forked from rpms/openssl
fix bug in the RFC 5649 support (#1185878)
This commit is contained in:
parent
1804d4c857
commit
303fb7be60
@ -1105,7 +1105,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
|
|||||||
+ const unsigned char *in, size_t inlen, block128_f block)
|
+ const unsigned char *in, size_t inlen, block128_f block)
|
||||||
+ {
|
+ {
|
||||||
+ /* n: number of 64-bit blocks in the padded key data */
|
+ /* n: number of 64-bit blocks in the padded key data */
|
||||||
+ const size_t blocks_padded = (inlen + 8) / 8;
|
+ const size_t blocks_padded = (inlen + 7) / 8;
|
||||||
+ const size_t padded_len = blocks_padded * 8;
|
+ const size_t padded_len = blocks_padded * 8;
|
||||||
+ const size_t padding_len = padded_len - inlen;
|
+ const size_t padding_len = padded_len - inlen;
|
||||||
+ /* RFC 5649 section 3: Alternative Initial Value */
|
+ /* RFC 5649 section 3: Alternative Initial Value */
|
||||||
@ -1139,7 +1139,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
|
|||||||
+ block(out, out, key);
|
+ block(out, out, key);
|
||||||
+ ret = 16; /* AIV + padded input */
|
+ ret = 16; /* AIV + padded input */
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ memmove(out, in, inlen);
|
+ memmove(out, in, inlen);
|
||||||
+ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
|
+ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
|
||||||
@ -1197,7 +1197,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
|
|||||||
+ memmove(out, out + 8, 8);
|
+ memmove(out, out + 8, 8);
|
||||||
+ padded_len = 8;
|
+ padded_len = 8;
|
||||||
+ }
|
+ }
|
||||||
+ else
|
+ else
|
||||||
+ {
|
+ {
|
||||||
+ padded_len = inlen - 8;
|
+ padded_len = inlen - 8;
|
||||||
+ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
|
+ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1k
|
Version: 1.0.1k
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
|
||||||
|
- fix bug in the RFC 5649 support (#1185878)
|
||||||
|
|
||||||
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:1.0.1k-3
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:1.0.1k-3
|
||||||
- Rebuilt for Fedora 23 Change
|
- Rebuilt for Fedora 23 Change
|
||||||
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
||||||
|
Loading…
Reference in New Issue
Block a user