On Fri, 26 Nov 2010 14:10:45 +0100 bugant <[email protected]> wrote: > Hi all, > I've noticed that providing a random payload to a des_cbc_pad decrypt > would make the software token crash. > > It seems to me that the cause should be in strip_pkcs_padding function > in usr/lib/pkcs11/common/utility.c which does not check for a valid pad len. > > The attached patch should solve the problem. > > Cheers, > matteo.
That was a good catch. Thanks. I've expanded your patch to also include the CCA and TPM token, and will apply them shortly. -Klaus -- Klaus Heinrich Kiwi | [email protected] | http://blog.klauskiwi.com Open Source Security blog : http://www.ratliff.net/blog IBM Linux Technology Center : http://www.ibm.com/linux/ltc ------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
