[rpms/openssl] rebase_40beta: more fixes from upstream CVS

[rpms/openssl] rebase_40beta: more fixes from upstream CVS

[Tomas Mraz]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : 12aab15a0382a3b52261d6f0a460d2f794b7bfa1
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2012-11-20T22:33:42+01:00
            Stats  : +296/-10 in 3 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/12aab15a0382a3b52261d6f0a460d2f794b7bfa1?branch=rebase_40beta

            Log:
            more fixes from upstream CVS

- fix DSA key pairwise check (#878597)

---
diff --git a/openssl-1.0.1c-backports2.patch b/openssl-1.0.1c-backports2.patch
index a6477e7..2e849bc 100644
--- a/openssl-1.0.1c-backports2.patch
+++ b/openssl-1.0.1c-backports2.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.0.1c/apps/cms.c.backports2 openssl-1.0.1c/apps/cms.c
 --- openssl-1.0.1c/apps/cms.c.backports2	2012-01-05 14:46:27.000000000 +0100
-+++ openssl-1.0.1c/apps/cms.c	2012-09-07 10:34:42.000000000 +0200
++++ openssl-1.0.1c/apps/cms.c	2012-11-14 20:27:50.240211707 +0100
 @@ -233,6 +233,8 @@ int MAIN(int argc, char **argv)
  		else if (!strcmp(*args,"-camellia256"))
  				cipher = EVP_camellia_256_cbc();
@@ -19,9 +19,20 @@ diff -up openssl-1.0.1c/apps/cms.c.backports2 openssl-1.0.1c/apps/cms.c
  
  		if (secret_key)
  			{
+diff -up openssl-1.0.1c/crypto/asn1/a_strex.c.backports2 openssl-1.0.1c/crypto/asn1/a_strex.c
+--- openssl-1.0.1c/crypto/asn1/a_strex.c.backports2	2011-01-03 02:30:58.000000000 +0100
++++ openssl-1.0.1c/crypto/asn1/a_strex.c	2012-11-20 22:13:05.722766980 +0100
+@@ -567,6 +567,7 @@ int ASN1_STRING_to_UTF8(unsigned char **
+ 	if(mbflag == -1) return -1;
+ 	mbflag |= MBSTRING_FLAG;
+ 	stmp.data = NULL;
++	stmp.length = 0;
+ 	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+ 	if(ret < 0) return ret;
+ 	*out = stmp.data;
 diff -up openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 openssl-1.0.1c/crypto/bn/bn_lcl.h
---- openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2	2012-09-06 17:25:22.000000000 +0200
-+++ openssl-1.0.1c/crypto/bn/bn_lcl.h	2012-09-07 10:22:43.000000000 +0200
+--- openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2	2012-11-14 20:27:49.696199811 +0100
++++ openssl-1.0.1c/crypto/bn/bn_lcl.h	2012-11-14 20:27:50.240211707 +0100
 @@ -282,16 +282,23 @@ extern "C" {
  #  endif
  # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
@@ -48,9 +59,30 @@ diff -up openssl-1.0.1c/crypto/bn/bn_lcl.h.backports2 openssl-1.0.1c/crypto/bn/b
  #  endif
  # endif		/* cpu */
  #endif		/* OPENSSL_NO_ASM */
+diff -up openssl-1.0.1c/crypto/evp/e_aes.c.backports2 openssl-1.0.1c/crypto/evp/e_aes.c
+--- openssl-1.0.1c/crypto/evp/e_aes.c.backports2	2012-11-14 20:27:50.238211664 +0100
++++ openssl-1.0.1c/crypto/evp/e_aes.c	2012-11-20 22:10:06.350891703 +0100
+@@ -968,8 +968,6 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
+ 
+ 	if (!gctx->iv_set)
+ 		return -1;
+-	if (!ctx->encrypt && gctx->taglen < 0)
+-		return -1;
+ 	if (in)
+ 		{
+ 		if (out == NULL)
+@@ -1011,6 +1009,8 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX
+ 		{
+ 		if (!ctx->encrypt)
+ 			{
++			if (gctx->taglen < 0)
++				return -1;
+ 			if (CRYPTO_gcm128_finish(&gctx->gcm,
+ 					ctx->buf, gctx->taglen) != 0)
+ 				return -1;
 diff -up openssl-1.0.1c/crypto/modes/gcm128.c.backports2 openssl-1.0.1c/crypto/modes/gcm128.c
 --- openssl-1.0.1c/crypto/modes/gcm128.c.backports2	2012-01-25 18:56:24.000000000 +0100
-+++ openssl-1.0.1c/crypto/modes/gcm128.c	2012-09-07 10:24:56.000000000 +0200
++++ openssl-1.0.1c/crypto/modes/gcm128.c	2012-11-14 20:27:50.241211729 +0100
 @@ -1398,7 +1398,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT
  	void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16])	= ctx->gmult;
  #endif
@@ -60,9 +92,57 @@ diff -up openssl-1.0.1c/crypto/modes/gcm128.c.backports2 openssl-1.0.1c/crypto/m
  		GCM_MUL(ctx,Xi);
  
