Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2018-08-07 09:40:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Tue Aug 7 09:40:59 2018 rev:14 rq:627062 version:1.0.2o Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2018-03-01 12:04:29.169252579 +0100 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1_0_0.changes 2018-08-07 09:41:01.553095582 +0200 @@ -1,0 +2,25 @@ +Thu Aug 2 10:39:15 UTC 2018 - [email protected] + +- Add openssl(cli) Provide so the packages that require the openssl + binary can require this instead of the new openssl meta package + (bsc#1101470) +- Suggest libopenssl1_0_0-hmac from libopenssl1_0_0 package to avoid + dependency issues during updates (bsc#1090765) +- Don't Require openssl-1_0_0 from the devel package, just Recommend it + +------------------------------------------------------------------- +Wed Aug 1 12:34:02 UTC 2018 - [email protected] + +- update to 1.0.2o + OpenSSL Security Advisory [27 Mar 2018] + * Constructed ASN.1 types with a recursive definition could have + exceeded the stack (bsc#1087102, CVE-2018-0739) +- patches refreshed because of upstream 'sizeof' operator re-format + * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch + * openssl-1.0.2a-fips-ctor.patch + * openssl-1.0.2a-ipv6-apps.patch + * openssl-1.0.2i-fips.patch + * openssl-fips-dont-fall-back-to-default-digest.patch + * openssl-rsakeygen-minimum-distance.patch + +------------------------------------------------------------------- Old: ---- openssl-1.0.2n.tar.gz openssl-1.0.2n.tar.gz.asc New: ---- openssl-1.0.2o.tar.gz openssl-1.0.2o.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.33WWbP/_old 2018-08-07 09:41:02.533097289 +0200 +++ /var/tmp/diff_new_pack.33WWbP/_new 2018-08-07 09:41:02.537097297 +0200 @@ -26,7 +26,7 @@ %define num_version 1.0.0 %define _rname openssl Name: openssl-1_0_0 -Version: 1.0.2n +Version: 1.0.2o Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -97,6 +97,7 @@ BuildRequires: pkgconfig(zlib) Conflicts: ssl Provides: ssl +Provides: openssl(cli) %description OpenSSL is a software library to be used in applications that need to @@ -109,6 +110,8 @@ License: OpenSSL Group: Productivity/Networking/Security Recommends: ca-certificates-mozilla +# install libopenssl and libopenssl-hmac close together (bsc#1090765) +Suggests: libopenssl1_0_0-hmac = %{version}-%{release} %description -n libopenssl1_0_0 OpenSSL is a software library to be used in applications that need to @@ -133,7 +136,7 @@ Summary: Development files for OpenSSL License: OpenSSL Group: Development/Libraries/C and C++ -Requires: %{name} = %{version} +Recommends: %{name} = %{version} Requires: libopenssl1_0_0 = %{version} Requires: pkgconfig(zlib) # we need to have around only the exact version we are able to operate with ++++++ 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch ++++++ --- /var/tmp/diff_new_pack.33WWbP/_old 2018-08-07 09:41:02.577097366 +0200 +++ /var/tmp/diff_new_pack.33WWbP/_new 2018-08-07 09:41:02.581097373 +0200 @@ -4,10 +4,10 @@ Subject: [PATCH] Axe builtin printf implementation, use glibc instead -Index: openssl-1.0.2n/crypto/bio/b_print.c +Index: openssl-1.0.2o/crypto/bio/b_print.c =================================================================== ---- openssl-1.0.2n.orig/crypto/bio/b_print.c 2017-12-07 14:16:38.000000000 +0100 -+++ openssl-1.0.2n/crypto/bio/b_print.c 2017-12-08 12:58:57.592927209 +0100 +--- openssl-1.0.2o.orig/crypto/bio/b_print.c 2018-03-27 15:54:46.000000000 +0200 ++++ openssl-1.0.2o/crypto/bio/b_print.c 2018-08-01 15:31:12.555340969 +0200 @@ -56,17 +56,10 @@ * [including the GNU Public Licence.] */ @@ -616,7 +616,7 @@ - iconvert[iplace++] = "0123456789"[intpart % 10]; - intpart = (intpart / 10); - } while (intpart && (iplace < (int)sizeof(iconvert))); -- if (iplace == sizeof iconvert) +- if (iplace == sizeof(iconvert)) - iplace--; - iconvert[iplace] = 0; - @@ -625,7 +625,7 @@ - fconvert[fplace++] = "0123456789"[fracpart % 10]; - fracpart = (fracpart / 10); - } while (fplace < max); -- if (fplace == sizeof fconvert) +- if (fplace == sizeof(fconvert)) - fplace--; - fconvert[fplace] = 0; - ++++++ openssl-1.0.2a-fips-ctor.patch ++++++ --- /var/tmp/diff_new_pack.33WWbP/_old 2018-08-07 09:41:02.629097457 +0200 +++ /var/tmp/diff_new_pack.33WWbP/_new 2018-08-07 09:41:02.629097457 +0200 @@ -1,7 +1,7 @@ -Index: openssl-1.0.2a/crypto/fips/fips.c +Index: openssl-1.0.2o/crypto/fips/fips.c =================================================================== ---- openssl-1.0.2a.orig/crypto/fips/fips.c 2015-05-24 14:39:51.970094778 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.c 2015-05-24 14:39:53.342114740 +0200 +--- openssl-1.0.2o.orig/crypto/fips/fips.c 2018-08-01 15:25:43.677126982 +0200 ++++ openssl-1.0.2o/crypto/fips/fips.c 2018-08-01 15:25:43.725127304 +0200 @@ -60,6 +60,8 @@ #include <dlfcn.h> #include <stdio.h> @@ -116,10 +116,10 @@ FIPSerr(FIPS_F_FIPS_MODULE_MODE_SET, FIPS_R_FINGERPRINT_DOES_NOT_MATCH); fips_selftest_fail = 1; -Index: openssl-1.0.2a/crypto/fips/fips.h +Index: openssl-1.0.2o/crypto/fips/fips.h =================================================================== ---- openssl-1.0.2a.orig/crypto/fips/fips.h 2015-05-24 14:39:51.971094793 +0200 -+++ openssl-1.0.2a/crypto/fips/fips.h 2015-05-24 14:39:53.343114755 +0200 +--- openssl-1.0.2o.orig/crypto/fips/fips.h 2018-08-01 15:25:43.713127225 +0200 ++++ openssl-1.0.2o/crypto/fips/fips.h 2018-08-01 15:25:43.725127304 +0200 @@ -74,6 +74,7 @@ extern "C" { int FIPS_module_mode_set(int onoff, const char *auth); @@ -128,10 +128,10 @@ const void *FIPS_rand_check(void); int FIPS_selftest(void); int FIPS_selftest_failed(void); -Index: openssl-1.0.2a/crypto/o_init.c +Index: openssl-1.0.2o/crypto/o_init.c =================================================================== ---- openssl-1.0.2a.orig/crypto/o_init.c 2015-05-24 14:39:51.971094793 +0200 -+++ openssl-1.0.2a/crypto/o_init.c 2015-05-24 14:40:19.351493153 +0200 +--- openssl-1.0.2o.orig/crypto/o_init.c 2018-08-01 15:25:43.693127089 +0200 ++++ openssl-1.0.2o/crypto/o_init.c 2018-08-01 15:25:43.725127304 +0200 @@ -72,6 +72,9 @@ static void init_fips_mode(void) char buf[2] = "0"; int fd; @@ -156,8 +156,8 @@ + FIPS_selftest_check(); } } - #endif -@@ -94,13 +101,16 @@ static void init_fips_mode(void) + +@@ -99,13 +106,16 @@ void FIPS_crypto_set_id_callback(unsigne * sets FIPS callbacks */ ++++++ openssl-1.0.2a-ipv6-apps.patch ++++++ --- /var/tmp/diff_new_pack.33WWbP/_old 2018-08-07 09:41:02.641097478 +0200 +++ /var/tmp/diff_new_pack.33WWbP/_new 2018-08-07 09:41:02.641097478 +0200 @@ -1,6 +1,7 @@ -diff -up openssl-1.0.2a/apps/s_apps.h.ipv6-apps openssl-1.0.2a/apps/s_apps.h ---- openssl-1.0.2a/apps/s_apps.h.ipv6-apps 2015-04-20 15:01:24.029120104 +0200 -+++ openssl-1.0.2a/apps/s_apps.h 2015-04-20 15:05:00.353137701 +0200 +diff --git a/apps/s_apps.h b/apps/s_apps.h +index 5ba1e1d..0020e23 100644 +--- a/apps/s_apps.h ++++ b/apps/s_apps.h @@ -151,7 +151,7 @@ typedef fd_mask fd_set; #define PORT_STR "4433" #define PROTOCOL "tcp" @@ -10,7 +11,7 @@ int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept); -@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SS +@@ -167,11 +167,10 @@ int ssl_print_point_formats(BIO *out, SSL *s); int ssl_print_curves(BIO *out, SSL *s, int noshared); #endif int ssl_print_tmp_key(BIO *out, SSL *s); @@ -24,10 +25,11 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); -diff -up openssl-1.0.2a/apps/s_client.c.ipv6-apps openssl-1.0.2a/apps/s_client.c ---- openssl-1.0.2a/apps/s_client.c.ipv6-apps 2015-04-20 15:01:24.022119942 +0200 -+++ openssl-1.0.2a/apps/s_client.c 2015-04-20 15:06:42.338503234 +0200 -@@ -662,7 +662,7 @@ int MAIN(int argc, char **argv) +diff --git a/apps/s_client.c b/apps/s_client.c +index c855668..00b5620 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -668,7 +668,7 @@ int MAIN(int argc, char **argv) int cbuf_len, cbuf_off; int sbuf_len, sbuf_off; fd_set readfds, writefds; @@ -36,7 +38,7 @@ int full_log = 1; char *host = SSL_HOST_NAME; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL; -@@ -785,13 +785,11 @@ int MAIN(int argc, char **argv) +@@ -792,13 +792,11 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv, "-port") == 0) { if (--argc < 1) goto bad; @@ -52,7 +54,7 @@ goto bad; } else if (strcmp(*argv, "-verify") == 0) { verify = SSL_VERIFY_PEER; -@@ -1417,7 +1415,7 @@ int MAIN(int argc, char **argv) +@@ -1449,7 +1447,7 @@ int MAIN(int argc, char **argv) re_start: @@ -61,10 +63,11 @@ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error()); SHUTDOWN(s); goto end; -diff -up openssl-1.0.2a/apps/s_server.c.ipv6-apps openssl-1.0.2a/apps/s_server.c ---- openssl-1.0.2a/apps/s_server.c.ipv6-apps 2015-04-20 15:01:24.030120127 +0200 -+++ openssl-1.0.2a/apps/s_server.c 2015-04-20 15:10:47.245187746 +0200 -@@ -1061,7 +1061,7 @@ int MAIN(int argc, char *argv[]) +diff --git a/apps/s_server.c b/apps/s_server.c +index 6d407dd..5ce1a7c 100644 +--- a/apps/s_server.c ++++ b/apps/s_server.c +@@ -1082,7 +1082,7 @@ int MAIN(int argc, char *argv[]) { X509_VERIFY_PARAM *vpm = NULL; int badarg = 0; @@ -73,7 +76,7 @@ char *CApath = NULL, *CAfile = NULL; char *chCApath = NULL, *chCAfile = NULL; char *vfyCApath = NULL, *vfyCAfile = NULL; -@@ -1148,7 +1148,8 @@ int MAIN(int argc, char *argv[]) +@@ -1170,7 +1170,8 @@ int MAIN(int argc, char *argv[]) if ((strcmp(*argv, "-port") == 0) || (strcmp(*argv, "-accept") == 0)) { if (--argc < 1) goto bad; @@ -83,7 +86,7 @@ goto bad; } else if (strcmp(*argv, "-naccept") == 0) { if (--argc < 1) -@@ -2020,13 +2021,13 @@ int MAIN(int argc, char *argv[]) +@@ -2064,13 +2065,13 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "ACCEPT\n"); (void)BIO_flush(bio_s_out); if (rev) @@ -100,10 +103,11 @@ naccept); print_stats(bio_s_out, ctx); ret = 0; -diff -up openssl-1.0.2a/apps/s_socket.c.ipv6-apps openssl-1.0.2a/apps/s_socket.c ---- openssl-1.0.2a/apps/s_socket.c.ipv6-apps 2015-03-19 14:30:36.000000000 +0100 -+++ openssl-1.0.2a/apps/s_socket.c 2015-04-20 15:32:53.960079507 +0200 -@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(cha +diff --git a/apps/s_socket.c b/apps/s_socket.c +index 83624ca..6c24dc6 100644 +--- a/apps/s_socket.c ++++ b/apps/s_socket.c +@@ -106,9 +106,7 @@ static struct hostent *GetHostByName(char *name); static void ssl_sock_cleanup(void); # endif static int ssl_sock_init(void); @@ -123,7 +127,7 @@ { - unsigned char ip[4]; - -- memset(ip, '\0', sizeof ip); +- memset(ip, '\0', sizeof(ip)); - if (!host_ip(host, &(ip[0]))) - return 0; - return init_client_ip(sock, ip, port, type); @@ -155,13 +159,12 @@ - s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); - else /* ( type == SOCK_DGRAM) */ - s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); -- -- if (s == INVALID_SOCKET) { -- perror("socket"); + memset(&hints, '\0', sizeof(hints)); + hints.ai_socktype = type; + hints.ai_flags = AI_ADDRCONFIG; -+ + +- if (s == INVALID_SOCKET) { +- perror("socket"); + e = getaddrinfo(host, port, &hints, &res); + if (e) { + fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); @@ -196,17 +199,16 @@ } - } # endif -- -- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { -- closesocket(s); -- perror("connect"); -- return (0); + if (connect(s, (struct sockaddr *)res->ai_addr, res->ai_addrlen) == 0) { + freeaddrinfo(res0); + *sock = s; + return (1); + } -+ + +- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) { +- closesocket(s); +- perror("connect"); +- return (0); + failed_call = "socket"; + nextres: + if (s != INVALID_SOCKET) @@ -227,7 +229,7 @@ int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept) -@@ -328,69 +327,89 @@ int do_server(int port, int type, int *r +@@ -328,69 +327,89 @@ int do_server(int port, int type, int *ret, } } @@ -295,7 +297,7 @@ # if defined SOL_SOCKET && defined SO_REUSEADDR - { - int j = 1; -- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j); +- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof(j)); - } -# endif - if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) { @@ -364,7 +366,7 @@ int len; /* struct linger ling; */ -@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int * +@@ -432,134 +451,60 @@ static int do_accept(int acc_sock, int *sock, char **host) ling.l_onoff=1; ling.l_linger=0; i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); @@ -426,10 +428,11 @@ +int extract_host_port(char *str, char **host_ptr, char **port_ptr) { - char *h, *p; -+ char *h, *p, *x; - +- - h = str; - p = strchr(str, ':'); ++ char *h, *p, *x; ++ + x = h = str; + if (*h == '[') { + h++; @@ -523,3 +526,12 @@ return (1); } +@@ -595,7 +540,7 @@ static struct hostent *GetHostByName(char *name) + if (ret == NULL) + return (NULL); + /* else add to cache */ +- if (strlen(name) < sizeof(ghbn_cache[0].name)) { ++ if (strlen(name) < sizeof ghbn_cache[0].name) { + strcpy(ghbn_cache[lowi].name, name); + memcpy((char *)&(ghbn_cache[lowi].ent), ret, + sizeof(struct hostent)); ++++++ openssl-1.0.2i-fips.patch ++++++ ++++ 1349 lines (skipped) ++++ between /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1.0.2i-fips.patch ++++ and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new/openssl-1.0.2i-fips.patch ++++++ openssl-fips-dont-fall-back-to-default-digest.patch ++++++ --- /var/tmp/diff_new_pack.33WWbP/_old 2018-08-07 09:41:02.689097561 +0200 +++ /var/tmp/diff_new_pack.33WWbP/_new 2018-08-07 09:41:02.689097561 +0200 @@ -1,10 +1,10 @@ -Index: openssl-1.0.2i/apps/dgst.c +Index: openssl-1.0.2o/apps/dgst.c =================================================================== ---- openssl-1.0.2i.orig/apps/dgst.c 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/apps/dgst.c 2016-09-23 10:20:02.162323196 +0200 +--- openssl-1.0.2o.orig/apps/dgst.c 2018-03-27 15:54:46.000000000 +0200 ++++ openssl-1.0.2o/apps/dgst.c 2018-08-01 15:32:02.335703669 +0200 @@ -147,7 +147,7 @@ int MAIN(int argc, char **argv) /* first check the program name */ - program_name(argv[0], pname, sizeof pname); + program_name(argv[0], pname, sizeof(pname)); - md = EVP_get_digestbyname(pname); + md = EVP_get_digestbyname_fips_disabled(pname); @@ -20,11 +20,11 @@ md = m; else break; -Index: openssl-1.0.2i/apps/apps.c +Index: openssl-1.0.2o/apps/apps.c =================================================================== ---- openssl-1.0.2i.orig/apps/apps.c 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/apps/apps.c 2016-09-23 10:20:02.162323196 +0200 -@@ -3266,3 +3266,45 @@ int raw_write_stdout(const void *buf, in +--- openssl-1.0.2o.orig/apps/apps.c 2018-03-27 15:54:46.000000000 +0200 ++++ openssl-1.0.2o/apps/apps.c 2018-08-01 15:32:02.335703669 +0200 +@@ -3281,3 +3281,45 @@ int raw_write_stdout(const void *buf, in return write(fileno_stdout(), buf, siz); } #endif @@ -70,10 +70,10 @@ + return ciph; + } + -Index: openssl-1.0.2i/apps/apps.h +Index: openssl-1.0.2o/apps/apps.h =================================================================== ---- openssl-1.0.2i.orig/apps/apps.h 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/apps/apps.h 2016-09-23 10:20:02.162323196 +0200 +--- openssl-1.0.2o.orig/apps/apps.h 2018-03-27 15:54:46.000000000 +0200 ++++ openssl-1.0.2o/apps/apps.h 2018-08-01 15:32:02.335703669 +0200 @@ -348,6 +348,9 @@ void print_cert_checks(BIO *bio, X509 *x void store_setup_crl_download(X509_STORE *st); @@ -84,11 +84,11 @@ # define FORMAT_UNDEF 0 # define FORMAT_ASN1 1 # define FORMAT_TEXT 2 -Index: openssl-1.0.2i/apps/enc.c +Index: openssl-1.0.2o/apps/enc.c =================================================================== ---- openssl-1.0.2i.orig/apps/enc.c 2016-09-22 12:23:06.000000000 +0200 -+++ openssl-1.0.2i/apps/enc.c 2016-09-23 10:20:02.162323196 +0200 -@@ -150,7 +150,7 @@ int MAIN(int argc, char **argv) +--- openssl-1.0.2o.orig/apps/enc.c 2018-03-27 15:54:46.000000000 +0200 ++++ openssl-1.0.2o/apps/enc.c 2018-08-01 15:32:02.335703669 +0200 +@@ -162,7 +162,7 @@ int MAIN(int argc, char **argv) do_zlib = 1; #endif @@ -97,7 +97,7 @@ #ifdef ZLIB if (!do_zlib && !base64 && (cipher == NULL) && (strcmp(pname, "enc") != 0)) -@@ -269,7 +269,7 @@ int MAIN(int argc, char **argv) +@@ -281,7 +281,7 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv, "-non-fips-allow") == 0) non_fips_allow = 1; else if ((argv[0][0] == '-') && @@ -106,7 +106,7 @@ cipher = c; } else if (strcmp(*argv, "-none") == 0) cipher = NULL; -@@ -322,6 +322,10 @@ int MAIN(int argc, char **argv) +@@ -336,6 +336,10 @@ int MAIN(int argc, char **argv) argv++; } @@ -117,7 +117,7 @@ e = setup_engine(bio_err, engine, 0); if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { -@@ -338,7 +342,7 @@ int MAIN(int argc, char **argv) +@@ -350,7 +354,7 @@ int MAIN(int argc, char **argv) goto end; } ++++++ openssl-rsakeygen-minimum-distance.patch ++++++ --- /var/tmp/diff_new_pack.33WWbP/_old 2018-08-07 09:41:02.737097645 +0200 +++ /var/tmp/diff_new_pack.33WWbP/_new 2018-08-07 09:41:02.737097645 +0200 @@ -1,8 +1,8 @@ -Index: openssl-1.0.2n/crypto/rsa/rsa_gen.c +Index: openssl-1.0.2o/crypto/rsa/rsa_gen.c =================================================================== ---- openssl-1.0.2n.orig/crypto/rsa/rsa_gen.c 2017-12-08 13:33:38.057375249 +0100 -+++ openssl-1.0.2n/crypto/rsa/rsa_gen.c 2017-12-08 13:35:47.875450121 +0100 -@@ -466,6 +466,19 @@ static int rsa_builtin_keygen(RSA *rsa, +--- openssl-1.0.2o.orig/crypto/rsa/rsa_gen.c 2018-08-01 15:31:30.231469757 +0200 ++++ openssl-1.0.2o/crypto/rsa/rsa_gen.c 2018-08-01 15:31:30.395470952 +0200 +@@ -467,6 +467,19 @@ static int rsa_builtin_keygen(RSA *rsa, bitsp = (bits + 1) / 2; bitsq = bits - bitsp; @@ -22,7 +22,7 @@ /* We need the RSA components non-NULL */ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) goto err; -@@ -491,6 +504,8 @@ static int rsa_builtin_keygen(RSA *rsa, +@@ -493,6 +506,8 @@ static int rsa_builtin_keygen(RSA *rsa, for (;;) { if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) goto err; @@ -30,8 +30,8 @@ + continue; if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) -@@ -503,10 +518,17 @@ static int rsa_builtin_keygen(RSA *rsa, + ERR_set_mark(); +@@ -514,10 +529,17 @@ static int rsa_builtin_keygen(RSA *rsa, if (!BN_GENCB_call(cb, 3, 0)) goto err; for (;;) { @@ -52,4 +52,4 @@ + continue; if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) + ERR_set_mark();
