/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2008-5077.patch
ViewVC logotype

Annotation of /rpms/openssl/sme8/openssl-fips-0.9.8e-cve-2008-5077.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Tue Feb 18 03:03:08 2014 UTC (10 years, 3 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream 
Initial import
1 wellsi 1.1 diff -up openssl-fips-0.9.8e/apps/speed.c.verifysig openssl-fips-0.9.8e/apps/speed.c
2     --- openssl-fips-0.9.8e/apps/speed.c.verifysig 2007-05-21 14:40:06.000000000 +0200
3     +++ openssl-fips-0.9.8e/apps/speed.c 2008-12-16 16:44:22.000000000 +0100
4     @@ -2132,7 +2132,7 @@ int MAIN(int argc, char **argv)
5     {
6     ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
7     rsa_num, rsa_key[j]);
8     - if (ret == 0)
9     + if (ret <= 0)
10     {
11     BIO_printf(bio_err,
12     "RSA verify failure\n");
13     diff -up openssl-fips-0.9.8e/apps/verify.c.verifysig openssl-fips-0.9.8e/apps/verify.c
14     --- openssl-fips-0.9.8e/apps/verify.c.verifysig 2004-11-29 12:28:07.000000000 +0100
15     +++ openssl-fips-0.9.8e/apps/verify.c 2008-12-16 16:44:22.000000000 +0100
16     @@ -266,7 +266,7 @@ static int check(X509_STORE *ctx, char *
17    
18     ret=0;
19     end:
20     - if (i)
21     + if (i > 0)
22     {
23     fprintf(stdout,"OK\n");
24     ret=1;
25     @@ -367,4 +367,3 @@ static int MS_CALLBACK cb(int ok, X509_S
26     ERR_clear_error();
27     return(ok);
28     }
29     -
30     diff -up openssl-fips-0.9.8e/apps/spkac.c.verifysig openssl-fips-0.9.8e/apps/spkac.c
31     --- openssl-fips-0.9.8e/apps/spkac.c.verifysig 2005-04-05 21:11:18.000000000 +0200
32     +++ openssl-fips-0.9.8e/apps/spkac.c 2008-12-16 16:44:22.000000000 +0100
33     @@ -285,7 +285,7 @@ bad:
34     pkey = NETSCAPE_SPKI_get_pubkey(spki);
35     if(verify) {
36     i = NETSCAPE_SPKI_verify(spki, pkey);
37     - if(i) BIO_printf(bio_err, "Signature OK\n");
38     + if (i > 0) BIO_printf(bio_err, "Signature OK\n");
39     else {
40     BIO_printf(bio_err, "Signature Failure\n");
41     ERR_print_errors(bio_err);
42     diff -up openssl-fips-0.9.8e/apps/x509.c.verifysig openssl-fips-0.9.8e/apps/x509.c
43     --- openssl-fips-0.9.8e/apps/x509.c.verifysig 2005-07-16 13:13:03.000000000 +0200
44     +++ openssl-fips-0.9.8e/apps/x509.c 2008-12-16 16:44:22.000000000 +0100
45     @@ -1144,7 +1144,7 @@ static int x509_certify(X509_STORE *ctx,
46     /* NOTE: this certificate can/should be self signed, unless it was
47     * a certificate request in which case it is not. */
48     X509_STORE_CTX_set_cert(&xsc,x);
49     - if (!reqfile && !X509_verify_cert(&xsc))
50     + if (!reqfile && X509_verify_cert(&xsc) <= 0)
51     goto end;
52    
53     if (!X509_check_private_key(xca,pkey))
54     diff -up openssl-fips-0.9.8e/ssl/s2_clnt.c.verifysig openssl-fips-0.9.8e/ssl/s2_clnt.c
55     --- openssl-fips-0.9.8e/ssl/s2_clnt.c.verifysig 2006-09-28 13:29:03.000000000 +0200
56     +++ openssl-fips-0.9.8e/ssl/s2_clnt.c 2008-12-16 16:44:50.000000000 +0100
57     @@ -1044,7 +1044,7 @@ int ssl2_set_certificate(SSL *s, int typ
58    
59     i=ssl_verify_cert_chain(s,sk);
60    
61     - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
62     + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
63     {
64     SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
65     goto err;
