openCryptoki/oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch

From 50a8a8806059647a3e446fd129995af61ec54867 Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Tue, 3 Dec 2019 14:58:26 +0100
Subject: [PATCH] EP11: Fix EC-uncompress buffer length

Function ec_uncompress_public_key() expects the size of the output
buffer in out_pubkey to be specified in the out_len parameter.
However, variable pubkey_len is uninitialized when calling
ec_uncompress_public_key(), so this may result in CKR_BUFFER_TOO_SMALL
dependent on the value of pubkey_len.
Fix this by setting pubkey_len to the size of the public key buffer
allocated above.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
 usr/lib/ep11_stdll/ep11_specific.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c
index 38b6708f..10dfe4e0 100644
--- a/usr/lib/ep11_stdll/ep11_specific.c
+++ b/usr/lib/ep11_stdll/ep11_specific.c
@@ -2034,9 +2034,10 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess,
         rc = get_ecsiglen(ec_key_obj, &privkey_len);
         if (rc != CKR_OK)
             goto import_EC_key_end;
-        privkey_len /= 2; /* Public key is half the size of an EC signature */
+        privkey_len /= 2; /* private key is half the size of an EC signature */
 
-        pubkey = (CK_BYTE *)malloc(1 + 2 * privkey_len);
+        pubkey_len = 1 + 2 * privkey_len;
+        pubkey = (CK_BYTE *)malloc(pubkey_len);
         if (pubkey == NULL) {
             rc = CKR_HOST_MEMORY;
             goto import_EC_key_end;
-- 
2.13.7
Accepting request 761261 from home:markkp:branches:security - Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) The EP11 token may fail to import an ECC public key. Function C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case. OBS-URL: https://build.opensuse.org/request/show/761261 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=104 2020-01-06 19:39:12 +00:00			`From 50a8a8806059647a3e446fd129995af61ec54867 Mon Sep 17 00:00:00 2001`
			`From: Ingo Franzki <ifranzki@linux.ibm.com>`
			`Date: Tue, 3 Dec 2019 14:58:26 +0100`
			`Subject: [PATCH] EP11: Fix EC-uncompress buffer length`

			`Function ec_uncompress_public_key() expects the size of the output`
			`buffer in out_pubkey to be specified in the out_len parameter.`
			`However, variable pubkey_len is uninitialized when calling`
			`ec_uncompress_public_key(), so this may result in CKR_BUFFER_TOO_SMALL`
			`dependent on the value of pubkey_len.`
			`Fix this by setting pubkey_len to the size of the public key buffer`
			`allocated above.`

			`Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>`
			`---`
			`usr/lib/ep11_stdll/ep11_specific.c \| 5 +++--`
			`1 file changed, 3 insertions(+), 2 deletions(-)`

			`diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c`
			`index 38b6708f..10dfe4e0 100644`
			`--- a/usr/lib/ep11_stdll/ep11_specific.c`
			`+++ b/usr/lib/ep11_stdll/ep11_specific.c`
			`@@ -2034,9 +2034,10 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess,`
			`rc = get_ecsiglen(ec_key_obj, &privkey_len);`
			`if (rc != CKR_OK)`
			`goto import_EC_key_end;`
			`- privkey_len /= 2; /* Public key is half the size of an EC signature */`
			`+ privkey_len /= 2; /* private key is half the size of an EC signature */`

			`- pubkey = (CK_BYTE )malloc(1 + 2 privkey_len);`
			`+ pubkey_len = 1 + 2 * privkey_len;`
			`+ pubkey = (CK_BYTE *)malloc(pubkey_len);`
			`if (pubkey == NULL) {`
			`rc = CKR_HOST_MEMORY;`
			`goto import_EC_key_end;`
			`--`
			`2.13.7`