From 5d5075d4c92ad3014b234e3ba27f1367abe9b2dc Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 5 Apr 2018 16:44:48 +0200 Subject: [PATCH] Fix mistake in the FIPS RSA keygen causing key generation failures. --- openssl-1.1.0-fips.patch | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/openssl-1.1.0-fips.patch b/openssl-1.1.0-fips.patch index 622d039..66f727d 100644 --- a/openssl-1.1.0-fips.patch +++ b/openssl-1.1.0-fips.patch @@ -11009,16 +11009,16 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ + goto err; + if (r > 0) + break; -+ } -+ error = ERR_peek_last_error(); -+ if (ERR_GET_LIB(error) == ERR_LIB_BN -+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { -+ /* GCD != 1 */ -+ ERR_pop_to_mark(); + } else { -+ goto err; ++ error = ERR_peek_last_error(); ++ if (ERR_GET_LIB(error) == ERR_LIB_BN ++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ /* GCD != 1 */ ++ ERR_pop_to_mark(); ++ } else { ++ goto err; ++ } + } -+ + if (!BN_GENCB_call(cb, 2, n++)) + goto err; + } @@ -11060,16 +11060,16 @@ diff -up openssl-1.1.0h/crypto/rsa/rsa_gen.c.fips openssl-1.1.0h/crypto/rsa/rsa_ + goto err; + if (r > 0) + break; -+ } -+ error = ERR_peek_last_error(); -+ if (ERR_GET_LIB(error) == ERR_LIB_BN -+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { -+ /* GCD != 1 */ -+ ERR_pop_to_mark(); + } else { -+ goto err; ++ error = ERR_peek_last_error(); ++ if (ERR_GET_LIB(error) == ERR_LIB_BN ++ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { ++ /* GCD != 1 */ ++ ERR_pop_to_mark(); ++ } else { ++ goto err; ++ } + } -+ + if (!BN_GENCB_call(cb, 2, n++)) + goto err; + }