From mboxrd@z Thu Jan  1 00:00:00 1970
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
From: Jakub Jelen <jjelen@redhat.com>
To: git-commits@fedoraproject.org
Subject: [rpms/yubihsm-shell] epel9: Use low-level AES operations to prevent session leak (#2487009)
Date: Tue, 23 Jun 2026 13:41:35 GMT
Message-ID: <178222209554.1.4612527788590744658.rpms-yubihsm-shell-a54c3d03735a@fedoraproject.org>
List-ID: <git-commits.fedoraproject.org>
X-Git-Repo: rpms/yubihsm-shell
X-Git-Branch: epel9
X-Git-Rev: a54c3d03735aa8c9bd92067b3a3bef03f77c91f9

QSBuZXcgY29tbWl0IGhhcyBiZWVuIHB1c2hlZC4KClJlcG8gICA6IHJwbXMveXViaWhzbS1zaGVs
bApCcmFuY2ggOiBlcGVsOQpDb21taXQgOiBhNTRjM2QwMzczNWFhOGM5YmQ5MjA2N2IzYTNiZWYw
M2Y3N2M5MWY5CkF1dGhvciA6IEpha3ViIEplbGVuIDxqamVsZW5AcmVkaGF0LmNvbT4KRGF0ZSAg
IDogMjAyNi0wNi0yM1QxNTozODozNCswMjowMApTdGF0cyAgOiArMjMxLy0xIGluIDIgZmlsZShz
KQpVUkwgICAgOiBodHRwczovL3NyYy5mZWRvcmFwcm9qZWN0Lm9yZy9ycG1zL3l1Ymloc20tc2hl
bGwvYy9hNTRjM2QwMzczNWFhOGM5YmQ5MjA2N2IzYTNiZWYwM2Y3N2M5MWY5P2JyYW5jaD1lcGVs
OQoKTG9nOgpVc2UgbG93LWxldmVsIEFFUyBvcGVyYXRpb25zIHRvIHByZXZlbnQgc2Vzc2lvbiBs
ZWFrICgjMjQ4NzAwOSkKCi0tLQpkaWZmIC0tZ2l0IGEveXViaWhzbS1zaGVsbC0yLjcuMC1zZXNz
aW9uLWxlYWsucGF0Y2ggYi95dWJpaHNtLXNoZWxsLTIuNy4wLXNlc3Npb24tbGVhay5wYXRjaApu
ZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwLi43N2I4MzU1Ci0tLSAvZGV2L251bGwK
KysrIGIveXViaWhzbS1zaGVsbC0yLjcuMC1zZXNzaW9uLWxlYWsucGF0Y2gKQEAgLTAsMCArMSwy
MjggQEAKK2RpZmYgLS1naXQgYS9hZXNfY21hYy9hZXMuYyBiL2Flc19jbWFjL2Flcy5jCitpbmRl
eCA1YjVmNDVmLi42OTZhMjg5IDEwMDY0NAorLS0tIGEvYWVzX2NtYWMvYWVzLmMKKysrKyBiL2Fl
c19jbWFjL2Flcy5jCitAQCAtMTcwLDc3ICsxNzAsMTUgQEAgY2xlYW51cDoKKyAKKyAjZWxzZQor
IAorLXN0YXRpYyBjb25zdCBFVlBfQ0lQSEVSICphZXNfZWNiKHVpbnQxNl90IGtleV9sZW4pIHsK
Ky0gIHN3aXRjaCAoa2V5X2xlbikgeworLSAgICBjYXNlIDE2OgorLSAgICAgIHJldHVybiBFVlBf
