import libica-3.6.1-2.el8_2.1
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
9745d83533
commit
0ff4cc32ae
40
SOURCES/libica-3.6.1-key-length.patch
Normal file
40
SOURCES/libica-3.6.1-key-length.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2 Mon Sep 17 00:00:00 2001
|
||||
From: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
Date: Wed, 18 Mar 2020 16:48:43 +0100
|
||||
Subject: [PATCH] Fix DES and TDES key length.
|
||||
|
||||
Although a DES key has only 56 effective bits, all 64 bits must be
|
||||
considered, because the parity bits are spread over all 8 bytes of
|
||||
the key.
|
||||
|
||||
Signed-off-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
|
||||
---
|
||||
src/ica_api.c | 8 +++++---
|
||||
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/ica_api.c b/src/ica_api.c
|
||||
index b80c6e3..eb6b154 100644
|
||||
--- a/src/ica_api.c
|
||||
+++ b/src/ica_api.c
|
||||
@@ -48,6 +48,8 @@
|
||||
#define DEFAULT2_CRYPT_DEVICE "/dev/z90crypt"
|
||||
#define DEFAULT3_CRYPT_DEVICE "/dev/zcrypt"
|
||||
|
||||
+#define DES_KEY_LEN64 (64/8)
|
||||
+
|
||||
#define MAX_VERSION_LENGTH 16
|
||||
|
||||
int ica_fallbacks_enabled = 1;
|
||||
@@ -125,9 +127,9 @@ static unsigned int check_des_parms(unsigned int mode,
|
||||
|
||||
#ifdef ICA_FIPS
|
||||
static unsigned int fips_check_3des_key(const ica_des_key_triple_t *key) {
|
||||
- if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LENGTH)
|
||||
- | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LENGTH)
|
||||
- | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LENGTH))
|
||||
+ if (!CRYPTO_memcmp(key->key1, key->key2, DES_KEY_LEN64)
|
||||
+ | !CRYPTO_memcmp(key->key1, key->key3, DES_KEY_LEN64)
|
||||
+ | !CRYPTO_memcmp(key->key2, key->key3, DES_KEY_LEN64))
|
||||
return EINVAL;
|
||||
|
||||
return 0;
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library for accessing ICA hardware crypto on IBM z Systems
|
||||
Name: libica
|
||||
Version: 3.6.1
|
||||
Release: 2%{?dist}
|
||||
Release: 2%{?dist}.1
|
||||
License: CPL
|
||||
Group: System Environment/Libraries
|
||||
URL: https://github.com/opencryptoki/
|
||||
@ -12,6 +12,9 @@ Patch1: %{name}-3.3.3-annotate.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1789052
|
||||
# https://github.com/opencryptoki/libica/commit/58c1073a585443146332c5a3b5536eb5e6c6493d
|
||||
Patch2: %{name}-3.6.1-counter.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1847535
|
||||
# https://github.com/opencryptoki/libica/commit/db1ad6f64d96c6dba2be5af5a4ecd7ceb8f92cf2
|
||||
Patch3: %{name}-3.6.1-key-length.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: autoconf
|
||||
@ -80,6 +83,10 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Jun 25 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2.1
|
||||
- fix DES and TDES key length (#1847535)
|
||||
- Resolves: #1847535
|
||||
|
||||
* Thu Jan 09 2020 Dan Horák <dhorak@redhat.com> - 3.6.1-2
|
||||
- fix overflow in icastats counters (#1789052)
|
||||
- Resolves: #1789052
|
||||
|
||||
Loading…
Reference in New Issue
Block a user