cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to OpenSC-0.17.0

Browse Source
This commit is contained in:
dcoppa 2017-08-16 14:39:07 +00:00
parent 61f2ae4eee
commit 3a92286036
24 changed files with 83 additions and 602 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
security/opensc/Makefile
View File

@ -1,17 +1,17 @@
# $OpenBSD: Makefile,v 1.41 2016/11/24 09:54:51 dcoppa Exp $
# $OpenBSD: Makefile,v 1.42 2017/08/16 14:39:07 dcoppa Exp $
COMMENT= set of libraries and utilities to access smart cards
VERSION= 0.16.0
VERSION= 0.17.0
DISTNAME= OpenSC-${VERSION}
PKGNAME= opensc-${VERSION}
REVISION= 7
GH_ACCOUNT= OpenSC
GH_PROJECT= ${GH_ACCOUNT}
GH_TAGNAME= ${VERSION}
SUBST_VARS += GH_TAGNAME
SHARED_LIBS += opensc 5.0 # 4.0
SHARED_LIBS += smm-local 1.0 # 4.0
SHARED_LIBS += opensc 6.0 # 5.0
SHARED_LIBS += smm-local 2.0 # 5.0
CATEGORIES= security
@ -37,6 +37,7 @@ CONFIGURE_STYLE=gnu
CONFIGURE_ARGS= --enable-static \
--sysconfdir=${SYSCONFDIR} \
--enable-sm \
--disable-cryptotokenkit \
--with-xsl-stylesheetsdir=${LOCALBASE}/share/xsl/docbook
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include/PCSC"
@ -52,7 +53,10 @@ pre-configure:
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/lib/pkgconfig
${INSTALL_DATA} ${WRKBUILD}/src/libopensc/libopensc.pc \
${PREFIX}/lib/pkgconfig/
${SUBST_CMD} -c -m 0644 -o ${BINOWN} -g ${BINGRP} \
${FILESDIR}/libopensc.pc \
${PREFIX}/lib/pkgconfig/libopensc.pc
@find ${PREFIX}/lib/pkcs11/ -name '*.la' -print0 | \
xargs -0r rm -f
.include <bsd.port.mk>

4
security/opensc/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (OpenSC-0.16.0.tar.gz) = SWlifw6rSL72pdnhYvrMOkm6jmdfrbippEY5H8+hm8Y=
SIZE (OpenSC-0.16.0.tar.gz) = 1276723
SHA256 (OpenSC-0.17.0.tar.gz) = AHxGIq/CJbjXob6lT1Mlr/pEF/TheqoDJWqp9MJXgv0=
SIZE (OpenSC-0.17.0.tar.gz) = 1407652

10
security/opensc/files/libopensc.pc Normal file
View File

@ -0,0 +1,10 @@
prefix=/usr/local
exec_prefix=${prefix}
libdir=${exec_prefix}/lib
includedir=${prefix}/include
Name: libopensc
Description: OpenSC smartcard framework
Version: ${GH_TAGNAME}
Libs: -L${libdir} -lopensc
Cflags: -I${includedir}

17
security/opensc/patches/patch-configure_ac
View File

@ -1,12 +1,13 @@
$OpenBSD: patch-configure_ac,v 1.6 2016/06/28 12:56:34 dcoppa Exp $
$OpenBSD: patch-configure_ac,v 1.7 2017/08/16 14:39:07 dcoppa Exp $
Fix version string
libdl is not required on OpenBSD
--- configure.ac.orig Fri Jun 3 11:19:51 2016
+++ configure.ac Tue Jun 28 14:02:05 2016
@@ -306,30 +306,9 @@ elif test "${xslstylesheetsdir}" != "no"; then
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
@@ -327,30 +327,9 @@ elif test "${xslstylesheetsdir}" != "no"; then
fi
AC_MSG_RESULT([${xslstylesheetsdir}])
@ -17,7 +18,7 @@ libdl is not required on OpenBSD
- GIT_CHECKOUT="yes"
-fi
-AC_MSG_RESULT([${GIT_CHECKOUT}])
+OPENSC_SCM_REVISION="OpenSC-0.16.0, rev: 7eeba1f, commit-time: 2016-06-03 09:19:51 +0000"
+OPENSC_SCM_REVISION="OpenSC-0.17.0, rev: 43951252, commit-time: 2017-07-18 14:29:50 +0000"
+OPENSC_VERSION_REVISION="0"
-if test "${GIT_CHECKOUT}" = "yes"; then
@ -39,7 +40,7 @@ libdl is not required on OpenBSD
dnl C Compiler features
AC_C_INLINE
@@ -380,11 +359,6 @@ AC_CHECK_LIB(
@@ -401,11 +380,6 @@ AC_CHECK_LIB(
)
if test "${WIN32}" = "no"; then
@ -51,10 +52,10 @@ libdl is not required on OpenBSD
dnl Special check for pthread support.
AX_PTHREAD(
[AC_DEFINE(
@@ -769,7 +743,6 @@ AM_CONDITIONAL([CYGWIN], [test "${CYGWIN}" = "yes"])
AM_CONDITIONAL([ENABLE_MINIDRIVER], [test "${enable_minidriver}" = "yes"])
@@ -931,7 +905,6 @@ AM_CONDITIONAL([ENABLE_MINIDRIVER_SETUP_CUSTOMACTION],
AM_CONDITIONAL([ENABLE_SM], [test "${enable_sm}" = "yes"])
AM_CONDITIONAL([ENABLE_DNIE_UI], [test "${enable_dnie_ui}" = "yes"])
AM_CONDITIONAL([ENABLE_NPATOOL], [test "${ENABLE_NPATOOL}" = "yes"])
-AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
if test "${enable_pedantic}" = "yes"; then

18
security/opensc/patches/patch-etc_Makefile_am Normal file
View File

@ -0,0 +1,18 @@
$OpenBSD: patch-etc_Makefile_am,v 1.1 2017/08/16 14:39:07 dcoppa Exp $
Index: etc/Makefile.am
--- etc/Makefile.am.orig
+++ etc/Makefile.am
@@ -32,11 +32,7 @@ opensc.conf: opensc.conf.in force
install-exec-hook: opensc.conf
$(MKDIR_P) "$(DESTDIR)$(sysconfdir)"
- if [ -f "$(DESTDIR)$(sysconfdir)/opensc.conf" ]; then \
- $(INSTALL_DATA) opensc.conf "$(DESTDIR)$(sysconfdir)/opensc.conf.new"; \
- else \
- $(INSTALL_DATA) opensc.conf "$(DESTDIR)$(sysconfdir)/opensc.conf"; \
- fi
+ $(INSTALL_DATA) opensc.conf "$(DESTDIR)$(sysconfdir)/opensc.conf"
uninstall-hook: opensc.conf
rm -f "$(DESTDIR)$(sysconfdir)/opensc.conf.new" "$(DESTDIR)$(sysconfdir)/opensc.conf"

32
security/opensc/patches/patch-src_common_libpkcs11_c
View File

@ -1,32 +0,0 @@
$OpenBSD: patch-src_common_libpkcs11_c,v 1.1 2016/11/24 09:54:51 dcoppa Exp $
commit 24346062c01ad690addb0db55b74f9c53b394c0c
Author: Jakub Jelen <jjelen@redhat.com>
Date: Mon Nov 21 10:53:41 2016 +0100
libpkcs11: Prevent double-free when the dlopen fails
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/common/libpkcs11.c.orig Fri Jun 3 11:19:51 2016
+++ src/common/libpkcs11.c Thu Nov 24 10:06:56 2016
@@ -56,10 +56,13 @@ C_LoadModule(const char *mspec, CK_FUNCTION_LIST_PTR_P
rv = c_get_function_list(funcs);
if (rv == CKR_OK)
return (void *) mod;
- else
+ else {
fprintf(stderr, "C_GetFunctionList failed %lx", rv);
+ C_UnloadModule((void *) mod);
+ return NULL;
+ }
failed:
- C_UnloadModule((void *) mod);
+ free(mod);
return NULL;
}

26
security/opensc/patches/patch-src_libopensc_card-asepcos_c
View File

@ -1,26 +0,0 @@
$OpenBSD: patch-src_libopensc_card-asepcos_c,v 1.1 2016/11/24 09:54:51 dcoppa Exp $
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/libopensc/card-asepcos.c.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/card-asepcos.c Thu Nov 24 09:58:03 2016
@@ -870,13 +870,8 @@ static int asepcos_build_pin_apdu(sc_card_t *card, sc_
*p++ = (fileid >> 16) & 0xff;
*p++ = (fileid >> 8 ) & 0xff;
*p++ = fileid & 0xff;
- if (is_puk == 0) {
- memcpy(p, data->pin1.data, data->pin1.len);
- p += data->pin1.len;
- } else {
- memcpy(p, data->pin1.data, data->pin1.len);
- p += data->pin1.len;
- }
+ memcpy(p, data->pin1.data, data->pin1.len);
+ p += data->pin1.len;
apdu->lc = p - buf;
apdu->datalen = p - buf;
apdu->data = buf;

21
security/opensc/patches/patch-src_libopensc_card-entersafe_c
View File

@ -1,21 +0,0 @@
$OpenBSD: patch-src_libopensc_card-entersafe_c,v 1.1 2016/09/01 13:24:19 dcoppa Exp $
commit f64c71da28d1c1401445f6e8fa45bc079d5b6cd9
Author: Ian Young <ian@iay.org.uk>
Date: Sat Aug 27 22:14:04 2016 +0100
Don't free file if pointer is null
Protect against segmentation
--- src/libopensc/card-entersafe.c.orig Thu Sep 1 14:57:18 2016
+++ src/libopensc/card-entersafe.c Thu Sep 1 14:58:01 2016
@@ -493,7 +493,7 @@ static int entersafe_select_fid(sc_card_t *card,
path.len=2;
r = iso_ops->select_file(card,&path,&file);
- if(r) sc_file_free(file);
+ if(r && file) sc_file_free(file);
SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r, "APDU transmit failed");
/* update cache */

57
security/opensc/patches/patch-src_libopensc_card_c
View File

@ -1,57 +0,0 @@
$OpenBSD: patch-src_libopensc_card_c,v 1.1 2016/08/25 13:21:26 dcoppa Exp $
commit 1e82dbe5c79e431e4d1b333a91b329e0164a86c2
Author: Doug Engert <deengert@gmail.com>
Date: Fri Jul 22 12:41:39 2016 -0500
libopensc: fix reopen SM after reader reconnect
After card reset detected, run SM open under new transaction
Before trying to reestablish SM session or onto code that may
need to use a transaction, get the transaction that will be
used by the caller od sc_lock.
--- src/libopensc/card.c.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/card.c Thu Aug 25 14:49:54 2016
@@ -387,6 +387,7 @@ int sc_reset(sc_card_t *card, int do_cold_reset)
int sc_lock(sc_card_t *card)
{
int r = 0, r2 = 0;
+ int was_reset = 0;
if (card == NULL)
return SC_ERROR_INVALID_ARGUMENTS;
@@ -399,14 +400,12 @@ int sc_lock(sc_card_t *card)
if (card->lock_count == 0) {
if (card->reader->ops->lock != NULL) {
r = card->reader->ops->lock(card->reader);
- if (r == SC_ERROR_CARD_RESET || r == SC_ERROR_READER_REATTACHED) {
+ while (r == SC_ERROR_CARD_RESET || r == SC_ERROR_READER_REATTACHED) {
/* invalidate cache */
memset(&card->cache, 0, sizeof(card->cache));
card->cache.valid = 0;
-#ifdef ENABLE_SM
- if (card->sm_ctx.ops.open)
- card->sm_ctx.ops.open(card);
-#endif
+ if (was_reset++ > 4) /* TODO retry a few times */
+ break;
r = card->reader->ops->lock(card->reader);
}
}
@@ -415,6 +414,14 @@ int sc_lock(sc_card_t *card)
}
if (r == 0)
card->lock_count++;
+
+ if (r == 0 && was_reset > 0) {
+#ifdef ENABLE_SM
+ if (card->sm_ctx.ops.open)
+ card->sm_ctx.ops.open(card);
+#endif
+ }
+
r2 = sc_mutex_unlock(card->ctx, card->mutex);
if (r2 != SC_SUCCESS) {
sc_log(card->ctx, "unable to release lock");

17
security/opensc/patches/patch-src_libopensc_libopensc_pc_in
View File

@ -1,17 +0,0 @@
$OpenBSD: patch-src_libopensc_libopensc_pc_in,v 1.2 2016/09/20 12:56:15 dcoppa Exp $
Unbreak
--- src/libopensc/libopensc.pc.in.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/libopensc.pc.in Tue Sep 20 14:40:02 2016
@@ -4,8 +4,7 @@ libdir=@libdir@
includedir=@includedir@
Name: libopensc
-Description: libopensc
+Description: OpenSC smartcard framework
Version: @VERSION@
-Libs: -L${libdir} -lopensc -lscconf
+Libs: -L${libdir} -lopensc
Cflags: -I${includedir}
-

19
security/opensc/patches/patch-src_libopensc_pkcs15-pin_c
View File

@ -1,19 +0,0 @@
$OpenBSD: patch-src_libopensc_pkcs15-pin_c,v 1.1 2016/11/24 09:54:51 dcoppa Exp $
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/libopensc/pkcs15-pin.c.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/pkcs15-pin.c Thu Nov 24 09:58:03 2016
@@ -384,7 +384,7 @@ int sc_pkcs15_change_pin(struct sc_pkcs15_card *p15car
struct sc_context *ctx = p15card->card->ctx;
struct sc_pin_cmd_data data;
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
- struct sc_card *card = p15card->card;
+ struct sc_card *card;
int r;
LOG_FUNC_CALLED(ctx);

19
security/opensc/patches/patch-src_libopensc_pkcs15-pubkey_c
View File

@ -1,19 +0,0 @@
$OpenBSD: patch-src_libopensc_pkcs15-pubkey_c,v 1.1 2016/11/24 09:54:51 dcoppa Exp $
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/libopensc/pkcs15-pubkey.c.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/pkcs15-pubkey.c Thu Nov 24 09:58:03 2016
@@ -1401,6 +1401,8 @@ sc_pkcs15_pubkey_from_spki_sequence(struct sc_context
if(outpubkey)
*outpubkey = pubkey;
+ else
+ free(pubkey);
LOG_FUNC_RETURN(ctx, r);
}

20
security/opensc/patches/patch-src_libopensc_pkcs15_c
View File

@ -1,20 +0,0 @@
$OpenBSD: patch-src_libopensc_pkcs15_c,v 1.1 2016/06/28 11:39:13 dcoppa Exp $
commit 72dda66be8c3261aae5af54807afdedfa94f4c67
Author: Frank Morgner <frankmorgner@gmail.com>
Date: Sun Jun 5 21:51:16 2016 +0200
fix possible loss of data
--- src/libopensc/pkcs15.c.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/pkcs15.c Tue Jun 28 12:17:23 2016
@@ -2221,7 +2221,8 @@ sc_pkcs15_encode_unusedspace(struct sc_context *ctx, s
sc_format_asn1_entry(asn1_unusedspace + c, asn1_values + 3*c, NULL, 1);
sc_copy_asn1_entry(c_asn1_unusedspace_values, asn1_values + 3*c);
sc_format_asn1_entry(asn1_values + 3*c, &unusedspace->path, NULL, 1);
- sc_format_asn1_entry(asn1_values + 3*c+1, &unusedspace->auth_id, NULL, unusedspace->auth_id.len);
+ sc_format_asn1_entry(asn1_values + 3*c+1, &unusedspace->auth_id, NULL,
+ unusedspace->auth_id.len > 0 ? 1 : 0);
c++;
}
asn1_unusedspace[c].name = NULL;

40
security/opensc/patches/patch-src_libopensc_sc_c
View File

@ -1,40 +0,0 @@
$OpenBSD: patch-src_libopensc_sc_c,v 1.1 2016/06/28 11:39:13 dcoppa Exp $
commit 050c62f7dfa0b6d76c0c57fbc0e41efba5864079
Author: Frank Morgner <frankmorgner@gmail.com>
Date: Sun Jun 5 21:18:38 2016 +0200
add parameter checking to `sc_right_trim`
fix conversion from 'size_t' to 'long', possible loss of data
--- src/libopensc/sc.c.orig Fri Jun 3 11:19:51 2016
+++ src/libopensc/sc.c Tue Jun 28 13:01:06 2016
@@ -126,15 +126,20 @@ int sc_bin_to_hex(const u8 *in, size_t in_len, char *o
*/
size_t sc_right_trim(u8 *buf, size_t len) {
- long i;
+ size_t i;
- for(i=len-1; i >=0; i--) {
- if(!isprint(buf[i])) {
- buf[i] = '\0';
- len--;
- continue;
+ if (!buf)
+ return 0;
+
+ if (len > 0) {
+ for(i = len-1; i > 0; i--) {
+ if(!isprint(buf[i])) {
+ buf[i] = '\0';
+ len--;
+ continue;
+ }
+ break;
}
- break;
}
return len;
}

23
security/opensc/patches/patch-src_libsm_sm-common_c
View File

@ -1,23 +0,0 @@
$OpenBSD: patch-src_libsm_sm-common_c,v 1.1 2016/08/25 13:21:26 dcoppa Exp $
commit e98315a1966d73d4b6be733cc0a94a85ebfa7916
Author: Frank Morgner <frankmorgner@gmail.com>
Date: Thu Jun 30 21:50:22 2016 +0200
libsm: fixed out of bounds write
'sm_incr_ssc' performed an out of bounds write when 'ssc' is bigger than
255. The local variable 'ii' needs to be decremented instead of
incremented in the 'for'-loop.
--- src/libsm/sm-common.c.orig Fri Jun 3 11:19:51 2016
+++ src/libsm/sm-common.c Thu Aug 25 14:47:05 2016
@@ -359,7 +359,7 @@ sm_incr_ssc(unsigned char *ssc, size_t ssc_len)
if (!ssc)
return;
- for (ii = ssc_len - 1;ii >= 0; ii++) {
+ for (ii = ssc_len - 1; ii >= 0; ii--) {
*(ssc + ii) += 1;
if (*(ssc + ii) != 0)
break;

36
security/opensc/patches/patch-src_pkcs11_Makefile_am
View File

@ -1,31 +1,45 @@
$OpenBSD: patch-src_pkcs11_Makefile_am,v 1.1 2016/06/07 14:08:44 dcoppa Exp $
--- src/pkcs11/Makefile.am.orig Fri Jun 3 11:19:51 2016
+++ src/pkcs11/Makefile.am Tue Jun 7 14:53:12 2016
@@ -1,5 +1,7 @@
$OpenBSD: patch-src_pkcs11_Makefile_am,v 1.2 2017/08/16 14:39:07 dcoppa Exp $
Index: src/pkcs11/Makefile.am
--- src/pkcs11/Makefile.am.orig
+++ src/pkcs11/Makefile.am
@@ -1,7 +1,9 @@
include $(top_srcdir)/win32/ltrc.inc
+override libdir = $(prefix)/lib/pkcs11
+
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in $(srcdir)/versioninfo-pkcs11.rc $(srcdir)/versioninfo-pkcs11-spy.rc
EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in versioninfo-pkcs11-spy.rc.in
-EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in versioninfo-pkcs11-spy.rc.in opensc-pkcs11.pc.in
+EXTRA_DIST = Makefile.mak versioninfo-pkcs11.rc.in versioninfo-pkcs11-spy.rc.in
@@ -24,6 +26,7 @@ opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
lib_LTLIBRARIES = opensc-pkcs11.la pkcs11-spy.la onepin-opensc-pkcs11.la
@@ -20,16 +22,13 @@ OPENSC_PKCS11_LIBS = \
$(top_builddir)/src/common/libcompat.la \
$(OPTIONAL_OPENSSL_LIBS) $(PTHREAD_LIBS)
-pkgconfigdir = $(libdir)/pkgconfig
-pkgconfig_DATA = opensc-pkcs11.pc
-DISTCLEANFILES = $(pkgconfig_DATA)
-
opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC)
opensc_pkcs11_la_CFLAGS = $(OPENSC_PKCS11_CFLAGS)
opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
opensc_pkcs11_la_LDFLAGS = $(AM_LDFLAGS) \
-export-symbols "$(srcdir)/pkcs11.exports" \
-module -shared -avoid-version -no-undefined
+opensc_pkcs11_la_LIBTOOLFLAGS = --tag=disable-static
onepin_opensc_pkcs11_la_SOURCES = $(OPENSC_PKCS11_SRC) $(OPENSC_PKCS11_INC)
onepin_opensc_pkcs11_la_CFLAGS = -DMODULE_APP_NAME=\"onepin-opensc-pkcs11\" $(AM_CFLAGS)
@@ -31,6 +34,7 @@ onepin_opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
onepin_opensc_pkcs11_la_CFLAGS = -DMODULE_APP_NAME=\"onepin-opensc-pkcs11\" $(OPENSC_PKCS11_CFLAGS)
@@ -37,6 +36,7 @@ onepin_opensc_pkcs11_la_LIBADD = $(OPENSC_PKCS11_LIBS)
onepin_opensc_pkcs11_la_LDFLAGS = $(AM_LDFLAGS) \
-export-symbols "$(srcdir)/pkcs11.exports" \
-module -shared -avoid-version -no-undefined
+onepin_opensc_pkcs11_la_LIBTOOLFLAGS = --tag=disable-static
pkcs11_spy_la_SOURCES = pkcs11-spy.c pkcs11-display.c pkcs11-display.h pkcs11.exports
pkcs11_spy_la_LIBADD = \
@@ -41,6 +45,7 @@ pkcs11_spy_la_LIBADD = \
pkcs11_spy_la_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS)
@@ -48,6 +48,7 @@ pkcs11_spy_la_LIBADD = \
pkcs11_spy_la_LDFLAGS = $(AM_LDFLAGS) \
-export-symbols "$(srcdir)/pkcs11.exports" \
-module -shared -avoid-version -no-undefined
@ -33,7 +47,7 @@ $OpenBSD: patch-src_pkcs11_Makefile_am,v 1.1 2016/06/07 14:08:44 dcoppa Exp $
if WIN32
opensc_pkcs11_la_SOURCES += versioninfo-pkcs11.rc
@@ -53,13 +58,4 @@ install-exec-hook:
@@ -60,13 +61,4 @@ install-exec-hook:
for l in opensc-pkcs11.dll pkcs11-spy.dll; do \
mv "$(DESTDIR)$(libdir)/$$l" "$(DESTDIR)$(bindir)/$$l"; \
done

43
security/opensc/patches/patch-src_pkcs11_misc_c
View File

@ -1,43 +0,0 @@
$OpenBSD: patch-src_pkcs11_misc_c,v 1.1 2016/11/24 09:54:51 dcoppa Exp $
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/pkcs11/misc.c.orig Fri Jun 3 11:19:51 2016
+++ src/pkcs11/misc.c Thu Nov 24 09:58:03 2016
@@ -178,11 +178,10 @@ CK_RV push_login_state(struct sc_pkcs11_slot *slot,
struct sc_pkcs11_login *login = NULL;
if (!sc_pkcs11_conf.atomic || !slot) {
- r = CKR_OK;
- goto err;
+ return CKR_OK;
}
- login = (struct sc_pkcs11_login *) malloc(sizeof *login);
+ login = (struct sc_pkcs11_login *) calloc(1, sizeof *login);
if (login == NULL) {
goto err;
}
@@ -199,12 +198,15 @@ CK_RV push_login_state(struct sc_pkcs11_slot *slot,
goto err;
}
+ login = NULL;
r = CKR_OK;
err:
- if (r != CKR_OK && login) {
- sc_mem_clear(login->pPin, login->ulPinLen);
- free(login->pPin);
+ if (login) {
+ if (login->pPin) {
+ sc_mem_clear(login->pPin, login->ulPinLen);
+ free(login->pPin);
+ }
free(login);
}

19
security/opensc/patches/patch-src_pkcs11_openssl_c
View File

@ -1,19 +0,0 @@
$OpenBSD: patch-src_pkcs11_openssl_c,v 1.1 2016/09/30 13:48:38 dcoppa Exp $
commit 7b9bd6003082a60bbc4452f048ca8a7b839025f1
Author: Leonardo Brondani Schenkel <leonardo@schenkel.net>
Date: Mon Sep 26 14:54:58 2016 +0200
openssl: allow building against libressl
--- src/pkcs11/openssl.c.orig Fri Sep 30 15:33:03 2016
+++ src/pkcs11/openssl.c Fri Sep 30 15:33:38 2016
@@ -180,7 +180,7 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11
e = ENGINE_by_id("gost");
if (!e)
{
-#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST)
+#if !defined(OPENSSL_NO_STATIC_ENGINE) && !defined(OPENSSL_NO_GOST) && !defined(LIBRESSL_VERSION_NUMBER)
ENGINE_load_gost();
e = ENGINE_by_id("gost");
#else

9
security/opensc/patches/patch-src_tests_Makefile_am
View File

@ -1,7 +1,8 @@
$OpenBSD: patch-src_tests_Makefile_am,v 1.1 2016/06/07 14:08:44 dcoppa Exp $
--- src/tests/Makefile.am.orig Tue Jun 7 15:09:43 2016
+++ src/tests/Makefile.am Tue Jun 7 15:10:08 2016
@@ -10,7 +10,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/src
$OpenBSD: patch-src_tests_Makefile_am,v 1.2 2017/08/16 14:39:07 dcoppa Exp $
Index: src/tests/Makefile.am
--- src/tests/Makefile.am.orig
+++ src/tests/Makefile.am
@@ -11,7 +11,8 @@ AM_CFLAGS = $(OPTIONAL_OPENSSL_CFLAGS)
LIBS = \
$(top_builddir)/src/libopensc/libopensc.la \
$(top_builddir)/src/common/libscdl.la \

40
security/opensc/patches/patch-src_tools_gids-tool_c
View File

@ -1,40 +0,0 @@
$OpenBSD: patch-src_tools_gids-tool_c,v 1.1 2016/06/28 11:39:13 dcoppa Exp $
commit 0ae4b4ac0d13e596dd4fbf1a9f35c6a5f3a45726
Author: vletoux <vincent.letoux@gmail.com>
Date: Sun May 29 18:55:00 2016 +0200
gids bux fixing
fix the problem if the serial number is entered in the command line
--- src/tools/gids-tool.c.orig Fri Jun 3 11:19:51 2016
+++ src/tools/gids-tool.c Tue Jun 28 13:01:28 2016
@@ -134,17 +134,19 @@ static int initialize(sc_card_t *card, const char *so_
} else {
_serial = (char *)serial;
}
- len = sizeof(param.cardid);
- r = sc_hex_to_bin(_serial, param.cardid, &len);
- if (r < 0) {
- fprintf(stderr, "Error decoding serial number (%s)\n", sc_strerror(r));
- return -1;
- }
- if (len == 0) {
+
+ if (_serial[0] == '\0') {
memset(param.cardid, 0, sizeof(param.cardid));
- } else if (len != 32) {
+ } else if (strlen(_serial) != 32) {
fprintf(stderr, "the serial number must be a hexadecimal string of 32 characters\n");
return -1;
+ } else {
+ len = sizeof(param.cardid);
+ r = sc_hex_to_bin(_serial, param.cardid, &len);
+ if (r < 0) {
+ fprintf(stderr, "Error decoding serial number (%s)\n", sc_strerror(r));
+ return -1;
+ }
}
param.user_pin_len = strlen(_user_pin);

89
security/opensc/patches/patch-src_tools_pkcs11-tool_c
View File

@ -1,89 +0,0 @@
$OpenBSD: patch-src_tools_pkcs11-tool_c,v 1.2 2016/11/24 09:54:51 dcoppa Exp $
commit 04825d8d7ebb41bf0ab0bdab14c84de68636271f
Author: Frank Morgner <frankmorgner@gmail.com>
Date: Sat Jun 4 01:02:01 2016 +0200
avoid using an uninitialized buffer
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/tools/pkcs11-tool.c.orig Fri Jun 3 11:19:51 2016
+++ src/tools/pkcs11-tool.c Thu Nov 24 09:58:03 2016
@@ -388,6 +388,7 @@ static const char * CKR2Str(CK_ULONG res);
static int p11_test(CK_SESSION_HANDLE session);
static int test_card_detection(int);
static int hex_to_bin(const char *in, CK_BYTE *out, size_t *outlen);
+static void pseudo_randomize(unsigned char *data, size_t dataLen);
static void test_kpgen_certwrite(CK_SLOT_ID slot, CK_SESSION_HANDLE session);
static void test_ec(CK_SLOT_ID slot, CK_SESSION_HANDLE session);
#ifndef _WIN32
@@ -1328,8 +1329,10 @@ static int change_pin(CK_SLOT_ID slot, CK_SESSION_HAND
r = util_getpass(&new_pin, &len, stdin);
if (r < 0)
return 1;
- if (!new_pin || !*new_pin || strcmp(new_buf, new_pin) != 0)
+ if (!new_pin || !*new_pin || strcmp(new_buf, new_pin) != 0) {
+ free(new_pin);
return 1;
+ }
}
else {
new_pin = (char *) opt_new_pin;
@@ -3178,6 +3181,7 @@ static int read_object(CK_SESSION_HANDLE session)
if (opt_output)
fclose(out);
+ free(value);
if (oid_buf)
free(oid_buf);
return 1;
@@ -3313,6 +3317,7 @@ static int test_digest(CK_SESSION_HANDLE session)
}
/* 1st test */
+ pseudo_randomize(data, sizeof(data));
ck_mech.mechanism = firstMechType;
rv = p11->C_DigestInit(session, &ck_mech);
@@ -3686,9 +3691,6 @@ static int test_signature(CK_SESSION_HANDLE sess)
return 0;
}
- data[0] = 0;
- data[1] = 1;
-
/* 1st test */
/* assume --login has already authenticated the key */
@@ -3705,6 +3707,8 @@ static int test_signature(CK_SESSION_HANDLE sess)
break;
}
+ pseudo_randomize(data, dataLen);
+
ck_mech.mechanism = firstMechType;
rv = p11->C_SignInit(sess, &ck_mech, privKeyObject);
/* mechanism not implemented, don't test */
@@ -4836,6 +4840,17 @@ static int hex_to_bin(const char *in, unsigned char *o
*outlen = count;
return 1;
+}
+
+static void pseudo_randomize(unsigned char *data, size_t dataLen)
+{
+ size_t i = 0;
+ /* initialization with some data */
+ while (i < dataLen) {
+ *data = rand() & 0xFF;
+ data++;
+ i++;
+ }
}
static struct mech_info p11_mechanisms[] = {

18
security/opensc/patches/patch-src_tools_pkcs15-init_c
View File

@ -1,18 +0,0 @@
$OpenBSD: patch-src_tools_pkcs15-init_c,v 1.1 2016/11/24 09:54:51 dcoppa Exp $
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/tools/pkcs15-init.c.orig Fri Jun 3 11:19:51 2016
+++ src/tools/pkcs15-init.c Thu Nov 24 10:19:47 2016
@@ -2803,6 +2803,7 @@ int get_pin(sc_ui_hints_t *hints, char **out)
if (!(flags & SC_UI_PIN_MISMATCH_RETRY)) {
fprintf(stderr, "PINs do not match.\n");
+ free(pin);
return SC_ERROR_KEYPAD_PIN_MISMATCH;
}

83
security/opensc/patches/patch-src_tools_pkcs15-tool_c
View File

@ -1,83 +0,0 @@
$OpenBSD: patch-src_tools_pkcs15-tool_c,v 1.3 2016/11/24 09:54:51 dcoppa Exp $
commit 678f2bb1a65e5848dffc995f63e81d1f8092352f
Author: Ian Young <ian@iay.org.uk>
Date: Thu Sep 8 21:05:17 2016 +0100
Make pkcs15-tool --dump object formatting consistent
Properly terminate "Encoded serial" lines so that the blank line after
X.509 certificate blocks isn't consumed doing so.
commit d97ee793337e3590bed38426a0c46d095b087d48
Author: Nuno Goncalves <nunojpg@gmail.com>
Date: Mon Jun 6 18:29:03 2016 +0100
fix 'pkcs15-tool --read-ssh-key' crash
Don't try to free again pubkey if the parent cert has already been freed.
commit 12f402616050e6ac943217b2170e865c1a297e77
Author: Jakuje <jakuje@gmail.com>
Date: Mon Oct 10 22:21:46 2016 +0200
Fix Coverity remarks
--- src/tools/pkcs15-tool.c.orig Fri Jun 3 11:19:51 2016
+++ src/tools/pkcs15-tool.c Thu Nov 24 09:58:03 2016
@@ -248,6 +248,7 @@ static void print_cert_info(const struct sc_pkcs15_obj
if (rv >= 0 && cert_parsed) {
printf("\tEncoded serial : %02X %02X ", *(cert_parsed->serial), *(cert_parsed->serial + 1));
util_hex_dump(stdout, cert_parsed->serial + 2, cert_parsed->serial_len - 2, "");
+ printf("\n");
sc_pkcs15_free_certificate(cert_parsed);
}
}
@@ -1051,8 +1052,8 @@ static int read_ssh_key(void)
fclose(outf);
if (cert)
sc_pkcs15_free_certificate(cert);
- sc_pkcs15_free_pubkey(pubkey);
-
+ else if (pubkey)
+ sc_pkcs15_free_pubkey(pubkey);
return 0;
fail:
printf("can't convert key: buffer too small\n");
@@ -1121,8 +1122,10 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_obje
r = util_getpass(&pincode, &len, stdin);
if (r < 0)
return NULL;
- if (!pincode || strlen(pincode) == 0)
+ if (!pincode || strlen(pincode) == 0) {
+ free(pincode);
return NULL;
+ }
if (strlen(pincode) < pinfo->attrs.pin.min_length) {
printf("PIN code too short, try again.\n");
continue;
@@ -1131,7 +1134,7 @@ static u8 * get_pin(const char *prompt, sc_pkcs15_obje
printf("PIN code too long, try again.\n");
continue;
}
- return (u8 *) strdup(pincode);
+ return (u8 *) pincode;
}
}
@@ -1491,6 +1494,7 @@ static int change_pin(void)
if (pincode && strlen((char *) pincode) == 0) {
fprintf(stderr, "No PIN code supplied.\n");
+ free(pincode);
return 2;
}
@@ -1510,6 +1514,7 @@ static int change_pin(void)
if (newpin == NULL || strlen((char *) newpin) == 0) {
fprintf(stderr, "No new PIN value supplied.\n");
free(newpin);
+ free(pincode);
return 2;
}

7
security/opensc/pkg/PLIST
View File

@ -1,4 +1,4 @@
@comment $OpenBSD: PLIST,v 1.10 2016/06/07 14:08:44 dcoppa Exp $
@comment $OpenBSD: PLIST,v 1.11 2017/08/16 14:39:07 dcoppa Exp $
@bin bin/cardos-tool
@bin bin/cryptoflex-tool
@bin bin/dnie-tool
@ -6,6 +6,7 @@
@bin bin/gids-tool
@bin bin/iasecc-tool
@bin bin/netkey-tool
@bin bin/npa-tool
@bin bin/openpgp-tool
@bin bin/opensc-explorer
@bin bin/opensc-tool
@ -23,11 +24,8 @@ lib/libsmm-local.a
lib/libsmm-local.la
@lib lib/libsmm-local.so.${LIBsmm-local_VERSION}
lib/pkcs11/
lib/pkcs11/onepin-opensc-pkcs11.la
lib/pkcs11/onepin-opensc-pkcs11.so
lib/pkcs11/opensc-pkcs11.la
lib/pkcs11/opensc-pkcs11.so
lib/pkcs11/pkcs11-spy.la
lib/pkcs11/pkcs11-spy.so
lib/pkgconfig/libopensc.pc
@man man/man1/cardos-tool.1
@ -37,6 +35,7 @@ lib/pkgconfig/libopensc.pc
@man man/man1/gids-tool.1
@man man/man1/iasecc-tool.1
@man man/man1/netkey-tool.1
@man man/man1/npa-tool.1
@man man/man1/openpgp-tool.1
@man man/man1/opensc-explorer.1
@man man/man1/opensc-tool.1