rpms / openssl098e

Clone
Source Code
GIT

Blame SOURCES/openssl-fips-0.9.8e-no-pairwise.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta
  1.   c92cf81146758bcd9a03cfbec97a254a566685ed
  2.   SOURCES
  3.   openssl-fips-0.9.8e-no-pairwise.patch
Blob History Raw
c4366c 
Do not call pairwise tests in non-fips mode.
c4366c 
Some possible generated keys might be too small to pass.
c4366c 
diff -up openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c
c4366c 
--- openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c.no-pairwise	2007-09-12 19:46:04.000000000 +0200
c4366c 
+++ openssl-fips-0.9.8e/fips/dsa/fips_dsa_key.c	2009-04-15 11:21:07.000000000 +0200
c4366c 
@@ -154,7 +154,7 @@ static int dsa_builtin_keygen(DSA *dsa)
c4366c 
 	dsa->pub_key=pub_key;
c4366c 
 	if (fips_dsa_pairwise_fail)
c4366c 
 		BN_add_word(dsa->pub_key, 1);
c4366c 
-	if(!fips_check_dsa(dsa))
c4366c 
+	if(FIPS_mode() && !fips_check_dsa(dsa))
c4366c 
 	    goto err;
c4366c 
 	ok=1;
c4366c
c4366c 
diff -up openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c
c4366c 
--- openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c.no-pairwise	2007-09-12 19:46:07.000000000 +0200
c4366c 
+++ openssl-fips-0.9.8e/fips/rsa/fips_rsa_gen.c	2009-04-15 11:21:31.000000000 +0200
c4366c 
@@ -288,7 +288,7 @@ static int rsa_builtin_keygen(RSA *rsa,
c4366c 
 	if (fips_rsa_pairwise_fail)
c4366c 
 		BN_add_word(rsa->n, 1);
c4366c
c4366c 
-	if(!fips_check_rsa(rsa))
c4366c 
+	if(FIPS_mode() && !fips_check_rsa(rsa))
c4366c 
 	    goto err;
c4366c
c4366c 
 	ok=1;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation