[openssl] fix bug in the CRYPTO_128_unwrap()
Tomáš Mráz
tmraz at fedoraproject.org
Mon Mar 16 17:02:11 UTC 2015
commit 446f9bea43fd62b0c233b41ee7982b4541ef05ca
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Mon Mar 16 18:02:06 2015 +0100
fix bug in the CRYPTO_128_unwrap()
openssl-1.0.1j-evp-wrap.patch | 10 +++++-----
openssl.spec | 5 ++++-
2 files changed, 9 insertions(+), 6 deletions(-)
---
diff --git a/openssl-1.0.1j-evp-wrap.patch b/openssl-1.0.1j-evp-wrap.patch
index 48af529..b90caea 100644
--- a/openssl-1.0.1j-evp-wrap.patch
+++ b/openssl-1.0.1j-evp-wrap.patch
@@ -1074,17 +1074,17 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
+ unsigned char got_iv[8];
+
+ ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
-+ if (ret != inlen)
-+ return ret;
++ if (ret == 0)
++ return 0;
+
+ if (!iv)
+ iv = default_iv;
-+ if (CRYPTO_memcmp(out, iv, 8))
++ if (CRYPTO_memcmp(got_iv, iv, 8))
+ {
-+ OPENSSL_cleanse(out, inlen);
++ OPENSSL_cleanse(out, ret);
+ return 0;
+ }
-+ return inlen;
++ return ret;
+ }
+
+/** Wrapping according to RFC 5649 section 4.1.
diff --git a/openssl.spec b/openssl.spec
index dda1d13..d638755 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1k
-Release: 4%{?dist}
+Release: 5%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Mon Mar 16 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1k-5
+- fix bug in the CRYPTO_128_unwrap()
+
* Fri Feb 27 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1k-4
- fix bug in the RFC 5649 support (#1185878)
More information about the scm-commits
mailing list