OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=12

2007-11-05 22:50:53 +00:00 · 2007-11-05 22:50:53 +00:00 · a8f402bd34
commit a8f402bd34
parent d737dbc710
3 changed files with 74 additions and 1 deletions
--- a/openssl-0.9.8g-fix_dh_for_certain_moduli.patch
+++ b/openssl-0.9.8g-fix_dh_for_certain_moduli.patch
@ -0,0 +1,64 @@
+--- a/crypto/bn/bn_mul.c	2007/07/08 18:53:03	1.37
+++ b/crypto/bn/bn_mul.c	2007/11/03 20:09:04	1.38
+@@ -389,6 +389,7 @@
+  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+  * a[1]*b[1]
+  */
+/* dnX may not be positive, but n2/2+dnX has to be */
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+ 	int dna, int dnb, BN_ULONG *t)
+ 	{
+@@ -398,7 +399,7 @@
+ 	BN_ULONG ln,lo,*p;
+ 
+ # ifdef BN_COUNT
+-	fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
+	fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+ # endif
+ # ifdef BN_MUL_COMBA
+ #  if 0
+@@ -545,6 +546,7 @@
+ 
+ /* n+tn is the word length
+  * t needs to be n*4 is size, as does r */
+/* tnX may not be negative but less than n */
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+ 	     int tna, int tnb, BN_ULONG *t)
+ 	{
+@@ -553,8 +555,8 @@
+ 	BN_ULONG ln,lo,*p;
+ 
+ # ifdef BN_COUNT
+-	fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
+-		tna, n, tnb, n);
+	fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+		n, tna, n, tnb);
+ # endif
+ 	if (n < 8)
+ 		{
+@@ -655,16 +657,19 @@
+ 				for (;;)
+ 					{
+ 					i/=2;
+-					if (i <= tna && tna == tnb)
+					/* these simplified conditions work
+					 * exclusively because difference
+					 * between tna and tnb is 1 or 0 */
+					if (i < tna || i < tnb)
+ 						{
+-						bn_mul_recursive(&(r[n2]),
+						bn_mul_part_recursive(&(r[n2]),
+ 							&(a[n]),&(b[n]),
+ 							i,tna-i,tnb-i,p);
+ 						break;
+ 						}
+-					else if (i < tna || i < tnb)
+					else if (i == tna || i == tnb)
+ 						{
+-						bn_mul_part_recursive(&(r[n2]),
+						bn_mul_recursive(&(r[n2]),
+ 							&(a[n]),&(b[n]),
+ 							i,tna-i,tnb-i,p);
+ 						break;
+
+
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Nov  5 14:27:06 CET 2007 - mkoenig@suse.de
+
+- fix Diffie-Hellman failure with certain prime lengths 
+
 -------------------------------------------------------------------
 Mon Oct 22 15:00:21 CEST 2007 - mkoenig@suse.de

--- a/openssl.spec
+++ b/openssl.spec
@ -19,7 +19,7 @@ Group:          Productivity/Networking/Security
 Provides:       ssl
 AutoReqProv:    on
 Version:        0.9.8g
-Release:        1
+Release:        4
 Summary:        Secure Sockets and Transport Layer Security
 Url:            http://www.openssl.org/
 Source:         http://www.%{name}.org/source/%{name}-%{version}.tar.bz2
@ -36,6 +36,7 @@ Patch5:         openssl-0.9.6g-alpha.diff
 #Patch10:      openssl-0.9.7d-ICA_engine-jun142004.patch.bz2
 Patch6:         openssl-0.9.8a.ca-app-segfault.bug128655.dif
 Patch7:         bswap.diff
+Patch8:         openssl-0.9.8g-fix_dh_for_certain_moduli.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -191,6 +192,7 @@ Authors:
 #%patch10 -p1
 %patch6 -p1
 %patch7
+%patch8 -p1
 cp -p %{S:10} .
 cp -p %{S:20} certs/
 cp -p %{S:21} certs/
@ -405,6 +407,8 @@ if ! test -f /.buildenv; then rm -rf $RPM_BUILD_ROOT; fi
 %defattr(-, root, root)
 %{ssletcdir}/certs
 %changelog
+* Mon Nov 05 2007 - mkoenig@suse.de
+- fix Diffie-Hellman failure with certain prime lengths
 * Mon Oct 22 2007 - mkoenig@suse.de
 - update to version 0.9.8g:
  * fix some bugs introduced with 0.9.8f