From 1f67f5cc44f82df500065ab248ba73768f7355f0f0bd6630d03b2153406d73c9 Mon Sep 17 00:00:00 2001
From: Jason Sikes <jsikes@suse.com>
Date: Sat, 6 Feb 2021 23:06:18 +0000
Subject: [PATCH] Accepting request 869986 from
 home:jsikes:branches:security:tls

Small change to undo another small change. Sorry.

OBS-URL: https://build.opensuse.org/request/show/869986
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=84
---
 openssl-1_1.changes                   |  7 +++++
 openssl-1_1.spec                      |  1 -
 openssl-zero-pad-DHE-public-key.patch | 39 ---------------------------
 3 files changed, 7 insertions(+), 40 deletions(-)
 delete mode 100644 openssl-zero-pad-DHE-public-key.patch

diff --git a/openssl-1_1.changes b/openssl-1_1.changes
index d184400..541f288 100644
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sat Feb  6 14:44:12 UTC 2021 - Jason Sikes <jsikes@suse.com>
+
+- Removed patch because it was causing problems with other servers.
+  * openssl-zero-pad-DHE-public-key.patch
+  * bsc#1181796
+
 -------------------------------------------------------------------
 Thu Feb  4 18:23:17 UTC 2021 - Jason Sikes <jsikes@suse.com>
 
diff --git a/openssl-1_1.spec b/openssl-1_1.spec
index 602c57d..9b40f36 100644
--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@@ -91,7 +91,6 @@ Patch52:        openssl-1.1.1-system-cipherlist.patch
 Patch53:        openssl-1_1-seclevel.patch
 Patch54:        openssl-1_1-use-seclevel2-in-tests.patch
 Patch55:        openssl-1_1-disable-test_srp-sslapi.patch
-Patch56:        openssl-zero-pad-DHE-public-key.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
diff --git a/openssl-zero-pad-DHE-public-key.patch b/openssl-zero-pad-DHE-public-key.patch
deleted file mode 100644
index 1e9e9ff..0000000
--- a/openssl-zero-pad-DHE-public-key.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Index: openssl-1.1.1i/ssl/statem/statem_clnt.c
-===================================================================
---- openssl-1.1.1i.orig/ssl/statem/statem_clnt.c
-+++ openssl-1.1.1i/ssl/statem/statem_clnt.c
-@@ -3057,9 +3057,9 @@ static int tls_construct_cke_dhe(SSL *s,
- {
- #ifndef OPENSSL_NO_DH
-     DH *dh_clnt = NULL;
--    const BIGNUM *pub_key;
-     EVP_PKEY *ckey = NULL, *skey = NULL;
-     unsigned char *keybytes = NULL;
-+    int prime_len;
- 
-     skey = s->s3->peer_tmp;
-     if (skey == NULL) {
-@@ -3089,15 +3089,19 @@ static int tls_construct_cke_dhe(SSL *s,
-     }
- 
-     /* send off the data */
--    DH_get0_key(dh_clnt, &pub_key, NULL);
--    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
--                                        &keybytes)) {
-+    prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
-+    /*
-+     * For interoperability with some versions of the Microsoft TLS
-+     * stack, we need to zero pad the DHE pub key to the same length
-+     * as the prime, so use the length of the prime here.
-+     */
-+    if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
-+            || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
-                  ERR_R_INTERNAL_ERROR);
-         goto err;
-     }
- 
--    BN_bn2bin(pub_key, keybytes);
-     EVP_PKEY_free(ckey);
- 
-     return 1;