From 303fb7be60f6c0d835433672a40a01662a2e955e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 27 Feb 2015 15:54:36 +0100 Subject: [PATCH] fix bug in the RFC 5649 support (#1185878) --- openssl-1.0.1j-evp-wrap.patch | 6 +++--- openssl.spec | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/openssl-1.0.1j-evp-wrap.patch b/openssl-1.0.1j-evp-wrap.patch index 5e60d76..48af529 100644 --- a/openssl-1.0.1j-evp-wrap.patch +++ b/openssl-1.0.1j-evp-wrap.patch @@ -1105,7 +1105,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/ + const unsigned char *in, size_t inlen, block128_f block) + { + /* n: number of 64-bit blocks in the padded key data */ -+ const size_t blocks_padded = (inlen + 8) / 8; ++ const size_t blocks_padded = (inlen + 7) / 8; + const size_t padded_len = blocks_padded * 8; + const size_t padding_len = padded_len - inlen; + /* RFC 5649 section 3: Alternative Initial Value */ @@ -1139,7 +1139,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/ + block(out, out, key); + ret = 16; /* AIV + padded input */ + } -+ else ++ else + { + memmove(out, in, inlen); + memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */ @@ -1197,7 +1197,7 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/ + memmove(out, out + 8, 8); + padded_len = 8; + } -+ else ++ else + { + padded_len = inlen - 8; + ret = crypto_128_unwrap_raw(key, aiv, out, out, inlen, block); diff --git a/openssl.spec b/openssl.spec index 711a2e8..dda1d13 100644 --- a/openssl.spec +++ b/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.1k -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Fri Feb 27 2015 Tomáš Mráz 1.0.1k-4 +- fix bug in the RFC 5649 support (#1185878) + * Sat Feb 21 2015 Till Maas - 1:1.0.1k-3 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code