drop read lock in fips_drbg_status that is unnecessary

and causes deadlock when reseeding (#1400922)
2016-12-02 18:03:13 +01:00 · 2016-12-02 18:03:13 +01:00 · 94c1cf7e19
parent d0c38b1fe6
commit 94c1cf7e19
2 changed files with 6 additions and 4 deletions
--- a/openssl-1.0.2i-fips.patch
+++ b/openssl-1.0.2i-fips.patch
@ -4997,7 +4997,7 @@ diff -up openssl-1.0.2i/crypto/fips/fips_drbg_lib.c.fips openssl-1.0.2i/crypto/f
 diff -up openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2i/crypto/fips/fips_drbg_rand.c
 --- openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips	2016-09-22 13:35:57.015220951 +0200
 +++ openssl-1.0.2i/crypto/fips/fips_drbg_rand.c	2016-09-22 13:35:57.015220951 +0200
-@@ -0,0 +1,166 @@
+@@ -0,0 +1,164 @@
 +/* fips/rand/fips_drbg_rand.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 + * project.
@ -5121,9 +5121,7 @@ diff -up openssl-1.0.2i/crypto/fips/fips_drbg_rand.c.fips openssl-1.0.2i/crypto/
 +{
 +    DRBG_CTX *dctx = &ossl_dctx;
 +    int rv;
 +    CRYPTO_r_lock(CRYPTO_LOCK_RAND);
 +    rv = dctx->status == DRBG_STATUS_READY ? 1 : 0;
 +    CRYPTO_r_unlock(CRYPTO_LOCK_RAND);
 +    return rv;
 +}
 +
--- a/openssl.spec
+++ b/openssl.spec
@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.2j
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@ -508,6 +508,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 %changelog
 * Fri Dec  2 2016 Tomáš Mráz <tmraz@redhat.com> 1.0.2j-2
 - drop read lock in fips_drbg_status that is unnecessary
  and causes deadlock when reseeding (#1400922)
 * Fri Oct 07 2016 Richard W.M. Jones <rjones@redhat.com> - 1:1.0.2j-2
 - Add flags for riscv64.