Bug 1185878

Summary: AES key wrapping mode does not conform to RFC 5649
Product: [Fedora] Fedora Reporter: Petr Spacek <pspacek>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-1.0.1k-6.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1193942 (view as bug list) Environment:
Last Closed: 2015-04-03 08:27:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Spacek 2015-01-26 14:19:32 UTC 
Description of problem:
AES key wrapping mode does not confirm to RFC 5649 because of incorrect padding. This causes interoperability problems and can cause one byte corruption in a process using CRYPTO_128_wrap_pad() call.

Version-Release number of selected component (if applicable):
openssl-1.0.1k-1

How reproducible:
100 %

Steps to Reproduce:
1. Wrap a plaintext with length % 8 == 0.

Actual results:
Output ciphertext is one block longer than it should be. 

Expected results:
Output should conform to RFC 5649 section 4.1. Extended Key Wrapping Process.


Additional info:
Bogus line: https://github.com/openssl/openssl/blob/master/crypto/modes/wrap128.c#L234
Fix: https://github.com/spacekpe/openssl/commit/69a37391f4a82855246fd86ddfb0c6bb47c36855
Comment 1 Petr Spacek 2015-04-03 08:27:05 UTC 
It seems that openssl-1.0.1k-6.fc21 package contains the fix.