Pedro Monreal Gonzalez
30c6de24df
* Miscellaneous minor bug fixes.
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
- Rebase patches:
* openssl-FIPS-140-3-keychecks.patch
* openssl-FIPS-NO-DES-support.patch
* openssl-FIPS-enforce-EMS-support.patch
* openssl-disable-fipsinstall.patch
- Move ssl configuration files to the libopenssl package [bsc#1247463]
- Don't install unneeded NOTES
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=153
35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
Index: openssl-3.5.0/crypto/bn/bn_exp.c
|
|
===================================================================
|
|
--- openssl-3.5.0.orig/crypto/bn/bn_exp.c
|
|
+++ openssl-3.5.0/crypto/bn/bn_exp.c
|
|
@@ -166,6 +166,20 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *
|
|
return ret;
|
|
}
|
|
|
|
+/* As per limitations of C, the compiler cannot determine statically that in the
|
|
+ * case of BN_RECP_CTX_free, the BN_RECP_CTX.flag will not have a value of
|
|
+ * BN_FLG_MALLOCED, thus we hit a warning (-Wfree-nonheap-object) in
|
|
+ * BN_mod_exp_recp. Fix that by omiting the check for BN_FLG_MALLOCED.
|
|
+ */
|
|
+void BN_RECP_CTX_free_static(BN_RECP_CTX *recp)
|
|
+{
|
|
+ if (recp == NULL)
|
|
+ return;
|
|
+
|
|
+ BN_free(&recp->N);
|
|
+ BN_free(&recp->Nr);
|
|
+}
|
|
+
|
|
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
const BIGNUM *m, BN_CTX *ctx)
|
|
{
|
|
@@ -304,7 +318,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
|
|
ret = 1;
|
|
err:
|
|
BN_CTX_end(ctx);
|
|
- BN_RECP_CTX_free(&recp);
|
|
+ BN_RECP_CTX_free_static(&recp);
|
|
bn_check_top(r);
|
|
return ret;
|
|
}
|