Bug 1128849 - Properly detect HMAC integrity check failure if the .hmac file is empty [rhel-7]
Summary: Properly detect HMAC integrity check failure if the .hmac file is empty [rhel-7]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssl
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: Hubert Kario
URL:
Whiteboard:
Depends On: 1105567
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-11 15:57 UTC by Hubert Kario
Modified: 2015-03-05 11:04 UTC (History)
2 users (show)

Fixed In Version: openssl-1.0.1e-37.el7
Doc Type: Bug Fix
Doc Text:
No doc text needed
Clone Of: 1105567
Environment:
Last Closed: 2015-03-05 11:04:26 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0478 normal SHIPPED_LIVE openssl bug fix and enhancement update 2015-03-05 15:44:08 UTC

Description Hubert Kario 2014-08-11 15:57:02 UTC
Issue present with openssl-1.0.1e-34.el7_0.3.x86_64 and openssl-1.0.1e-34.el7_0.4.x86_64

Marking as Regression as this issue will be fixed in RHEL-6.6

+++ This bug was initially created as a clone of Bug #1105567 +++

Currently the HMAC integrity check is passed when the .hmac file is present but empty.

This is incorrect and should be fixed.

Comment 7 errata-xmlrpc 2015-03-05 11:04:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0478.html


Note You need to log in before you can comment on or make changes to this bug.