public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Tomas Mraz <tmraz@fedoraproject.org>
To: git-commits@fedoraproject.org
Subject: [rpms/openssl] rebase_40beta: backports from upstream CVS
Date: Tue, 09 Jun 2026 12:42:36 GMT [thread overview]
Message-ID: <178100895601.1.5561114600400044416.rpms-openssl-d7587a26b69b@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : d7587a26b69bb60f4fd8737797d1a90891026650
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2012-04-05T19:56:49+02:00
Stats : +236/-2 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/d7587a26b69bb60f4fd8737797d1a90891026650?branch=rebase_40beta
Log:
backports from upstream CVS
fix segfault when /dev/urandom is not available (#809586)
---
diff --git a/openssl-1.0.1-backport.patch b/openssl-1.0.1-backport.patch
new file mode 100644
index 0000000..baaf40f
--- /dev/null
+++ b/openssl-1.0.1-backport.patch
@@ -0,0 +1,226 @@
+diff -up openssl-1.0.1/apps/s_client.c.backport openssl-1.0.1/apps/s_client.c
+--- openssl-1.0.1/apps/s_client.c.backport 2012-03-14 21:15:04.736897459 +0100
++++ openssl-1.0.1/apps/s_client.c 2012-04-05 19:48:40.469998965 +0200
+@@ -622,13 +622,7 @@ int MAIN(int argc, char **argv)
+ SRP_ARG srp_arg = {NULL,NULL,0,0,0,1024};
+ #endif
+
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_client_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+- meth=SSLv3_client_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+- meth=SSLv2_client_method();
+-#endif
+
+ apps_startup();
+ c_Pause=0;
+diff -up openssl-1.0.1/apps/s_server.c.backport openssl-1.0.1/apps/s_server.c
+--- openssl-1.0.1/apps/s_server.c.backport 2012-03-14 21:15:04.690896516 +0100
++++ openssl-1.0.1/apps/s_server.c 2012-04-05 19:48:40.474999072 +0200
+@@ -969,17 +969,7 @@ int MAIN(int argc, char *argv[])
+ char *srpuserseed = NULL;
+ char *srp_verifier_file = NULL;
+ #endif
+-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+ meth=SSLv23_server_method();
+-#elif !defined(OPENSSL_NO_SSL3)
+- meth=SSLv3_server_method();
+-#elif !defined(OPENSSL_NO_SSL2)
+- meth=SSLv2_server_method();
+-#elif !defined(OPENSSL_NO_TLS1)
+- meth=TLSv1_server_method();
+-#else
+- /* #error no SSL version enabled */
+-#endif
+
+ local_argc=argc;
+ local_argv=argv;
+diff -up openssl-1.0.1/crypto/aes/asm/aes-armv4.pl.backport openssl-1.0.1/crypto/aes/asm/aes-armv4.pl
+--- openssl-1.0.1/crypto/aes/asm/aes-armv4.pl.backport 2012-03-14 21:15:04.777898297 +0100
++++ openssl-1.0.1/crypto/aes/asm/aes-armv4.pl 2012-04-05 19:51:35.555528155 +0200
+@@ -408,6 +408,7 @@ _armv4_AES_encrypt:
+ .type private_AES_set_encrypt_key,%function
+ .align 5
+ private_AES_set_encrypt_key:
++_armv4_AES_set_encrypt_key:
+ sub r3,pc,#8 @ AES_set_encrypt_key
+ teq r0,#0
+ moveq r0,#-1
+@@ -425,7 +426,7 @@ private_AES_set_encrypt_key:
+ bne .Labrt
+
+ .Lok: stmdb sp!,{r4-r12,lr}
+- sub $tbl,r3,#private_AES_set_encrypt_key-AES_Te-1024 @ Te4
++ sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
+
+ mov $rounds,r0 @ inp
+ mov lr,r1 @ bits
+@@ -685,7 +686,7 @@ private_AES_set_encrypt_key:
+ .align 5
+ private_AES_set_decrypt_key:
+ str lr,[sp,#-4]! @ push lr
+- bl private_AES_set_encrypt_key
++ bl _armv4_AES_set_encrypt_key
+ teq r0,#0
+ ldrne lr,[sp],#4 @ pop lr
+ bne .Labrt
+diff -up openssl-1.0.1/crypto/aes/asm/aes-s390x.pl.backport openssl-1.0.1/crypto/aes/asm/aes-s390x.pl
+--- openssl-1.0.1/crypto/aes/asm/aes-s390x.pl.backport 2012-03-14 21:15:04.782898400 +0100
++++ openssl-1.0.1/crypto/aes/asm/aes-s390x.pl 2012-04-05 19:50:41.290593267 +0200
+@@ -783,6 +783,7 @@ $code.=<<___;
+ .type private_AES_set_encrypt_key,\@function
+ .align 16
+ private_AES_set_encrypt_key:
++_s390x_AES_set_encrypt_key:
+ lghi $t0,0
+ cl${g}r $inp,$t0
+ je .Lminus1
+@@ -1068,7 +1069,7 @@ $code.=<<___;
+ private_AES_set_decrypt_key:
+ st${g} $key,4*$SIZE_T($sp) # I rely on AES_set_encrypt_key to
+ st${g} $ra,14*$SIZE_T($sp) # save non-volatile registers!
+- bras $ra,AES_set_encrypt_key
++ bras $ra,_s390x_AES_set_encrypt_key
+ l${g} $key,4*$SIZE_T($sp)
+ l${g} $ra,14*$SIZE_T($sp)
+ ltgr %r2,%r2
+diff -up openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl.backport openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl
+--- openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl.backport 2012-03-14 21:15:04.777898297 +0100
++++ openssl-1.0.1/crypto/aes/asm/vpaes-x86_64.pl 2012-04-05 19:48:22.036603157 +0200
+@@ -263,7 +263,7 @@ _vpaes_decrypt_core:
+ pshufb %xmm2, %xmm4 # 4 = sbou
+ pxor %xmm0, %xmm4 # 4 = sb1u + k
+ movdqa 0x70(%r10), %xmm0 # 0 : sbot
+- movdqa .Lk_sr-.Lk_dsbd(%r11), %xmm2
++ movdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160
+ pshufb %xmm3, %xmm0 # 0 = sb1t
+ pxor %xmm4, %xmm0 # 0 = A
+ pshufb %xmm2, %xmm0
+@@ -869,6 +869,8 @@ ${PREFIX}_cbc_encrypt:
+ ___
+ ($len,$key)=($key,$len);
+ $code.=<<___;
++ sub \$16,$len
++ jc .Lcbc_abort
+ ___
+ $code.=<<___ if ($win64);
+ lea -0xb8(%rsp),%rsp
+@@ -887,7 +889,6 @@ ___
+ $code.=<<___;
+ movdqu ($ivp),%xmm6 # load IV
+ sub $inp,$out
+- sub \$16,$len
+ call _vpaes_preheat
+ cmp \$0,${enc}d
+ je .Lcbc_dec_loop
+@@ -932,6 +933,7 @@ $code.=<<___ if ($win64);
+ .Lcbc_epilogue:
+ ___
+ $code.=<<___;
++.Lcbc_abort:
+ ret
+ .size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt
+ ___
+diff -up openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl.backport openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl
+--- openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl.backport 2012-03-14 21:15:04.775898257 +0100
++++ openssl-1.0.1/crypto/aes/asm/vpaes-x86.pl 2012-04-05 19:48:22.036603157 +0200
+@@ -843,6 +843,8 @@ $k_dsbo=0x2c0; # decryption sbox final
+ &mov ($out,&wparam(1)); # out
+ &mov ($round,&wparam(2)); # len
+ &mov ($key,&wparam(3)); # key
++ &sub ($round,16);
++ &jc (&label("cbc_abort"));
+ &lea ($base,&DWP(-56,"esp"));
+ &mov ($const,&wparam(4)); # ivp
+ &and ($base,-16);
+@@ -853,7 +855,6 @@ $k_dsbo=0x2c0; # decryption sbox final
+ &mov (&DWP(48,"esp"),$base);
+
+ &mov (&DWP(0,"esp"),$out); # save out
+- &sub ($round,16);
+ &mov (&DWP(4,"esp"),$key) # save key
+ &mov (&DWP(8,"esp"),$const); # save ivp
+ &mov ($out,$round); # $out works as $len
+@@ -896,6 +897,7 @@ $k_dsbo=0x2c0; # decryption sbox final
+ &mov ($base,&DWP(8,"esp")); # restore ivp
+ &mov ("esp",&DWP(48,"esp"));
+ &movdqu (&QWP(0,$base),"xmm1"); # write IV
++&set_label("cbc_abort");
+ &function_end("${PREFIX}_cbc_encrypt");
+
+ &asm_finish();
+diff -up openssl-1.0.1/crypto/evp/p5_crpt.c.backport openssl-1.0.1/crypto/evp/p5_crpt.c
+--- openssl-1.0.1/crypto/evp/p5_crpt.c.backport 2011-06-03 22:52:57.000000000 +0200
++++ openssl-1.0.1/crypto/evp/p5_crpt.c 2012-04-05 19:49:01.512450795 +0200
+@@ -138,5 +138,6 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *c
+ OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+ rv = 1;
+ err:
++ EVP_MD_CTX_cleanup(&ctx);
+ return rv;
+ }
+diff -up openssl-1.0.1/crypto/pkcs7/pk7_doit.c.backport openssl-1.0.1/crypto/pkcs7/pk7_doit.c
+--- openssl-1.0.1/crypto/pkcs7/pk7_doit.c.backport 2012-03-12 17:27:50.000000000 +0100
++++ openssl-1.0.1/crypto/pkcs7/pk7_doit.c 2012-04-05 19:49:40.591289911 +0200
+@@ -430,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ STACK_OF(X509_ALGOR) *md_sk=NULL;
+ STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+ PKCS7_RECIP_INFO *ri=NULL;
++ unsigned char *ek = NULL, *tkey = NULL;
++ int eklen = 0, tkeylen = 0;
+
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+@@ -507,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ int max;
+ X509_OBJECT ret;
+ #endif
+- unsigned char *ek = NULL, *tkey = NULL;
+- int eklen, tkeylen;
+
+ if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+ {
+@@ -609,11 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ {
+ OPENSSL_cleanse(ek,eklen);
+ OPENSSL_free(ek);
++ ek = NULL;
+ }
+ if (tkey)
+ {
+ OPENSSL_cleanse(tkey,tkeylen);
+ OPENSSL_free(tkey);
++ tkey = NULL;
+ }
+
+ if (out == NULL)
+@@ -656,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKE
+ if (0)
+ {
+ err:
++ if (ek)
++ {
++ OPENSSL_cleanse(ek,eklen);
++ OPENSSL_free(ek);
++ }
++ if (tkey)
++ {
++ OPENSSL_cleanse(tkey,tkeylen);
++ OPENSSL_free(tkey);
++ }
+ if (out != NULL) BIO_free_all(out);
+ if (btmp != NULL) BIO_free_all(btmp);
+ if (etmp != NULL) BIO_free_all(etmp);
+diff -up openssl-1.0.1/ssl/d1_srvr.c.backport openssl-1.0.1/ssl/d1_srvr.c
+--- openssl-1.0.1/ssl/d1_srvr.c.backport 2012-03-06 14:24:16.000000000 +0100
++++ openssl-1.0.1/ssl/d1_srvr.c 2012-04-05 19:47:36.812632091 +0200
+@@ -920,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
+ p=s->s3->server_random;
+ Time=(unsigned long)time(NULL); /* Time */
+ l2n(Time,p);
+- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
++ RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
+ /* Do the message type and length last */
+ d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
+
diff --git a/openssl-1.0.1-beta3-fips.patch b/openssl-1.0.1-beta3-fips.patch
index 5308c04..f2bb340 100644
--- a/openssl-1.0.1-beta3-fips.patch
+++ b/openssl-1.0.1-beta3-fips.patch
@@ -11341,7 +11341,7 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_hmac.c.fips openssl-1.0.1-bet
diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c
--- openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips 2012-02-29 10:33:02.794294898 +0100
+++ openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c 2012-02-29 10:33:02.794294898 +0100
-@@ -0,0 +1,576 @@
+@@ -0,0 +1,578 @@
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
@@ -11501,6 +11501,8 @@ diff -up openssl-1.0.1-beta3/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.1-beta
+ return dctx->get_entropy(dctx, pout, entropy, min_len, max_len);
+ rv = dctx->get_entropy(dctx, &tout, entropy + bl,
+ min_len + bl, max_len + bl);
++ if (tout == NULL)
++ return 0;
+ *pout = tout + bl;
+ if (rv < (min_len + bl) || (rv % bl))
+ return 0;
diff --git a/openssl.spec b/openssl.spec
index e1f17d5..67d5f7a 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -64,6 +64,7 @@ Patch63: openssl-1.0.0d-xmpp-starttls.patch
Patch65: openssl-1.0.0e-chil-fixes.patch
# Backported fixes including security fixes
Patch81: openssl-1.0.1-beta2-padlock64.patch
+Patch82: openssl-1.0.1-backport.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -161,6 +162,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch65 -p1 -b .chil
%patch81 -p1 -b .padlock64
+%patch82 -p1 -b .backport
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@@ -415,6 +417,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Apr 5 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-2
+- backports from upstream CVS
+- fix segfault when /dev/urandom is not available (#809586)
+
* Wed Mar 14 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1-1
- new upstream release
reply other threads:[~2026-06-09 12:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178100895601.1.5561114600400044416.rpms-openssl-d7587a26b69b@fedoraproject.org \
--to=tmraz@fedoraproject.org \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox