1 files changed, 39 insertions, 0 deletions

diff --git a/community/opensc/0002-epass2003-properly-disable-padding.patch b/community/opensc/0002-epass2003-properly-disable-padding.patch
new file mode 100644
index 000000000..0e3ad65fb
--- /dev/null
+++ b/community/opensc/0002-epass2003-properly-disable-padding.patch
@@ -0,0 +1,39 @@
+From b1a4775310a4e30d8fd5c1cc91e60971f922e64a Mon Sep 17 00:00:00 2001
+From: Zbigniew Halas <zhalas@gmail.com>
+Date: Wed, 27 Feb 2013 23:44:02 +0000
+Subject: [PATCH] epass2003: properly disable padding
+
+EVP_CIPHER_CTX_set_padding needs to be called after EVP_EncryptInit_ex
+and EVP_DecryptInit_ex, otherwise padding is re-enabled, which in turn
+causes buffer overruns
+---
+ src/libopensc/card-epass2003.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
+index 80088b9..6f04573 100644
+--- a/src/libopensc/card-epass2003.c
++++ b/src/libopensc/card-epass2003.c
+@@ -117,8 +117,8 @@
+ 
+ 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ 	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 	EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 
+ 	if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
+ 		goto out;
+@@ -146,8 +146,8 @@
+ 
+ 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ 	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 	EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 
+ 	if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
+ 		goto out;
+-- 
+1.8.4
+