tmraz pushed to openssl (master). "drop the AES-GCM restriction of 2^32 operations (..more)"

Thu Apr 9 11:10:39 UTC 2015

>From 805c06e34759891e68e26d78154ddfb5b939cc7a Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz at fedoraproject.org>
Date: Thu, 9 Apr 2015 13:10:25 +0200
Subject: drop the AES-GCM restriction of 2^32 operations

The IV is always 96 bits (32 bit fixed field + 64 bit invocation field).

diff --git a/openssl-1.0.1i-new-fips-reqs.patch b/openssl-1.0.1i-new-fips-reqs.patch
index 12f72b4..80d16f8 100644
--- a/openssl-1.0.1i-new-fips-reqs.patch
+++ b/openssl-1.0.1i-new-fips-reqs.patch
@@ -1034,42 +1034,6 @@ diff -up openssl-1.0.1i/crypto/fips/Makefile.fips-reqs openssl-1.0.1i/crypto/fip
  
  LIBCRYPTO=-L.. -lcrypto
  
-diff -up openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs openssl-1.0.1i/crypto/modes/gcm128.c
---- openssl-1.0.1i/crypto/modes/gcm128.c.fips-reqs	2014-08-13 19:58:06.740830781 +0200
-+++ openssl-1.0.1i/crypto/modes/gcm128.c	2014-08-13 19:58:06.820832624 +0200
-@@ -931,6 +931,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
- # endif
- #endif
- 
-+	ctx->totlen += len;
-+	if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
-+		return -1;
-+
- #if 0
- 	n = (unsigned int)mlen%16; /* alternative to ctx->mres */
- #endif
-@@ -1294,6 +1298,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
- # endif
- #endif
- 
-+	ctx->totlen += len;
-+	if (ctx->totlen>(U64(1)<<36) || (sizeof(len)==8 && ctx->totlen<len))
-+		return -1;
-+
- 	mlen += len;
- 	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
- 		return -1;
-diff -up openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs openssl-1.0.1i/crypto/modes/modes_lcl.h
---- openssl-1.0.1i/crypto/modes/modes_lcl.h.fips-reqs	2014-08-13 19:58:06.410823180 +0200
-+++ openssl-1.0.1i/crypto/modes/modes_lcl.h	2014-08-13 19:58:06.820832624 +0200
-@@ -112,6 +112,7 @@ struct gcm128_context {
- 	unsigned int mres, ares;
- 	block128_f block;
- 	void *key;
-+	u64 totlen;
- };
- 
- struct xts128_context {
 diff -up openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1i/crypto/rand/rand_lcl.h
 --- openssl-1.0.1i/crypto/rand/rand_lcl.h.fips-reqs	2014-08-13 19:58:06.525825829 +0200
 +++ openssl-1.0.1i/crypto/rand/rand_lcl.h	2014-08-13 19:58:06.820832624 +0200
diff --git a/openssl.spec b/openssl.spec
index 71e568b..433d87b 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1k
-Release: 6%{?dist}
+Release: 7%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -492,6 +492,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Thu Apr  9 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1k-7
+- drop the AES-GCM restriction of 2^32 operations because the IV is
+  always 96 bits (32 bit fixed field + 64 bit invocation field)
+
 * Thu Mar 19 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1k-6
 - fix CVE-2015-0209 - potential use after free in d2i_ECPrivateKey()
 - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/openssl.git/commit/?h=master&id=805c06e34759891e68e26d78154ddfb5b939cc7a
