fix bug in the CRYPTO_128_unwrap()

This commit is contained in:
Tomas Mraz 2015-03-16 18:02:06 +01:00
parent 303fb7be60
commit 446f9bea43
2 changed files with 9 additions and 6 deletions

View File

@ -1074,17 +1074,17 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
+ unsigned char got_iv[8];
+
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
+ if (ret != inlen)
+ return ret;
+ if (ret == 0)
+ return 0;
+
+ if (!iv)
+ iv = default_iv;
+ if (CRYPTO_memcmp(out, iv, 8))
+ if (CRYPTO_memcmp(got_iv, iv, 8))
+ {
+ OPENSSL_cleanse(out, inlen);
+ OPENSSL_cleanse(out, ret);
+ return 0;
+ }
+ return inlen;
+ return ret;
+ }
+
+/** Wrapping according to RFC 5649 section 4.1.

View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1k
Release: 4%{?dist}
Release: 5%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-5
- fix bug in the CRYPTO_128_unwrap()
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
- fix bug in the RFC 5649 support (#1185878)