From 09bad69cfdb1236369386dbb41e1b19d399d8836304a6e10346724aa6ada6fa3 Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Sun, 12 Jan 2020 13:41:31 +0000
Subject: [PATCH] Accepting request 758978 from
 home:mgerstner:branches:security

- Add ibmswtpm2-fix-empty-decrypt.patch: Fix a corner case in the emulator
  that causes an error when trying to RSA-decrypt an empty message
  (bsc#1159510). This fix was confirmed to be by the upstream author and is
  supposed to be contained in the next release.

OBS-URL: https://build.opensuse.org/request/show/758978
OBS-URL: https://build.opensuse.org/package/show/security/ibmswtpm2?expand=0&rev=18
---
 ibmswtpm2-fix-empty-decrypt.patch | 13 +++++++++++++
 ibmswtpm2.changes                 |  8 ++++++++
 ibmswtpm2.spec                    |  1 +
 3 files changed, 22 insertions(+)
 create mode 100644 ibmswtpm2-fix-empty-decrypt.patch

diff --git a/ibmswtpm2-fix-empty-decrypt.patch b/ibmswtpm2-fix-empty-decrypt.patch
new file mode 100644
index 0000000..3f55682
--- /dev/null
+++ b/ibmswtpm2-fix-empty-decrypt.patch
@@ -0,0 +1,13 @@
+Index: ibmswtpm2-1119/src/CryptRsa.c
+===================================================================
+--- ibmswtpm2-1119.orig/src/CryptRsa.c
++++ ibmswtpm2-1119/src/CryptRsa.c
+@@ -469,7 +469,7 @@ RSAES_Decode(
+     pSize++;
+     // Make sure that pSize has not gone over the end and that there are at least 8
+     // bytes of pad data.
+-    fail = (pSize >= coded->size) | fail;
++    fail = (pSize > coded->size) | fail;
+     fail = ((pSize - 2) < 8) | fail;
+     if((message->size < (UINT16)(coded->size - pSize)) || fail)
+ 	return TPM_RC_VALUE;
diff --git a/ibmswtpm2.changes b/ibmswtpm2.changes
index 75a2e02..abdc39a 100644
--- a/ibmswtpm2.changes
+++ b/ibmswtpm2.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec 23 12:06:22 UTC 2019 - mgerstner <matthias.gerstner@suse.com>
+
+- Add ibmswtpm2-fix-empty-decrypt.patch: Fix a corner case in the emulator
+  that causes an error when trying to RSA-decrypt an empty message
+  (bsc#1159510). This fix was confirmed to be by the upstream author and is
+  supposed to be contained in the next release.
+
 -------------------------------------------------------------------
 Thu Jul  4 17:02:41 UTC 2019 - Michal Suchanek <msuchanek@suse.de>
 
diff --git a/ibmswtpm2.spec b/ibmswtpm2.spec
index a62d70d..c1054d8 100644
--- a/ibmswtpm2.spec
+++ b/ibmswtpm2.spec
@@ -34,6 +34,7 @@ URL:            https://sourceforge.net/projects/ibmswtpm2
 Source:         https://sourceforge.net/projects/ibmswtpm2/files/ibmtpm%{version}.tar.gz
 Patch1:         makefile.patch
 Patch2:         ibmswtpm2-fix-uninitialized.patch
+Patch3:         ibmswtpm2-fix-empty-decrypt.patch
 BuildRequires:  libopenssl-devel >= 1.0
 
 %description