From a8f402bd34dee3c22ce893c7d7a9cc005289ccaffe75d45103c547d07ba0f21b Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 5 Nov 2007 22:50:53 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=12 --- ...ssl-0.9.8g-fix_dh_for_certain_moduli.patch | 64 +++++++++++++++++++ openssl.changes | 5 ++ openssl.spec | 6 +- 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 openssl-0.9.8g-fix_dh_for_certain_moduli.patch diff --git a/openssl-0.9.8g-fix_dh_for_certain_moduli.patch b/openssl-0.9.8g-fix_dh_for_certain_moduli.patch new file mode 100644 index 0000000..fab4184 --- /dev/null +++ b/openssl-0.9.8g-fix_dh_for_certain_moduli.patch @@ -0,0 +1,64 @@ +--- a/crypto/bn/bn_mul.c 2007/07/08 18:53:03 1.37 ++++ b/crypto/bn/bn_mul.c 2007/11/03 20:09:04 1.38 +@@ -389,6 +389,7 @@ + * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) + * a[1]*b[1] + */ ++/* dnX may not be positive, but n2/2+dnX has to be */ + void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, + int dna, int dnb, BN_ULONG *t) + { +@@ -398,7 +399,7 @@ + BN_ULONG ln,lo,*p; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); ++ fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); + # endif + # ifdef BN_MUL_COMBA + # if 0 +@@ -545,6 +546,7 @@ + + /* n+tn is the word length + * t needs to be n*4 is size, as does r */ ++/* tnX may not be negative but less than n */ + void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, + int tna, int tnb, BN_ULONG *t) + { +@@ -553,8 +555,8 @@ + BN_ULONG ln,lo,*p; + + # ifdef BN_COUNT +- fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", +- tna, n, tnb, n); ++ fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", ++ n, tna, n, tnb); + # endif + if (n < 8) + { +@@ -655,16 +657,19 @@ + for (;;) + { + i/=2; +- if (i <= tna && tna == tnb) ++ /* these simplified conditions work ++ * exclusively because difference ++ * between tna and tnb is 1 or 0 */ ++ if (i < tna || i < tnb) + { +- bn_mul_recursive(&(r[n2]), ++ bn_mul_part_recursive(&(r[n2]), + &(a[n]),&(b[n]), + i,tna-i,tnb-i,p); + break; + } +- else if (i < tna || i < tnb) ++ else if (i == tna || i == tnb) + { +- bn_mul_part_recursive(&(r[n2]), ++ bn_mul_recursive(&(r[n2]), + &(a[n]),&(b[n]), + i,tna-i,tnb-i,p); + break; + + diff --git a/openssl.changes b/openssl.changes index c179b1c..10cf192 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Nov 5 14:27:06 CET 2007 - mkoenig@suse.de + +- fix Diffie-Hellman failure with certain prime lengths + ------------------------------------------------------------------- Mon Oct 22 15:00:21 CEST 2007 - mkoenig@suse.de diff --git a/openssl.spec b/openssl.spec index 56c5542..5ba6322 100644 --- a/openssl.spec +++ b/openssl.spec @@ -19,7 +19,7 @@ Group: Productivity/Networking/Security Provides: ssl AutoReqProv: on Version: 0.9.8g -Release: 1 +Release: 4 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -36,6 +36,7 @@ Patch5: openssl-0.9.6g-alpha.diff #Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2 Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif Patch7: bswap.diff +Patch8: openssl-0.9.8g-fix_dh_for_certain_moduli.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -191,6 +192,7 @@ Authors: #%patch10 -p1 %patch6 -p1 %patch7 +%patch8 -p1 cp -p %{S:10} . cp -p %{S:20} certs/ cp -p %{S:21} certs/ @@ -405,6 +407,8 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi %defattr(-, root, root) %{ssletcdir}/certs %changelog +* Mon Nov 05 2007 - mkoenig@suse.de +- fix Diffie-Hellman failure with certain prime lengths * Mon Oct 22 2007 - mkoenig@suse.de - update to version 0.9.8g: * fix some bugs introduced with 0.9.8f