Hello community, here is the log from the commit of package openssl checked in at Mon Nov 5 23:50:52 CET 2007. -------- --- openssl/openssl.changes 2007-10-22 15:38:49.000000000 +0200 +++ /mounts/work_src_done/STABLE/openssl/openssl.changes 2007-11-05 14:29:52.000000000 +0100 @@ -1,0 +2,5 @@ +Mon Nov 5 14:27:06 CET 2007 - mkoenig@suse.de + +- fix Diffie-Hellman failure with certain prime lengths + +------------------------------------------------------------------- New: ---- openssl-0.9.8g-fix_dh_for_certain_moduli.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl.spec ++++++ --- /var/tmp/diff_new_pack.I18489/_old 2007-11-05 23:50:32.000000000 +0100 +++ /var/tmp/diff_new_pack.I18489/_new 2007-11-05 23:50:32.000000000 +0100 @@ -19,7 +19,7 @@ Provides: ssl AutoReqProv: on Version: 0.9.8g -Release: 1 +Release: 4 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -36,6 +36,7 @@ #Patch10: openssl-0.9.7d-ICA_engine-jun142004.patch.bz2 Patch6: openssl-0.9.8a.ca-app-segfault.bug128655.dif Patch7: bswap.diff +Patch8: openssl-0.9.8g-fix_dh_for_certain_moduli.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -191,6 +192,7 @@ #%patch10 -p1 %patch6 -p1 %patch7 +%patch8 -p1 cp -p %{S:10} . cp -p %{S:20} certs/ cp -p %{S:21} certs/ @@ -405,6 +407,8 @@ %defattr(-, root, root) %{ssletcdir}/certs %changelog +* Mon Nov 05 2007 - mkoenig@suse.de +- fix Diffie-Hellman failure with certain prime lengths * Mon Oct 22 2007 - mkoenig@suse.de - update to version 0.9.8g: * fix some bugs introduced with 0.9.8f ++++++ openssl-0.9.8g-fix_dh_for_certain_moduli.patch ++++++ --- a/crypto/bn/bn_mul.c 2007/07/08 18:53:03 1.37 +++ b/crypto/bn/bn_mul.c 2007/11/03 20:09:04 1.38 @@ -389,6 +389,7 @@ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) * a[1]*b[1] */ +/* dnX may not be positive, but n2/2+dnX has to be */ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna, int dnb, BN_ULONG *t) { @@ -398,7 +399,7 @@ BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); + fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); # endif # ifdef BN_MUL_COMBA # if 0 @@ -545,6 +546,7 @@ /* n+tn is the word length * t needs to be n*4 is size, as does r */ +/* tnX may not be negative but less than n */ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, int tnb, BN_ULONG *t) { @@ -553,8 +555,8 @@ BN_ULONG ln,lo,*p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", - tna, n, tnb, n); + fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n", + n, tna, n, tnb); # endif if (n < 8) { @@ -655,16 +657,19 @@ for (;;) { i/=2; - if (i <= tna && tna == tnb) + /* these simplified conditions work + * exclusively because difference + * between tna and tnb is 1 or 0 */ + if (i < tna || i < tnb) { - bn_mul_recursive(&(r[n2]), + bn_mul_part_recursive(&(r[n2]), &(a[n]),&(b[n]), i,tna-i,tnb-i,p); break; } - else if (i < tna || i < tnb) + else if (i == tna || i == tnb) { - bn_mul_part_recursive(&(r[n2]), + bn_mul_recursive(&(r[n2]), &(a[n]),&(b[n]), i,tna-i,tnb-i,p); break; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de