[rpms/openssl] rebase_40beta: fix CVE-2014-0224 fix that broke EAP-FAST session resumption support

[Tomas Mraz <tmraz@fedoraproject.org>]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : a98d99a5032dced33ff8de82268ddcad0b9e485d
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2014-06-10T16:38:56+02:00
            Stats  : +30/-11 in 3 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/a98d99a5032dced33ff8de82268ddcad0b9e485d?branch=rebase_40beta

            Log:
            fix CVE-2014-0224 fix that broke EAP-FAST session resumption support

- make FIPS mode keygen bit length restriction enforced only when
  OPENSSL_ENFORCE_MODULUS_BITS is set

---
diff --git a/openssl-1.0.1g-new-fips-reqs.patch b/openssl-1.0.1g-new-fips-reqs.patch
index 9f2fe9b..335cf43 100644
--- a/openssl-1.0.1g-new-fips-reqs.patch
+++ b/openssl-1.0.1g-new-fips-reqs.patch
@@ -80,11 +80,12 @@ diff -up openssl-1.0.1g/crypto/dh/dh_check.c.fips-reqs openssl-1.0.1g/crypto/dh/
 diff -up openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs openssl-1.0.1g/crypto/dsa/dsa_gen.c
 --- openssl-1.0.1g/crypto/dsa/dsa_gen.c.fips-reqs	2014-05-06 16:22:21.254536168 +0200
 +++ openssl-1.0.1g/crypto/dsa/dsa_gen.c	2014-05-06 16:22:21.432540283 +0200
-@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
+@@ -159,7 +159,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
  	    }
  
  	if (FIPS_module_mode() &&
 -	    (bits != 1024 || qbits != 160) &&
++	    (getenv("OPENSSL_ENFORCE_MODULUS_BITS") || bits != 1024 || qbits != 160) &&
  	    (bits != 2048 || qbits != 224) &&
  	    (bits != 2048 || qbits != 256) &&
  	    (bits != 3072 || qbits != 256))
@@ -95,7 +96,7 @@ diff -up openssl-1.0.1g/crypto/dsa/dsa.h.fips-reqs openssl-1.0.1g/crypto/dsa/dsa
  #endif
  
  #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
-+#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN 2048
++#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS_GEN (getenv("OPENSSL_ENFORCE_MODULUS_BITS")?2048:1024)
  
  #define DSA_FLAG_CACHE_MONT_P	0x01
  #define DSA_FLAG_NO_EXP_CONSTTIME       0x02 /* new with 0.9.7h; the built-in DSA
@@ -1493,7 +1494,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa
 +	    	return 0;
 +	    	}
 +
-+	if (bits != 2048 && bits != 3072)
++	if ((pbits & 0xFF) || (getenv("OPENSSL_ENFORCE_MODULUS_BITS") && bits != 2048 && bits != 3072))
 +		{
 +		FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN, FIPS_R_INVALID_KEY_LENGTH);
 +		return 0;
@@ -1693,7 +1694,7 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa
  static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  	{
  	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-@@ -176,17 +393,7 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -176,17 +393,12 @@ static int rsa_builtin_keygen(RSA *rsa,
  #ifdef OPENSSL_FIPS
  	if (FIPS_module_mode())
  		{
@@ -1703,16 +1704,16 @@ diff -up openssl-1.0.1g/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1g/crypto/rsa
 -	    	return 0;
 -	    	}
 -
--		if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
--		    {
--		    FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
--		    return 0;
--		    }
+ 		if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS)
+ 		    {
+ 		    FIPSerr(FIPS_F_RSA_BUILTIN_KEYGEN,FIPS_R_KEY_TOO_SHORT);
+ 		    return 0;
+ 		    }
 +		return FIPS_rsa_builtin_keygen(rsa, bits, e_value, cb);
  		}
  #endif
  
-@@ -301,17 +508,6 @@ static int rsa_builtin_keygen(RSA *rsa,
+@@ -301,17 +520,6 @@ static int rsa_builtin_keygen(RSA *rsa,
  		p = rsa->p;
  	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
  

diff --git a/openssl-1.0.1h-session-resumption.patch b/openssl-1.0.1h-session-resumption.patch
new file mode 100644
index 0000000..1d0626f
--- /dev/null
+++ b/openssl-1.0.1h-session-resumption.patch
@@ -0,0 +1,11 @@
+diff -up openssl-1.0.1h/ssl/s3_clnt.c.resumption openssl-1.0.1h/ssl/s3_clnt.c
+--- openssl-1.0.1h/ssl/s3_clnt.c.resumption	2014-06-05 11:44:33.000000000 +0200
++++ openssl-1.0.1h/ssl/s3_clnt.c	2014-06-10 16:35:12.895096670 +0200
+@@ -901,6 +901,7 @@ int ssl3_get_server_hello(SSL *s)
+ 			{
+ 			s->session->cipher = pref_cipher ?
+ 				pref_cipher : ssl_get_cipher_by_char(s, p+j);
++			s->s3->flags |= SSL3_FLAGS_CCS_OK;
+ 			}
+ 		}
+ #endif /* OPENSSL_NO_TLSEXT */

diff --git a/openssl.spec b/openssl.spec
index 667d2a8..9c6ea0d 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1h
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -85,6 +85,7 @@ Patch90: openssl-1.0.1e-enc-fail.patch
 Patch91: openssl-1.0.1e-ssl2-no-ec.patch
 # Backported fixes including security fixes
 Patch81: openssl-1.0.1-beta2-padlock64.patch
+Patch82: openssl-1.0.1h-session-resumption.patch
 Patch84: openssl-1.0.1e-trusted-first.patch
 Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
 Patch89: openssl-1.0.1e-ephemeral-key-size.patch
@@ -206,6 +207,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch91 -p1 -b .ssl2noec
 
 %patch81 -p1 -b .padlock64
+%patch82 -p1 -b .resumption
 %patch84 -p1 -b .trusted-first
 %patch85 -p1 -b .armcap
 %patch89 -p1 -b .ephemeral
@@ -472,6 +474,11 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Tue Jun 10 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1h-3
+- make FIPS mode keygen bit length restriction enforced only when
+  OPENSSL_ENFORCE_MODULUS_BITS is set
+- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1:1.0.1h-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild