upstream/oracle/userland-gate: components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len

Mercurial Mercurial > upstream > oracle > userland-gate / file revision

components/openssl/openssl-1.0.1-fips-140/patches/32_aes_cbc_len_check.patch

author	Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
	Wed, 29 Jan 2014 11:12:07 -0800
branch	s11-update
changeset 2921	8da1e7689d13
child 4002	95b8f35fcdd5
permissions	-rw-r--r--

PSARC/2013/383 OpenSSL FIPS 140-2 version update 15801760 SUNBT7181479 FIPS-capable version of OpenSSL using OpenSSL FIPS Object Module v2 18024740 problem in UTILITY/OPENSSL 17836054 EVP_DigestUpdate crashes because of a NULL pointer 17952352 FIPS OpenSSL needs same patches as non-FIPS OpenSSL


--- openssl-1.0.1e/crypto/evp/e_aes.c        Tue Jul  2 11:03:12 2013
+++ openssl-1.0.1e/crypto/evp/e_aes.c.new    Tue Jul  2 11:04:56 2013
@@ -574,8 +574,11 @@
 static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
 	const unsigned char *in, size_t len)
 {
+	size_t	bl = ctx->cipher->block_size;
 	EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
 
+	if (len<bl)	return 1;
+
 	if (dat->stream.cbc)
 		(*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
 	else if (ctx->encrypt)

upstream/oracle/userland-gate

RSS Atom