forked from pool/openssl-3
Pedro Monreal Gonzalez
2ae28710e3
- Update to 3.5.1:
* Fix x509 application adds trusted use instead of rejected use.
[bsc#1243564, CVE-2025-4575]
- Remove patches:
* openssl-Fix-P384-on-P8-targets.patch
* openssl-CVE-2025-4575.patch
- Rebase patches:
* openssl-Allow-disabling-of-SHA1-signatures.patch
* openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
* openssl-FIPS-NO-DES-support.patch
- Fix a bogus warning caused by -Wfree-nonheap-object
* Add patch openssl-Fix-Wfree-nonheap-object-warning.patch
OBS-URL: https://build.opensuse.org/request/show/1291089
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=148
35 lines
1.0 KiB
Diff
35 lines
1.0 KiB
Diff
Index: openssl-3.5.0/crypto/bn/bn_exp.c
|
|
===================================================================
|
|
--- openssl-3.5.0.orig/crypto/bn/bn_exp.c
|
|
+++ openssl-3.5.0/crypto/bn/bn_exp.c
|
|
@@ -166,6 +166,20 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *
|
|
return ret;
|
|
}
|
|
|
|
+/* As per limitations of C, the compiler cannot determine statically that in the
|
|
+ * case of BN_RECP_CTX_free, the BN_RECP_CTX.flag will not have a value of
|
|
+ * BN_FLG_MALLOCED, thus we hit a warning (-Wfree-nonheap-object) in
|
|
+ * BN_mod_exp_recp. Fix that by omiting the check for BN_FLG_MALLOCED.
|
|
+ */
|
|
+void BN_RECP_CTX_free_static(BN_RECP_CTX *recp)
|
|
+{
|
|
+ if (recp == NULL)
|
|
+ return;
|
|
+
|
|
+ BN_free(&recp->N);
|
|
+ BN_free(&recp->Nr);
|
|
+}
|
|
+
|
|
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
|
|
const BIGNUM *m, BN_CTX *ctx)
|
|
{
|
|
@@ -304,7 +318,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
|
|
ret = 1;
|
|
err:
|
|
BN_CTX_end(ctx);
|
|
- BN_RECP_CTX_free(&recp);
|
|
+ BN_RECP_CTX_free_static(&recp);
|
|
bn_check_top(r);
|
|
return ret;
|
|
}
|