diff options
Diffstat (limited to 'main/openswan/openswan-libreswan-backport-949437-do_aes.patch')
| -rw-r--r-- | main/openswan/openswan-libreswan-backport-949437-do_aes.patch | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/main/openswan/openswan-libreswan-backport-949437-do_aes.patch b/main/openswan/openswan-libreswan-backport-949437-do_aes.patch deleted file mode 100644 index aedb4d34ab..0000000000 --- a/main/openswan/openswan-libreswan-backport-949437-do_aes.patch +++ /dev/null @@ -1,62 +0,0 @@ -From ee267f812f6d72da400cc24265c399c3e9048a8a Mon Sep 17 00:00:00 2001 -From: Florian Weimer <fweimer@redhat.com> -Date: Wed, 10 Apr 2013 10:33:02 +0200 -Subject: [PATCH 07/10] do_aes: Abort on failure - -The routine cannot signal encryption failures to the caller -and would leave the buffer unencrypted on error. ---- - programs/pluto/ike_alg_aes.c | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/programs/pluto/ike_alg_aes.c b/programs/pluto/ike_alg_aes.c -index 1d4aada..95999bb 100644 ---- a/programs/pluto/ike_alg_aes.c -+++ b/programs/pluto/ike_alg_aes.c -@@ -48,7 +48,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * - - if (symkey == NULL) { - loglog(RC_LOG_SERIOUS, "do_aes: NSS derived enc key in NULL\n"); -- goto out; -+ abort(); - } - - ivitem.type = siBuffer; -@@ -58,7 +58,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * - secparam = PK11_ParamFromIV(ciphermech, &ivitem); - if (secparam == NULL) { - loglog(RC_LOG_SERIOUS, "do_aes: Failure to set up PKCS11 param (err %d)\n",PR_GetError()); -- goto out; -+ abort(); - } - - outlen = 0; -@@ -69,8 +69,15 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * - } - - enccontext = PK11_CreateContextBySymKey(ciphermech, enc? CKA_ENCRYPT : CKA_DECRYPT, symkey, secparam); -+ if (enccontext == NULL) { -+ loglog(RC_LOG_SERIOUS, "do_aes: PKCS11 context creation failure (err %d)\n", PR_GetError()); -+ abort(); -+ } - rv = PK11_CipherOp(enccontext, tmp_buf, &outlen, buf_len, buf, buf_len); -- passert(rv==SECSuccess); -+ if (rv != SECSuccess) { -+ loglog(RC_LOG_SERIOUS, "do_aes: PKCS11 operation failure (err %d)\n", PR_GetError()); -+ abort(); -+ } - PK11_DestroyContext(enccontext, PR_TRUE); - memcpy(buf,tmp_buf,buf_len); - -@@ -81,8 +88,6 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * - memcpy(iv, new_iv, AES_CBC_BLOCK_SIZE); - PR_Free(tmp_buf); - --out: -- - if (secparam) - SECITEM_FreeItem(secparam, PR_TRUE); - DBG(DBG_CRYPT, DBG_log("NSS do_aes: exit")); --- -1.8.1.4 - |