From 446f9bea43fd62b0c233b41ee7982b4541ef05ca Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Mar 16 2015 17:02:06 +0000
Subject: fix bug in the CRYPTO_128_unwrap()


---

diff --git a/openssl-1.0.1j-evp-wrap.patch b/openssl-1.0.1j-evp-wrap.patch
index 48af529..b90caea 100644
--- a/openssl-1.0.1j-evp-wrap.patch
+++ b/openssl-1.0.1j-evp-wrap.patch
@@ -1074,17 +1074,17 @@ diff -up openssl-1.0.1j/crypto/modes/wrap128.c.wrap openssl-1.0.1j/crypto/modes/
 +	unsigned char got_iv[8];
 +
 +	ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
-+	if (ret != inlen)
-+		return ret;
++	if (ret == 0)
++		return 0;
 +
 +	if (!iv)
 +		iv = default_iv;
-+	if (CRYPTO_memcmp(out, iv, 8))
++	if (CRYPTO_memcmp(got_iv, iv, 8))
 +		{
-+		OPENSSL_cleanse(out, inlen);
++		OPENSSL_cleanse(out, ret);
 +		return 0;
 +		}
-+	return inlen;
++	return ret;
 +	}
 +
 +/** Wrapping according to RFC 5649 section 4.1.
diff --git a/openssl.spec b/openssl.spec
index dda1d13..d638755 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1k
-Release: 4%{?dist}
+Release: 5%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -480,6 +480,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Mon Mar 16 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-5
+- fix bug in the CRYPTO_128_unwrap()
+
 * Fri Feb 27 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-4
 - fix bug in the RFC 5649 support (#1185878)