pool/s390-tools
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58e312617d
s390-tools/s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
Mark Post fae628f0c4 Accepting request 772273 from home:markkp:branches:Base:System 
- Added s390-tools-sles15sp1-zdev-Also-include-the-ctc-driver-in-the-initrd.patch
  (bsc#1160373).
- Added s390-tools-sles15sp1-11-zdev-Do-not-call-zipl-on-initrd-update.patch
  (bsc#1162840).
- Added s390-tools-sles15sp2-zkey-Fix-listing-of-keys-on-file-systems-reporting-D.patch
  (bsc#1162996).
- Added s390-tools-sles15sp2-zkey-Fix-display-of-clear-key-size-for-XTS-keys.patch
  (bsc#1163002).

OBS-URL: https://build.opensuse.org/request/show/772273
OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=85
2020-02-08 03:21:31 +00:00

61 lines
2.4 KiB
Diff
Raw Blame History

Subject: [PATCH] [BZ 183401] zkey: Fix display of clear key size for XTS keys
From: Ingo Franzki <ifranzki@linux.ibm.com>
Description: zkey: Fix display of clear key size for XTS keys
Symptom: The 'zkey list' command shows bogus values for the
keys 'Clear key size' for XTS keys of type CCA-AESDATA
or CCA-AESCIPHER.
Problem: XTS keys consist of 2 keys concatenated to each other.
To calculate the clear key size, the clear key size of
both keys must be added. The code does not address the
second key correctly, and thus reads the clear key size
of the second key from an invalid memory location. This
results in bogus values reported as clear key size.
This bug has been introduced with feature SEC1717 "Cipher
key support" with commit 298fab68fee8 "zkey: Preparations
for introducing a new key type".
Solution: Correct the addressing of the second key.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
and then run 'zkey list'.
Upstream-ID: e7f446432b92b293e758099842843cfb1f18fa97
Problem-ID: 183401
Upstream-Description:
zkey: Fix display of clear key size for XTS keys
Fixes: 298fab68fee8 ("zkey: Preparations for introducing a new key type")
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Signed-off-by: Jan Hoeppner <hoeppner@linux.ibm.com>
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
zkey/pkey.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/zkey/pkey.c
+++ b/zkey/pkey.c
@@ -1591,8 +1591,8 @@ int get_key_bit_size(const u8 *key, size
if (is_cca_aes_data_key(key, key_size)) {
*bitsize = datakey->bitsize;
if (key_size == 2 * AESDATA_KEY_SIZE) {
- datakey = (struct aesdatakeytoken *)key +
- AESDATA_KEY_SIZE;
+ datakey = (struct aesdatakeytoken *)(key +
+ AESDATA_KEY_SIZE);
*bitsize += datakey->bitsize;
}
} else if (is_cca_aes_cipher_key(key, key_size)) {
@@ -1601,8 +1601,8 @@ int get_key_bit_size(const u8 *key, size
else
*bitsize = 0; /* Unknown */
if (key_size > cipherkey->length) {
- cipherkey = (struct aescipherkeytoken *)key +
- cipherkey->length;
+ cipherkey = (struct aescipherkeytoken *)(key +
+ cipherkey->length);
if (cipherkey->pfv == 0x00) /* V0 payload */
*bitsize += cipherkey->pl - 384;
}
Reference in New Issue View Git Blame Copy Permalink