1185878 – AES key wrapping mode does not conform to RFC 5649

Bug 1185878 - AES key wrapping mode does not conform to RFC 5649

Summary: AES key wrapping mode does not conform to RFC 5649

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssl
Sub Component:
Version:	21
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-01-26 14:19 UTC by Petr Spacek
Modified:	2015-04-03 08:27 UTC (History)
CC List:	1 user (show)
Fixed In Version:	openssl-1.0.1k-6.fc21
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1193942 (view as bug list)
Environment:
Last Closed:	2015-04-03 08:27:05 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
openssl RT	3675	0	None	None	None	Never

Description Petr Spacek 2015-01-26 14:19:32 UTC

Description of problem:
AES key wrapping mode does not confirm to RFC 5649 because of incorrect padding. This causes interoperability problems and can cause one byte corruption in a process using CRYPTO_128_wrap_pad() call.

Version-Release number of selected component (if applicable):
openssl-1.0.1k-1

How reproducible:
100 %

Steps to Reproduce:
1. Wrap a plaintext with length % 8 == 0.

Actual results:
Output ciphertext is one block longer than it should be. 

Expected results:
Output should conform to RFC 5649 section 4.1. Extended Key Wrapping Process.


Additional info:
Bogus line: https://github.com/openssl/openssl/blob/master/crypto/modes/wrap128.c#L234
Fix: https://github.com/spacekpe/openssl/commit/69a37391f4a82855246fd86ddfb0c6bb47c36855

Comment 1 Petr Spacek 2015-04-03 08:27:05 UTC

It seems that openssl-1.0.1k-6.fc21 package contains the fix.

Note You need to log in before you can comment on or make changes to this bug.