rpms / opencryptoki

Clone
Source Code
GIT

Blame SOURCES/opencryptoki-3.12.1-5cfa568f0d1a8d722a0385819ef7175451c79f3e.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   opencryptoki-3.12.1-5cfa568f0d1a8d722a0385819ef7175451c79f3e.patch
Blob History Raw
a95140 
commit 5cfa568f0d1a8d722a0385819ef7175451c79f3e
a95140 
Author: Ingo Franzki <ifranzki@linux.ibm.com>
a95140 
Date:   Mon Jun 8 09:50:05 2020 +0200
a95140
a95140 
    Fix dh_pkcs_derive mechanism parameter checking
a95140
a95140 
    PKCS #11 does not impose any parameter length restrictions for
a95140 
    mechanism CKM_DH_PKCS_DERIVE (peer public data). Thus, do not
a95140 
    check the parameter length, other than that it should be > 0.
a95140
a95140 
    Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
a95140
a95140 
diff --git a/usr/lib/common/mech_dh.c b/usr/lib/common/mech_dh.c
a95140 
index 6733075c..7fc4ec89 100644
a95140 
--- a/usr/lib/common/mech_dh.c
a95140 
+++ b/usr/lib/common/mech_dh.c
a95140 
@@ -62,11 +62,7 @@ CK_RV dh_pkcs_derive(STDLL_TokData_t *tokdata,
a95140
a95140 
     // Perform DH checking of parameters
a95140 
     // Check the existance of the public-value in mechanism
a95140 
-    if ((!mech->pParameter) ||
a95140 
-        ((mech->ulParameterLen != 64) &&
a95140 
-         (mech->ulParameterLen != 96) &&
a95140 
-         (mech->ulParameterLen != 128) &&
a95140 
-         (mech->ulParameterLen != 192) && (mech->ulParameterLen != 256))) {
a95140 
+    if (mech->pParameter == NULL || mech->ulParameterLen == 0) {
a95140 
         TRACE_ERROR("%s\n", ock_err(ERR_MECHANISM_PARAM_INVALID));
a95140 
         return (CKR_MECHANISM_PARAM_INVALID);
a95140 
     }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation