[openssl-commits] [openssl] master update

Dr. Stephen Henson steve at openssl.org
Fri Mar 13 14:22:56 UTC 2015


The branch master has been updated
       via  ffa75828dd13decb41d075576db676c81c1198f1 (commit)
      from  b5f07d6a66df963e45a5f7fe23329009b12bdf87 (commit)


- Log -----------------------------------------------------------------
commit ffa75828dd13decb41d075576db676c81c1198f1
Author: Petr Spacek <pspacek at redhat.com>
Date:   Mon Jan 26 14:39:50 2015 +0100

    Fix key wrapping mode with padding to conform to RFC 5649.
    
    According to RFC 5649 section 4.1 step 1) we should not add padding
    if plaintext length is multiply of 8 ockets.
    
    This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F
    on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2.
    
    PR#3675
    
    Reviewed-by: Stephen Henson <steve at openssl.org>
    Reviewed-by: Andy Polyakov <appro at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 crypto/modes/wrap128.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c
index 2f65314..ccb58c5 100644
--- a/crypto/modes/wrap128.c
+++ b/crypto/modes/wrap128.c
@@ -230,8 +230,13 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
                            const unsigned char *in, size_t inlen,
                            block128_f block)
 {
-    /* n: number of 64-bit blocks in the padded key data */
-    const size_t blocks_padded = (inlen + 8) / 8;
+    /* n: number of 64-bit blocks in the padded key data
+     *
+     * If length of plain text is not a multiple of 8, pad the plain text octet
+     * string on the right with octets of zeros, where final length is the
+     * smallest multiple of 8 that is greater than length of plain text.
+     * If length of plain text is a multiple of 8, then there is no padding. */
+    const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */
     const size_t padded_len = blocks_padded * 8;
     const size_t padding_len = padded_len - inlen;
     /* RFC 5649 section 3: Alternative Initial Value */


More information about the openssl-commits mailing list