From 43793fab84041cfc5c60c0151d1591b8a69fb24a Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 25 Aug 2018 07:36:27 +0100
Subject: gentoo resync : 25.08.2018

---
 .../files/openssl-1.1.0h-CVE-2018-0732.patch       | 39 ----------------------
 .../files/openssl-1.1.0h-CVE-2018-0737.patch       | 31 -----------------
 2 files changed, 70 deletions(-)
 delete mode 100644 dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
 delete mode 100644 dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch

(limited to 'dev-libs/openssl/files')

diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
deleted file mode 100644
index e7dfba43f2a5..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index fce9ff47f36..58003d70878 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
-     int ok = 0;
-     int generate_new_key = 0;
-     unsigned l;
--    BN_CTX *ctx;
-+    BN_CTX *ctx = NULL;
-     BN_MONT_CTX *mont = NULL;
-     BIGNUM *pub_key = NULL, *priv_key = NULL;
- 
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;
diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch
deleted file mode 100644
index 34c9cc02fa71..000000000000
--- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
-From: Billy Brumley <bbrumley@gmail.com>
-Date: Wed, 11 Apr 2018 10:10:58 +0300
-Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
- both get called with BN_FLG_CONSTTIME flag set.
-
-CVE-2018-0737
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
----
- crypto/rsa/rsa_gen.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index 9ca5dfe..42b89a8 100644
---- a/crypto/rsa/rsa_gen.c
-+++ b/crypto/rsa/rsa_gen.c
-@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-     if (BN_copy(rsa->e, e_value) == NULL)
-         goto err;
- 
-+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-     BN_set_flags(r2, BN_FLG_CONSTTIME);
-     /* generate p and q */
-     for (;;) {
--- 
-2.7.4
-
-- 
cgit v1.2.3