diff --git a/openssl-1.0.2i-fips.patch b/openssl-1.0.2i-fips.patch index 591c788..669922c 100644 --- a/openssl-1.0.2i-fips.patch +++ b/openssl-1.0.2i-fips.patch @@ -4997,7 +4997,7 @@ diff -up openssl-1.0.2i/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2i/crypto/f diff -up openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_rand.c --- openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips 2016-09-22 13:35:57.015220951 +0200 +++ openssl-1.0.2i/crypto/fips/fips_drbg_rand.c 2016-09-22 13:35:57.015220951 +0200 -@@ -0,0 +1,166 @@ +@@ -0,0 +1,164 @@ +/* fips/rand/fips_drbg_rand.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. @@ -5121,9 +5121,7 @@ diff -up openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2i/crypto/ +{ + DRBG_CTX *dctx = &ossl_dctx; + int rv; -+ CRYPTO_r_lock(CRYPTO_LOCK_RAND); + rv = dctx->status == DRBG_STATUS_READY ? 1 : 0; -+ CRYPTO_r_unlock(CRYPTO_LOCK_RAND); + return rv; +} + diff --git a/openssl.spec b/openssl.spec index cae02e0..444d8b4 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.2j -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -508,6 +508,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Fri Dec 2 2016 Tomáš Mráz 1.0.2j-2 +- drop read lock in fips_drbg_status that is unnecessary + and causes deadlock when reseeding (#1400922) + * Fri Oct 07 2016 Richard W.M. Jones - 1:1.0.2j-2 - Add flags for riscv64.