  	if (is_endian.little) {
+diff -up openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl.backports2 openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl
+--- openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl.backports2	2012-11-14 20:27:50.293212866 +0100
++++ openssl-1.0.1c/crypto/sha/asm/sha1-armv4-large.pl	2012-11-20 22:20:15.015041719 +0100
+@@ -177,6 +177,7 @@ for($i=0;$i<5;$i++) {
+ $code.=<<___;
+ 	teq	$Xi,sp
+ 	bne	.L_00_15		@ [((11+4)*5+2)*3]
++	sub	sp,sp,#25*4
+ ___
+ 	&BODY_00_15(@V);	unshift(@V,pop(@V));
+ 	&BODY_16_19(@V);	unshift(@V,pop(@V));
+@@ -186,7 +187,6 @@ ___
+ $code.=<<___;
+ 
+ 	ldr	$K,.LK_20_39		@ [+15+16*4]
+-	sub	sp,sp,#25*4
+ 	cmn	sp,#0			@ [+3], clear carry to denote 20_39
+ .L_20_39_or_60_79:
+ ___
+diff -up openssl-1.0.1c/ssl/s3_srvr.c.backports2 openssl-1.0.1c/ssl/s3_srvr.c
+--- openssl-1.0.1c/ssl/s3_srvr.c.backports2	2012-04-15 19:23:41.000000000 +0200
++++ openssl-1.0.1c/ssl/s3_srvr.c	2012-11-20 22:23:21.684755182 +0100
+@@ -1181,7 +1181,7 @@ int ssl3_get_client_hello(SSL *s)
+ 			goto f_err;
+ 			}
+ 		}
+-		if (ssl_check_clienthello_tlsext(s) <= 0) {
++		if (ssl_check_clienthello_tlsext_early(s) <= 0) {
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
+ 			goto err;
+ 		}
+@@ -1403,6 +1403,16 @@ int ssl3_get_client_hello(SSL *s)
+ 	 * s->tmp.new_cipher	- the new cipher to use.
+ 	 */
+ 
++	/* Handles TLS extensions that we couldn't check earlier */
++	if (s->version >= SSL3_VERSION)
++		{
++		if (ssl_check_clienthello_tlsext_late(s) <= 0)
++			{
++			SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
++			goto err;
++			}
++		}
++
+ 	if (ret < 0) ret=1;
+ 	if (0)
+ 		{
 diff -up openssl-1.0.1c/ssl/ssl_cert.c.backports2 openssl-1.0.1c/ssl/ssl_cert.c
 --- openssl-1.0.1c/ssl/ssl_cert.c.backports2	2011-05-11 15:37:52.000000000 +0200
-+++ openssl-1.0.1c/ssl/ssl_cert.c	2012-09-07 10:33:54.000000000 +0200
++++ openssl-1.0.1c/ssl/ssl_cert.c	2012-11-14 20:27:50.241211729 +0100
 @@ -164,14 +164,14 @@ static void ssl_cert_set_default_md(CERT
  	{
  	/* Set digest values to defaults */
@@ -80,10 +160,212 @@ diff -up openssl-1.0.1c/ssl/ssl_cert.c.backports2 openssl-1.0.1c/ssl/ssl_cert.c
  #endif
  	}
  
