From 083820900d6a31471facdb76c6db166b4682ca7e047fd743e0c1ec97207a5c98 Mon Sep 17 00:00:00 2001
From: Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
Date: Fri, 5 Feb 2021 15:53:45 +0000
Subject: [PATCH] Accepting request 869551 from
 home:jsikes:branches:security:tls

Small fix. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/869551
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=83
---
 openssl-1_1.changes                   |  9 +++++++
 openssl-1_1.spec                      |  1 +
 openssl-zero-pad-DHE-public-key.patch | 39 +++++++++++++++++++++++++++
 3 files changed, 49 insertions(+)
 create mode 100644 openssl-zero-pad-DHE-public-key.patch

diff --git a/openssl-1_1.changes b/openssl-1_1.changes
index 5d11cad..d184400 100644
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Feb  4 18:23:17 UTC 2021 - Jason Sikes <jsikes@suse.com>
+
+- Zero pad the DHE public key in ClientKeyExchange for interoperability with
+  Windows Server 2019.
+  * openssl-zero-pad-DHE-public-key.patch
+  * bsc#1181796
+  * sourced from https://github.com/openssl/openssl/pull/12331/files
+
 -------------------------------------------------------------------
 Wed Jan 20 15:59:01 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/openssl-1_1.spec b/openssl-1_1.spec
index 9b40f36..602c57d 100644
--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@@ -91,6 +91,7 @@ Patch52:        openssl-1.1.1-system-cipherlist.patch
 Patch53:        openssl-1_1-seclevel.patch
 Patch54:        openssl-1_1-use-seclevel2-in-tests.patch
 Patch55:        openssl-1_1-disable-test_srp-sslapi.patch
+Patch56:        openssl-zero-pad-DHE-public-key.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
diff --git a/openssl-zero-pad-DHE-public-key.patch b/openssl-zero-pad-DHE-public-key.patch
new file mode 100644
index 0000000..1e9e9ff
--- /dev/null
+++ b/openssl-zero-pad-DHE-public-key.patch
@@ -0,0 +1,39 @@
+Index: openssl-1.1.1i/ssl/statem/statem_clnt.c
+===================================================================
+--- openssl-1.1.1i.orig/ssl/statem/statem_clnt.c
++++ openssl-1.1.1i/ssl/statem/statem_clnt.c
+@@ -3057,9 +3057,9 @@ static int tls_construct_cke_dhe(SSL *s,
+ {
+ #ifndef OPENSSL_NO_DH
+     DH *dh_clnt = NULL;
+-    const BIGNUM *pub_key;
+     EVP_PKEY *ckey = NULL, *skey = NULL;
+     unsigned char *keybytes = NULL;
++    int prime_len;
+ 
+     skey = s->s3->peer_tmp;
+     if (skey == NULL) {
+@@ -3089,15 +3089,19 @@ static int tls_construct_cke_dhe(SSL *s,
+     }
+ 
+     /* send off the data */
+-    DH_get0_key(dh_clnt, &pub_key, NULL);
+-    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
+-                                        &keybytes)) {
++    prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
++    /*
++     * For interoperability with some versions of the Microsoft TLS
++     * stack, we need to zero pad the DHE pub key to the same length
++     * as the prime, so use the length of the prime here.
++     */
++    if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
++            || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
+         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                  ERR_R_INTERNAL_ERROR);
+         goto err;
+     }
+ 
+-    BN_bn2bin(pub_key, keybytes);
+     EVP_PKEY_free(ckey);
+ 
+     return 1;