CVSROOT: /cvs Module name: src Changes by: t...@cvs.openbsd.org 2018/10/20 09:53:09
Modified files: lib/libcrypto/aes: aes_wrap.c Log message: RFC 3394 section 2 states that we need at least two 64 bit blocks for wrapping and, accordingly, three 64 bit blocks for unwrapping. That is: we need at least 16 bytes for wrapping and 24 bytes for unwrapping. This also matches the lower bounds that OpenSSL have in their CRYPTO_128_{un,}wrap() functions. In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(), this results in a segfault since then inlen -= 8 underflows. Found while playing with the Wycheproof keywrap test vectors. ok bcook