fix bug in the CRYPTO_128_unwrap()
This commit is contained in:
parent
303fb7be60
commit
446f9bea43
@ -1074,17 +1074,17 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
|
|||||||
+ unsigned char got_iv[8];
|
+ unsigned char got_iv[8];
|
||||||
+
|
+
|
||||||
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
|
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
|
||||||
+ if (ret != inlen)
|
+ if (ret == 0)
|
||||||
+ return ret;
|
+ return 0;
|
||||||
+
|
+
|
||||||
+ if (!iv)
|
+ if (!iv)
|
||||||
+ iv = default_iv;
|
+ iv = default_iv;
|
||||||
+ if (CRYPTO_memcmp(out, iv, 8))
|
+ if (CRYPTO_memcmp(got_iv, iv, 8))
|
||||||
+ {
|
+ {
|
||||||
+ OPENSSL_cleanse(out, inlen);
|
+ OPENSSL_cleanse(out, ret);
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+ }
|
+ }
|
||||||
+ return inlen;
|
+ return ret;
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
+/** Wrapping according to RFC 5649 section 4.1.
|
+/** Wrapping according to RFC 5649 section 4.1.
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.0.1k
|
Version: 1.0.1k
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-5
|
||||||
|
- fix bug in the CRYPTO_128_unwrap()
|
||||||
|
|
||||||
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
|
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
|
||||||
- fix bug in the RFC 5649 support (#1185878)
|
- fix bug in the RFC 5649 support (#1185878)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user