base/SOURCES/openssl-1.0.1e-cve-2016-210...

diff -up openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
--- openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check	2016-04-29 12:42:43.000000000 +0200
+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c	2016-04-29 13:10:13.441125487 +0200
@@ -59,6 +59,7 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include "evp_locl.h"
+#include "constant_time_locl.h"
 
 #ifndef EVP_CIPH_FLAG_AEAD_CIPHER
 #define EVP_CIPH_FLAG_AEAD_CIPHER	0x200000
@@ -278,6 +279,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV
 			maxpad |= (255-maxpad)>>(sizeof(maxpad)*8-8);
 			maxpad &= 255;
 
+			ret &= constant_time_ge(maxpad, pad);
+
 			inp_len = len - (SHA_DIGEST_LENGTH+pad+1);
 			mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));
 			inp_len &= mask;
openssl package update Signed-off-by: basebuilder_pel7ppc64bebuilder0 <basebuilder@powerel.org> 7 years ago			`diff -up openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c`
			`--- openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c.padding-check 2016-04-29 12:42:43.000000000 +0200`
			`+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c 2016-04-29 13:10:13.441125487 +0200`
			`@@ -59,6 +59,7 @@`
			`#include <openssl/aes.h>`
			`#include <openssl/sha.h>`
			`#include "evp_locl.h"`
			`+#include "constant_time_locl.h"`

			`#ifndef EVP_CIPH_FLAG_AEAD_CIPHER`
			`#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000`
			`@@ -278,6 +279,8 @@ static int aesni_cbc_hmac_sha1_cipher(EV`
			`maxpad \|= (255-maxpad)>>(sizeof(maxpad)*8-8);`
			`maxpad &= 255;`

			`+ ret &= constant_time_ge(maxpad, pad);`
			`+`
			`inp_len = len - (SHA_DIGEST_LENGTH+pad+1);`
			`mask = (0-((inp_len-len)>>(sizeof(inp_len)*8-1)));`
			`inp_len &= mask;`