+diff -up openssl-1.0.1c/ssl/ssl_lib.c.backports2 openssl-1.0.1c/ssl/ssl_lib.c
+--- openssl-1.0.1c/ssl/ssl_lib.c.backports2	2012-01-05 11:22:39.000000000 +0100
++++ openssl-1.0.1c/ssl/ssl_lib.c	2012-11-20 22:25:29.243509755 +0100
+@@ -2287,7 +2287,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509
+ #endif
+ 
+ /* THIS NEEDS CLEANING UP */
+-X509 *ssl_get_server_send_cert(SSL *s)
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
+ 	{
+ 	unsigned long alg_k,alg_a;
+ 	CERT *c;
+@@ -2345,9 +2345,17 @@ X509 *ssl_get_server_send_cert(SSL *s)
+ 		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
+ 		return(NULL);
+ 		}
+-	if (c->pkeys[i].x509 == NULL) return(NULL);
+ 
+-	return(c->pkeys[i].x509);
++	return c->pkeys + i;
++	}
++
++X509 *ssl_get_server_send_cert(const SSL *s)
++	{
++	CERT_PKEY *cpk;
++	cpk = ssl_get_server_send_pkey(s);
++	if (!cpk)
++		return NULL;
++	return cpk->x509;
+ 	}
+ 
+ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
+@@ -2780,7 +2788,9 @@ void ssl_clear_cipher_ctx(SSL *s)
+ /* Fix this function so that it takes an optional type parameter */
+ X509 *SSL_get_certificate(const SSL *s)
+ 	{
+-	if (s->cert != NULL)
++	if (s->server)
++		return(ssl_get_server_send_cert(s));
++	else if (s->cert != NULL)
+ 		return(s->cert->key->x509);
+ 	else
+ 		return(NULL);
+diff -up openssl-1.0.1c/ssl/ssl_locl.h.backports2 openssl-1.0.1c/ssl/ssl_locl.h
+--- openssl-1.0.1c/ssl/ssl_locl.h.backports2	2012-11-14 20:27:50.056207682 +0100
++++ openssl-1.0.1c/ssl/ssl_locl.h	2012-11-20 22:25:29.244509777 +0100
+@@ -814,7 +814,8 @@ int ssl_verify_cert_chain(SSL *s,STACK_O
+ int ssl_undefined_function(SSL *s);
+ int ssl_undefined_void_function(void);
+ int ssl_undefined_const_function(const SSL *s);
+-X509 *ssl_get_server_send_cert(SSL *);
++CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
++X509 *ssl_get_server_send_cert(const SSL *);
+ EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
+ int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
+@@ -1065,7 +1066,8 @@ int ssl_parse_clienthello_tlsext(SSL *s,
+ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+ int ssl_prepare_clienthello_tlsext(SSL *s);
+ int ssl_prepare_serverhello_tlsext(SSL *s);
+-int ssl_check_clienthello_tlsext(SSL *s);
++int ssl_check_clienthello_tlsext_early(SSL *s);
++int ssl_check_clienthello_tlsext_late(SSL *s);
+ int ssl_check_serverhello_tlsext(SSL *s);
+ 
+ #ifndef OPENSSL_NO_HEARTBEATS
 diff -up openssl-1.0.1c/ssl/t1_lib.c.backports2 openssl-1.0.1c/ssl/t1_lib.c
 --- openssl-1.0.1c/ssl/t1_lib.c.backports2	2012-03-21 22:32:57.000000000 +0100
-+++ openssl-1.0.1c/ssl/t1_lib.c	2012-09-07 10:33:54.000000000 +0200
-@@ -2414,7 +2414,7 @@ int tls1_process_sigalgs(SSL *s, const u
++++ openssl-1.0.1c/ssl/t1_lib.c	2012-11-20 22:25:29.244509777 +0100
+@@ -1763,7 +1763,7 @@ int ssl_prepare_serverhello_tlsext(SSL *
+ 	return 1;
+ 	}
+ 
+-int ssl_check_clienthello_tlsext(SSL *s)
++int ssl_check_clienthello_tlsext_early(SSL *s)
+ 	{
+ 	int ret=SSL_TLSEXT_ERR_NOACK;
+ 	int al = SSL_AD_UNRECOGNIZED_NAME;
+@@ -1782,42 +1782,12 @@ int ssl_check_clienthello_tlsext(SSL *s)
+ 	else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0) 		
+ 		ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
+ 
+-	/* If status request then ask callback what to do.
+- 	 * Note: this must be called after servername callbacks in case 
+- 	 * the certificate has changed.
+- 	 */
+-	if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
+-		{
+-		int r;
+-		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+-		switch (r)
+-			{
+-			/* We don't want to send a status request response */
+-			case SSL_TLSEXT_ERR_NOACK:
+-				s->tlsext_status_expected = 0;
+-				break;
+-			/* status request response should be sent */
+-			case SSL_TLSEXT_ERR_OK:
+-				if (s->tlsext_ocsp_resp)
+-					s->tlsext_status_expected = 1;
+-				else
+-					s->tlsext_status_expected = 0;
+-				break;
+-			/* something bad happened */
+-			case SSL_TLSEXT_ERR_ALERT_FATAL:
+-				ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+-				al = SSL_AD_INTERNAL_ERROR;
+-				goto err;
+-			}
+-		}
+-	else
+-		s->tlsext_status_expected = 0;
+-
+ #ifdef TLSEXT_TYPE_opaque_prf_input
+  	{
+ 		/* This sort of belongs into ssl_prepare_serverhello_tlsext(),
+ 		 * but we might be sending an alert in response to the client hello,
+-		 * so this has to happen here in ssl_check_clienthello_tlsext(). */
++		 * so this has to happen here in
++		 * ssl_check_clienthello_tlsext_early(). */
+ 
+ 		int r = 1;
+ 	
+@@ -1869,8 +1839,8 @@ int ssl_check_clienthello_tlsext(SSL *s)
+ 			}
+ 	}
+ 
+-#endif
+  err:
++#endif
+ 	switch (ret)
+ 		{
+ 		case SSL_TLSEXT_ERR_ALERT_FATAL:
+@@ -1888,6 +1858,71 @@ int ssl_check_clienthello_tlsext(SSL *s)
+ 		}
+ 	}
+ 
++int ssl_check_clienthello_tlsext_late(SSL *s)
++	{
++	int ret = SSL_TLSEXT_ERR_OK;
++	int al;
++
++	/* If status request then ask callback what to do.
++ 	 * Note: this must be called after servername callbacks in case 
++ 	 * the certificate has changed, and must be called after the cipher
++	 * has been chosen because this may influence which certificate is sent
++ 	 */
++	if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
++		{
++		int r;
++		CERT_PKEY *certpkey;
++		certpkey = ssl_get_server_send_pkey(s);
++		/* If no certificate can't return certificate status */
++		if (certpkey == NULL)
++			{
++			s->tlsext_status_expected = 0;
++			return 1;
++			}
++		/* Set current certificate to one we will use so
++		 * SSL_get_certificate et al can pick it up.
++		 */
++		s->cert->key = certpkey;
++		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
++		switch (r)
++			{
++			/* We don't want to send a status request response */
++			case SSL_TLSEXT_ERR_NOACK:
++				s->tlsext_status_expected = 0;
++				break;
++			/* status request response should be sent */
++			case SSL_TLSEXT_ERR_OK:
++				if (s->tlsext_ocsp_resp)
++					s->tlsext_status_expected = 1;
++				else
++					s->tlsext_status_expected = 0;
++				break;
++			/* something bad happened */
++			case SSL_TLSEXT_ERR_ALERT_FATAL:
++				ret = SSL_TLSEXT_ERR_ALERT_FATAL;
++				al = SSL_AD_INTERNAL_ERROR;
++				goto err;
++			}
++		}
++	else
++		s->tlsext_status_expected = 0;
++
++ err:
++	switch (ret)
++		{
++		case SSL_TLSEXT_ERR_ALERT_FATAL:
++			ssl3_send_alert(s,SSL3_AL_FATAL,al); 
++			return -1;
++
++		case SSL_TLSEXT_ERR_ALERT_WARNING:
++			ssl3_send_alert(s,SSL3_AL_WARNING,al);
++			return 1; 
++
++		default:
++			return 1;
++		}
++	}
++
+ int ssl_check_serverhello_tlsext(SSL *s)
+ 	{
+ 	int ret=SSL_TLSEXT_ERR_NOACK;
+@@ -2414,7 +2449,7 @@ int tls1_process_sigalgs(SSL *s, const u
  	 */
  #ifndef OPENSSL_NO_DSA
  	if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
@@ -92,7 +374,7 @@ diff -up openssl-1.0.1c/ssl/t1_lib.c.backports2 openssl-1.0.1c/ssl/t1_lib.c
  #endif
  #ifndef OPENSSL_NO_RSA
  	if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
-@@ -2425,7 +2425,7 @@ int tls1_process_sigalgs(SSL *s, const u
+@@ -2425,7 +2460,7 @@ int tls1_process_sigalgs(SSL *s, const u
  #endif
  #ifndef OPENSSL_NO_ECDSA
  	if (!c->pkeys[SSL_PKEY_ECC].digest)

diff --git a/openssl-1.0.1c-fips.patch b/openssl-1.0.1c-fips.patch
index 9d56a13..e1e6200 100644
--- a/openssl-1.0.1c-fips.patch
+++ b/openssl-1.0.1c-fips.patch
@@ -945,7 +945,7 @@ diff -up openssl-1.0.1c/crypto/dsa/dsa_key.c.fips openssl-1.0.1c/crypto/dsa/dsa_
 +	unsigned char tbs[] = "DSA Pairwise Check Data";
 +	int ret = 0;
 +
-+	if ((pk=EVP_PKEY_new()) != NULL)
++	if ((pk=EVP_PKEY_new()) == NULL)
 +		goto err;
 +
 +	EVP_PKEY_set1_DSA(pk, dsa);

diff --git a/openssl.spec b/openssl.spec
index 56df54e..530c555 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implem
 Name: openssl
 Version: 1.0.1c
 # Do not forget to bump SHLIB_VERSION on version upgrades
-Release: 8%{?dist}
+Release: 9%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -431,6 +431,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Tue Nov 20 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-9
+- more fixes from upstream CVS
+- fix DSA key pairwise check (#878597)
+
 * Thu Nov 15 2012 Tomas Mraz <tmraz@redhat.com> 1.0.1c-8
 - use 1024 bit DH parameters in s_server as 512 bit is not allowed
   in FIPS mode and it is quite weak anyway