File openssl-CVE-2011-5095.patch of Package compat-openssl098.1339

Index: openssl-0.9.8j/fips/dh/fips_dh_key.c
===================================================================
--- openssl-0.9.8j.orig/fips/dh/fips_dh_key.c
+++ openssl-0.9.8j/fips/dh/fips_dh_key.c
@@ -189,6 +189,7 @@ static int compute_key(unsigned char *ke
 	BN_MONT_CTX *mont=NULL;
 	BIGNUM *tmp;
 	int ret= -1;
+	int check_result;
 
 	ctx = BN_CTX_new();
 	if (ctx == NULL) goto err;
@@ -227,6 +228,12 @@ static int compute_key(unsigned char *ke
 			goto err;
 		}
 
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+		{
+		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+		goto err;
+		}
+
 	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);