On Mon, Jul 12, 2010, Victor Duchovni wrote: > > In changes: > > http://cvs.openssl.org/chngview?cn=19759 > http://cvs.openssl.org/chngview?cn=19760 > http://cvs.openssl.org/chngview?cn=19761 > http://cvs.openssl.org/chngview?cn=19762 > > a bug is fixed in AES_wrap_key(), but the same bug remains unchanged > in AES_unwrap_key. > > What is the impact of this pair of bugs? Where are AES_wrap_key and > AES_unwrap_key() used? > > It looks like these are used only in: > > CMS_RecipientInfo_encrypt() > CMS_RecipientInfo_decrypt() > > via cms_RecipientInfo_kekri_encrypt(), cms_RecipientInfo_kekri_decrypt(). >
Should be fixed now. This should only affect external applications using those functions because internally they are only used to wrap AES keys and the bug isn't triggered for keys of that size. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
