From e535e749baddb345b907777ec482467b972cd571e421be49d0905ff737390d23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Fri, 5 Sep 2014 21:19:23 +0000 Subject: [PATCH] Accepting request 247737 from home:jjolly:branches:security Fixed zero length bug in ica token OBS-URL: https://build.opensuse.org/request/show/247737 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=22 --- ...3.1_10_0001-ica-sha-update-empty-msg.patch | 19 +++++++++++++++++++ openCryptoki.changes | 9 ++++++++- openCryptoki.spec | 2 ++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 ocki-3.1_10_0001-ica-sha-update-empty-msg.patch diff --git a/ocki-3.1_10_0001-ica-sha-update-empty-msg.patch b/ocki-3.1_10_0001-ica-sha-update-empty-msg.patch new file mode 100644 index 0000000..d1f6480 --- /dev/null +++ b/ocki-3.1_10_0001-ica-sha-update-empty-msg.patch @@ -0,0 +1,19 @@ +commit 2094b476ab7c14caecc37add2da43bba11b71bf5 +Author: Ingo Tuchscherer +Date: Fri Aug 15 12:48:46 2014 +0200 + + Fixed ica token's SHA update function when passing zero message size + + Signed-off-by: Ingo Tuchscherer + +--- opencryptoki.orig/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 2014-01-27 15:01:58.000000000 -0700 ++++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c 2014-09-05 09:19:55.009080000 -0600 +@@ -859,7 +859,7 @@ token_specific_sha_update( DIGEST_CONTEX + * we're not stuck with 0 bytes when the MSG_PART_FINAL + * comes in. - KEY + */ +- if (!(in_data_len % 64)) { ++ if (!(in_data_len % 64) && (in_data_len != 0)) { + oc_sha_ctx->tail_len = 64; + memcpy(oc_sha_ctx->tail, in_data + in_data_len - 64, 64); + in_data_len -= 64; diff --git a/openCryptoki.changes b/openCryptoki.changes index 5c3854b..6f98bff 100644 --- a/openCryptoki.changes +++ b/openCryptoki.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Fri Sep 5 15:30:59 UTC 2014 - jjolly@suse.com + +- Fixed ica token's SHA update function when passing zero message + size (bnc#892644) +- Added patch ocki-3.1_10_0001-ica-sha-update-empty-msg.patch + ------------------------------------------------------------------- Fri Sep 5 04:05:02 UTC 2014 - jjolly@suse.com @@ -21,7 +28,7 @@ Thu Sep 4 21:17:04 UTC 2014 - jjolly@suse.com ------------------------------------------------------------------- Thu Sep 4 20:35:01 UTC 2014 - jjolly@suse.com -- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889193) +- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889183) - Added patch ocki-3.1_07_0001-Man-page-corrections.patch ------------------------------------------------------------------- diff --git a/openCryptoki.spec b/openCryptoki.spec index 055f7f1..57675dd 100644 --- a/openCryptoki.spec +++ b/openCryptoki.spec @@ -78,6 +78,7 @@ Patch17: ocki-3.1_07_0001-Man-page-corrections.patch Patch18: ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch Patch19: ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch Patch20: ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch +Patch21: ocki-3.1_10_0001-ica-sha-update-empty-msg.patch Url: http://oss.software.ibm.com/developerworks/opensource/opencryptoki BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed %insserv_prereq @@ -175,6 +176,7 @@ Cryptographic Accelerator (FC 4960 on pSeries). %patch18 -p1 %patch19 -p1 %patch20 -p1 +%patch21 -p1 cp %{SOURCE2} . %build