rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

drop the AES-GCM restriction of 2^32 operations

Browse Source 
The IV is always 96 bits (32 bit fixed field + 64 bit invocation field).
This commit is contained in:
Tomas Mraz 2015-04-09 13:10:25 +02:00
parent 729d2d0e11
commit 805c06e347
2 changed files with 5 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
openssl-1.0.1i-new-fips-reqs.patch
View File

@ -1034,42 +1034,6 @@ diff -up openssl-1.0.1i/crypto/fips/Makefile.fips-reqs openssl-1.0.1i/crypto/fip
LIBCRYPTO=-L.. -lcrypto LIBCRYPTO=-L.. -lcrypto
diff -up openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1i/crypto/modes/gcm128.c
--- openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs 2014-08-13 19:58:06.740830781 +0200
+++ openssl-1.0.1i/crypto/modes/gcm128.c 2014-08-13 19:58:06.820832624 +0200
@@ -931,6 +931,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
# endif
#endif
+ ctx->totlen += len;
+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
+ return -1;
+
#if 0
n = (unsigned int)mlen%16; /* alternative to ctx->mres */
#endif
@@ -1294,6 +1298,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
# endif
#endif
+ ctx->totlen += len;
+ if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
+ return -1;
+
mlen += len;
if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
return -1;
diff -up openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1i/crypto/modes/modes_lcl.h
--- openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs 2014-08-13 19:58:06.410823180 +0200
+++ openssl-1.0.1i/crypto/modes/modes_lcl.h 2014-08-13 19:58:06.820832624 +0200
@@ -112,6 +112,7 @@ struct gcm128_context {
unsigned int mres, ares;
block128_f block;
void *key;
+ u64 totlen;
};
struct xts128_context {
diff -up openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1i/crypto/rand/rand_lcl.h diff -up openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1i/crypto/rand/rand_lcl.h
--- openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs 2014-08-13 19:58:06.525825829 +0200 --- openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs 2014-08-13 19:58:06.525825829 +0200
+++ openssl-1.0.1i/crypto/rand/rand_lcl.h 2014-08-13 19:58:06.820832624 +0200 +++ openssl-1.0.1i/crypto/rand/rand_lcl.h 2014-08-13 19:58:06.820832624 +0200

6
openssl.spec
View File

@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 1.0.1k Version: 1.0.1k
Release: 6%{?dist} Release: 7%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -492,6 +492,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig
%changelog %changelog
* Thu Apr 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-7
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)
* Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-6 * Thu Mar 19 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-6
- fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey() - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
- fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison