Accepting request 902649 from home:predivan:branches:security:chipcard

- Fix build on GCC11 * Add opensc-gcc11.patch from Fedora (https://github.com/OpenSC/OpenSC/pull/2241/) OBS-URL: https://build.opensuse.org/request/show/902649 OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=66
2021-06-27 22:50:05 +00:00 · 2021-06-27 22:50:05 +00:00 · 6f06492cfe
commit 6f06492cfe
parent e3196864c3
3 changed files with 370 additions and 0 deletions
--- a/opensc-gcc11.patch
+++ b/opensc-gcc11.patch
@ -0,0 +1,361 @@
+diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
+index 41e620a..57f8a79 100644
+--- a/src/tools/opensc-explorer.c
+++ b/src/tools/opensc-explorer.c
+@@ -1839,6 +1839,12 @@ static int do_apdu(int argc, char **argv)
+ 	if (argc < 1)
+ 		return usage(do_apdu);
+ 
+	/* gcc-11 complains about BUF potentially being used without being
+	   initialized.  I can't convince myself that the calls to
+	   parse_string_or_hexdata will fully initialize it, so we just
+	   initialize it here.  */
+	memset (buf, 0, sizeof (buf));
+
+ 	/* loop over the args and parse them, making sure the result fits into buf[] */
+ 	for (i = 0, len = 0; i < (unsigned) argc && len < sizeof(buf); i++)   {
+ 		size_t len0 = sizeof(buf) - len;
+commit 1680b3a1fb15319e41dbe3214ef8c4a4c215d529
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Tue Feb 23 19:57:02 2021 +0100
+
+    Fix build on gcc11
+    
+    This made most of the applications crashing in Fedora 34 when
+    smart card was plugged in.
+    
+    The suggested patch makes the code path more obvious for gcc to
+    handle.
+    
+    https://bugzilla.redhat.com/show_bug.cgi?id=1930652
+
+diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
+index 18803b83..c65ec3ed 100644
+--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
+@@ -670,6 +670,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
+ {
+ 	struct sc_pkcs15_cert_info *p15_info = NULL;
+ 	struct sc_pkcs15_cert *p15_cert = NULL;
+	struct pkcs15_any_object *any_object = NULL;
+ 	struct pkcs15_cert_object *object = NULL;
+ 	struct pkcs15_pubkey_object *obj2 = NULL;
+ 	int rv;
+@@ -686,8 +687,9 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
+ 	}
+ 
+ 	/* Certificate object */
+-	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
+	rv = __pkcs15_create_object(fw_data, &any_object,
+ 			cert, &pkcs15_cert_ops, sizeof(struct pkcs15_cert_object));
+	object = (struct pkcs15_cert_object *) any_object;
+ 	if (rv < 0) {
+ 		if (p15_cert != NULL)
+ 			sc_pkcs15_free_certificate(p15_cert);
+@@ -720,7 +722,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
+ 	pkcs15_cert_extract_label(object);
+ 
+ 	if (cert_object != NULL)
+-		*cert_object = (struct pkcs15_any_object *) object;
+		*cert_object = any_object;
+ 
+ 	return 0;
+ }
+@@ -730,6 +732,7 @@ static int
+ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
+ 	struct sc_pkcs15_object *pubkey, struct pkcs15_any_object **pubkey_object)
+ {
+	struct pkcs15_any_object *any_object = NULL;
+ 	struct pkcs15_pubkey_object *object = NULL;
+ 	struct sc_pkcs15_pubkey *p15_key = NULL;
+ 	int rv;
+@@ -758,8 +761,9 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
+ 	}
+ 
+ 	/* Public key object */
+-	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
+	rv = __pkcs15_create_object(fw_data, &any_object,
+ 			pubkey, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object));
+	object = (struct pkcs15_pubkey_object *) any_object;
+ 	if (rv >= 0) {
+ 		object->pub_info = (struct sc_pkcs15_pubkey_info *) pubkey->data;
+ 		object->pub_data = p15_key;
+@@ -773,7 +777,7 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
+ 			object->pub_data->alg_id->params = &((object->pub_data->u).gostr3410.params);
+ 	}
+ 	if (pubkey_object != NULL)
+-		*pubkey_object = (struct pkcs15_any_object *) object;
+		*pubkey_object = any_object;
+ 
+ 	return rv;
+ }
+@@ -783,16 +787,18 @@ static int
+ __pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data,
+ 	struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object)
+ {
+	struct pkcs15_any_object *any_object = NULL;
+ 	struct pkcs15_prkey_object *object = NULL;
+ 	int rv;
+ 
+-	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
+	rv = __pkcs15_create_object(fw_data, &any_object,
+ 			prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object));
+	object = (struct pkcs15_prkey_object *) any_object;
+ 	if (rv >= 0)
+ 		object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data;
+ 
+ 	if (prkey_object != NULL)
+-		*prkey_object = (struct pkcs15_any_object *) object;
+		*prkey_object = any_object;
+ 
+ 	return rv;
+ }
+@@ -802,18 +808,20 @@ static int
+ __pkcs15_create_data_object(struct pkcs15_fw_data *fw_data,
+ 		struct sc_pkcs15_object *object, struct pkcs15_any_object **data_object)
+ {
+	struct pkcs15_any_object *any_object = NULL;
+ 	struct pkcs15_data_object *dobj = NULL;
+ 	int rv;
+ 
+-	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &dobj,
+	rv = __pkcs15_create_object(fw_data, &any_object,
+ 			object, &pkcs15_dobj_ops, sizeof(struct pkcs15_data_object));
+        dobj = (struct pkcs15_data_object *) any_object;
+ 	if (rv >= 0)   {
+ 		dobj->info = (struct sc_pkcs15_data_info *) object->data;
+ 		dobj->value = NULL;
+ 	}
+ 
+ 	if (data_object != NULL)
+-		*data_object = (struct pkcs15_any_object *) dobj;
+		*data_object = any_object;
+ 
+ 	return rv;
+ }
+@@ -853,16 +861,18 @@ static int
+ __pkcs15_create_secret_key_object(struct pkcs15_fw_data *fw_data,
+ 		struct sc_pkcs15_object *object, struct pkcs15_any_object **skey_object)
+ {
+	struct pkcs15_any_object *any_object = NULL;
+ 	struct pkcs15_skey_object *skey = NULL;
+ 	int rv;
+ 
+-	rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &skey,
+	rv = __pkcs15_create_object(fw_data, &any_object,
+ 			object, &pkcs15_skey_ops, sizeof(struct pkcs15_skey_object));
+        skey = (struct pkcs15_skey_object *) any_object;
+ 	if (rv >= 0)
+ 		skey->info = (struct sc_pkcs15_skey_info *) object->data;
+ 
+ 	if (skey_object != NULL)
+-		*skey_object = (struct pkcs15_any_object *) skey;
+		*skey_object = any_object;
+ 
+ 	return rv;
+ }
+diff --git a/src/libopensc/pkcs15-westcos.c b/src/libopensc/pkcs15-westcos.c
+index 885abd37..9277061b 100644
+--- a/src/libopensc/pkcs15-westcos.c
+++ b/src/libopensc/pkcs15-westcos.c
+@@ -124,18 +124,17 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
+ 		struct sc_pkcs15_pubkey_info pubkey_info;
+ 		struct sc_pkcs15_object pubkey_obj;
+ 		struct sc_pkcs15_pubkey *pkey = NULL;
+		sc_pkcs15_cert_t *cert = NULL;
+
+ 		memset(&cert_info, 0, sizeof(cert_info));
+ 		memset(&cert_obj, 0, sizeof(cert_obj));
+ 		cert_info.id.len = 1;
+ 		cert_info.id.value[0] = 0x45;
+ 		cert_info.authority = 0;
+ 		cert_info.path = path;
+-		r = sc_pkcs15_read_certificate(p15card, &cert_info,
+-					       (sc_pkcs15_cert_t
+-						**) (&cert_obj.data));
+		r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
+		cert_obj.data = (void *) cert;
+ 		if (!r) {
+-			sc_pkcs15_cert_t *cert =
+-			    (sc_pkcs15_cert_t *) (cert_obj.data);
+ 			strlcpy(cert_obj.label, "User certificate",
+ 				sizeof(cert_obj.label));
+ 			cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
+diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
+index c65ec3ed..a5e6ff1f 100644
+--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
+@@ -673,6 +673,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
+ 	struct pkcs15_any_object *any_object = NULL;
+ 	struct pkcs15_cert_object *object = NULL;
+ 	struct pkcs15_pubkey_object *obj2 = NULL;
+	struct pkcs15_any_object *any_object2 = NULL;
+ 	int rv;
+ 
+ 	p15_info = (struct sc_pkcs15_cert_info *) cert->data;
+@@ -700,10 +701,11 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
+ 	object->cert_data = p15_cert;
+ 
+ 	/* Corresponding public key */
+-	rv = public_key_created(fw_data, &p15_info->id, (struct pkcs15_any_object **) &obj2);
+	rv = public_key_created(fw_data, &p15_info->id, &any_object2);
+ 	if (rv != SC_SUCCESS)
+-		rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &obj2,
+		rv = __pkcs15_create_object(fw_data, &any_object2,
+ 				NULL, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object));
+	obj2 = (struct pkcs15_pubkey_object *) any_object2;
+ 	if (rv < 0)
+ 		return rv;
+ 
+@@ -2975,14 +2977,17 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args,
+ 	const CK_BYTE * gost_params_encoded_oid_from_template;
+ 	const CK_BYTE * gost_hash_params_encoded_oid_from_template;
+ 	size_t len, param_index, hash_index;
+	void *ptr = NULL;
+ 	CK_RV rv;
+ 
+ 	/* If template has CKA_GOSTR3410_PARAMS attribute, set param_index to
+ 	 * corresponding item's index in gostr3410_param_oid[] */
+-	if (pPrivTpl && ulPrivCnt)
+-		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len);
+-	else
+-		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len);
+	if (pPrivTpl && ulPrivCnt) {
+		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, &ptr, &len);
+	} else {
+		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, &ptr, &len);
+	}
+	gost_params_encoded_oid_from_template = (const CK_BYTE *) ptr;
+ 
+ 	if (rv == CKR_OK) {
+ 		size_t nn = sizeof(gostr3410_param_oid)/sizeof(gostr3410_param_oid[0]);
+@@ -3005,10 +3010,12 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args,
+ 
+ 	/* If template has CKA_GOSTR3411_PARAMS attribute, set hash_index to
+ 	 * corresponding item's index in gostr3410_hash_param_oid[] */
+-	if (pPrivTpl && ulPrivCnt)
+-		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len);
+-	else
+-		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len);
+	if (pPrivTpl && ulPrivCnt) {
+		rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, &ptr, &len);
+	} else {
+		rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, &ptr, &len);
+	}
+	gost_hash_params_encoded_oid_from_template = ptr;
+ 
+ 	if (rv == CKR_OK) {
+ 		size_t nn = sizeof(gostr3410_hash_param_oid)/sizeof(gostr3410_hash_param_oid[0]);
+@@ -3155,9 +3162,11 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
+ 	}
+ 	else if (keytype == CKK_EC)   {
+ 		struct sc_lv_data *der = &keygen_args.prkey_args.key.u.ec.params.der;
+		void *ptr = NULL;
+ 
+ 		der->len = sizeof(struct sc_object_id);
+-		rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, (void **)&der->value, &der->len);
+		rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, &ptr, &der->len);
+		der->value = (unsigned char *) ptr;
+ 		if (rv != CKR_OK)   {
+ 			sc_unlock(p11card->card);
+ 			return sc_to_cryptoki_error(rc, "C_GenerateKeyPair");
+diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
+index 8fb3e5af..a6c91ce1 100644
+--- a/src/pkcs11/pkcs11-object.c
+++ b/src/pkcs11/pkcs11-object.c
+@@ -347,6 +347,7 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession,	/* the session's handle */
+ 	struct sc_pkcs11_object *object;
+ 	struct sc_pkcs11_find_operation *operation;
+ 	struct sc_pkcs11_slot *slot;
+	struct sc_pkcs11_operation *op = NULL;
+ 
+ 	if (pTemplate == NULL_PTR && ulCount > 0)
+ 		return CKR_ARGUMENTS_BAD;
+@@ -363,7 +364,8 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession,	/* the session's handle */
+ 	dump_template(SC_LOG_DEBUG_NORMAL, "C_FindObjectsInit()", pTemplate, ulCount);
+ 
+ 	rv = session_start_operation(session, SC_PKCS11_OPERATION_FIND,
+-				     &find_mechanism, (struct sc_pkcs11_operation **)&operation);
+				     &find_mechanism, &op);
+	operation = (struct sc_pkcs11_find_operation *) op;
+ 	if (rv != CKR_OK)
+ 		goto out;
+ 
+diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
+index a6c91ce1..603a6713 100644
+--- a/src/pkcs11/pkcs11-object.c
+++ b/src/pkcs11/pkcs11-object.c
+@@ -453,6 +453,7 @@ C_FindObjects(CK_SESSION_HANDLE hSession,	/* the session's handle */
+ 	CK_ULONG to_return;
+ 	struct sc_pkcs11_session *session;
+ 	struct sc_pkcs11_find_operation *operation;
+	struct sc_pkcs11_operation *op = NULL;
+ 
+ 	if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR)
+ 		return CKR_ARGUMENTS_BAD;
+@@ -465,7 +466,8 @@ C_FindObjects(CK_SESSION_HANDLE hSession,	/* the session's handle */
+ 	if (rv != CKR_OK)
+ 		goto out;
+ 
+-	rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, (sc_pkcs11_operation_t **) & operation);
+	rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, &op);
+	operation = (struct sc_pkcs11_find_operation *) op;
+ 	if (rv != CKR_OK)
+ 		goto out;
+ 
+diff --git a/src/tools/pkcs11-register.c b/src/tools/pkcs11-register.c
+index 007ff1ae..873ebcba 100644
+--- a/src/tools/pkcs11-register.c
+++ b/src/tools/pkcs11-register.c
+@@ -123,13 +123,15 @@ add_module_pkcs11_txt(const char *profile_dir,
+ 	char pkcs11_txt_path[PATH_MAX];
+ 	char *pkcs11_txt = NULL;
+ 	size_t pkcs11_txt_len = 0;
+	unsigned char *txt = NULL;
+
+ 	if (!profile_dir
+ 			|| snprintf(pkcs11_txt_path, sizeof pkcs11_txt_path,
+ 				"%s%c%s", profile_dir, path_sep, "pkcs11.txt") < 0
+-			|| !fread_to_eof(pkcs11_txt_path,
+-				(unsigned char **) &pkcs11_txt, &pkcs11_txt_len)) {
+			|| !fread_to_eof(pkcs11_txt_path, &txt, &pkcs11_txt_len)) {
+ 		goto err;
+ 	}
+	pkcs11_txt = (char *)txt;
+ 	char *p = realloc(pkcs11_txt, pkcs11_txt_len+1);
+ 	if (!p)
+ 		goto err;
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index a4d9c94b..35b96792 100644
+--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
+@@ -6303,11 +6303,12 @@ static CK_SESSION_HANDLE test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE
+ 		return session;
+ 	}
+ 
+-	tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len);
+-	if (opt_object_id_len == 0) {
+	tmp = getID(session, priv_key, &i);
+	if (i == 0) {
+ 		fprintf(stderr, "ERR: newly generated private key has no (or an empty) CKA_ID\n");
+ 		return session;
+ 	}
+	opt_object_id_len = (size_t) i;
+ 	memcpy(opt_object_id, tmp, opt_object_id_len);
+ 
+ 	/* This is done in NSS */
+@@ -6485,11 +6486,12 @@ static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
+ 	if (!gen_keypair(slot, session, &pub_key, &priv_key, opt_key_type))
+ 		return;
+ 
+-	tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len);
+-	if (opt_object_id_len == 0) {
+	tmp = getID(session, priv_key, &i);
+	if (i == 0) {
+ 		printf("ERR: newly generated private key has no (or an empty) CKA_ID\n");
+ 		return;
+ 	}
+	i = (size_t) opt_object_id_len;
+ 	memcpy(opt_object_id, tmp, opt_object_id_len);
+ 
+ 	/* This is done in NSS */
--- a/opensc.changes
+++ b/opensc.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović <predivan@mts.rs>
+
+- Fix build on GCC11
+    * Add opensc-gcc11.patch from Fedora 
+    (https://github.com/OpenSC/OpenSC/pull/2241/)
+
 -------------------------------------------------------------------
 Fri Mar 12 22:58:46 UTC 2021 - Dirk Müller <dmueller@suse.com>

--- a/opensc.spec
+++ b/opensc.spec
@ -30,6 +30,7 @@ Source2:        %{name}-rpmlintrc
 # Register with p11-kit
 # https://web.archive.org/web/20111225073733/http://www.opensc-project.org/opensc/ticket/390
 Source3:        opensc.module
+Patch0:         opensc-gcc11.patch
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libxslt
 BuildRequires:  pkgconfig
@ -59,6 +60,7 @@ may require third party proprietary software.

 %prep
 %setup -q
+%patch0 -p1

 %build
 %configure \