import opensc-0.20.0-4.el8

2021-03-30 07:27:00 -04:00 · 2021-03-30 07:27:00 -04:00 · 12da73634a
commit 12da73634a
parent 0e5b941884
8 changed files with 441 additions and 1 deletions
--- a/SOURCES/opensc-0.20.0-CVE-2020-26570.patch
+++ b/SOURCES/opensc-0.20.0-CVE-2020-26570.patch
@ -0,0 +1,31 @@
 commit 6903aebfddc466d966c7b865fae34572bf3ed23e
 Author: Frank Morgner <frankmorgner@gmail.com>
 Date:   Thu Jul 30 02:21:17 2020 +0200
    Heap-buffer-overflow WRITE
    fixes https://oss-fuzz.com/testcase-detail/5088104168554496
 diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c
 index a873aaa0..2fb32b8d 100644
 --- a/src/libopensc/pkcs15-oberthur.c
 +++ b/src/libopensc/pkcs15-oberthur.c
@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path,
 		rv = sc_read_binary(card, 0, *out, sz, 0);
 	}
 	else	{
 -		int rec;
 -		int offs = 0;
 -		int rec_len = file->record_length;
 +		size_t rec;
 +		size_t offs = 0;
 +		size_t rec_len = file->record_length;
 		for (rec = 1; ; rec++)   {
 +			if (rec > file->record_count) {
 +				rv = 0;
 +				break;
 +			}
 			rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR);
 			if (rv == SC_ERROR_RECORD_NOT_FOUND)   {
 				rv = 0;
--- a/SOURCES/opensc-0.20.0-CVE-2020-26571.patch
+++ b/SOURCES/opensc-0.20.0-CVE-2020-26571.patch
@ -0,0 +1,42 @@
 commit ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43
 Author: Frank Morgner <frankmorgner@gmail.com>
 Date:   Mon May 18 17:25:32 2020 +0200
    fixed invalid read
    fixes https://oss-fuzz.com/testcase-detail/5765246676631552
 diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c
 index e13f3b87..4b80daf2 100644
 --- a/src/libopensc/pkcs15-gemsafeGPK.c
 +++ b/src/libopensc/pkcs15-gemsafeGPK.c
@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
 	u8 sysrec[7];
 	int num_keyinfo = 0;
 -	keyinfo kinfo[8]; /* will loook for 8 keys */
 +	keyinfo kinfo[9]; /* will look for 9 keys */
 	u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */
 	u8 *cp;
 	char buf[256];
@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
 	/* There may be more then one key in the directory. */
 	/* we need to find them so we can associate them with the */
 -	/* the certificate.  The files are 0007 to 000f */
 +	/* the certificate.  The files are 0007 to 000F */
 -	for (i = 7; i < 16; i++) {
 +	for (i = 0x7; i <= 0xF; i++) {
 		path.value[0] = 0x00;
 		path.value[1] = i;
 		path.len = 2;	
@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card)
 		while (j--) 
 			*cp++ =  modulus_buf[j + 1];
 		num_keyinfo++;
 -	} 
 +	}
 	/* Get the gemsafe data with the cert */
 	 sc_format_path("3F000200004", &path);
--- a/SOURCES/opensc-0.20.0-CVE-2020-26572.patch
+++ b/SOURCES/opensc-0.20.0-CVE-2020-26572.patch
@ -0,0 +1,21 @@
 commit 9d294de90d1cc66956389856e60b6944b27b4817
 Author: Frank Morgner <frankmorgner@gmail.com>
 Date:   Thu Jun 4 10:04:10 2020 +0200
    prevent out of bounds write
    fixes https://oss-fuzz.com/testcase-detail/5226571123392512
 diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c
 index 673c2493..e88c80bd 100644
 --- a/src/libopensc/card-tcos.c
 +++ b/src/libopensc/card-tcos.c
@@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len,
 	apdu.data = sbuf;
 	apdu.lc = apdu.datalen = crgram_len+1;
 	sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02);
 +	if (sizeof sbuf - 1 < crgram_len)
 +		return SC_ERROR_INVALID_ARGUMENTS;
 	memcpy(sbuf+1, crgram, crgram_len);
 	r = sc_transmit_apdu(card, &apdu);
--- a/SOURCES/opensc-0.20.0-cac-pin-change.patch
+++ b/SOURCES/opensc-0.20.0-cac-pin-change.patch
@ -0,0 +1,102 @@
 diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c
 index 099923e5..61e69c88 100644
 --- a/src/libopensc/card-cac.c
 +++ b/src/libopensc/card-cac.c
@@ -1793,7 +1793,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize)
 		}
 		r = cac_process_ACA(card, priv);
 		if (r == SC_SUCCESS) {
 -			card->type = SC_CARD_TYPE_CAC_II;
 +			card->type = SC_CARD_TYPE_CAC_ALT_HID;
 			card->drv_data = priv;
 			return r;
 		}
@@ -1869,6 +1869,8 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
 	 * FIPS 201 4.1.6.1 (numeric only) and * FIPS 140-2
 	 * (6 character minimum) requirements.
 	 */
 +	sc_apdu_t apdu;
 +	u8  sbuf[SC_MAX_APDU_BUFFER_SIZE];
 	struct sc_card_driver *iso_drv = sc_get_iso7816_driver();
 	if (data->cmd == SC_PIN_CMD_CHANGE) {
@@ -1881,6 +1883,18 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries
 				return SC_ERROR_INVALID_DATA;
 			}
 		}
 +
 +		/* We can change the PIN of Giesecke & Devrient CAC ALT tokens
 +		 * with a bit non-standard APDU */
 +		if (card->type == SC_CARD_TYPE_CAC_ALT_HID) {
 +			int r = 0;
 +			r = iso7816_build_pin_apdu(card, &apdu, data, sbuf, sizeof(sbuf));
 +			if (r < 0)
 +				return r;
 +			/* it requires P1 = 0x01 completely against the ISO specs */
 +			apdu.p1 = 0x01;
 +			data->apdu = &apdu;
 +		}
 	}
 	return  iso_drv->ops->pin_cmd(card, data, tries_left);
 diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h
 index 0ec25a46..16846d15 100644
 --- a/src/libopensc/cards.h
 +++ b/src/libopensc/cards.h
@@ -244,6 +244,7 @@ enum {
 	SC_CARD_TYPE_CAC_GENERIC,
 	SC_CARD_TYPE_CAC_I,
 	SC_CARD_TYPE_CAC_II,
 +	SC_CARD_TYPE_CAC_ALT_HID,
 	/* nPA cards */
 	SC_CARD_TYPE_NPA = 34000,
 diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c
 index b1a0e88f..d41613b2 100644
 --- a/src/libopensc/iso7816.c
 +++ b/src/libopensc/iso7816.c
@@ -1017,7 +1017,7 @@ iso7816_decipher(struct sc_card *card,
 }
 -static int
 +int
 iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu,
 		struct sc_pin_cmd_data *data, u8 *buf, size_t buf_len)
 {
 diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
 index b519c5d5..8ebf9fbd 100644
 --- a/src/libopensc/opensc.h
 +++ b/src/libopensc/opensc.h
@@ -1664,6 +1664,19 @@ int iso7816_update_binary_sfid(sc_card_t *card, unsigned char sfid,
  * */
 int iso7816_logout(sc_card_t *card, unsigned char pin_reference);
 +/*
 + * @brief Format PIN APDU for modifiction by card driver
 + *
 + * @param[in] card           card
 + * @param[in] apdu           apdu structure to update with PIN APDU
 + * @param[in] data           pin command data to set into the APDU
 + * @param[in] buf            buffer for APDU data field
 + * @param[in] buf_len        maximum buffer length
 + */
 +int
 +iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu,
 +		struct sc_pin_cmd_data *data, u8 *buf, size_t buf_len);
 +
 #ifdef __cplusplus
 }
 #endif
 diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c
 index ccb27994..05056ea9 100644
 --- a/src/libopensc/pkcs15-cac.c
 +++ b/src/libopensc/pkcs15-cac.c
@@ -79,6 +79,7 @@ static const char * cac_get_name(int type)
     switch (type) {
     case SC_CARD_TYPE_CAC_I: return ("CAC I");
     case SC_CARD_TYPE_CAC_II: return ("CAC II");
 +    case SC_CARD_TYPE_CAC_ALT_HID: return ("CAC ALT HID");
     default: break;
     }
     return ("CAC");
--- a/SOURCES/opensc-0.20.0-calloc0.patch
+++ b/SOURCES/opensc-0.20.0-calloc0.patch
@ -0,0 +1,102 @@
 From f1bcadfbe9d156adbe509b0860511ee41add0c67 Mon Sep 17 00:00:00 2001
 From: Frank Morgner <frankmorgner@gmail.com>
 Date: Tue, 10 Mar 2020 12:13:29 +0100
 Subject: [PATCH]  pkcs11: don't try to allocate 0 byte with calloc
 fixes #1978
 ---
 src/pkcs11/pkcs11-global.c | 7 ++++++-
 win32/Make.rules.mak       | 4 ++--
 win32/winconfig.h.in       | 2 ++
 3 files changed, 10 insertions(+), 3 deletions(-)
 diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
 index a3260314f8..671890309f 100644
 --- a/src/pkcs11/pkcs11-global.c
 +++ b/src/pkcs11/pkcs11-global.c
@@ -456,6 +456,13 @@ CK_RV C_GetSlotList(CK_BBOOL       tokenPresent,  /* only slots with token prese
 	card_detect_all();
 +	if (list_empty(&virtual_slots)) {
 +		sc_log(context, "returned 0 slots\n");
 +		*pulCount = 0;
 +		rv = CKR_OK;
 +		goto out;
 +	}
 +
 	found = calloc(list_size(&virtual_slots), sizeof(CK_SLOT_ID));
 	if (found == NULL) {
 diff --git a/win32/Make.rules.mak b/win32/Make.rules.mak
 index 4f4971a72d..c6b1aac340 100644
 --- a/win32/Make.rules.mak
 +++ b/win32/Make.rules.mak
@@ -1,7 +1,7 @@
 OPENSC_FEATURES = pcsc
 #Include support for minidriver
 -MINIDRIVER_DEF = /DENABLE_MINIDRIVER
 +#MINIDRIVER_DEF = /DENABLE_MINIDRIVER
 #Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9
 !IF "$(WIX)" == ""
@@ -33,7 +33,7 @@ WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXV
 SM_DEF = /DENABLE_SM
 #Build with debugging support
 -#DEBUG_DEF = /DDEBUG
 +DEBUG_DEF = /DDEBUG
 # If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification):
 # - download and build OpenSSL
 diff --git a/win32/winconfig.h.in b/win32/winconfig.h.in
 index 94ed9b5475..fa682c5bcc 100644
 --- a/win32/winconfig.h.in
 +++ b/win32/winconfig.h.in
@@ -103,6 +103,8 @@
 #define DEFAULT_ONEPIN_PKCS11_PROVIDER "@DEFAULT_ONEPIN_PKCS11_PROVIDER@"
 #endif
 +#define PKCS11_THREAD_LOCKING
 +
 #ifndef DEFAULT_SM_MODULE
 #define DEFAULT_SM_MODULE "@DEFAULT_SM_MODULE@"
 #endif
 commit 500ecd3d127975379e2310626c3ce94c3e7035ea
 Author: Jakub Jelen <jjelen@redhat.com>
 Date:   Wed Nov 25 13:49:08 2020 +0100
    pkcs11-tool: Avoid calloc with 0 argument
 diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
 index 4015aaf1..89244795 100644
 --- a/src/tools/pkcs11-tool.c
 +++ b/src/tools/pkcs11-tool.c
@@ -1270,15 +1270,18 @@ static void list_slots(int tokens, int refresh, int print)
 		if (rv != CKR_OK)
 			p11_fatal("C_GetSlotList(NULL)", rv);
 		free(p11_slots);
 -		p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
 -		if (p11_slots == NULL) {
 -			perror("calloc failed");
 -			exit(1);
 +		p11_slots = NULL;
 +		if (p11_num_slots > 0) {
 +			p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID));
 +			if (p11_slots == NULL) {
 +				perror("calloc failed");
 +				exit(1);
 +			}
 +			rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
 +			if (rv != CKR_OK)
 +				p11_fatal("C_GetSlotList()", rv);
 		}
 -		rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots);
 -		if (rv != CKR_OK)
 -			p11_fatal("C_GetSlotList()", rv);
 	}
 	if (!print)
--- a/SOURCES/opensc-0.20.0-file-cache.patch
+++ b/SOURCES/opensc-0.20.0-file-cache.patch
@ -0,0 +1,85 @@
 From 2a28dcd3f6e4af7a5b2d7d7810b26b6321dd1bf1 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 10 Nov 2020 14:44:43 +0100
 Subject: [PATCH 1/3] ctx: Use more standard cache directory
