rpms/opensc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

opensc-0.16.0-2.20161016git0362439

Browse Source
This commit is contained in:
Jakub Jelen 2016-10-31 12:56:53 +01:00
parent 480eff0969
commit 329762d943
2 changed files with 122 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
opensc-prkey-fixup.patch Normal file
View File

@ -0,0 +1,107 @@
From c6c7a27bc90f0c5b8e8ecf0fe2fc1db89ac56fd9 Mon Sep 17 00:00:00 2001
From: Doug Engert <deengert@gmail.com>
Date: Tue, 25 Oct 2016 21:49:48 -0500
Subject: [PATCH] prkey_fixup_rsa changes for OpenSSL-1.1.0
Remove restrictions in prkey_fixup_rsa:
/* Not thread safe, but much better than a memory leak */
/* TODO put on stack, or allocate and clear and then free */
Compute dmp1, dmp1 and/or iqmp if not in sc_pkcs15_prkey_rsa
Remove the GETBN macro that was causing problems.
Changes to be committed:
modified: src/pkcs15init/pkcs15-lib.c
---
src/pkcs15init/pkcs15-lib.c | 43 +++++++++++++++++++++++++++++++------------
1 file changed, 31 insertions(+), 12 deletions(-)
diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 72a4b4a..eabcd4f 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -46,6 +46,7 @@
#endif
#include <assert.h>
#ifdef ENABLE_OPENSSL
+#include <openssl/opensslv.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -55,6 +56,7 @@
#include <openssl/pkcs12.h>
#endif
+#include "libopensc/sc-ossl-compat.h"
#include "common/compat_strlcpy.h"
#include "common/libscdl.h"
#include "libopensc/pkcs15.h"
@@ -2162,11 +2164,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
}
#ifdef ENABLE_OPENSSL
-#define GETBN(dst, src, mem) \
- do { dst.len = BN_num_bytes(src); \
- assert(dst.len <= sizeof(mem)); \
- BN_bn2bin(src, dst.data = mem); \
- } while (0)
/* Generate additional parameters.
* At least the GPK seems to need the full set of CRT
@@ -2178,7 +2175,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
/* We don't really need an RSA structure, only the BIGNUMs */
if (!key->dmp1.len || !key->dmq1.len || !key->iqmp.len) {
- static u8 dmp1[256], dmq1[256], iqmp[256];
BIGNUM *aux;
BN_CTX *bn_ctx;
BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_p, *rsa_q, *rsa_dmp1, *rsa_dmq1, *rsa_iqmp;
@@ -2206,11 +2202,35 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
BN_clear_free(aux);
BN_CTX_free(bn_ctx);
- /* Not thread safe, but much better than a memory leak */
- /* TODO put on stack, or allocate and clear and then free */
- GETBN(key->dmp1, rsa_dmp1, dmp1);
- GETBN(key->dmq1, rsa_dmq1, dmq1);
- GETBN(key->iqmp, rsa_iqmp, iqmp);
+ /* Do not replace, only fill in missing */
+ if (key->dmp1.data == NULL) {
+ key->dmp1.len = BN_num_bytes(rsa_dmp1);
+ key->dmp1.data = malloc(key->dmp1.len);
+ if (key->dmp1.data) {
+ BN_bn2bin(rsa_dmp1, key->dmp1.data);
+ } else {
+ key->dmp1.len = 0;
+ }
+ }
+
+ if (key->dmq1.data == NULL) {
+ key->dmq1.len = BN_num_bytes(rsa_dmq1);
+ key->dmq1.data = malloc(key->dmq1.len);
+ if (key->dmq1.data) {
+ BN_bn2bin(rsa_dmq1, key->dmq1.data);
+ } else {
+ key->dmq1.len = 0;
+ }
+ }
+ if (key->iqmp.data == NULL) {
+ key->iqmp.len = BN_num_bytes(rsa_iqmp);
+ key->iqmp.data = malloc(key->iqmp.len);
+ if (key->iqmp.data) {
+ BN_bn2bin(rsa_iqmp, key->iqmp.data);
+ } else {
+ key->iqmp.len = 0;
+ }
+ }
BN_clear_free(rsa_n);
BN_clear_free(rsa_e);
@@ -2222,7 +2242,6 @@ prkey_fixup_rsa(struct sc_pkcs15_card *p15card, struct sc_pkcs15_prkey_rsa *key)
BN_clear_free(rsa_iqmp);
}
-#undef GETBN
#endif
return 0;
}

19
opensc.spec
View File

@ -1,13 +1,17 @@
%global commit0 0362439563a11d254aeda63b9e9ddb44ea289308
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
Name: opensc Name: opensc
Version: 0.16.0 Version: 0.16.0
Release: 1%{?dist} Release: 2.20161016git%{shortcommit0}%{?dist}
Summary: Smart card library and applications Summary: Smart card library and applications
Group: System Environment/Libraries Group: System Environment/Libraries
License: LGPLv2+ License: LGPLv2+
URL: https://github.com/OpenSC/OpenSC/wiki URL: https://github.com/OpenSC/OpenSC/wiki
Source0: https://github.com/OpenSC/OpenSC/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/OpenSC/OpenSC/archive/%{commit0}.tar.gz#/%{name}-%{version}-git%{shortcommit0}.tar.gz
Source1: opensc.module Source1: opensc.module
Patch0: opensc-prkey-fixup.patch
BuildRequires: pcsc-lite-devel BuildRequires: pcsc-lite-devel
BuildRequires: readline-devel BuildRequires: readline-devel
@ -31,7 +35,9 @@ every software/card that does so, too.
%prep %prep
%setup -q -n opensc-%{version} %setup -q -n OpenSC-%{commit0}
%patch0 -p1 -b .prkey-fixes
cp -p src/pkcs15init/README ./README.pkcs15init cp -p src/pkcs15init/README ./README.pkcs15init
cp -p src/scconf/README.scconf . cp -p src/scconf/README.scconf .
@ -109,7 +115,8 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
%{_libdir}/opensc-pkcs11.so %{_libdir}/opensc-pkcs11.so
%{_libdir}/pkcs11-spy.so %{_libdir}/pkcs11-spy.so
%{_libdir}/onepin-opensc-pkcs11.so %{_libdir}/onepin-opensc-pkcs11.so
%dir %{_libdir}/pkcs11 %{_libdir}/pkgconfig/*.pc
%%dir %{_libdir}/pkcs11
%{_libdir}/pkcs11/opensc-pkcs11.so %{_libdir}/pkcs11/opensc-pkcs11.so
%{_libdir}/pkcs11/onepin-opensc-pkcs11.so %{_libdir}/pkcs11/onepin-opensc-pkcs11.so
%{_libdir}/pkcs11/pkcs11-spy.so %{_libdir}/pkcs11/pkcs11-spy.so
@ -135,6 +142,10 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
%changelog %changelog
* Mon Oct 31 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-2.20161016git0362439
- Updated to latest git to address openssl 1.1.0 compilation issues (#1388895)
- Do not own /etc/bash_completion.d directory (#1303441)
* Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-1 * Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-1
- New upstream release 0.16.0 (#1306071) - New upstream release 0.16.0 (#1306071)