rpms / openssl

Clone
Source Code
GIT

Blame SOURCES/openssl-1.0.1e-cve-2016-2107.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   653b37a36fcfa8d53d73e34d10ac70e7aaafba1c
  2.   SOURCES
  3.   openssl-1.0.1e-cve-2016-2107.patch
Blob History Raw
5fee79 
diff -up openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
5fee79 
--- openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check	2016-04-29 12:42:43.000000000 +0200
5fee79 
+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c	2016-04-29 13:10:13.441125487 +0200
5fee79 
@@ -59,6 +59,7 @@
5fee79 
 #include <openssl/aes.h>
5fee79 
 #include <openssl/sha.h>
5fee79 
 #include "evp_locl.h"
5fee79 
+#include "constant_time_locl.h"
5fee79
5fee79 
 #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
5fee79 
 #define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
5fee79 
@@ -278,6 +279,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
5fee79 
 			maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
5fee79 
 			maxpad &= 255;
5fee79
5fee79 
+			ret &= constant_time_ge(maxpad, pad);
5fee79 
+
5fee79 
 			inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
5fee79 
 			mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
5fee79 
 			inp_len &= mask;

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation