"crypto/modes/wrap128.c was heavily refactored to support AES Key Wrap with Padding, and four bugs were introduced into CRYPTO_128_unwrap() at that time: [...]"
I created a pull request on GitHub for this back in September 2014, but it seems to have gone unnoticed. I've rebased the commits to master and am creating this RT ticket in hopes of getting the pull request seen before the current, buggy code finds its way into the 1.1.0 release: https://github.com/openssl/openssl/pull/179 There is also a GitHub Gist containing the source to a small program that demonstrates the bug: https://gist.github.com/rwg/d9b39167f49adf5b6e12 _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
