rpm/pam_pkcs11
SHA256
1
0
Fork 0
forked from pool/pam_pkcs11
Code Pull Requests Activity
8da792d9bb
pam_pkcs11/0001-verify-using-a-nonce-from-the-system-not-the-card.patch
Stanislav Brabec d1602a056e Accepting request 629902 from home:vitezslav_cizek:branches:security:chipcard 
- Address security issues found by X41 D-Sec audit (bsc#1105012)
  * Authentication Replay
  * Buffer Overflow
  * Memory not cleaned properly before free()
- add patches:
  * 0001-verify-using-a-nonce-from-the-system-not-the-card.patch
  * 0002-fixed-buffer-overflow-with-long-home-directory.patch
  * 0003-fixed-wiping-secrets-with-OpenSSL_cleanse.patch

OBS-URL: https://build.opensuse.org/request/show/629902
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/pam_pkcs11?expand=0&rev=24
2018-09-10 15:04:41 +00:00

104 lines
2.7 KiB
Diff
Raw Blame History

From cc51b3e2720ea862d500cab2ea517518ff39a497 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Fri, 25 May 2018 23:46:41 +0200
Subject: [PATCH 1/3] verify using a nonce from the system, not the card
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problem.
---
src/common/pkcs11_lib.c | 66 +++++++++++++++++------------------------
1 file changed, 28 insertions(+), 38 deletions(-)
diff --git a/src/common/pkcs11_lib.c b/src/common/pkcs11_lib.c
index 46a93bd..d4433f2 100644
--- a/src/common/pkcs11_lib.c
+++ b/src/common/pkcs11_lib.c
@@ -131,6 +131,34 @@ memcmp_pad_max(void *d1, size_t d1_len, void *d2, size_t d2_len,
return (0);
}
+int get_random_value(unsigned char *data, int length)
+{
+ static const char *random_device = "/dev/urandom";
+ int rv, fh, l;
+
+ DBG2("reading %d random bytes from %s", length, random_device);
+ fh = open(random_device, O_RDONLY);
+ if (fh == -1) {
+ set_error("open() failed: %s", strerror(errno));
+ return -1;
+ }
+
+ l = 0;
+ while (l < length) {
+ rv = read(fh, data + l, length - l);
+ if (rv <= 0) {
+ close(fh);
+ set_error("read() failed: %s", strerror(errno));
+ return -1;
+ }
+ l += rv;
+ }
+ close(fh);
+ DBG5("random-value[%d] = [%02x:%02x:%02x:...:%02x]", length, data[0],
+ data[1], data[2], data[length - 1]);
+ return 0;
+}
+
#ifdef HAVE_NSS
/*
@@ -834,16 +862,6 @@ int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data,
return 0;
}
-int get_random_value(unsigned char *data, int length)
-{
- SECStatus rv = PK11_GenerateRandom(data,length);
- if (rv != SECSuccess) {
- DBG1("couldn't generate random number: %s", SECU_Strerror(PR_GetError()));
- }
- return (rv == SECSuccess) ? 0 : -1;
-}
-
-
struct tuple_str {
PRErrorCode errNum;
const char * errString;
@@ -1778,32 +1796,4 @@ int sign_value(pkcs11_handle_t *h, cert_object_t *cert, CK_BYTE *data,
(*signature)[0], (*signature)[1], (*signature)[2], (*signature)[*signature_length - 1]);
return 0;
}
-
-int get_random_value(unsigned char *data, int length)
-{
- static const char *random_device = "/dev/urandom";
- int rv, fh, l;
-
- DBG2("reading %d random bytes from %s", length, random_device);
- fh = open(random_device, O_RDONLY);
- if (fh == -1) {
- set_error("open() failed: %s", strerror(errno));
- return -1;
- }
-
- l = 0;
- while (l < length) {
- rv = read(fh, data + l, length - l);
- if (rv <= 0) {
- close(fh);
- set_error("read() failed: %s", strerror(errno));
- return -1;
- }
- l += rv;
- }
- close(fh);
- DBG5("random-value[%d] = [%02x:%02x:%02x:...:%02x]", length, data[0],
- data[1], data[2], data[length - 1]);
- return 0;
-}
#endif /* HAVE_NSS */
--
2.18.0
View Git Blame Copy Permalink