YWVzXzEyOF9lY2IoKTsKKy0gICAgY2FzZSAyNDoKKy0gICAgICByZXR1cm4gRVZQX2Flc18xOTJf
ZWNiKCk7CistICAgIGNhc2UgMzI6CistICAgICAgcmV0dXJuIEVWUF9hZXNfMjU2X2VjYigpOwor
LSAgICBkZWZhdWx0OgorLSAgICAgIHJldHVybiBOVUxMOworLSAgfQorLX0KKy0KKy1zdGF0aWMg
Y29uc3QgRVZQX0NJUEhFUiAqYWVzX2NiYyh1aW50MTZfdCBrZXlfbGVuKSB7CistICBzd2l0Y2gg
KGtleV9sZW4pIHsKKy0gICAgY2FzZSAxNjoKKy0gICAgICByZXR1cm4gRVZQX2Flc18xMjhfY2Jj
KCk7CistICAgIGNhc2UgMjQ6CistICAgICAgcmV0dXJuIEVWUF9hZXNfMTkyX2NiYygpOworLSAg
ICBjYXNlIDMyOgorLSAgICAgIHJldHVybiBFVlBfYWVzXzI1Nl9jYmMoKTsKKy0gICAgZGVmYXVs
dDoKKy0gICAgICByZXR1cm4gTlVMTDsKKy0gIH0KKy19CistCistc3RhdGljIGludCBhZXNfZW5j
cnlwdF9leChjb25zdCBFVlBfQ0lQSEVSICpjaXBoZXIsIGNvbnN0IHVpbnQ4X3QgKmluLAorLSAg
ICAgICAgICAgICAgICAgICAgICAgICAgdWludDhfdCAqb3V0LCB1aW50MTZfdCBsZW4sIGNvbnN0
IHVpbnQ4X3QgKml2LAorLSAgICAgICAgICAgICAgICAgICAgICAgICAgYWVzX2NvbnRleHQgKmN0
eCkgeworLSAgaWYgKEVWUF9FbmNyeXB0SW5pdF9leChjdHgtPmN0eCwgY2lwaGVyLCBOVUxMLCBj
dHgtPmtleSwgaXYpICE9IDEpIHsKKy0gICAgcmV0dXJuIC0xOworLSAgfQorLSAgaWYgKEVWUF9D
SVBIRVJfQ1RYX3NldF9wYWRkaW5nKGN0eC0+Y3R4LCAwKSAhPSAxKSB7CistICAgIHJldHVybiAt
MjsKKy0gIH0KKy0gIGludCB1cGRhdGVfbGVuID0gbGVuOworLSAgaWYgKEVWUF9FbmNyeXB0VXBk
YXRlKGN0eC0+Y3R4LCBvdXQsICZ1cGRhdGVfbGVuLCBpbiwgbGVuKSAhPSAxKSB7CistICAgIHJl
dHVybiAtMzsKKy0gIH0KKy0gIGludCBmaW5hbF9sZW4gPSBsZW4gLSB1cGRhdGVfbGVuOworLSAg
aWYgKEVWUF9FbmNyeXB0RmluYWxfZXgoY3R4LT5jdHgsIG91dCArIHVwZGF0ZV9sZW4sICZmaW5h
bF9sZW4pICE9IDEpIHsKKy0gICAgcmV0dXJuIC00OworLSAgfQorLSAgaWYgKHVwZGF0ZV9sZW4g
KyBmaW5hbF9sZW4gIT0gbGVuKSB7CistICAgIHJldHVybiAtNTsKKy0gIH0KKy0gIHJldHVybiAw
OworLX0KKy0KKy1zdGF0aWMgaW50IGFlc19kZWNyeXB0X2V4KGNvbnN0IEVWUF9DSVBIRVIgKmNp
cGhlciwgY29uc3QgdWludDhfdCAqaW4sCistICAgICAgICAgICAgICAgICAgICAgICAgICB1aW50
OF90ICpvdXQsIHVpbnQxNl90IGxlbiwgY29uc3QgdWludDhfdCAqaXYsCistICAgICAgICAgICAg
ICAgICAgICAgICAgICBhZXNfY29udGV4dCAqY3R4KSB7CistICBpZiAoRVZQX0RlY3J5cHRJbml0
X2V4KGN0eC0+Y3R4LCBjaXBoZXIsIE5VTEwsIGN0eC0+a2V5LCBpdikgIT0gMSkgeworLSAgICBy
ZXR1cm4gLTE7CistICB9CistICBpZiAoRVZQX0NJUEhFUl9DVFhfc2V0X3BhZGRpbmcoY3R4LT5j
dHgsIDApICE9IDEpIHsKKy0gICAgcmV0dXJuIC0yOworLSAgfQorLSAgaW50IHVwZGF0ZV9sZW4g
PSBsZW47CistICBpZiAoRVZQX0RlY3J5cHRVcGRhdGUoY3R4LT5jdHgsIG91dCwgJnVwZGF0ZV9s
ZW4sIGluLCBsZW4pICE9IDEpIHsKKy0gICAgcmV0dXJuIC0zOworLSAgfQorLSAgaW50IGZpbmFs
X2xlbiA9IGxlbiAtIHVwZGF0ZV9sZW47CistICBpZiAoRVZQX0RlY3J5cHRGaW5hbF9leChjdHgt
PmN0eCwgb3V0ICsgdXBkYXRlX2xlbiwgJmZpbmFsX2xlbikgIT0gMSkgeworLSAgICByZXR1cm4g
LTQ7CistICB9CistICBpZiAodXBkYXRlX2xlbiArIGZpbmFsX2xlbiAhPSBsZW4pIHsKKy0gICAg
cmV0dXJuIC01OworLSAgfQorLSAgcmV0dXJuIDA7CistfQorKy8qCisrICogVXNlIHRoZSBsb3ct
bGV2ZWwgQUVTIEFQSSAoQUVTX3NldF9lbmNyeXB0X2tleSAvIEFFU19lY2JfZW5jcnlwdCAvCisr
ICogQUVTX2NiY19lbmNyeXB0KSBpbnN0ZWFkIG9mIHRoZSBFVlAgQVBJLiAgVGhlIGxvdy1sZXZl
bCBmdW5jdGlvbnMKKysgKiBvcGVyYXRlIGRpcmVjdGx5IG9uIGFuIEFFU19LRVkgc3RydWN0IHdp
dGggcHJlLWNvbXB1dGVkIHJvdW5kIGtleXMKKysgKiBhbmQgZG8gbm90IGRlcGVuZCBvbiBPcGVu
U1NMJ3MgZ2xvYmFsIGxpYnJhcnkgY29udGV4dC4gIFRoaXMgbWVhbnMKKysgKiB0aGV5IGNvbnRp
bnVlIHRvIHdvcmsgYWZ0ZXIgT1BFTlNTTF9jbGVhbnVwKCkgaGFzIGJlZW4gY2FsbGVkLAorKyAq
IHdoaWNoIGlzIGNyaXRpY2FsIGZvciBTQ1AwMyBzZXNzaW9uIGNsb3NlIGR1cmluZyBhcHBsaWNh
dGlvbgorKyAqIHRlYXJkb3duLgorKyAqLworIAorICNlbmRpZgorIAorQEAgLTI2NiwxNyArMjA0
LDE1IEBAIGludCBhZXNfc2V0X2tleShjb25zdCB1aW50OF90ICprZXksIHVpbnQxNl90IGtleV9s
ZW4sIGFlc19jb250ZXh0ICpjdHgpIHsKKyAKKyAjZWxzZQorIAorLSAgaWYgKGtleSA9PSBOVUxM
IHx8IGFlc19lY2Ioa2V5X2xlbikgPT0gTlVMTCkgeworKyAgaWYgKGtleSA9PSBOVUxMIHx8IChr
ZXlfbGVuICE9IDE2ICYmIGtleV9sZW4gIT0gMjQgJiYga2V5X2xlbiAhPSAzMikpIHsKKyAgICAg
cmV0dXJuIC0xOworICAgfQorLSAgaWYgKCFjdHgtPmN0eCkgeworLSAgICBjdHgtPmN0eCA9IEVW
UF9DSVBIRVJfQ1RYX25ldygpOworLSAgICBpZiAoIWN0eC0+Y3R4KSB7CistICAgICAgcmV0dXJu
IC0yOworLSAgICB9CisrICBpZiAoQUVTX3NldF9lbmNyeXB0X2tleShrZXksIGtleV9sZW4gKiA4
LCAmY3R4LT5lbmNfa2V5KSAhPSAwKSB7CisrICAgIHJldHVybiAtMjsKKysgIH0KKysgIGlmIChB
RVNfc2V0X2RlY3J5cHRfa2V5KGtleSwga2V5X2xlbiAqIDgsICZjdHgtPmRlY19rZXkpICE9IDAp
IHsKKysgICAgcmV0dXJuIC0zOworICAgfQorLSAgY3R4LT5rZXlfbGVuID0ga2V5X2xlbjsKKy0g
IG1lbWNweShjdHgtPmtleSwga2V5LCBrZXlfbGVuKTsKKyAKKyAjZW5kaWYKKyAKK0BAIC0yOTUs
MjMgKzIzMSwxOCBAQCBpbnQgYWVzX2xvYWRfa2V5KGNvbnN0IGNoYXIgKmtleSwgYWVzX2NvbnRl
eHQgKmN0eCkgeworICAgY29uc3QgdWludDhfdCBkZWZhdWx0X21hY1tdID0gezB4NTksIDB4MmYs
IDB4ZDQsIDB4ODMsIDB4ZjcsIDB4NTksCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgMHhlMiwgMHg5OSwgMHgwOSwgMHhhMCwgMHg0YywgMHg0NSwKKyAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAweDA1LCAweGQyLCAweGNlLCAweDBhfTsKKy0gIGN0eC0+a2V5X2xl
biA9IHNpemVvZihkZWZhdWx0X2VuYyk7CistICBpZiAoa2V5ID09IE5VTEwgfHwgYWVzX2VjYihj
dHgtPmtleV9sZW4pID09IE5VTEwpIHsKKysgIGNvbnN0IHVpbnQ4X3QgKms7CisrCisrICBpZiAo
a2V5ID09IE5VTEwpCisgICAgIHJldHVybiAtMTsKKy0gIH0KKy0gIGlmICghY3R4LT5jdHgpIHsK
Ky0gICAgY3R4LT5jdHggPSBFVlBfQ0lQSEVSX0NUWF9uZXcoKTsKKy0gICAgaWYgKCFjdHgtPmN0
eCkgeworLSAgICAgIHJldHVybiAtMjsKKy0gICAgfQorLSAgfQorICAgaWYgKCFzdHJjbXAoa2V5
LCAiZGVmYXVsdF9lbmMiKSkKKy0gICAgbWVtY3B5KGN0eC0+a2V5LCBkZWZhdWx0X2VuYywgY3R4
LT5rZXlfbGVuKTsKKysgICAgayA9IGRlZmF1bHRfZW5jOworICAgZWxzZSBpZiAoIXN0cmNtcChr
ZXksICJkZWZhdWx0X21hYyIpKQorLSAgICBtZW1jcHkoY3R4LT5rZXksIGRlZmF1bHRfbWFjLCBj
dHgtPmtleV9sZW4pOworKyAgICBrID0gZGVmYXVsdF9tYWM7CisgICBlbHNlCistICAgIG1lbXNl
dChjdHgtPmtleSwgMCwgY3R4LT5rZXlfbGVuKTsKKy0gIHJldHVybiAwOworKyAgICByZXR1cm4g
LTE7CisrCisrICByZXR1cm4gYWVzX3NldF9rZXkoaywgc2l6ZW9mKGRlZmF1bHRfZW5jKSwgY3R4
KTsKKyAjZW5kaWYKKyB9CisgCitAQCAtMzM0LDggKzI2NSw4IEBAIGludCBhZXNfZW5jcnlwdChj
b25zdCB1aW50OF90ICppbiwgdWludDhfdCAqb3V0LCBhZXNfY29udGV4dCAqY3R4KSB7CisgCisg
I2Vsc2UKKyAKKy0gIHJldHVybiBhZXNfZW5jcnlwdF9leChhZXNfZWNiKGN0eC0+a2V5X2xlbiks
IGluLCBvdXQsIEFFU19CTE9DS19TSVpFLCBOVUxMLAorLSAgICAgICAgICAgICAgICAgICAgICAg
IGN0eCk7CisrICBBRVNfZWNiX2VuY3J5cHQoaW4sIG91dCwgJmN0eC0+ZW5jX2tleSwgQUVTX0VO
Q1JZUFQpOworKyAgcmV0dXJuIDA7CisgCisgI2VuZGlmCisgfQorQEAgLTM1OSw4ICsyOTAsOCBA
QCBpbnQgYWVzX2RlY3J5cHQoY29uc3QgdWludDhfdCAqaW4sIHVpbnQ4X3QgKm91dCwgYWVzX2Nv
bnRleHQgKmN0eCkgeworIAorICNlbHNlCisgCistICByZXR1cm4gYWVzX2RlY3J5cHRfZXgoYWVz
X2VjYihjdHgtPmtleV9sZW4pLCBpbiwgb3V0LCBBRVNfQkxPQ0tfU0laRSwgTlVMTCwKKy0gICAg
ICAgICAgICAgICAgICAgICAgICBjdHgpOworKyAgQUVTX2VjYl9lbmNyeXB0KGluLCBvdXQsICZj
dHgtPmRlY19rZXksIEFFU19ERUNSWVBUKTsKKysgIHJldHVybiAwOworIAorICNlbmRpZgorIH0K
K0BAIC0zODgsNyArMzE5LDEwIEBAIGludCBhZXNfY2JjX2VuY3J5cHQoY29uc3QgdWludDhfdCAq
aW4sIHVpbnQ4X3QgKm91dCwgdWludDE2X3QgbGVuLAorIAorICNlbHNlCisgCistICByZXR1cm4g
YWVzX2VuY3J5cHRfZXgoYWVzX2NiYyhjdHgtPmtleV9sZW4pLCBpbiwgb3V0LCBsZW4sIGl2LCBj
dHgpOworKyAgdWludDhfdCBfaXZbQUVTX0JMT0NLX1NJWkVdOworKyAgbWVtY3B5KF9pdiwgaXYs
IEFFU19CTE9DS19TSVpFKTsKKysgIEFFU19jYmNfZW5jcnlwdChpbiwgb3V0LCBsZW4sICZjdHgt
PmVuY19rZXksIF9pdiwgQUVTX0VOQ1JZUFQpOworKyAgcmV0dXJuIDA7CisgCisgI2VuZGlmCisg
fQorQEAgLTQxNiw3ICszNTAsMTAgQEAgaW50IGFlc19jYmNfZGVjcnlwdChjb25zdCB1aW50OF90
ICppbiwgdWludDhfdCAqb3V0LCB1aW50MTZfdCBsZW4sCisgCisgI2Vsc2UKKyAKKy0gIHJldHVy
biBhZXNfZGVjcnlwdF9leChhZXNfY2JjKGN0eC0+a2V5X2xlbiksIGluLCBvdXQsIGxlbiwgaXYs
IGN0eCk7CisrICB1aW50OF90IF9pdltBRVNfQkxPQ0tfU0laRV07CisrICBtZW1jcHkoX2l2LCBp
diwgQUVTX0JMT0NLX1NJWkUpOworKyAgQUVTX2NiY19lbmNyeXB0KGluLCBvdXQsIGxlbiwgJmN0
eC0+ZGVjX2tleSwgX2l2LCBBRVNfREVDUllQVCk7CisrICByZXR1cm4gMDsKKyAKKyAjZW5kaWYK
KyB9CitAQCAtNDg0LDcgKzQyMSw3IEBAIHZvaWQgYWVzX2Rlc3Ryb3koYWVzX2NvbnRleHQgKmN0
eCkgeworIAorICNlbHNlCisgCistICBFVlBfQ0lQSEVSX0NUWF9mcmVlKGN0eC0+Y3R4KTsKKysg
