On Sun, Feb 28, 2010 at 09:18:11AM +0100, Klaus Ethgen wrote:
> Package: openssl
> Version: 0.9.8m-1
> Severity: critical
>
> The newest update of openssl breaks encryption software like encfs to
> shred data on the end of many files.
>
> This is a serious data lost!
$ git bisect good
56bf036afe0ab64efdc49daeb3a01466792fa113 is the first bad commit
commit 56bf036afe0ab64efdc49daeb3a01466792fa113
Author: steve <steve>
Date: Mon Feb 15 19:40:45 2010 +0000
The "block length" for CFB mode was incorrectly coded as 1 all the time. It
should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.
The diff is:
diff --git a/openssl/crypto/evp/evp_locl.h b/openssl/crypto/evp/evp_locl.h
index ef6c432..72105b0 100644
--- a/openssl/crypto/evp/evp_locl.h
+++ b/openssl/crypto/evp/evp_locl.h
@@ -127,9 +127,9 @@ BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid,
block_size, key_len, \
#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
iv_len, cbits, flags, init_key, cleanup, \
set_asn1, get_asn1, ctrl) \
-BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
- key_len, iv_len, flags, init_key, cleanup, set_asn1, \
- get_asn1, ctrl)
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \
+ (cbits + 7)/8, key_len, iv_len, \
+ flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
iv_len, cbits, flags, init_key, cleanup, \
I'm not sure what to do with this, I'll contact upstream about this.
Kurt
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