 https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
 ---
 src/libopensc/ctx.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
 diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
 index 6b57170f01..d6058c070e 100644
 --- a/src/libopensc/ctx.c
 +++ b/src/libopensc/ctx.c
@@ -1008,7 +1008,12 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize)
 	}
 #ifndef _WIN32
 -	cache_dir = ".eid/cache";
 +	cache_dir = getenv("XDG_CACHE_HOME");
 +	if (cache_dir != NULL && cache_dir[0] != '\0') {
 +		snprintf(buf, bufsize, "%s/%s", cache_dir, "opensc");
 +		return SC_SUCCESS;
 +	}
 +	cache_dir = ".cache/opensc";
 	homedir = getenv("HOME");
 #else
 	cache_dir = "eid-cache";
@@ -1020,7 +1025,7 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize)
 		homedir = temp_path;
 	}
 #endif
 -	if (homedir == NULL)
 +	if (homedir == NULL || homedir[0] == '\0')
 		return SC_ERROR_INTERNAL;
 	if (snprintf(buf, bufsize, "%s/%s", homedir, cache_dir) < 0)
 		return SC_ERROR_BUFFER_TOO_SMALL;
 From 7c1c6f6be47f55693647827259edcacc98761371 Mon Sep 17 00:00:00 2001
 From: Jakub Jelen <jjelen@redhat.com>
 Date: Tue, 10 Nov 2020 15:07:42 +0100
 Subject: [PATCH 3/3] doc: Update documentation about the cache location
 ---
 doc/files/opensc.conf.5.xml.in | 9 +++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)
 diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in
 index 118922a877..791f11669a 100644
 --- a/doc/files/opensc.conf.5.xml.in
 +++ b/doc/files/opensc.conf.5.xml.in
@@ -1116,12 +1116,17 @@ app <replaceable>application</replaceable> {
 							<itemizedlist>
 								<listitem>
 									<para>
 -										<filename><envar>HOME</envar>/.eid/cache/</filename> (Unix)
 +										<filename><envar>$XDG_CACHE_HOME</envar>/opensc/</filename> (If <envar>$XDG_CACHE_HOME</envar> is defined)
 									</para>
 								</listitem>
 								<listitem>
 									<para>
 -										<filename><envar>USERPROFILE</envar>\.eid-cache\</filename> (Windows)
 +										<filename><envar>$HOME</envar>/.cache/opensc/</filename> (Unix)
 +									</para>
 +								</listitem>
 +								<listitem>
 +									<para>
 +										<filename><envar>$USERPROFILE</envar>\.eid-cache\</filename> (Windows)
 									</para>
 								</listitem>
 							</itemizedlist>
 diff -up opensc-0.20.0/etc/opensc.conf.file-cache opensc-0.20.0/etc/opensc.conf
 --- opensc-0.20.0/etc/opensc.conf.file-cache	2020-11-20 16:49:30.995526825 +0100
 +++ opensc-0.20.0/etc/opensc.conf	2020-11-20 16:50:07.665053280 +0100
@@ -2,7 +2,7 @@ app default {
 	# debug = 3;
 	# debug_file = opensc-debug.txt;
 	framework pkcs15 {
 -		# use_file_caching = true;
 +		use_file_caching = true;
 	}
 	reader_driver pcsc {
 		# The pinpad is disabled by default,
--- a/SOURCES/opensc-0.20.0-label-padding.patch
+++ b/SOURCES/opensc-0.20.0-label-padding.patch
@ -0,0 +1,24 @@
 commit 8d4af9eb0b799f22b25783e8e1b7af329b5a917b
 Author: Frank Morgner <frankmorgner@gmail.com>
 Date:   Fri Jan 31 12:15:53 2020 +0100
    pkcs11: fixed right padding of token label with ' '
    fixes https://github.com/OpenSC/OpenSC/issues/1922
 diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
 index e94eeeff..a1951c2e 100644
 --- a/src/pkcs11/framework-pkcs15.c
 +++ b/src/pkcs11/framework-pkcs15.c
@@ -1122,9 +1122,10 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot,
 							max_tokeninfo_len);
 					slot->token_info.label[max_tokeninfo_len]           = ' ';
 					slot->token_info.label[max_tokeninfo_len+1]         = '(';
 -					slot->token_info.label[max_tokeninfo_len+2+pin_len] = ')';
 					strcpy_bp(slot->token_info.label+max_tokeninfo_len+2,
 							auth->label, pin_len);
 +					strcpy_bp(slot->token_info.label+max_tokeninfo_len+2+pin_len,
 +							")", 32 - max_tokeninfo_len-2-pin_len);
 				}
 			} else {
 				/* PIN label is empty or just says non-useful "PIN",
--- a/SPECS/opensc.spec
+++ b/SPECS/opensc.spec
@ -3,7 +3,7 @@
 Name:           opensc
 Version:        0.20.0
-Release:        2%{?dist}
+Release:        4%{?dist}
 Summary:        Smart card library and applications
 Group:          System Environment/Libraries
@ -16,6 +16,23 @@ Patch6:         opensc-0.19.0-pinpad.patch
 Patch8:         opensc-0.19.0-idprime.patch
 # https://github.com/OpenSC/OpenSC/pull/1987
 Patch9:         opensc-0.20.0-cardos.patch
 # https://github.com/OpenSC/OpenSC/pull/2129
 Patch10:        opensc-0.20.0-cac-pin-change.patch
 # https://github.com/OpenSC/OpenSC/commit/6903aebf
 Patch11:        opensc-0.20.0-CVE-2020-26570.patch
 # https://github.com/OpenSC/OpenSC/commit/ed55fcd2
 Patch12:        opensc-0.20.0-CVE-2020-26571.patch
 # https://github.com/OpenSC/OpenSC/commit/9d294de9
 Patch13:        opensc-0.20.0-CVE-2020-26572.patch
 # https://github.com/OpenSC/OpenSC/commit/8d4af9eb
 Patch14:        opensc-0.20.0-label-padding.patch
 # https://github.com/OpenSC/OpenSC/commit/f1bcadfb
 # https://github.com/OpenSC/OpenSC/pull/2166
 Patch15:        opensc-0.20.0-calloc0.patch
 # https://github.com/OpenSC/OpenSC/pull/2148
 # + configuration change by default
 Patch16:        opensc-0.20.0-file-cache.patch
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  readline-devel
@ -47,6 +64,13 @@ every software/card that does so, too.
 %patch6 -p1 -b .pinpad
 %patch8 -p1 -b .idprime
 %patch9 -p1 -b .cardos
 %patch10 -p1 -b .cac-pin-change
 %patch11 -p1 -b .CVE-2020-26570
 %patch12 -p1 -b .CVE-2020-26571
 %patch13 -p1 -b .CVE-2020-26572
 %patch14 -p1 -b .padding
 %patch15 -p1 -b .calloc0
 %patch16 -p1 -b .file-cache
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@ -205,6 +229,15 @@ fi
 %changelog
 * Fri Nov 20 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-4
 - Use file cache by default (#1892810)
 - Avoid calloc with 0 argument (#1895401)
 * Tue Oct 20 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-3
 - Support PIN change for HID Alt tokens (#1830901)
 - Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572
 - Fix right padding of token labels of some cards (#1877973)
 * Wed May 27 2020 Jakub Jelen <jjelen@redhat.com> - 0.20.0-2
 - Unbreak different CardOS 5 configurations supporting raw RSA (#1830856)