rpms / openssl098e

Clone
Source Code
GIT

Blame SOURCES/openssl-fips-0.9.8e-no-pairwise.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   5820f55c83d296decb4f8def2db1aa47ac8b3e88
  2.   SOURCES
  3.   openssl-fips-0.9.8e-no-pairwise.patch
Blob History Raw
5820f5 
Do not call pairwise tests in non-fips mode.
5820f5 
Some possible generated keys might be too small to pass.
5820f5 
diff -up openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c
5820f5 
--- openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise	2007-09-12 19:46:04.000000000 +0200
5820f5 
+++ openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c	2009-04-15 11:21:07.000000000 +0200
5820f5 
@@ -154,7 +154,7 @@ static int dsa_builtin_keygen(DSA *dsa)
5820f5 
 	dsa->pub_key=pub_key;
5820f5 
 	if (fips_dsa_pairwise_fail)
5820f5 
 		BN_add_word(dsa->pub_key, 1);
5820f5 
-	if(!fips_check_dsa(dsa))
5820f5 
+	if(FIPS_mode() && !fips_check_dsa(dsa))
5820f5 
 	    goto err;
5820f5 
 	ok=1;
5820f5
5820f5 
diff -up openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c
5820f5 
--- openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise	2007-09-12 19:46:07.000000000 +0200
5820f5 
+++ openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c	2009-04-15 11:21:31.000000000 +0200
5820f5 
@@ -288,7 +288,7 @@ static int rsa_builtin_keygen(RSA *rsa,
5820f5 
 	if (fips_rsa_pairwise_fail)
5820f5 
 		BN_add_word(rsa->n, 1);
5820f5
5820f5 
-	if(!fips_check_rsa(rsa))
5820f5 
+	if(FIPS_mode() && !fips_check_rsa(rsa))
5820f5 
 	    goto err;
5820f5
5820f5 
 	ok=1;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation