Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch
branchs11-update
changeset 3623 d9c6d29792fb
parent 3396 2865c45ffb48
child 4002 95b8f35fcdd5 
--- a/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Fri Jan 09 10:58:01 2015 -0800
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/36_evp_leak.patch	Mon Jan 12 12:40:23 2015 -0800
@@ -57,32 +57,32 @@
  	return ret;
  	}
  
-@@ -502,6 +515,7 @@
+@@ -501,6 +501,7 @@
  int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
  	{
- 	unsigned int i, b;
+ 	int i,n;
 +	int err = 1;
-         unsigned char pad, padding_good;
+ 	unsigned int b;
  	*outl=0;
  
-@@ -509,10 +522,14 @@
+@@ -508,10 +509,14 @@
  		{
- 		int ret = M_do_cipher(ctx, out, NULL, 0);
- 		if (ret < 0)
+ 		i = M_do_cipher(ctx, out, NULL, 0);
+ 		if (i < 0)
 -			return 0;
 +			{
 +			err = 0;
 +			goto cleanup;
 +			}
  		else
- 			*outl = ret;
+ 			*outl = i;
 -		return 1;
 +		err = 1;
 +		goto cleanup;
  		}
  
- 	b=(unsigned int)(ctx->cipher->block_size);
-@@ -521,10 +538,12 @@
+ 	b=ctx->cipher->block_size;
+@@ -520,10 +525,12 @@
  		if(ctx->buf_len)
  			{
  			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
@@ -97,7 +97,7 @@
  		}
  	if (b > 1)
  		{
-@@ -531,7 +550,8 @@
+@@ -530,7 +537,8 @@
  		if (ctx->buf_len || !ctx->final_used)
  			{
  			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
@@ -106,28 +106,38 @@
 +			goto cleanup;
  			}
  		OPENSSL_assert(b <= sizeof ctx->final);
- 		pad=ctx->final[b-1];
-@@ -555,13 +577,22 @@
- 			out[i] = ctx->final[i] & padding_good;
- 		/* Safe cast: for a good padding, EVP_MAX_IV_LENGTH >= b >= pad */
- 		*outl = padding_good & ((unsigned char)(b - pad));
--		return padding_good & 1;
-+		err = padding_good & 1;
-+		goto cleanup;
+ 
+@@ -542,7 +550,8 @@
+ 		if (n == 0 || n > (int)b)
+ 			{
+ 			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+-			return(0);
++			err = 0;
++			goto cleanup;
+ 			}
+ 		for (i=0; i<n; i++)
+ 			{
+@@ -549,7 +558,8 @@
+ 			if (ctx->final[--b] != n)
+ 				{
+ 				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
+-				return(0);
++				err = 0;
++				goto cleanup;
+ 				}
+ 			}
+ 		n=ctx->cipher->block_size-n;
+@@ -559,7 +569,13 @@
  		}
  	else
- 		{
- 		*outl = 0;
--		return 1;
-+		err = 1;
- 		}
-+
+ 		*outl=0;
+-	return(1);
++	err = 1;
 +cleanup:
 +	if (ctx->cipher->cleanup)
 +		{
 +		ctx->cipher->cleanup(ctx);
 +		}
-+
 +	return err;
  	}
upstream/oracle/userland-gate