Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch
branchs11u2-sru
changeset 3402 110b254c69b8
parent 3217 6c32d6df504a
child 3621 3e00113c3743 
--- a/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Fri Oct 17 09:26:08 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Fri Oct 17 12:09:53 2014 -0700
@@ -2,7 +2,7 @@
 
 --- openssl-1.0.1f/crypto/evp/evp_enc.c.orig	Mon Feb 11 07:26:04 2013
 +++ openssl-1.0.1f/crypto/evp/evp_enc.c	Mon Feb  3 16:40:48 2014
-@@ -393,10 +393,14 @@
+@@ -394,10 +394,14 @@
  		{
  		ret = M_do_cipher(ctx, out, NULL, 0);
  		if (ret < 0)
@@ -19,7 +19,7 @@
  		}
  
  	b=ctx->cipher->block_size;
-@@ -404,7 +408,8 @@
+@@ -405,7 +409,8 @@
  	if (b == 1)
  		{
  		*outl=0;
@@ -29,7 +29,7 @@
  		}
  	bl=ctx->buf_len;
  	if (ctx->flags & EVP_CIPH_NO_PADDING)
-@@ -412,10 +417,12 @@
+@@ -413,10 +418,12 @@
  		if(bl)
  			{
  			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -44,7 +44,7 @@
  		}
  
  	n=b-bl;
-@@ -427,6 +434,12 @@
+@@ -428,6 +435,12 @@
  	if(ret)
  		*outl=b;
  
@@ -57,82 +57,70 @@
  	return ret;
  	}
  
-@@ -500,7 +513,7 @@
- 
+@@ -502,6 +515,7 @@
  int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  	{
--	int i,n;
-+	int i,n,ret = 1;
- 	unsigned int b;
+ 	unsigned int i, b;
++	int err = 1;
+         unsigned char pad, padding_good;
  	*outl=0;
  
-@@ -508,10 +521,14 @@
+@@ -509,10 +522,14 @@
  		{
- 		i = M_do_cipher(ctx, out, NULL, 0);
- 		if (i < 0)
+ 		int ret = M_do_cipher(ctx, out, NULL, 0);
+ 		if (ret < 0)
 -			return 0;
 +			{
-+			ret = 0;
++			err = 0;
 +			goto cleanup;
 +			}
  		else
- 			*outl = i;
+ 			*outl = ret;
 -		return 1;
-+		ret = 1;
++		err = 1;
 +		goto cleanup;
  		}
  
- 	b=ctx->cipher->block_size;
-@@ -520,10 +537,12 @@
+ 	b=(unsigned int)(ctx->cipher->block_size);
+@@ -521,10 +538,12 @@
  		if(ctx->buf_len)
  			{
  			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
 -			return 0;
-+			ret = 0;
++			err = 0;
 +			goto cleanup;
  			}
  		*outl = 0;
 -		return 1;
-+		ret = 1;
++		err = 1;
 +		goto cleanup;
  		}
  	if (b > 1)
  		{
-@@ -530,7 +549,8 @@
+@@ -531,7 +550,8 @@
  		if (ctx->buf_len || !ctx->final_used)
  			{
  			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
 -			return(0);
-+			ret = 0;
++			err = 0;
 +			goto cleanup;
  			}
  		OPENSSL_assert(b <= sizeof ctx->final);
- 		n=ctx->final[b-1];
-@@ -537,7 +557,8 @@
- 		if (n == 0 || n > (int)b)
- 			{
- 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
--			return(0);
-+			ret = 0;
-+			goto cleanup;
- 			}
- 		for (i=0; i<n; i++)
- 			{
-@@ -544,7 +565,8 @@
- 			if (ctx->final[--b] != n)
- 				{
- 				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
--				return(0);
-+				ret = 0;
-+				goto cleanup;
- 				}
- 			}
- 		n=ctx->cipher->block_size-n;
-@@ -554,7 +576,14 @@
+ 		pad=ctx->final[b-1];
+@@ -555,13 +577,22 @@
+ 			out[i] = ctx->final[i] & padding_good;
+ 		/* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
+ 		*outl = padding_good & ((unsigned char)(b - pad));
+-		return padding_good & 1;
++		err = padding_good & 1;
++		goto cleanup;
  		}
  	else
- 		*outl=0;
--	return(1);
+ 		{
+ 		*outl = 0;
+-		return 1;
++		err = 1;
+ 		}
 +
 +cleanup:
 +	if (ctx->cipher->cleanup)
@@ -140,7 +128,7 @@
 +		ctx->cipher->cleanup(ctx);
 +		}
 +
-+	return ret;
++	return err;
  	}
  
  void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
upstream/oracle/userland-gate