Accepting request 247737 from home:jjolly:branches:security

Fixed zero length bug in ica token OBS-URL: https://build.opensuse.org/request/show/247737 OBS-URL: https://build.opensuse.org/package/show/security/openCryptoki?expand=0&rev=22
2014-09-05 21:19:23 +00:00 · 2014-09-05 21:19:23 +00:00 · e535e749ba
commit e535e749ba
parent bbdcb346df
3 changed files with 29 additions and 1 deletions
--- a/ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
+++ b/ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
@ -0,0 +1,19 @@
+commit 2094b476ab7c14caecc37add2da43bba11b71bf5
+Author: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+Date:   Fri Aug 15 12:48:46 2014 +0200
+
+    Fixed ica token's SHA update function when passing zero message size
+    
+    Signed-off-by: Ingo Tuchscherer <ingo.tuchscherer@linux.vnet.ibm.com>
+
+--- opencryptoki.orig/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c	2014-01-27 15:01:58.000000000 -0700
+++ opencryptoki/usr/lib/pkcs11/ica_s390_stdll/ica_specific.c	2014-09-05 09:19:55.009080000 -0600
+@@ -859,7 +859,7 @@ token_specific_sha_update(	DIGEST_CONTEX
+                          * we're not stuck with 0 bytes when the MSG_PART_FINAL
+                          * comes in. - KEY
+                          */
+-                        if (!(in_data_len % 64)) {
+                        if (!(in_data_len % 64) && (in_data_len != 0)) {
+                                 oc_sha_ctx->tail_len = 64;
+                                 memcpy(oc_sha_ctx->tail, in_data + in_data_len - 64, 64);
+                                 in_data_len -= 64;
--- a/openCryptoki.changes
+++ b/openCryptoki.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Sep  5 15:30:59 UTC 2014 - jjolly@suse.com
+
+- Fixed ica token's SHA update function when passing zero message
+  size (bnc#892644)
+- Added patch ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
+
 -------------------------------------------------------------------
 Fri Sep  5 04:05:02 UTC 2014 - jjolly@suse.com

@ -21,7 +28,7 @@ Thu Sep  4 21:17:04 UTC 2014 - jjolly@suse.com
 -------------------------------------------------------------------
 Thu Sep  4 20:35:01 UTC 2014 - jjolly@suse.com

- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889193)
+- Fixed pkcsslotd and opencryptoki.conf man pages (bnc#889183)
 - Added patch ocki-3.1_07_0001-Man-page-corrections.patch

 -------------------------------------------------------------------
--- a/openCryptoki.spec
+++ b/openCryptoki.spec
@ -78,6 +78,7 @@ Patch17:        ocki-3.1_07_0001-Man-page-corrections.patch
 Patch18:        ocki-3.1_08_0001-Add-a-pkcscca-tool-to-help-migrate-cca-private-token.patch
 Patch19:        ocki-3.1_08_0002-Add-documentation-pkcscca-manpage-and-README.cca_std.patch
 Patch20:        ocki-3.1_09_0001-Fix-EOL-encoding-in-README.patch
+Patch21:        ocki-3.1_10_0001-ica-sha-update-empty-msg.patch
 Url:            http://oss.software.ibm.com/developerworks/opensource/opencryptoki
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         /usr/sbin/groupadd /usr/bin/id /usr/sbin/usermod /bin/sed %insserv_prereq
@ -175,6 +176,7 @@ Cryptographic Accelerator (FC 4960 on pSeries).
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
+%patch21 -p1
 cp %{SOURCE2} .

 %build