Backport an upstream patch for fixing pkcs15 cert length calculation

This commit is contained in:
Kalev Lember 2013-01-13 11:50:52 +01:00
parent ac0bf87402
commit 1a9b698c84
2 changed files with 122 additions and 1 deletions

View File

@ -0,0 +1,114 @@
From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
From: Viktor Tarasov <viktor.tarasov@gmail.com>
Date: Tue, 25 Dec 2012 20:05:45 +0100
Subject: [PATCH] pkcs15: regression in e35febe: compute cert length
parse_x509_cert() reviewed.
Now certificate's DER data are allocated and the DER data length is determined in one place.
https://github.com/OpenSC/OpenSC/pull/114
https://github.com/OpenSC/OpenSC/commit/e35febe
---
src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
index 86bea25..9b08aac 100644
--- a/src/libopensc/pkcs15-cert.c
+++ b/src/libopensc/pkcs15-cert.c
@@ -34,13 +34,13 @@
#include "pkcs15.h"
static int
-parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
+parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
{
int r;
struct sc_algorithm_id sig_alg;
- struct sc_pkcs15_pubkey * pubkey = NULL;
- u8 *serial = NULL;
- size_t serial_len = 0;
+ struct sc_pkcs15_pubkey *pubkey = NULL;
+ unsigned char *serial = NULL, *buf = der->value;
+ size_t serial_len = 0, data_len = 0, buflen = der->len;
struct sc_asn1_entry asn1_version[] = {
{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
{ NULL, 0, 0, 0, NULL, NULL }
@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs1
if (obj == NULL)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
- cert->data.len = objlen + (obj - buf);
+ data_len = objlen + (obj - buf);
+ cert->data.value = malloc(data_len);
+ if (!cert->data.value)
+ LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
+ memcpy(cert->data.value, buf, data_len);
+ cert->data.len = data_len;
+
r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
cert->version++;
- if (pubkey) {
- cert->key = pubkey;
- pubkey = NULL;
- }
- else {
+ if (!pubkey)
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
- }
+ cert->key = pubkey;
+
sc_asn1_clear_algorithm_id(&sig_alg);
- if (r < 0)
- return r;
if (serial && serial_len) {
sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
free(serial);
+ LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
}
- return r;
+ return SC_SUCCESS;
}
@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_context *ctx,
if (cert == NULL)
return SC_ERROR_OUT_OF_MEMORY;
- rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
+ rv = parse_x509_cert(ctx, cert_blob, cert);
*out = cert->key;
cert->key = NULL;
@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs1
return SC_ERROR_OBJECT_NOT_FOUND;
}
-
cert = malloc(sizeof(struct sc_pkcs15_cert));
if (cert == NULL) {
free(der.value);
return SC_ERROR_OUT_OF_MEMORY;
}
memset(cert, 0, sizeof(struct sc_pkcs15_cert));
- if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
+ if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
free(der.value);
sc_pkcs15_free_certificate(cert);
return SC_ERROR_INVALID_ASN1_OBJECT;
}
+ free(der.value);
- cert->data = der;
*cert_out = cert;
return SC_SUCCESS;
}
--
1.8.1

View File

@ -1,6 +1,6 @@
Name: opensc
Version: 0.13.0
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Smart card library and applications
Group: System Environment/Libraries
@ -9,6 +9,9 @@ URL: https://www.opensc-project.org/
Source0: http://downloads.sourceforge.net/project/opensc/OpenSC/opensc-%{version}/%{name}-%{version}.tar.gz
Source1: opensc-module
# Upstream patch for fixing pkcs15 cert length calculation
Patch0: 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
BuildRequires: pcsc-lite-devel
BuildRequires: readline-devel
BuildRequires: openssl-devel
@ -30,6 +33,7 @@ every software/card that does so, too.
%prep
%setup -q
%patch0 -p1 -b .cert_length
sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
cp -p src/pkcs15init/README ./README.pkcs15init
@ -114,6 +118,9 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libopensc.so
%changelog
* Sun Jan 13 2013 Kalev Lember <kalevlember@gmail.com> - 0.13.0-2
- Backport an upstream patch for fixing pkcs15 cert length calculation
* Thu Jan 03 2013 Milan Broz <mbroz@redhat.com> - 0.13.0-1
- Update to 0.13.0 (#890770)
- Remove no longer provided onepin-opensc-pkcs11.so.