Remove unused patches
This commit is contained in:
Jakub Jelen
parent
9b0290edd0
commit
269905c915
@ -1,26 +0,0 @@
|
|||||||
From 6d02503e19680a9f3f4e556e4cd99b1c2bbf6d1a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
||||||
Date: Fri, 28 Feb 2014 16:17:37 +0100
|
|
||||||
Subject: [PATCH] Call dlclose() only when having a valid handle.
|
|
||||||
|
|
||||||
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
||||||
---
|
|
||||||
src/common/libpkcs11.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/common/libpkcs11.c b/src/common/libpkcs11.c
|
|
||||||
index f8c70a7..b22d16d 100644
|
|
||||||
--- a/src/common/libpkcs11.c
|
|
||||||
+++ b/src/common/libpkcs11.c
|
|
||||||
@@ -74,7 +74,7 @@ C_UnloadModule(void *module)
|
|
||||||
if (!mod || mod->_magic != MAGIC)
|
|
||||||
return CKR_ARGUMENTS_BAD;
|
|
||||||
|
|
||||||
- if (sc_dlclose(mod->handle) < 0)
|
|
||||||
+ if (mod->handle != NULL && sc_dlclose(mod->handle) < 0)
|
|
||||||
return CKR_FUNCTION_FAILED;
|
|
||||||
|
|
||||||
memset(mod, 0, sizeof(*mod));
|
|
||||||
--
|
|
||||||
1.8.5.3
|
|
||||||
|
|
||||||
@ -1,24 +0,0 @@
|
|||||||
diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
|
|
||||||
index 80088b9..6f04573 100644
|
|
||||||
--- a/src/libopensc/card-epass2003.c
|
|
||||||
+++ b/src/libopensc/card-epass2003.c
|
|
||||||
@@ -117,8 +117,8 @@ openssl_enc(const EVP_CIPHER * cipher, const unsigned char *key, const unsigned
|
|
||||||
|
|
||||||
memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
|
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
|
||||||
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
|
||||||
EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
|
|
||||||
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
|
||||||
|
|
||||||
if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
|
|
||||||
goto out;
|
|
||||||
@@ -146,8 +146,8 @@ openssl_dec(const EVP_CIPHER * cipher, const unsigned char *key, const unsigned
|
|
||||||
|
|
||||||
memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
|
|
||||||
EVP_CIPHER_CTX_init(&ctx);
|
|
||||||
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
|
||||||
EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
|
|
||||||
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
|
|
||||||
|
|
||||||
if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
|
|
||||||
goto out;
|
|
||||||
@ -1,12 +0,0 @@
|
|||||||
diff -ur opensc-0.13.0.orig/src/pkcs15init/myeid.profile opensc-0.13.0/src/pkcs15init/myeid.profile
|
|
||||||
--- opensc-0.13.0.orig/src/pkcs15init/myeid.profile 2012-12-04 15:43:40.000000000 +0100
|
|
||||||
+++ opensc-0.13.0/src/pkcs15init/myeid.profile 2014-01-06 14:04:22.795401836 +0100
|
|
||||||
@@ -201,7 +201,7 @@
|
|
||||||
acl = READ=$PIN, UPDATE=$PIN, DELETE=$PIN;
|
|
||||||
}
|
|
||||||
EF data {
|
|
||||||
- file-id = 4501;
|
|
||||||
+ file-id = 4601;
|
|
||||||
structure = transparent;
|
|
||||||
acl = READ=NONE, UPDATE=$PIN, DELETE=$PIN;
|
|
||||||
}
|
|
||||||
@ -1,64 +0,0 @@
|
|||||||
diff -ur opensc-0.13.0.orig/src/tools/pkcs11-tool.c opensc-0.13.0/src/tools/pkcs11-tool.c
|
|
||||||
--- opensc-0.13.0.orig/src/tools/pkcs11-tool.c 2012-12-04 15:43:40.000000000 +0100
|
|
||||||
+++ opensc-0.13.0/src/tools/pkcs11-tool.c 2014-02-28 16:33:19.234607615 +0100
|
|
||||||
@@ -1778,6 +1778,9 @@
|
|
||||||
CK_RV rv;
|
|
||||||
int need_to_parse_certdata = 0;
|
|
||||||
unsigned char *oid_buf = NULL;
|
|
||||||
+ CK_OBJECT_CLASS clazz;
|
|
||||||
+ CK_CERTIFICATE_TYPE cert_type;
|
|
||||||
+ CK_KEY_TYPE type = CKK_RSA;
|
|
||||||
#ifdef ENABLE_OPENSSL
|
|
||||||
struct x509cert_info cert;
|
|
||||||
struct rsakey_info rsa;
|
|
||||||
@@ -1858,8 +1861,8 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
if (opt_object_class == CKO_CERTIFICATE) {
|
|
||||||
- CK_OBJECT_CLASS clazz = CKO_CERTIFICATE;
|
|
||||||
- CK_CERTIFICATE_TYPE cert_type = CKC_X_509;
|
|
||||||
+ clazz = CKO_CERTIFICATE;
|
|
||||||
+ cert_type = CKC_X_509;
|
|
||||||
|
|
||||||
FILL_ATTR(cert_templ[0], CKA_TOKEN, &_true, sizeof(_true));
|
|
||||||
FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
|
|
||||||
@@ -1892,7 +1895,7 @@
|
|
||||||
}
|
|
||||||
else
|
|
||||||
if (opt_object_class == CKO_PRIVATE_KEY) {
|
|
||||||
- CK_OBJECT_CLASS clazz = CKO_PRIVATE_KEY;
|
|
||||||
+ clazz = CKO_PRIVATE_KEY;
|
|
||||||
|
|
||||||
n_privkey_attr = 0;
|
|
||||||
FILL_ATTR(privkey_templ[n_privkey_attr], CKA_CLASS, &clazz, sizeof(clazz));
|
|
||||||
@@ -1940,7 +1943,7 @@
|
|
||||||
}
|
|
||||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_EC)
|
|
||||||
else if (evp_key->type == NID_id_GostR3410_2001) {
|
|
||||||
- CK_KEY_TYPE type = CKK_GOSTR3410;
|
|
||||||
+ type = CKK_GOSTR3410;
|
|
||||||
|
|
||||||
FILL_ATTR(privkey_templ[n_privkey_attr], CKA_KEY_TYPE, &type, sizeof(type));
|
|
||||||
n_privkey_attr++;
|
|
||||||
@@ -1958,8 +1961,8 @@
|
|
||||||
}
|
|
||||||
else
|
|
||||||
if (opt_object_class == CKO_PUBLIC_KEY) {
|
|
||||||
- CK_OBJECT_CLASS clazz = CKO_PUBLIC_KEY;
|
|
||||||
- CK_KEY_TYPE type = CKK_RSA;
|
|
||||||
+ clazz = CKO_PUBLIC_KEY;
|
|
||||||
+ type = CKK_RSA;
|
|
||||||
|
|
||||||
FILL_ATTR(pubkey_templ[0], CKA_CLASS, &clazz, sizeof(clazz));
|
|
||||||
FILL_ATTR(pubkey_templ[1], CKA_KEY_TYPE, &type, sizeof(type));
|
|
||||||
@@ -1998,7 +2001,7 @@
|
|
||||||
}
|
|
||||||
else
|
|
||||||
if (opt_object_class == CKO_DATA) {
|
|
||||||
- CK_OBJECT_CLASS clazz = CKO_DATA;
|
|
||||||
+ clazz = CKO_DATA;
|
|
||||||
FILL_ATTR(data_templ[0], CKA_CLASS, &clazz, sizeof(clazz));
|
|
||||||
FILL_ATTR(data_templ[1], CKA_TOKEN, &_true, sizeof(_true));
|
|
||||||
FILL_ATTR(data_templ[2], CKA_VALUE, &contents, contents_len);
|
|
||||||
Only in opensc-0.13.0/src/tools: pkcs11-tool.c~
|
|
||||||
Only in opensc-0.13.0/src/tools: pkcs11-tool.c.orig
|
|
||||||
@ -1,107 +0,0 @@
|
|||||||
From c6c7a27bc90f0c5b8e8ecf0fe2fc1db89ac56fd9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Doug Engert <deengert@gmail.com>
|
|
||||||
Date: Tue, 25 Oct 2016 21:49:48 -0500
|
|
||||||
Subject: [PATCH] prkey_fixup_rsa changes for OpenSSL-1.1.0
|
|
||||||
|
|
||||||
Remove restrictions in prkey_fixup_rsa:
|
|
||||||
/* Not thread safe, but much better than a memory leak */
|
|
||||||
/* TODO put on stack, or allocate and clear and then free */
|
|
||||||
Compute dmp1, dmp1 and/or iqmp if not in sc_pkcs15_prkey_rsa
|
|
||||||
|
|
||||||
Remove the GETBN macro that was causing problems.
|
|
||||||
|
|
||||||
Changes to be committed:
|
|
||||||
modified: src/pkcs15init/pkcs15-lib.c
|
|
||||||
---
|
|
||||||
src/pkcs15init/pkcs15-lib.c | 43 +++++++++++++++++++++++++++++++------------
|
|
||||||
1 file changed, 31 insertions(+), 12 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
|
|
||||||
index 72a4b4a..eabcd4f 100644
|
|
||||||
--- a/src/pkcs15init/pkcs15-lib.c
|
|
||||||
+++ b/src/pkcs15init/pkcs15-lib.c
|
|
||||||
@@ -46,6 +46,7 @@
|
|
||||||
#endif
|
|
||||||
#include <assert.h>
|
|
||||||
#ifdef ENABLE_OPENSSL
|
|
||||||
+#include <openssl/opensslv.h>
|
|
||||||
#include <openssl/bn.h>
|
|
||||||
#include <openssl/evp.h>
|
|
||||||
#include <openssl/pem.h>
|
|
||||||
@@ -55,6 +56,7 @@
|
|
||||||
#include <openssl/pkcs12.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+#include "libopensc/sc-ossl-compat.h"
|
|
||||||
#include "common/compat_strlcpy.h"
|
|
||||||
#include "common/libscdl.h"
|
|
||||||
#include "libopensc/pkcs15.h"
|
|
||||||
@@ -2162,11 +2164,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
|
|
||||||
}
|
|
||||||
|
|
||||||
#ifdef ENABLE_OPENSSL
|
|
||||||
-#define GETBN(dst, src, mem) \
|
|
||||||
- do { dst.len = BN_num_bytes(src); \
|
|
||||||
- assert(dst.len <= sizeof(mem)); \
|
|
||||||
- BN_bn2bin(src, dst.data = mem); \
|
|
||||||
- } while (0)
|
|
||||||
|
|
||||||
/* Generate additional parameters.
|
|
||||||
* At least the GPK seems to need the full set of CRT
|
|
||||||
@@ -2178,7 +2175,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
|
|
||||||
/* We don't really need an RSA structure, only the BIGNUMs */
|
|
||||||
|
|
||||||
if (!key->dmp1.len || !key->dmq1.len || !key->iqmp.len) {
|
|
||||||
- static u8 dmp1[256], dmq1[256], iqmp[256];
|
|
||||||
BIGNUM *aux;
|
|
||||||
BN_CTX *bn_ctx;
|
|
||||||
BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_p, *rsa_q, *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
|
|
||||||
@@ -2206,11 +2202,35 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
|
|
||||||
BN_clear_free(aux);
|
|
||||||
BN_CTX_free(bn_ctx);
|
|
||||||
|
|
||||||
- /* Not thread safe, but much better than a memory leak */
|
|
||||||
- /* TODO put on stack, or allocate and clear and then free */
|
|
||||||
- GETBN(key->dmp1, rsa_dmp1, dmp1);
|
|
||||||
- GETBN(key->dmq1, rsa_dmq1, dmq1);
|
|
||||||
- GETBN(key->iqmp, rsa_iqmp, iqmp);
|
|
||||||
+ /* Do not replace, only fill in missing */
|
|
||||||
+ if (key->dmp1.data == NULL) {
|
|
||||||
+ key->dmp1.len = BN_num_bytes(rsa_dmp1);
|
|
||||||
+ key->dmp1.data = malloc(key->dmp1.len);
|
|
||||||
+ if (key->dmp1.data) {
|
|
||||||
+ BN_bn2bin(rsa_dmp1, key->dmp1.data);
|
|
||||||
+ } else {
|
|
||||||
+ key->dmp1.len = 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (key->dmq1.data == NULL) {
|
|
||||||
+ key->dmq1.len = BN_num_bytes(rsa_dmq1);
|
|
||||||
+ key->dmq1.data = malloc(key->dmq1.len);
|
|
||||||
+ if (key->dmq1.data) {
|
|
||||||
+ BN_bn2bin(rsa_dmq1, key->dmq1.data);
|
|
||||||
+ } else {
|
|
||||||
+ key->dmq1.len = 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (key->iqmp.data == NULL) {
|
|
||||||
+ key->iqmp.len = BN_num_bytes(rsa_iqmp);
|
|
||||||
+ key->iqmp.data = malloc(key->iqmp.len);
|
|
||||||
+ if (key->iqmp.data) {
|
|
||||||
+ BN_bn2bin(rsa_iqmp, key->iqmp.data);
|
|
||||||
+ } else {
|
|
||||||
+ key->iqmp.len = 0;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
BN_clear_free(rsa_n);
|
|
||||||
BN_clear_free(rsa_e);
|
|
||||||
@@ -2222,7 +2242,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
|
|
||||||
BN_clear_free(rsa_iqmp);
|
|
||||||
|
|
||||||
}
|
|
||||||
-#undef GETBN
|
|
||||||
#endif
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
Loading…
Reference in New Issue
Block a user