||||
+ */
|
||||
+ if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
|
||||
+ || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
- BN_bn2bin(pub_key, keybytes);
|
||||
EVP_PKEY_free(ckey);
|
||||
|
||||
return 1;
|
Loading…
Reference in New Issue
Block a user