This release contains fixes for mutliple issues, ranging from stack based
buffer overflows to out of bounds reads and writes on the heap. They can
be triggered by malicious smartcards sending malformed responses to APDU
commands. A detailed description can be found at X41-2018-002
<https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/>.
While here, replace hardcoded 0644 with ${NONBINMODE} and adjust the
default PKCS11 provider path to opensc-pkcs11.so so pkcs11-tool(1) works
without having to it pass it `--module' all the time.
OK sthen rsadowski
config style, which still has DNS-01. ok landry@
---
acme-client is a client for the ACME protocol used by the Let's Encrypt CA.
It uses isolated processes for various operations - network code doesn't
have access to the filesystem, etc - this is enforced by pledge(2).
acme-client is present in the OpenBSD base system. This package is for the
original version, which uses a different configuration interface (CLI rather
than configuration file). It also supports the DNS-01 challenge type which
is not currently available in the version in the base system.
The executable is installed as "eacme-client".
---
- the database format has changed from an internal format to sqlite3,
this is automatic but it's recommended to make an extra backup of old files
first.
from Charlene Wendling; OK bcallah@
Comment:
cryptographic toolkit for Perl
Description:
CryptX is a fairly comprehensive cryptographic toolkit that provides
a vast array of well-known symmetric, block, and stream ciphers,
authenticated encryption modes, hash functions, checksums, MAC,
public key cryptography, PRNG, and more.
from Charlene Wendling; OK bcallah@
Comment:
generate shared secret using ECDH function
Description:
Crypt::Curve25519 is a state-of-the-art Diffie-Hellman function
suitable for a wide variety of applications.
Given a user's 32-byte secret key, Crypt::Curve25519 computes the
user's 32-byte public key. Given the user's 32-byte secret key and
another user's 32-byte public key, Crypt::Curve25519 computes a
32-byte secret shared by the two users. This secret can then be
used to authenticate and encrypt messages between the two users.
Switch from the old/deprecated M_ASN1_OCTET_STRING_print() defines/macros
to ASN1_STRING_print(). While here, add const to the version struct member
to remove a compiler warning.
ok sthen@
