Accepting request 1291458 from security:chipcard

OBS-URL: https://build.opensuse.org/request/show/1291458
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/opensc?expand=0&rev=63

opensc-0.25.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:23cbaae8bd7c8eb589b68c0a961dfb0d02007bea3165a3fc5efe2621d549b37b
-size 2395579

opensc-gcc15.patch

@@ -0,0 +1,337 @@
+diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
+index 14d389a43..0650b1d48 100644
+--- a/src/libopensc/card-epass2003.c
++++ b/src/libopensc/card-epass2003.c
+@@ -3046,11 +3046,14 @@ epass2003_erase_card(struct sc_card *card)
+ {
+ 	static const unsigned char install_magic_pin[26] = {
+ 		/* compare install_secret_key */
+-		0x06,0x01,0x10,0x16, 0x16,0x16,0x00,0x0f, 0xff,0x66,
+-		0x31,0x32,0x33,0x34, 0x35,0x36,0x37,0x38,
+-		0x31,0x32,0x33,0x34, 0x35,0x36,0x37,0x38,
++			0x06, 0x01, 0x10, 0x16, 0x16, 0x16, 0x00, 0x0f, 0xff, 0x66,
++			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
++			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
++	};
++	static const unsigned char magic_pin[16] = {
++			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
++			0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+ 	};
+-	static const unsigned char magic_pin[16] = "1234567812345678";
+ 	static const unsigned char mf_path[2] = { 0x3f, 0x00 };
+ 	sc_apdu_t apdu;
+ 	int r;
+diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
+index 81a1ad541..573d0bae5 100644
+--- a/src/libopensc/card-piv.c
++++ b/src/libopensc/card-piv.c
+@@ -604,143 +604,143 @@ struct piv_object {
+ static const struct piv_object piv_objects[] = {
+ 	{ PIV_OBJ_CCC, "Card Capability Container",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.1.219.0", 3, "\x5F\xC1\x07", "\xDB\x00", PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.1.219.0", 3, {0x5F, 0xC1, 0x07}, {0xDB, 0x00}, PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_CHUI, "Card Holder Unique Identifier",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.48.0", 3, "\x5F\xC1\x02", "\x30\x00", 0},
++			"2.16.840.1.101.3.7.2.48.0", 3, {0x5F, 0xC1, 0x02}, {0x30, 0x00}, 0},
+ 	{ PIV_OBJ_X509_PIV_AUTH, "X.509 Certificate for PIV Authentication",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.1.1", 3, "\x5F\xC1\x05", "\x01\x01", PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI} ,
++			"2.16.840.1.101.3.7.2.1.1", 3, {0x5F, 0xC1, 0x05}, {0x01, 0x01}, PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI} ,
+ 	{ PIV_OBJ_CHF, "Card Holder Fingerprints",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.96.16", 3, "\x5F\xC1\x03", "\x60\x10", PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.96.16", 3, {0x5F, 0xC1, 0x03}, {0x60, 0x10}, PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_PI, "Printed Information",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.48.1", 3, "\x5F\xC1\x09", "\x30\x01", PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.48.1", 3, {0x5F, 0xC1, 0x09}, {0x30, 0x01}, PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_CHFI, "Cardholder Facial Images",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.96.48", 3, "\x5F\xC1\x08", "\x60\x30", PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.96.48", 3, {0x5F, 0xC1, 0x08}, {0x60, 0x30}, PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_X509_DS, "X.509 Certificate for Digital Signature",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.1.0", 3, "\x5F\xC1\x0A", "\x01\x00", PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.1.0", 3, {0x5F, 0xC1, 0x0A}, {0x01, 0x00}, PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_X509_KM, "X.509 Certificate for Key Management",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.1.2", 3, "\x5F\xC1\x0B", "\x01\x02", PIV_OBJECT_TYPE_CERT},
++			"2.16.840.1.101.3.7.2.1.2", 3, {0x5F, 0xC1, 0x0B}, {0x01, 0x02}, PIV_OBJECT_TYPE_CERT},
+ 	{ PIV_OBJ_X509_CARD_AUTH, "X.509 Certificate for Card Authentication",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.5.0", 3, "\x5F\xC1\x01", "\x05\x00", PIV_OBJECT_TYPE_CERT},
++			"2.16.840.1.101.3.7.2.5.0", 3, {0x5F, 0xC1, 0x01}, {0x05, 0x00}, PIV_OBJECT_TYPE_CERT},
+ 	{ PIV_OBJ_SEC_OBJ, "Security Object",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.144.0", 3, "\x5F\xC1\x06", "\x90\x00", PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.144.0", 3, {0x5F, 0xC1, 0x06}, {0x90, 0x00}, PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_DISCOVERY, "Discovery Object",
+ 			SC_ASN1_APP | SC_ASN1_CONS | 0x1E,
+-			"2.16.840.1.101.3.7.2.96.80", 1, "\x7E", "\x60\x50", 0},
++			"2.16.840.1.101.3.7.2.96.80", 1, {0x7E}, {0x60, 0x50}, 0},
+ 	{ PIV_OBJ_HISTORY, "Key History Object",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.96.96", 3, "\x5F\xC1\x0C", "\x60\x60", PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.96.96", 3, {0x5F, 0xC1, 0x0C}, {0x60, 0x60}, PIV_OBJECT_NEEDS_VCI},
+ 
+ /* 800-73-3, 21 new objects, 20 history certificates */
+ 	{ PIV_OBJ_RETIRED_X509_1, "Retired X.509 Certificate for Key Management 1",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.1", 3, "\x5F\xC1\x0D", "\x10\x01",
++			"2.16.840.1.101.3.7.2.16.1", 3, {0x5F, 0xC1, 0x0D}, {0x10, 0x01},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_2, "Retired X.509 Certificate for Key Management 2",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.2", 3, "\x5F\xC1\x0E", "\x10\x02",
++			"2.16.840.1.101.3.7.2.16.2", 3, {0x5F, 0xC1, 0x0E}, {0x10, 0x02},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_3, "Retired X.509 Certificate for Key Management 3",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.3", 3, "\x5F\xC1\x0F", "\x10\x03",
++			"2.16.840.1.101.3.7.2.16.3", 3, {0x5F, 0xC1, 0x0F}, {0x10, 0x03},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_4, "Retired X.509 Certificate for Key Management 4",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.4", 3, "\x5F\xC1\x10", "\x10\x04",
++			"2.16.840.1.101.3.7.2.16.4", 3, {0x5F, 0xC1, 0x10}, {0x10, 0x04},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_5, "Retired X.509 Certificate for Key Management 5",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.5", 3, "\x5F\xC1\x11", "\x10\x05",
++			"2.16.840.1.101.3.7.2.16.5", 3, {0x5F, 0xC1, 0x11}, {0x10, 0x05},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_6, "Retired X.509 Certificate for Key Management 6",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.6", 3, "\x5F\xC1\x12", "\x10\x06",
++			"2.16.840.1.101.3.7.2.16.6", 3, {0x5F, 0xC1, 0x12}, {0x10, 0x06},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_7, "Retired X.509 Certificate for Key Management 7",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.7", 3, "\x5F\xC1\x13", "\x10\x07",
++			"2.16.840.1.101.3.7.2.16.7", 3, {0x5F, 0xC1, 0x13}, {0x10, 0x07},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_8, "Retired X.509 Certificate for Key Management 8",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.8", 3, "\x5F\xC1\x14", "\x10\x08",
++			"2.16.840.1.101.3.7.2.16.8", 3, {0x5F, 0xC1, 0x14}, {0x10, 0x08},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_9, "Retired X.509 Certificate for Key Management 9",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.9", 3, "\x5F\xC1\x15", "\x10\x09",
++			"2.16.840.1.101.3.7.2.16.9", 3, {0x5F, 0xC1, 0x15}, {0x10, 0x09},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_10, "Retired X.509 Certificate for Key Management 10",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.10", 3, "\x5F\xC1\x16", "\x10\x0A",
++			"2.16.840.1.101.3.7.2.16.10", 3, {0x5F, 0xC1, 0x16}, {0x10, 0x0A},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_11, "Retired X.509 Certificate for Key Management 11",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.11", 3, "\x5F\xC1\x17", "\x10\x0B",
++			"2.16.840.1.101.3.7.2.16.11", 3, {0x5F, 0xC1, 0x17}, {0x10, 0x0B},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_12, "Retired X.509 Certificate for Key Management 12",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.12", 3, "\x5F\xC1\x18", "\x10\x0C",
++			"2.16.840.1.101.3.7.2.16.12", 3, {0x5F, 0xC1, 0x18}, {0x10, 0x0C},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_13, "Retired X.509 Certificate for Key Management 13",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.13", 3, "\x5F\xC1\x19", "\x10\x0D",
++			"2.16.840.1.101.3.7.2.16.13", 3, {0x5F, 0xC1, 0x19}, {0x10, 0x0D},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_14, "Retired X.509 Certificate for Key Management 14",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.14", 3, "\x5F\xC1\x1A", "\x10\x0E",
++			"2.16.840.1.101.3.7.2.16.14", 3, {0x5F, 0xC1, 0x1A}, {0x10, 0x0E},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_15, "Retired X.509 Certificate for Key Management 15",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.15", 3, "\x5F\xC1\x1B", "\x10\x0F",
