PR: 2297

Submitted by: Antony, Benoy <bantony@ebay.com>
Approved by: steve@openssl.org

Fix bug in AES wrap code when t > 0xff.

diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c
index 9feacd65d8cdfca8c1028941a3826eb53f6a47e2..a9aebfe9b0c0496a133cf39c88863b202f685a16 100644 (file)
--- a/crypto/aes/aes_wrap.c
+++ b/crypto/aes/aes_wrap.c
@@ -85,9 +85,9 @@ int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
                        A[7] ^= (unsigned char)(t & 0xff);
                        if (t > 0xff)   
                                {
-                               A[6] ^= (unsigned char)((t & 0xff) >> 8);
-                               A[5] ^= (unsigned char)((t & 0xff) >> 16);
-                               A[4] ^= (unsigned char)((t & 0xff) >> 24);
+                               A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                               A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                               A[4] ^= (unsigned char)((t >> 24) & 0xff);
                                }
                        memcpy(R, B + 8, 8);
                        }