fix bug in the CRYPTO_128_unwrap()
This commit is contained in:
Tomas Mraz
parent
303fb7be60
commit
446f9bea43
|
|
@ -1074,17 +1074,17 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
|
|||
+ unsigned char got_iv[8];
|
||||
+
|
||||
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
|
||||
+ if (ret != inlen)
|
||||
+ return ret;
|
||||
+ if (ret == 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (!iv)
|
||||
+ iv = default_iv;
|
||||
+ if (CRYPTO_memcmp(out, iv, 8))
|
||||
+ if (CRYPTO_memcmp(got_iv, iv, 8))
|
||||
+ {
|
||||
+ OPENSSL_cleanse(out, inlen);
|
||||
+ OPENSSL_cleanse(out, ret);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ return inlen;
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+/** Wrapping according to RFC 5649 section 4.1.
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@
|
|||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.0.1k
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
|
|
@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
|
|||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-5
|
||||
- fix bug in the CRYPTO_128_unwrap()
|
||||
|
||||
* Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
|
||||
- fix bug in the RFC 5649 support (#1185878)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue