rpm/opensc
SHA256
1
0
Fork 0
forked from pool/opensc
Code Pull Requests Activity

Accepting request 923351 from home:danidoni:branches:security:chipcard

Browse Source 
- Update to OpenSC 0.22.0:
  * Removed changes in opensc-gcc11.patch already present in upstream. 
    - See e549e9c62e
  * Removed some false positives from the openrc-rpmlintrc file.
  * Use standard paths for file cache on Linux (#2148) and OSX (#2214)
  * Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
  * Add threading test to `pkcs11-tool` (#2067)
  * Add support to generate generic secret keys (#2140)
  * `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
  * Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
  * Support for gcc11 and its new strict aliasing rules (#2241, #2260)
  * Initial support for building with OpenSSL 3.0 (#2343)
  * pkcs15-tool: Write data objects in binary mode (#2324)
  * Avoid limited size of log messages (#2352)
  * Support for ECDSA verification (#2211)
  * Support for ECDSA with different SHA hashes (#2190)
  * Prevent issues in p11-kit by not returning unexpected return codes (#2207)
  * Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
  * Standardize the version 2 on 2.20 in the code (#2096)
  * Fix CKA_MODIFIABLE and CKA_EXTRACTABLE  (#2176)
  * Copy arguments of C_Initialize (#2350)
  * Fix RSA-PSS signing (#2234)
  * Fix DO deletion (#2215)
  * Add support for (X)EdDSA keys (#1960)
  * Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
  * Add support for applet version 4 (#2332)
  * New configuration option for opensc.conf to disable pkcs1_padding (#2193)
  * Add support for ECDSA with different hashes (#2190)
  * Enable more mechanisms (#2178)
  * Fixed asking for a user pin when formatting a card (#1737)
  * Added support for French CPx Healthcare cards (#2217)
  * Added ATR for new CardOS 5.4 version (#2296)

OBS-URL: https://build.opensuse.org/request/show/923351
OBS-URL: https://build.opensuse.org/package/show/security:chipcard/opensc?expand=0&rev=67
This commit is contained in:
Jason Sikes 2021-10-06 00:01:20 +00:00 committed by Git OBS Bridge
parent 6f06492cfe
commit 7615a78b4c
6 changed files with 40 additions and 336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
opensc-0.21.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2bfbbb1dcb4b8d8d75685a3e95c30798fb6411d4efab3690fd89d2cb25f3325e
size 2210878

3
opensc-0.22.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8d4e5347195ebea332be585df61dcc470331c26969e4b0447c851fb0844c7186
size 2287020

330
opensc-gcc11.patch
View File

@ -29,333 +29,3 @@ Date: Tue Feb 23 19:57:02 2021 +0100
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 18803b83..c65ec3ed 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -670,6 +670,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
{
struct sc_pkcs15_cert_info *p15_info = NULL;
struct sc_pkcs15_cert *p15_cert = NULL;
+ struct pkcs15_any_object *any_object = NULL;
struct pkcs15_cert_object *object = NULL;
struct pkcs15_pubkey_object *obj2 = NULL;
int rv;
@@ -686,8 +687,9 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
}
/* Certificate object */
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
+ rv = __pkcs15_create_object(fw_data, &any_object,
cert, &pkcs15_cert_ops, sizeof(struct pkcs15_cert_object));
+ object = (struct pkcs15_cert_object *) any_object;
if (rv < 0) {
if (p15_cert != NULL)
sc_pkcs15_free_certificate(p15_cert);
@@ -720,7 +722,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
pkcs15_cert_extract_label(object);
if (cert_object != NULL)
- *cert_object = (struct pkcs15_any_object *) object;
+ *cert_object = any_object;
return 0;
}
@@ -730,6 +732,7 @@ static int
__pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_object *pubkey, struct pkcs15_any_object **pubkey_object)
{
+ struct pkcs15_any_object *any_object = NULL;
struct pkcs15_pubkey_object *object = NULL;
struct sc_pkcs15_pubkey *p15_key = NULL;
int rv;
@@ -758,8 +761,9 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
}
/* Public key object */
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
+ rv = __pkcs15_create_object(fw_data, &any_object,
pubkey, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object));
+ object = (struct pkcs15_pubkey_object *) any_object;
if (rv >= 0) {
object->pub_info = (struct sc_pkcs15_pubkey_info *) pubkey->data;
object->pub_data = p15_key;
@@ -773,7 +777,7 @@ __pkcs15_create_pubkey_object(struct pkcs15_fw_data *fw_data,
object->pub_data->alg_id->params = &((object->pub_data->u).gostr3410.params);
}
if (pubkey_object != NULL)
- *pubkey_object = (struct pkcs15_any_object *) object;
+ *pubkey_object = any_object;
return rv;
}
@@ -783,16 +787,18 @@ static int
__pkcs15_create_prkey_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_object *prkey, struct pkcs15_any_object **prkey_object)
{
+ struct pkcs15_any_object *any_object = NULL;
struct pkcs15_prkey_object *object = NULL;
int rv;
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &object,
+ rv = __pkcs15_create_object(fw_data, &any_object,
prkey, &pkcs15_prkey_ops, sizeof(struct pkcs15_prkey_object));
+ object = (struct pkcs15_prkey_object *) any_object;
if (rv >= 0)
object->prv_info = (struct sc_pkcs15_prkey_info *) prkey->data;
if (prkey_object != NULL)
- *prkey_object = (struct pkcs15_any_object *) object;
+ *prkey_object = any_object;
return rv;
}
@@ -802,18 +808,20 @@ static int
__pkcs15_create_data_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_object *object, struct pkcs15_any_object **data_object)
{
+ struct pkcs15_any_object *any_object = NULL;
struct pkcs15_data_object *dobj = NULL;
int rv;
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &dobj,
+ rv = __pkcs15_create_object(fw_data, &any_object,
object, &pkcs15_dobj_ops, sizeof(struct pkcs15_data_object));
+ dobj = (struct pkcs15_data_object *) any_object;
if (rv >= 0) {
dobj->info = (struct sc_pkcs15_data_info *) object->data;
dobj->value = NULL;
}
if (data_object != NULL)
- *data_object = (struct pkcs15_any_object *) dobj;
+ *data_object = any_object;
return rv;
}
@@ -853,16 +861,18 @@ static int
__pkcs15_create_secret_key_object(struct pkcs15_fw_data *fw_data,
struct sc_pkcs15_object *object, struct pkcs15_any_object **skey_object)
{
+ struct pkcs15_any_object *any_object = NULL;
struct pkcs15_skey_object *skey = NULL;
int rv;
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &skey,
+ rv = __pkcs15_create_object(fw_data, &any_object,
object, &pkcs15_skey_ops, sizeof(struct pkcs15_skey_object));
+ skey = (struct pkcs15_skey_object *) any_object;
if (rv >= 0)
skey->info = (struct sc_pkcs15_skey_info *) object->data;
if (skey_object != NULL)
- *skey_object = (struct pkcs15_any_object *) skey;
+ *skey_object = any_object;
return rv;
}
diff --git a/src/libopensc/pkcs15-westcos.c b/src/libopensc/pkcs15-westcos.c
index 885abd37..9277061b 100644
--- a/src/libopensc/pkcs15-westcos.c
+++ b/src/libopensc/pkcs15-westcos.c
@@ -124,18 +124,17 @@ static int sc_pkcs15emu_westcos_init(sc_pkcs15_card_t * p15card)
struct sc_pkcs15_pubkey_info pubkey_info;
struct sc_pkcs15_object pubkey_obj;
struct sc_pkcs15_pubkey *pkey = NULL;
+ sc_pkcs15_cert_t *cert = NULL;
+
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
cert_info.id.len = 1;
cert_info.id.value[0] = 0x45;
cert_info.authority = 0;
cert_info.path = path;
- r = sc_pkcs15_read_certificate(p15card, &cert_info,
- (sc_pkcs15_cert_t
- **) (&cert_obj.data));
+ r = sc_pkcs15_read_certificate(p15card, &cert_info, &cert);
+ cert_obj.data = (void *) cert;
if (!r) {
- sc_pkcs15_cert_t *cert =
- (sc_pkcs15_cert_t *) (cert_obj.data);
strlcpy(cert_obj.label, "User certificate",
sizeof(cert_obj.label));
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index c65ec3ed..a5e6ff1f 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -673,6 +673,7 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
struct pkcs15_any_object *any_object = NULL;
struct pkcs15_cert_object *object = NULL;
struct pkcs15_pubkey_object *obj2 = NULL;
+ struct pkcs15_any_object *any_object2 = NULL;
int rv;
p15_info = (struct sc_pkcs15_cert_info *) cert->data;
@@ -700,10 +701,11 @@ __pkcs15_create_cert_object(struct pkcs15_fw_data *fw_data, struct sc_pkcs15_obj
object->cert_data = p15_cert;
/* Corresponding public key */
- rv = public_key_created(fw_data, &p15_info->id, (struct pkcs15_any_object **) &obj2);
+ rv = public_key_created(fw_data, &p15_info->id, &any_object2);
if (rv != SC_SUCCESS)
- rv = __pkcs15_create_object(fw_data, (struct pkcs15_any_object **) &obj2,
+ rv = __pkcs15_create_object(fw_data, &any_object2,
NULL, &pkcs15_pubkey_ops, sizeof(struct pkcs15_pubkey_object));
+ obj2 = (struct pkcs15_pubkey_object *) any_object2;
if (rv < 0)
return rv;
@@ -2975,14 +2977,17 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args,
const CK_BYTE * gost_params_encoded_oid_from_template;
const CK_BYTE * gost_hash_params_encoded_oid_from_template;
size_t len, param_index, hash_index;
+ void *ptr = NULL;
CK_RV rv;
/* If template has CKA_GOSTR3410_PARAMS attribute, set param_index to
* corresponding item's index in gostr3410_param_oid[] */
- if (pPrivTpl && ulPrivCnt)
- rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len);
- else
- rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, (void **)&gost_params_encoded_oid_from_template, &len);
+ if (pPrivTpl && ulPrivCnt) {
+ rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3410_PARAMS, &ptr, &len);
+ } else {
+ rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3410_PARAMS, &ptr, &len);
+ }
+ gost_params_encoded_oid_from_template = (const CK_BYTE *) ptr;
if (rv == CKR_OK) {
size_t nn = sizeof(gostr3410_param_oid)/sizeof(gostr3410_param_oid[0]);
@@ -3005,10 +3010,12 @@ set_gost3410_params(struct sc_pkcs15init_prkeyargs *prkey_args,
/* If template has CKA_GOSTR3411_PARAMS attribute, set hash_index to
* corresponding item's index in gostr3410_hash_param_oid[] */
- if (pPrivTpl && ulPrivCnt)
- rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len);
- else
- rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, (void **)&gost_hash_params_encoded_oid_from_template, &len);
+ if (pPrivTpl && ulPrivCnt) {
+ rv = attr_find_ptr2(pPubTpl, ulPubCnt, pPrivTpl, ulPrivCnt, CKA_GOSTR3411_PARAMS, &ptr, &len);
+ } else {
+ rv = attr_find_ptr(pPubTpl, ulPubCnt, CKA_GOSTR3411_PARAMS, &ptr, &len);
+ }
+ gost_hash_params_encoded_oid_from_template = ptr;
if (rv == CKR_OK) {
size_t nn = sizeof(gostr3410_hash_param_oid)/sizeof(gostr3410_hash_param_oid[0]);
@@ -3155,9 +3162,11 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
}
else if (keytype == CKK_EC) {
struct sc_lv_data *der = &keygen_args.prkey_args.key.u.ec.params.der;
+ void *ptr = NULL;
der->len = sizeof(struct sc_object_id);
- rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, (void **)&der->value, &der->len);
+ rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, &ptr, &der->len);
+ der->value = (unsigned char *) ptr;
if (rv != CKR_OK) {
sc_unlock(p11card->card);
return sc_to_cryptoki_error(rc, "C_GenerateKeyPair");
diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
index 8fb3e5af..a6c91ce1 100644
--- a/src/pkcs11/pkcs11-object.c
+++ b/src/pkcs11/pkcs11-object.c
@@ -347,6 +347,7 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
struct sc_pkcs11_object *object;
struct sc_pkcs11_find_operation *operation;
struct sc_pkcs11_slot *slot;
+ struct sc_pkcs11_operation *op = NULL;
if (pTemplate == NULL_PTR && ulCount > 0)
return CKR_ARGUMENTS_BAD;
@@ -363,7 +364,8 @@ C_FindObjectsInit(CK_SESSION_HANDLE hSession, /* the session's handle */
dump_template(SC_LOG_DEBUG_NORMAL, "C_FindObjectsInit()", pTemplate, ulCount);
rv = session_start_operation(session, SC_PKCS11_OPERATION_FIND,
- &find_mechanism, (struct sc_pkcs11_operation **)&operation);
+ &find_mechanism, &op);
+ operation = (struct sc_pkcs11_find_operation *) op;
if (rv != CKR_OK)
goto out;
diff --git a/src/pkcs11/pkcs11-object.c b/src/pkcs11/pkcs11-object.c
index a6c91ce1..603a6713 100644
--- a/src/pkcs11/pkcs11-object.c
+++ b/src/pkcs11/pkcs11-object.c
@@ -453,6 +453,7 @@ C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */
CK_ULONG to_return;
struct sc_pkcs11_session *session;
struct sc_pkcs11_find_operation *operation;
+ struct sc_pkcs11_operation *op = NULL;
if (phObject == NULL_PTR || ulMaxObjectCount == 0 || pulObjectCount == NULL_PTR)
return CKR_ARGUMENTS_BAD;
@@ -465,7 +466,8 @@ C_FindObjects(CK_SESSION_HANDLE hSession, /* the session's handle */
if (rv != CKR_OK)
goto out;
- rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, (sc_pkcs11_operation_t **) & operation);
+ rv = session_get_operation(session, SC_PKCS11_OPERATION_FIND, &op);
+ operation = (struct sc_pkcs11_find_operation *) op;
if (rv != CKR_OK)
goto out;
diff --git a/src/tools/pkcs11-register.c b/src/tools/pkcs11-register.c
index 007ff1ae..873ebcba 100644
--- a/src/tools/pkcs11-register.c
+++ b/src/tools/pkcs11-register.c
@@ -123,13 +123,15 @@ add_module_pkcs11_txt(const char *profile_dir,
char pkcs11_txt_path[PATH_MAX];
char *pkcs11_txt = NULL;
size_t pkcs11_txt_len = 0;
+ unsigned char *txt = NULL;
+
if (!profile_dir
|| snprintf(pkcs11_txt_path, sizeof pkcs11_txt_path,
"%s%c%s", profile_dir, path_sep, "pkcs11.txt") < 0
- || !fread_to_eof(pkcs11_txt_path,
- (unsigned char **) &pkcs11_txt, &pkcs11_txt_len)) {
+ || !fread_to_eof(pkcs11_txt_path, &txt, &pkcs11_txt_len)) {
goto err;
}
+ pkcs11_txt = (char *)txt;
char *p = realloc(pkcs11_txt, pkcs11_txt_len+1);
if (!p)
goto err;
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index a4d9c94b..35b96792 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -6303,11 +6303,12 @@ static CK_SESSION_HANDLE test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE
return session;
}
- tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len);
- if (opt_object_id_len == 0) {
+ tmp = getID(session, priv_key, &i);
+ if (i == 0) {
fprintf(stderr, "ERR: newly generated private key has no (or an empty) CKA_ID\n");
return session;
}
+ opt_object_id_len = (size_t) i;
memcpy(opt_object_id, tmp, opt_object_id_len);
/* This is done in NSS */
@@ -6485,11 +6486,12 @@ static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
if (!gen_keypair(slot, session, &pub_key, &priv_key, opt_key_type))
return;
- tmp = getID(session, priv_key, (CK_ULONG *) &opt_object_id_len);
- if (opt_object_id_len == 0) {
+ tmp = getID(session, priv_key, &i);
+ if (i == 0) {
printf("ERR: newly generated private key has no (or an empty) CKA_ID\n");
return;
}
+ i = (size_t) opt_object_id_len;
memcpy(opt_object_id, tmp, opt_object_id_len);
/* This is done in NSS */

2
opensc-rpmlintrc
View File

@ -1,5 +1,3 @@
# Private library don't need to be in a separate package.
addFilter("shlib-policy-missing-suffix")
# There is no devel package any more.
addFilter("obsolete-not-provided")
addFilter("devel-file-in-non-devel-package")

36
opensc.changes
View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Mon Oct 4 12:59:24 UTC 2021 - Daniel Donisa <daniel.donisa@suse.com>
- Update to OpenSC 0.22.0:
* Removed changes in opensc-gcc11.patch already present in upstream.
- See https://github.com/OpenSC/OpenSC/pull/2241/commits/e549e9c62eb4fcd2260800e2665071e4dd9bbbda
* Removed some false positives from the openrc-rpmlintrc file.
* Use standard paths for file cache on Linux (#2148) and OSX (#2214)
* Various issues of memory/buffer handling in legacy drivers mostly reported by oss-fuzz and coverity (tcos, oberthur, isoapplet, iasecc, westcos, gpk, flex, dnie, mcrd, authentic, belpic)
* Add threading test to `pkcs11-tool` (#2067)
* Add support to generate generic secret keys (#2140)
* `opensc-explorer`: Print information about LCS (Life cycle status byte) (#2195)
* Add support for Apple's arm64 (M1) binaries, removed TokenD. A seperate installer with TokenD (and without arm64 binaries) will be available (#2179).
* Support for gcc11 and its new strict aliasing rules (#2241, #2260)
* Initial support for building with OpenSSL 3.0 (#2343)
* pkcs15-tool: Write data objects in binary mode (#2324)
* Avoid limited size of log messages (#2352)
* Support for ECDSA verification (#2211)
* Support for ECDSA with different SHA hashes (#2190)
* Prevent issues in p11-kit by not returning unexpected return codes (#2207)
* Add support for PKCS#11 3.0: The new interfaces, profile objects and functions (#2096, #2293)
* Standardize the version 2 on 2.20 in the code (#2096)
* Fix CKA_MODIFIABLE and CKA_EXTRACTABLE (#2176)
* Copy arguments of C_Initialize (#2350)
* Fix RSA-PSS signing (#2234)
* Fix DO deletion (#2215)
* Add support for (X)EdDSA keys (#1960)
* Add support for applet version 3 and fix RSA-PSS mechanisms (#2205)
* Add support for applet version 4 (#2332)
* New configuration option for opensc.conf to disable pkcs1_padding (#2193)
* Add support for ECDSA with different hashes (#2190)
* Enable more mechanisms (#2178)
* Fixed asking for a user pin when formatting a card (#1737)
* Added support for French CPx Healthcare cards (#2217)
* Added ATR for new CardOS 5.4 version (#2296)
-------------------------------------------------------------------
Sun Jun 27 16:48:49 UTC 2021 - Predrag Ivanović <predivan@mts.rs>

2
opensc.spec
View File

@ -18,7 +18,7 @@
%define completionsdir %(pkg-config --variable completionsdir bash-completion)
Name: opensc
Version: 0.21.0
Version: 0.22.0
Release: 0
Summary: Smart Card Utilities
License: LGPL-2.1-or-later