rpms
/
libica
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libica-3.6.1-2.el8_2.1

This commit is contained in:
CentOS Sources 2020-08-20 08:48:31 -04:00 committed by Stepan Oksanichenko
parent 9745d83533
commit 0ff4cc32ae
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
SOURCES/libica-3.6.1-key-length.patch Normal file
View File

@ -0,0 +1,40 @@
From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
Date: Wed, 18 Mar 2020 16:48:43 +0100
Subject: [PATCH] Fix DES and TDES key length.
Although a DES key has only 56 effective bits, all 64 bits must be
considered, because the parity bits are spread over all 8 bytes of
the key.
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
---
src/ica_api.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/ica_api.c b/src/ica_api.c
index b80c6e3..eb6b154 100644
--- a/src/ica_api.c
+++ b/src/ica_api.c
@@ -48,6 +48,8 @@
#define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
#define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
+#define DES_KEY_LEN64 (64/8)
+
#define MAX_VERSION_LENGTH 16
int ica_fallbacks_enabled = 1;
@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode,
#ifdef ICA_FIPS
static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
- if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH)
- | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH)
- | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH))
+ if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
+ | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64)
+ | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64))
return EINVAL;
return 0;

9
SPECS/libica.spec
View File

@ -1,7 +1,7 @@
Summary: Library for accessing ICA hardware crypto on IBM z Systems
Name: libica
Version: 3.6.1
Release: 2%{?dist}
Release: 2%{?dist}.1
License: CPL
Group: System Environment/Libraries
URL: https://github.com/opencryptoki/
@ -12,6 +12,9 @@ Patch1: %{name}-3.3.3-annotate.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1789052
# https://github.com/opencryptoki/libica/commit/58c1073a585443146332c5a3b5536eb5e6c6493d
Patch2: %{name}-3.6.1-counter.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1847535
# https://github.com/opencryptoki/libica/commit/db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2
Patch3: %{name}-3.6.1-key-length.patch
BuildRequires: gcc
BuildRequires: openssl-devel
BuildRequires: autoconf
@ -80,6 +83,10 @@ fi
%changelog
* Thu Jun 25 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2.1
- fix DES and TDES key length (#1847535)
- Resolves: #1847535
* Thu Jan 09 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2
- fix overflow in icastats counters (#1789052)
- Resolves: #1789052