CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2018/10/20 09:53:09
Modified files:
lib/libcrypto/aes: aes_wrap.c
Log message:
RFC 3394 section 2 states that we need at least two 64 bit blocks
for wrapping and, accordingly, three 64 bit blocks for unwrapping.
That is: we need at least 16 bytes for wrapping and 24 bytes for
unwrapping. This also matches the lower bounds that OpenSSL have
in their CRYPTO_128_{un,}wrap() functions.
In fact, if we pass an input with 'inlen < 8' to AES_unwrap_key(),
this results in a segfault since then inlen -= 8 underflows.
Found while playing with the Wycheproof keywrap test vectors.
ok bcook
