fix random bad record mac errors (#918981)
This commit is contained in:
Tomas Mraz
parent
9cf55df55b
commit
64e30c5369
33
openssl-1.0.1e-bad-mac.patch
Normal file
33
openssl-1.0.1e-bad-mac.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
|
||||
From: Andy Polyakov <appro@openssl.org>
|
||||
Date: Mon, 18 Mar 2013 19:29:41 +0100
|
||||
Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
|
||||
plaforms.
|
||||
|
||||
PR: 3002
|
||||
(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
|
||||
---
|
||||
crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
|
||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
index 483e04b..fb2c884 100644
|
||||
--- a/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
|
||||
@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
|
||||
|
||||
if (res!=SHA_CBLOCK) continue;
|
||||
|
||||
- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
|
||||
+ /* j is not incremented yet */
|
||||
+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
|
||||
data->u[SHA_LBLOCK-1] |= bitlen&mask;
|
||||
sha1_block_data_order(&key->md,data,1);
|
||||
- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
|
||||
+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
|
||||
pmac->u[0] |= key->md.h0 & mask;
|
||||
pmac->u[1] |= key->md.h1 & mask;
|
||||
pmac->u[2] |= key->md.h2 & mask;
|
||||
--
|
||||
1.7.9.5
|
||||
|
||||
@ -21,7 +21,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.1e
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -71,6 +71,7 @@ Patch69: openssl-1.0.1c-dh-1024.patch
|
||||
# Backported fixes including security fixes
|
||||
Patch81: openssl-1.0.1-beta2-padlock64.patch
|
||||
Patch82: openssl-1.0.1e-backports.patch
|
||||
Patch83: openssl-1.0.1e-bad-mac.patch
|
||||
|
||||
License: OpenSSL
|
||||
Group: System Environment/Libraries
|
||||
@ -174,6 +175,7 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
|
||||
%patch81 -p1 -b .padlock64
|
||||
%patch82 -p1 -b .backports
|
||||
%patch83 -p1 -b .bad-mac
|
||||
|
||||
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
|
||||
|
||||
@ -431,6 +433,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Mon Mar 18 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-4
|
||||
- fix random bad record mac errors (#918981)
|
||||
|
||||
* Tue Feb 19 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-3
|
||||
- fix up the SHLIB_VERSION_NUMBER
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user