IC8qIEFFU19LRVkgaGFzIG5vIHJlc291cmNlcyB0byBmcmVlLCBqdXN0IHplcm8gdGhlIGtleSBt
YXRlcmlhbCAqLworIAorICNlbmRpZgorIAorZGlmZiAtLWdpdCBhL2Flc19jbWFjL2Flcy5oIGIv
YWVzX2NtYWMvYWVzLmgKK2luZGV4IDc5OGNiMTUuLmJhMGVmOTcgMTAwNjQ0CistLS0gYS9hZXNf
Y21hYy9hZXMuaAorKysrIGIvYWVzX2NtYWMvYWVzLmgKK0BAIC0zMCw3ICszMCw3IEBACisgI2lu
Y2x1ZGUgPGJjcnlwdC5oPgorICNpbmNsdWRlIDxudHN0YXR1cy5oPgorICNlbHNlCistI2luY2x1
ZGUgPG9wZW5zc2wvZXZwLmg+CisrI2luY2x1ZGUgPG9wZW5zc2wvYWVzLmg+CisgI2VuZGlmCisg
CisgI2lmbmRlZiBBRVNfQkxPQ0tfU0laRSAvLyBEZWZpbmVkIGluIG9wZW5zc2wvYWVzLmgKK0BA
IC01MSw5ICs1MSw4IEBAIHR5cGVkZWYgc3RydWN0IHsKKyAgIFBCWVRFIHBiS2V5RUNCT2JqOwor
ICAgc2l6ZV90IGNiS2V5T2JqOworICNlbHNlCistICBFVlBfQ0lQSEVSX0NUWCAqY3R4OworLSAg
dWludDE2X3Qga2V5X2xlbjsKKy0gIHVpbnQ4X3Qga2V5WzMyXTsKKysgIEFFU19LRVkgZW5jX2tl
eTsKKysgIEFFU19LRVkgZGVjX2tleTsKKyAjZW5kaWYKKyB9IGFlc19jb250ZXh0OworIAorCgpk
aWZmIC0tZ2l0IGEveXViaWhzbS1zaGVsbC5zcGVjIGIveXViaWhzbS1zaGVsbC5zcGVjCmluZGV4
IGZmZmM1ZjkuLmRmOTZhY2UgMTAwNjQ0Ci0tLSBhL3l1Ymloc20tc2hlbGwuc3BlYworKysgYi95
dWJpaHNtLXNoZWxsLnNwZWMKQEAgLTEwLDYgKzEwLDggQEAgVVJMOgkJaHR0cHM6Ly9naXRodWIu
Y29tL1l1Ymljby8le25hbWV9LwogU291cmNlMDoJaHR0cHM6Ly9kZXZlbG9wZXJzLnl1Ymljby5j
b20vJXtuYW1lfS9SZWxlYXNlcy8le25hbWV9LSV7dmVyc2lvbn0udGFyLmd6CiBTb3VyY2UxOglo
dHRwczovL2RldmVsb3BlcnMueXViaWNvLmNvbS8le25hbWV9L1JlbGVhc2VzLyV7bmFtZX0tJXt2
ZXJzaW9ufS50YXIuZ3ouc2lnCiBTb3VyY2UyOglncGdrZXktOTU4OEVBMEYuZ3BnCisjIGh0dHBz
Oi8vZ2l0aHViLmNvbS9ZdWJpY28veXViaWhzbS1zaGVsbC9wdWxsLzUyOAorUGF0Y2gzOgl5dWJp
aHNtLXNoZWxsLTIuNy4wLXNlc3Npb24tbGVhay5wYXRjaAogCiBCdWlsZFJlcXVpcmVzOgljbWFr
ZQogQnVpbGRSZXF1aXJlczoJY3BwY2hlY2sKQEAgLTQ2LDcgKzQ4LDcgQEAgRGV2ZWxvcG1lbnQg
bGlicmFyaWVzIGZvciB3b3JraW5nIHdpdGggeXViaWhzbSAyLgogCiAlcHJlcAogZ3BndjIgLS1x
dWlldCAtLWtleXJpbmcgJXtTT1VSQ0UyfSAle1NPVVJDRTF9ICV7U09VUkNFMH0KLSVzZXR1cCAt
cQorJWF1dG9zZXR1cCAtcDEKIAogCiAlYnVpbGQK