Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2016-2107.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2016-2107.patch of Package openssl1
From 9e79d38892dc30c874934e0aef7409d31d4bf37f Mon Sep 17 00:00:00 2001 From: Kurt Roeckx <kurt@roeckx.be> Date: Sat, 16 Apr 2016 23:08:56 +0200 Subject: [PATCH] Check that we have enough padding characters. CVE-2016-2107 --- crypto/evp/e_aes_cbc_hmac_sha1.c | 3 +++ crypto/evp/e_aes_cbc_hmac_sha256.c | 3 +++ 2 files changed, 6 insertions(+), 0 deletions(-) Index: openssl-1.0.1i/crypto/evp/e_aes_cbc_hmac_sha1.c =================================================================== --- openssl-1.0.1i.orig/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-28 15:02:07.475493236 +0200 +++ openssl-1.0.1i/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-28 15:05:07.046449751 +0200 @@ -59,6 +59,7 @@ #include <openssl/aes.h> #include <openssl/sha.h> #include "evp_locl.h" +#include "constant_time_locl.h" #ifndef EVP_CIPH_FLAG_AEAD_CIPHER #define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 @@ -282,6 +283,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8); maxpad &= 255; + ret &= constant_time_ge(maxpad, pad); + inp_len = len - (SHA_DIGEST_LENGTH+pad+1); mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1))); inp_len &= mask;