Hello community, here is the log from the commit of package openCryptoki for openSUSE:Factory checked in at 2020-01-07 23:52:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openCryptoki (Old) and /work/SRC/openSUSE:Factory/.openCryptoki.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openCryptoki" Tue Jan 7 23:52:36 2020 rev:55 rq:761262 version:3.12.1 Changes: -------- --- /work/SRC/openSUSE:Factory/openCryptoki/openCryptoki.changes 2019-12-03 12:43:10.554119560 +0100 +++ /work/SRC/openSUSE:Factory/.openCryptoki.new.6675/openCryptoki.changes 2020-01-07 23:53:01.372021014 +0100 @@ -1,0 +2,7 @@ +Mon Jan 6 19:25:16 UTC 2020 - Mark Post <[email protected]> + +- Added oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch (bsc#1159114) + The EP11 token may fail to import an ECC public key. Function + C_CreateObject returns CKR_BUFFER_TOO_SMALL in this case. + +------------------------------------------------------------------- New: ---- oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openCryptoki.spec ++++++ --- /var/tmp/diff_new_pack.351Zya/_old 2020-01-07 23:53:02.284021488 +0100 +++ /var/tmp/diff_new_pack.351Zya/_new 2020-01-07 23:53:02.284021488 +0100 @@ -1,7 +1,7 @@ # # spec file for package openCryptoki # -# Copyright (c) 2018, 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018-2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,6 +39,7 @@ # Patch 1 is needed because group pkcs11 doesn't exist in the build environment # and because we don't want(?) various file and directory permissions to be 0700. Patch1: ocki-3.11-remove-make-install-chgrp.patch +Patch2: oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch BuildRequires: bison BuildRequires: dos2unix BuildRequires: flex @@ -128,6 +129,7 @@ %prep %setup -q -n %{oc_cvs_tag}-%{version} %patch1 -p1 +%patch2 -p1 cp %{SOURCE2} . ++++++ oki-3.12-EP11-Fix-EC-uncompress-buffer-length.patch ++++++ >From 50a8a8806059647a3e446fd129995af61ec54867 Mon Sep 17 00:00:00 2001 From: Ingo Franzki <[email protected]> Date: Tue, 3 Dec 2019 14:58:26 +0100 Subject: [PATCH] EP11: Fix EC-uncompress buffer length Function ec_uncompress_public_key() expects the size of the output buffer in out_pubkey to be specified in the out_len parameter. However, variable pubkey_len is uninitialized when calling ec_uncompress_public_key(), so this may result in CKR_BUFFER_TOO_SMALL dependent on the value of pubkey_len. Fix this by setting pubkey_len to the size of the public key buffer allocated above. Signed-off-by: Ingo Franzki <[email protected]> --- usr/lib/ep11_stdll/ep11_specific.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr/lib/ep11_stdll/ep11_specific.c b/usr/lib/ep11_stdll/ep11_specific.c index 38b6708f..10dfe4e0 100644 --- a/usr/lib/ep11_stdll/ep11_specific.c +++ b/usr/lib/ep11_stdll/ep11_specific.c @@ -2034,9 +2034,10 @@ static CK_RV import_EC_key(STDLL_TokData_t * tokdata, SESSION * sess, rc = get_ecsiglen(ec_key_obj, &privkey_len); if (rc != CKR_OK) goto import_EC_key_end; - privkey_len /= 2; /* Public key is half the size of an EC signature */ + privkey_len /= 2; /* private key is half the size of an EC signature */ - pubkey = (CK_BYTE *)malloc(1 + 2 * privkey_len); + pubkey_len = 1 + 2 * privkey_len; + pubkey = (CK_BYTE *)malloc(pubkey_len); if (pubkey == NULL) { rc = CKR_HOST_MEMORY; goto import_EC_key_end; -- 2.13.7