++			"2.16.840.1.101.3.7.2.16.15", 3, {0x5F, 0xC1, 0x1B}, {0x10, 0x0F},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_16, "Retired X.509 Certificate for Key Management 16",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.16", 3, "\x5F\xC1\x1C", "\x10\x10",
++			"2.16.840.1.101.3.7.2.16.16", 3, {0x5F, 0xC1, 0x1C}, {0x10, 0x10},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_17, "Retired X.509 Certificate for Key Management 17",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.17", 3, "\x5F\xC1\x1D", "\x10\x11",
++			"2.16.840.1.101.3.7.2.16.17", 3, {0x5F, 0xC1, 0x1D}, {0x10, 0x11},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_18, "Retired X.509 Certificate for Key Management 18",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.18", 3, "\x5F\xC1\x1E", "\x10\x12",
++			"2.16.840.1.101.3.7.2.16.18", 3, {0x5F, 0xC1, 0x1E}, {0x10, 0x12},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_19, "Retired X.509 Certificate for Key Management 19",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.19", 3, "\x5F\xC1\x1F", "\x10\x13",
++			"2.16.840.1.101.3.7.2.16.19", 3, {0x5F, 0xC1, 0x1F}, {0x10, 0x13},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 	{ PIV_OBJ_RETIRED_X509_20, "Retired X.509 Certificate for Key Management 20",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.20", 3, "\x5F\xC1\x20", "\x10\x14",
++			"2.16.840.1.101.3.7.2.16.20", 3, {0x5F, 0xC1, 0x20}, {0x10, 0x14},
+ 			PIV_OBJECT_NOT_PRESENT|PIV_OBJECT_TYPE_CERT | PIV_OBJECT_NEEDS_VCI},
+ 
+ 	{ PIV_OBJ_IRIS_IMAGE, "Cardholder Iris Images",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.21", 3, "\x5F\xC1\x21", "\x10\x15", PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.16.21", 3, {0x5F, 0xC1, 0x21}, {0x10, 0x15}, PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
+ 
+ /* 800-73-4, 3 new objects */
+ 	{ PIV_OBJ_BITGT, "Biometric Information Templates Group Template",
+ 			 SC_ASN1_APP | SC_ASN1_CONS | 0x1F61,
+-			"2.16.840.1.101.3.7.2.16.22", 2, "\x7F\x61", "\x10\x16", 0},
++			"2.16.840.1.101.3.7.2.16.22", 2, {0x7F, 0x61}, {0x10, 0x16}, 0},
+ 	{ PIV_OBJ_SM_CERT_SIGNER, "Secure Messaging Certificate Signer",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.23", 3, "\x5F\xC1\x22", "\x10\x17",
++			"2.16.840.1.101.3.7.2.16.23", 3, {0x5F, 0xC1, 0x22}, {0x10, 0x17},
+ 			PIV_OBJECT_TYPE_CERT | PIV_OBJECT_TYPE_CVC},
+ 	{PIV_OBJ_PCRDCS, "Pairing Code Reference Data Container",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.16.24", 3, "\x5F\xC1\x23", "\x10\x18", PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
++			"2.16.840.1.101.3.7.2.16.24", 3, {0x5F, 0xC1, 0x23}, {0x10, 0x18}, PIV_OBJECT_NEEDS_PIN | PIV_OBJECT_NEEDS_VCI},
+ 
+ /* following not standard , to be used by piv-tool only for testing */
+ 	{ PIV_OBJ_9B03, "3DES-ECB ADM",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.3", 2, "\x9B\x03", "\x9B\x03", 0},
++			"2.16.840.1.101.3.7.2.9999.3", 2, {0x9B, 0x03}, {0x9B, 0x03}, 0},
+ 	/* Only used when signing a cert req, usually from engine
+ 	 * after piv-tool generated the key and saved the pub key
+ 	 * to a file. Note RSA key can be 1024, 2048 or 3072
+@@ -748,77 +748,77 @@ static const struct piv_object piv_objects[] = {
+ 	 */
+ 	{ PIV_OBJ_9A06, "RSA 9A Pub key from last genkey",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.20", 2, "\x9A\x06", "\x9A\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.20", 2, {0x9A, 0x06}, {0x9A, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9C06, "Pub 9C key from last genkey",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.21", 2, "\x9C\x06", "\x9C\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.21", 2, {0x9C, 0x06}, {0x9C, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9D06, "Pub 9D key from last genkey",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.22", 2, "\x9D\x06", "\x9D\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.22", 2, {0x9D, 0x06}, {0x9D, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9E06, "Pub 9E key from last genkey",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.23", 2, "\x9E\x06", "\x9E\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.23", 2, {0x9E, 0x06}, {0x9E, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 
+ 	{ PIV_OBJ_8206, "Pub 82 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.101", 2, "\x82\x06", "\x82\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.101", 2, {0x82, 0x06}, {0x82, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8306, "Pub 83 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.102", 2, "\x83\x06", "\x83\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.102", 2, {0x83, 0x06}, {0x83, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8406, "Pub 84 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.103", 2, "\x84\x06", "\x84\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.103", 2, {0x84, 0x06}, {0x84, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8506, "Pub 85 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.104", 2, "\x85\x06", "\x85\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.104", 2, {0x85, 0x06}, {0x85, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8606, "Pub 86 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.105", 2, "\x86\x06", "\x86\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.105", 2, {0x86, 0x06}, {0x86, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8706, "Pub 87 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.106", 2, "\x87\x06", "\x87\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.106", 2, {0x87, 0x06}, {0x87, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8806, "Pub 88 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.107", 2, "\x88\x06", "\x88\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.107", 2, {0x88, 0x06}, {0x88, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8906, "Pub 89 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.108", 2, "\x89\x06", "\x89\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.108", 2, {0x89, 0x06}, {0x89, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8A06, "Pub 8A key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.109", 2, "\x8A\x06", "\x8A\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.109", 2, {0x8A, 0x06}, {0x8A, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8B06, "Pub 8B key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.110", 2, "\x8B\x06", "\x8B\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.110", 2, {0x8B, 0x06}, {0x8B, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8C06, "Pub 8C key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.111", 2, "\x8C\x06", "\x8C\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.111", 2, {0x8C, 0x06}, {0x8C, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8D06, "Pub 8D key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.112", 2, "\x8D\x06", "\x8D\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.112", 2, {0x8D, 0x06}, {0x8D, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8E06, "Pub 8E key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.113", 2, "\x8E\x06", "\x8E\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.113", 2, {0x8E, 0x06}, {0x8E, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_8F06, "Pub 8F key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.114", 2, "\x8F\x06", "\x8F\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.114", 2, {0x8F, 0x06}, {0x8F, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9006, "Pub 90 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.115", 2, "\x90\x06", "\x90\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.115", 2, {0x90, 0x06}, {0x90, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9106, "Pub 91 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.116", 2, "\x91\x06", "\x91\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.116", 2, {0x91, 0x06}, {0x91, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9206, "Pub 92 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.117", 2, "\x92\x06", "\x92\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.117", 2, {0x92, 0x06}, {0x92, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9306, "Pub 93 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.118", 2, "\x93\x06", "\x93\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.118", 2, {0x93, 0x06}, {0x93, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9406, "Pub 94 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.119", 2, "\x94\x06", "\x94\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.119", 2, {0x94, 0x06}, {0x94, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 	{ PIV_OBJ_9506, "Pub 95 key ",
+ 			SC_ASN1_APP | 0x13,
+-			"2.16.840.1.101.3.7.2.9999.120", 2, "\x95\x06", "\x95\x06", PIV_OBJECT_TYPE_PUBKEY},
++			"2.16.840.1.101.3.7.2.9999.120", 2, {0x95, 0x06}, {0x95, 0x06}, PIV_OBJECT_TYPE_PUBKEY},
+ 			/*
+ 			 * "Secure Messaging Certificate Signer" is just a certificate.
+ 			 * No pub or private key on the card.
+diff --git a/src/tests/p11test/p11test_case_wrap.c b/src/tests/p11test/p11test_case_wrap.c
+index ecb257b56..e9c503d7e 100644
+--- a/src/tests/p11test/p11test_case_wrap.c
++++ b/src/tests/p11test/p11test_case_wrap.c
+@@ -390,15 +390,15 @@ test_unwrap_aes(test_cert_t *o, token_info_t *info, test_mech_t *mech)
+ 	CK_ULONG key_padded_len = sizeof(key);
+ 	CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
+ 	CK_KEY_TYPE keyType = CKK_AES;
+-	CK_BBOOL true = CK_TRUE;
++	CK_BBOOL _true = CK_TRUE;
+ 	CK_BYTE new_id[] = {0x00, 0xff, 0x42};
+ 	CK_BYTE new_label[] = "Unwrapped key";
+ 	CK_ATTRIBUTE template[] = {
+ 			{CKA_CLASS, &keyClass, sizeof(keyClass)},
+ 			{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
+-			{CKA_ENCRYPT, &true, sizeof(true)},
+-			{CKA_DECRYPT, &true, sizeof(true)},
+-			{CKA_TOKEN, &true, sizeof(true)},
++			{CKA_ENCRYPT, &_true, sizeof(_true)},
++			{CKA_DECRYPT, &_true, sizeof(_true)},
++			{CKA_TOKEN, &_true, sizeof(_true)},
+ 			{CKA_ID, &new_id, sizeof(new_id)},
+ 			{CKA_LABEL, &new_label, sizeof(new_label)},
+ 			{CKA_VALUE_LEN, &key_len, sizeof(key_len)}, /* keep this one last! */
+-- 
+2.48.0
+

opensc.changes

@@ -1,3 +1,130 @@
+-------------------------------------------------------------------
+Wed Jul  9 09:42:07 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix error found when compiling with gcc 15
+  * https://github.com/OpenSC/OpenSC/pull/3316
+  * Add opensc-gcc15.patch
+
+-------------------------------------------------------------------
+Tue Jan 14 19:30:47 UTC 2025 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 0.26.1
+  General improvements
+  * Align allocations of sc_mem_secure_alloc (#3281).
+  * Fix -O3 gcc optimization failure on amd64 and ppc64el (#3299).
+  pkcs11-spy
+  * Avoid crash while spying C_GetInterface() (#3275).
+  TCOS
+  * Fix reading certificate (#3296).
+
+-------------------------------------------------------------------
+Thu Nov 14 19:35:35 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 0.26.0
+  Security
+  * CVE-2024-45615: Usage of uninitialized values in libopensc#
+    and pkcs15init (#3225).
+  * CVE-2024-45616: Uninitialized values after incorrect check or 
+    usage of APDU response values in libopensc (#3225)
+  * CVE-2024-45617: Uninitialized values after incorrect or missing
+    checking return values of functions in libopensc (#3225)
+  * CVE-2024-45618: Uninitialized values after incorrect or missing
+    checking return values of functions in pkcs15init (#3225)
+  * CVE-2024-45619: Incorrect handling length of buffers or files
+    in libopensc (#3225)
+  * CVE-2024-45620: Incorrect handling of the length of buffers or
+    files in pkcs15init (#3225)
+  * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when
+    generating key (#3219)
+  General improvements
+  * Fix reselection of DF after error in PKCS#15 layer (#3067)
+  * Unify OpenSSL logging throughout code (#2922)
+  * Extend the p11test to support kryoptic (#3141)
+  * Fix for error in PCSC reconnection (#3150)
+  * Fixed various issues reported by OSS-Fuzz and Coverity in
+    drivers, PKCS#11 and PKCS#15 layer
+  PKCS#15
+  * Documentation for PKCS#15 profile files (#3132)
+  minidriver
+  * Support PinCacheAlwaysPrompt usable for PIV cards (#3167)
+  pkcs11-tool
+  * Show URI when listing token information (#3125) and objects
+  * Do not limit size of objects to 5000 bytes (#3174)
+  * Add support for AES CMAC (#3184)
+  * Add support for AES GCM encryption (#3195)
+  * Add support for RSA OAEP encryption (#3175)
+  * Add support for HKDF (#3193)
+  * Implement better support for wrapping and unwrapping (#3198)
+  * Add support for EdDSA sign and verify (#2979)
+  pkcs15-crypt
+  * Fix PKCS#1 encoding function to correctly detect padding type
+  piv-tool
+  * Fix RSA key generation (#3158)
+  * Avoid possible state change when matching unknown card (#3112)
+  sc-hsm-tool
+  * Cleanse buffer with plaintext key share (#3226)
+  pkcs11-register
+  * Fix pkcs11-register defaults on macOS and Windows (#3053)
+  IDPrime
+  * Fix identification of IDPrime 840 cards (#3146)
+  * Fix container mapping for IDPrime 940 cards (#3220)
+  * Reorder ATRs for matching cards (#3154)
+  OpenPGP
+  * Fix state tracking after erasing card (#3024)
+  Belpic
+  * Disable Applet V1.8 (#3109)
+  MICARDO
+  * Deactivate driver (#3152)
+  SmartCard-HSM
+  * Fix signing with secp521r1 signature (#3157)
+  eOI
+  * Set model via sc_card_ctl function (#3189)
+  Rutoken
+  * increase the minimum PIN size to support Rutoken ECP BIO.
+  JPKI
+  * Adjust parameters for public key in PKCS#15 emulator (#3182)
+  D-Trust
+  * Add support for ECDSA signatures and ECDH key agreement for
+    D-Trust Signatures Cards 4.1/4.4 (#3240, #3248)
+- Drop patches (changes now in upstream):
+  * opensc-CVE-2024-45615.patch
+  * opensc-CVE-2024-45616.patch
+  * opensc-CVE-2024-45617.patch
+  * opensc-CVE-2024-45618.patch
+  * opensc-CVE-2024-45619.patch
+  * opensc-CVE-2024-45620.patch
+  * opensc-CVE-2024-8443.patch
+
+-------------------------------------------------------------------
+Tue Oct  1 06:30:06 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
+
+- - Security fix: [CVE-2024-8443, bsc#1230364]
+    * opensc: heap buffer overflow in OpenPGP driver when generating key
+    * Added patch: opensc-CVE-2024-8443.patch
+
+-------------------------------------------------------------------
+Tue Oct  1 06:27:05 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix: [opensc-CVE-2024-45620, bsc#1230076]
+- Security fix: [opensc-CVE-2024-45619, bsc#1230075]
+- Security fix: [opensc-CVE-2024-45618, bsc#1230074]
+- Security fix: [opensc-CVE-2024-45617, bsc#1230073]
+- Security fix: [opensc-CVE-2024-45616, bsc#1230072]
+- Security fix: [opensc-CVE-2024-45615, bsc#1230071]
+  * opensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init
+  * opensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc
+  * opensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc
+  * opensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
+  * opensc: Incorrect handling length of buffers or files in libopensc
+  * opensc: Incorrect handling of the length of buffers or files in pkcs15init
+  * Added patches:
+    - opensc-CVE-2024-45615.patch
+    - opensc-CVE-2024-45616.patch
+    - opensc-CVE-2024-45617.patch
+    - opensc-CVE-2024-45618.patch
+    - opensc-CVE-2024-45619.patch
+    - opensc-CVE-2024-45620.patch
+
 -------------------------------------------------------------------
 Fri Apr  5 18:54:38 UTC 2024 - Martin Hauke <mardnh@gmx.de>
 

opensc.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package opensc
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,10 +16,10 @@
 #
 
 
-%define sover 11
+%define sover 12
 %define completionsdir %(pkg-config --variable completionsdir bash-completion)
 Name:           opensc
-Version:        0.25.1
+Version:        0.26.1
 Release:        0
 Summary:        Smart Card Utilities
 License:        LGPL-2.1-or-later
@@ -33,6 +33,8 @@ Source2:        %{name}-rpmlintrc
 Source3:        opensc.module
 Patch0:         opensc-gcc11.patch
 Patch1:         opensc-docbook-xsl-fix.patch
+# PATCH-FIX-UPSTREAM Fix error found when compiling with gcc 15 #3316
+Patch2:         opensc-gcc15.patch
 BuildRequires:  automake
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  libxslt