66     diff -up openssl-fips-0.9.8e/ssl/s2_srvr.c.verifysig openssl-fips-0.9.8e/ssl/s2_srvr.c
67     --- openssl-fips-0.9.8e/ssl/s2_srvr.c.verifysig 2005-12-05 18:32:20.000000000 +0100
68     +++ openssl-fips-0.9.8e/ssl/s2_srvr.c 2008-12-16 16:47:28.000000000 +0100
69     @@ -1054,7 +1054,7 @@ static int request_certificate(SSL *s)
70    
71     i=ssl_verify_cert_chain(s,sk);
72    
73     - if (i) /* we like the packet, now check the chksum */
74     + if (i > 0) /* we like the packet, now check the chksum */
75     {
76     EVP_MD_CTX ctx;
77     EVP_PKEY *pkey=NULL;
78     @@ -1083,7 +1083,7 @@ static int request_certificate(SSL *s)
79     EVP_PKEY_free(pkey);
80     EVP_MD_CTX_cleanup(&ctx);
81    
82     - if (i)
83     + if (i > 0)
84     {
85     if (s->session->peer != NULL)
86     X509_free(s->session->peer);
87     diff -up openssl-fips-0.9.8e/ssl/s3_clnt.c.verifysig openssl-fips-0.9.8e/ssl/s3_clnt.c
88     --- openssl-fips-0.9.8e/ssl/s3_clnt.c.verifysig 2008-10-31 09:18:53.000000000 +0100
89     +++ openssl-fips-0.9.8e/ssl/s3_clnt.c 2008-12-16 16:44:50.000000000 +0100
90     @@ -886,7 +886,7 @@ int ssl3_get_server_certificate(SSL *s)
91     }
92    
93     i=ssl_verify_cert_chain(s,sk);
94     - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
95     + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
96     #ifndef OPENSSL_NO_KRB5
97     && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
98     != (SSL_aKRB5|SSL_kKRB5)
99     @@ -1373,7 +1373,7 @@ int ssl3_get_key_exchange(SSL *s)
100     EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
101     EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
102     EVP_VerifyUpdate(&md_ctx,param,param_len);
103     - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
104     + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
105     {
106     /* bad signature */
107     al=SSL_AD_DECRYPT_ERROR;
108     @@ -1391,7 +1391,7 @@ int ssl3_get_key_exchange(SSL *s)
109     EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
110     EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
111     EVP_VerifyUpdate(&md_ctx,param,param_len);
112     - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
113     + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
114     {
115     /* bad signature */
116     al=SSL_AD_DECRYPT_ERROR;
117     diff -up openssl-fips-0.9.8e/ssl/ssltest.c.verifysig openssl-fips-0.9.8e/ssl/ssltest.c
118     --- openssl-fips-0.9.8e/ssl/ssltest.c.verifysig 2007-08-21 17:26:51.000000000 +0200
119     +++ openssl-fips-0.9.8e/ssl/ssltest.c 2008-12-16 16:44:50.000000000 +0100
120     @@ -2093,7 +2093,7 @@ static int MS_CALLBACK app_verify_callba
121    
122     if (cb_arg->proxy_auth)
123     {
124     - if (ok)
125     + if (ok > 0)
126     {
127     const char *cond_end = NULL;
128    
129     diff -up openssl-fips-0.9.8e/ssl/s3_srvr.c.verifysig openssl-fips-0.9.8e/ssl/s3_srvr.c
130     --- openssl-fips-0.9.8e/ssl/s3_srvr.c.verifysig 2008-10-31 09:18:53.000000000 +0100
131     +++ openssl-fips-0.9.8e/ssl/s3_srvr.c 2008-12-16 16:44:50.000000000 +0100
132     @@ -2484,7 +2484,7 @@ int ssl3_get_client_certificate(SSL *s)
133     else
134     {
135     i=ssl_verify_cert_chain(s,sk);
136     - if (!i)
137     + if (i <= 0)
138     {
139     al=ssl_verify_alarm_type(s->verify_result);
140     SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed