[rpms/openssl] rebase_40beta: do not break contract on return value when using dsa_builtin

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/openssl] rebase_40beta: do not break contract on return value when using dsa_builtin_paramgen2()
@ 2026-06-09 12:43 Tomas Mraz
  0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
  To: git-commits

A new commit has been pushed.

Repo   : rpms/openssl
Branch : rebase_40beta
Commit : c7fc8d6daa1128187f9925215fc03c9c0700a2c9
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date   : 2016-10-17T13:06:36+02:00
Stats  : +23/-2 in 2 file(s)
URL    : https://src.fedoraproject.org/rpms/openssl/c/c7fc8d6daa1128187f9925215fc03c9c0700a2c9?branch=rebase_40beta

Log:
do not break contract on return value when using dsa_builtin_paramgen2()

---
diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch
index 215ef87..fac9fbf 100644
--- a/openssl-1.1.0-fips.patch
+++ b/openssl-1.1.0-fips.patch
@@ -388,7 +388,16 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
  
  int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                           const EVP_MD *evpmd, const unsigned char *seed_in,
-@@ -315,6 +344,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
+@@ -301,7 +330,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+                           int *counter_ret, unsigned long *h_ret,
+                           BN_GENCB *cb)
+ {
+-    int ok = -1;
++    int ok = 0;
+     unsigned char *seed = NULL, *seed_tmp = NULL;
+     unsigned char md[EVP_MAX_MD_SIZE];
+     int mdsize;
+@@ -318,6 +347,20 @@ int dsa_builtin_paramgen2(DSA *ret, size
      if (mctx == NULL)
          goto err;
  
@@ -409,6 +418,15 @@ diff -up openssl-1.1.0/crypto/dsa/dsa_gen.c.fips openssl-1.1.0/crypto/dsa/dsa_ge
      if (evpmd == NULL) {
          if (N == 160)
              evpmd = EVP_sha1();
+@@ -579,7 +622,7 @@ int dsa_builtin_paramgen2(DSA *ret, size
+         BN_free(ret->g);
+         ret->g = BN_dup(g);
+         if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+-            ok = -1;
++            ok = 0;
+             goto err;
+         }
+         if (counter_ret != NULL)
 diff -up openssl-1.1.0/crypto/dsa/dsa_key.c.fips openssl-1.1.0/crypto/dsa/dsa_key.c
 --- openssl-1.1.0/crypto/dsa/dsa_key.c.fips	2016-08-25 17:29:20.000000000 +0200
 +++ openssl-1.1.0/crypto/dsa/dsa_key.c	2016-09-08 11:37:38.735459940 +0200

diff --git a/openssl.spec b/openssl.spec
index e397c23..48fc0d3 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.0b
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -425,6 +425,9 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-3
+- do not break contract on return value when using dsa_builtin_paramgen2()
+
 * Wed Oct 12 2016 Tomáš Mráz <tmraz@redhat.com> 1.1.0b-2
 - fix afalg failure on big endian
 

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: do not break contract on return value when using dsa_builtin_paramgen2() Tomas Mraz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox