opensc-0.16.0-2.20161016git0362439

2016-10-31 12:56:53 +01:00 · 2016-10-31 12:56:53 +01:00 · 329762d943
commit 329762d943
parent 480eff0969
2 changed files with 122 additions and 4 deletions
--- a/opensc-prkey-fixup.patch
+++ b/opensc-prkey-fixup.patch
@ -0,0 +1,107 @@
+From c6c7a27bc90f0c5b8e8ecf0fe2fc1db89ac56fd9 Mon Sep 17 00:00:00 2001
+From: Doug Engert <deengert@gmail.com>
+Date: Tue, 25 Oct 2016 21:49:48 -0500
+Subject: [PATCH] prkey_fixup_rsa changes for OpenSSL-1.1.0
+
+Remove restrictions in prkey_fixup_rsa:
+  /* Not thread safe, but much better than a memory leak */
+  /* TODO put on stack, or allocate and clear and then free */
+Compute dmp1, dmp1 and/or iqmp if not in sc_pkcs15_prkey_rsa
+
+Remove the GETBN macro that was causing problems.
+
+ Changes to be committed:
+	modified:   src/pkcs15init/pkcs15-lib.c
+---
+ src/pkcs15init/pkcs15-lib.c | 43 +++++++++++++++++++++++++++++++------------
+ 1 file changed, 31 insertions(+), 12 deletions(-)
+
+diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
+index 72a4b4a..eabcd4f 100644
+--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
+@@ -46,6 +46,7 @@
+ #endif
+ #include <assert.h>
+ #ifdef ENABLE_OPENSSL
+#include <openssl/opensslv.h>
+ #include <openssl/bn.h>
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
+@@ -55,6 +56,7 @@
+ #include <openssl/pkcs12.h>
+ #endif
+ 
+#include "libopensc/sc-ossl-compat.h"
+ #include "common/compat_strlcpy.h"
+ #include "common/libscdl.h"
+ #include "libopensc/pkcs15.h"
+@@ -2162,11 +2164,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
+ 	}
+ 
+ #ifdef ENABLE_OPENSSL
+-#define GETBN(dst, src, mem) \
+-	do {	dst.len = BN_num_bytes(src); \
+-		assert(dst.len <= sizeof(mem)); \
+-		BN_bn2bin(src, dst.data = mem); \
+-	} while (0)
+ 
+ 	/* Generate additional parameters.
+ 	 * At least the GPK seems to need the full set of CRT
+@@ -2178,7 +2175,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
+ 	 /* We don't really need an RSA structure, only the BIGNUMs */
+ 
+ 	if (!key->dmp1.len || !key->dmq1.len || !key->iqmp.len) {
+-		static u8 dmp1[256], dmq1[256], iqmp[256];
+ 		BIGNUM *aux;
+ 		BN_CTX *bn_ctx;
+ 		BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_p, *rsa_q, *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
+@@ -2206,11 +2202,35 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
+ 		BN_clear_free(aux);
+ 		BN_CTX_free(bn_ctx);
+ 
+-		/* Not thread safe, but much better than a memory leak */
+-		/* TODO put on stack, or allocate and clear and then free */
+-		GETBN(key->dmp1, rsa_dmp1, dmp1);
+-		GETBN(key->dmq1, rsa_dmq1, dmq1);
+-		GETBN(key->iqmp, rsa_iqmp, iqmp);
+		/* Do not replace, only fill in missing */
+		if (key->dmp1.data == NULL) {
+			key->dmp1.len = BN_num_bytes(rsa_dmp1);
+			key->dmp1.data = malloc(key->dmp1.len);
+			if (key->dmp1.data) {
+				BN_bn2bin(rsa_dmp1, key->dmp1.data);
+			} else {
+				key->dmp1.len = 0;
+			}
+		}
+
+		if (key->dmq1.data == NULL) {
+			key->dmq1.len = BN_num_bytes(rsa_dmq1);
+			key->dmq1.data = malloc(key->dmq1.len);
+			if (key->dmq1.data) {
+				BN_bn2bin(rsa_dmq1, key->dmq1.data);
+			} else {
+				key->dmq1.len = 0;
+			}
+		}
+		if (key->iqmp.data == NULL) {
+			key->iqmp.len = BN_num_bytes(rsa_iqmp);
+			key->iqmp.data = malloc(key->iqmp.len);
+			if (key->iqmp.data) {
+				BN_bn2bin(rsa_iqmp, key->iqmp.data);
+			} else {
+				key->iqmp.len = 0;
+			}
+		}
+ 
+ 		BN_clear_free(rsa_n);
+ 		BN_clear_free(rsa_e);
+@@ -2222,7 +2242,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
+ 		BN_clear_free(rsa_iqmp);
+ 
+ 	}
+-#undef GETBN
+ #endif
+ 	return 0;
+ }
--- a/opensc.spec
+++ b/opensc.spec
@ -1,13 +1,17 @@
+%global commit0 0362439563a11d254aeda63b9e9ddb44ea289308
+%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
+
 Name:           opensc
 Version:        0.16.0
-Release:        1%{?dist}
+Release:        2.20161016git%{shortcommit0}%{?dist}
 Summary:        Smart card library and applications

 Group:          System Environment/Libraries
 License:        LGPLv2+
 URL:            https://github.com/OpenSC/OpenSC/wiki
-Source0:	https://github.com/OpenSC/OpenSC/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        https://github.com/OpenSC/OpenSC/archive/%{commit0}.tar.gz#/%{name}-%{version}-git%{shortcommit0}.tar.gz
 Source1:        opensc.module
+Patch0:         opensc-prkey-fixup.patch

 BuildRequires:  pcsc-lite-devel
 BuildRequires:  readline-devel
@ -31,7 +35,9 @@ every software/card that does so, too.


 %prep
-%setup -q -n opensc-%{version}
+%setup -q -n OpenSC-%{commit0}
+
+%patch0 -p1 -b .prkey-fixes

 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@ -109,7 +115,8 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
 %{_libdir}/opensc-pkcs11.so
 %{_libdir}/pkcs11-spy.so
 %{_libdir}/onepin-opensc-pkcs11.so
-%dir %{_libdir}/pkcs11
+%{_libdir}/pkgconfig/*.pc
+%%dir %{_libdir}/pkcs11
 %{_libdir}/pkcs11/opensc-pkcs11.so
 %{_libdir}/pkcs11/onepin-opensc-pkcs11.so
 %{_libdir}/pkcs11/pkcs11-spy.so
@ -135,6 +142,10 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/


 %changelog
+* Mon Oct 31 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-2.20161016git0362439
+- Updated to latest git to address openssl 1.1.0 compilation issues (#1388895)
+- Do not own /etc/bash_completion.d directory (#1303441)
+
 * Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-1
 - New upstream release 0.16.0 (#1306071)