fix bug in the CRYPTO_128_unwrap()

This commit is contained in:
Tomas Mraz 2015-03-16 18:02:06 +01:00
parent 303fb7be60
commit 446f9bea43
2 changed files with 9 additions and 6 deletions

View File

@ -1074,17 +1074,17 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
+ unsigned char got_iv[8]; + unsigned char got_iv[8];
+ +
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block); + ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
+ if (ret != inlen) + if (ret == 0)
+ return ret; + return 0;
+ +
+ if (!iv) + if (!iv)
+ iv = default_iv; + iv = default_iv;
+ if (CRYPTO_memcmp(out, iv, 8)) + if (CRYPTO_memcmp(got_iv, iv, 8))
+ { + {
+ OPENSSL_cleanse(out, inlen); + OPENSSL_cleanse(out, ret);
+ return 0; + return 0;
+ } + }
+ return inlen; + return ret;
+ } + }
+ +
+/** Wrapping according to RFC 5649 section 4.1. +/** Wrapping according to RFC 5649 section 4.1.

View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1k Version: 1.0.1k
Release: 4%{?dist} Release: 5%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-5
- fix bug in the CRYPTO_128_unwrap()
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4 * Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
- fix bug in the RFC 5649 support (#1185878) - fix bug in the RFC 5649 support (#1185878)