fix bug in the RFC 5649 support (#1185878)

This commit is contained in:
Tomas Mraz 2015-02-27 15:54:36 +01:00
parent 1804d4c857
commit 303fb7be60
2 changed files with 7 additions and 4 deletions

View File

@ -1105,7 +1105,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
+ const unsigned char *in, size_t inlen, block128_f block) + const unsigned char *in, size_t inlen, block128_f block)
+ { + {
+ /* n: number of 64-bit blocks in the padded key data */ + /* n: number of 64-bit blocks in the padded key data */
+ const size_t blocks_padded = (inlen + 8) / 8; + const size_t blocks_padded = (inlen + 7) / 8;
+ const size_t padded_len = blocks_padded * 8; + const size_t padded_len = blocks_padded * 8;
+ const size_t padding_len = padded_len - inlen; + const size_t padding_len = padded_len - inlen;
+ /* RFC 5649 section 3: Alternative Initial Value */ + /* RFC 5649 section 3: Alternative Initial Value */
@ -1139,7 +1139,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
+ block(out, out, key); + block(out, out, key);
+ ret = 16; /* AIV + padded input */ + ret = 16; /* AIV + padded input */
+ } + }
+ else + else
+ { + {
+ memmove(out, in, inlen); + memmove(out, in, inlen);
+ memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ + memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
@ -1197,7 +1197,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
+ memmove(out, out + 8, 8); + memmove(out, out + 8, 8);
+ padded_len = 8; + padded_len = 8;
+ } + }
+ else + else
+ { + {
+ padded_len = inlen - 8; + padded_len = inlen - 8;
+ ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); + ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block);

View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1k Version: 1.0.1k
Release: 3%{?dist} Release: 4%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
- fix bug in the RFC 5649 support (#1185878)
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:1.0.1k-3 * Sat Feb 21 2015 Till Maas <opensource@till.name> - 1:1.0.1k-3
- Rebuilt for Fedora 23 Change - Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code