Rebase to 0.23.0

Resolves: RHEL-280

.gitignore

@@ -9,3 +9,4 @@
 /opensc-0.20.0.tar.gz
 /opensc-0.21.0.tar.gz
 /opensc-0.22.0.tar.gz
+/opensc-0.23.0.tar.gz

opensc-0.19.0-pinpad.patch

@@ -3,7 +3,7 @@ diff -up opensc-0.19.0/etc/opensc.conf.pinpad opensc-0.19.0/etc/opensc.conf
 +++ opensc-0.19.0/etc/opensc.conf	2018-10-22 14:33:59.939410701 +0200
 @@ -4,4 +4,9 @@ app default {
  	framework pkcs15 {
- 		# use_file_caching = true;
+		# use_file_caching = public;
  	}
 +	reader_driver pcsc {
 +		# The pinpad is disabled by default,

opensc-0.22.0-detect-empty.patch

@@ -1,62 +0,0 @@
-From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Fri, 24 Sep 2021 13:33:26 +0200
-Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
-
-This was broken since 58b03b68, which tried to sanitize some states,
-but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
-of empty token information.
-
-Note, that this has effect only if the configuration options
-enable_default_driver and pkcs11_enable_InitToken are turned on.
-Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
----
- src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
-index 74fe7b3c49..4205e41739 100644
---- a/src/pkcs11/framework-pkcs15.c
-+++ b/src/pkcs11/framework-pkcs15.c
-@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
- {
- 	struct sc_pkcs11_slot *slot;
- 	struct pkcs15_fw_data *fw_data = NULL;
--	struct sc_pkcs15_card *p15card = NULL;
- 	struct sc_pkcs15_object *auth;
--	struct sc_pkcs15_auth_info *pin_info;
- 	CK_RV rv;
- 
- 	sc_log(context, "C_GetTokenInfo(%lx)", slotID);
-@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
- 		rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
- 		goto out;
- 	}
--	p15card = fw_data->p15_card;
--	if (!p15card) {
--		rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
--		goto out;
--	}
--
- 	/* User PIN flags are cleared before re-calculation */
- 	slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
- 	auth = slot_data_auth(slot->fw_data);
-@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
- 		"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
- 		slot->token_info.flags);
- 	if (auth) {
-+		struct sc_pkcs15_card *p15card = NULL;
-+		struct sc_pkcs15_auth_info *pin_info = NULL;
-+
- 		pin_info = (struct sc_pkcs15_auth_info*) auth->data;
- 
-+		p15card = fw_data->p15_card;
-+		if (!p15card) {
-+			rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
-+			goto out;
-+		}
-+
- 		sc_pkcs15_get_pin_info(p15card, auth);
- 
- 		if (pin_info->tries_left >= 0) {
-

opensc-0.22.0-file-cache.patch

@@ -5,8 +5,8 @@ diff -up opensc-0.22.0/etc/opensc.conf.file-cache opensc-0.22.0/etc/opensc.conf
  	# debug = 3;
  	# debug_file = opensc-debug.txt;
  	framework pkcs15 {
--		# use_file_caching = true;
-+		use_file_caching = true;
+-		# use_file_caching = public;
++		use_file_caching = public;
  	}
  	reader_driver pcsc {
  		# The pinpad is disabled by default,
@@ -18,6 +18,6 @@ diff -up opensc-0.22.0/etc/opensc.conf.file-cache opensc-0.22.0/etc/opensc.conf
 +# brings more trouble than use so disable that:
 +app pkcs15-init {
 +	framework pkcs15 {
-+		use_file_caching = false;
++		use_file_caching = no;
 +	}
 +}

opensc-0.23.0-pkcs11-tool-import.patch

@@ -0,0 +1,212 @@
+From 99f7b82f187ca3512ceae6270c391243d018fdac Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 1 Dec 2022 20:08:53 +0100
+Subject: [PATCH 1/4] pkcs11-tool: Fix private key import
+
+---
+ src/tools/pkcs11-tool.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index aae205fe2c..cfee8526d5 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+ 		RSA_get0_factors(r, &r_p, &r_q);
+ 		RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
+ #else
+-		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 ||
++		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
+-			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
+ 			util_fatal("OpenSSL error during RSA private key parsing");
++			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
+ 		}
+ #endif
+ 		RSA_GET_BN(rsa, private_exponent, r_d);
+
+From 4a6e1d1dcd18757502027b1c5d2fb2cbaca28407 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 1 Dec 2022 20:11:41 +0100
+Subject: [PATCH 2/4] pkcs11-tool: Log more information on OpenSSL errors
+
+---
+ src/tools/pkcs11-tool.c | 15 ++++++---------
+ 1 file changed, 6 insertions(+), 9 deletions(-)
+
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index cfee8526d5..f2e6b1dd91 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -3641,10 +3641,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+ 	const BIGNUM *r_dmp1, *r_dmq1, *r_iqmp;
+ 	r = EVP_PKEY_get1_RSA(pkey);
+ 	if (!r) {
+-		if (private)
+-			util_fatal("OpenSSL error during RSA private key parsing");
+-		else
+-			util_fatal("OpenSSL error during RSA public key parsing");
++		util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public",
++			ERR_error_string(ERR_peek_last_error(), NULL));
+ 	}
+ 
+ 	RSA_get0_key(r, &r_n, &r_e, NULL);
+@@ -3654,10 +3652,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+ 	BIGNUM *r_dmp1 = NULL, *r_dmq1 = NULL, *r_iqmp = NULL;
+ 	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &r_n) != 1 ||
+ 		EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &r_e) != 1) {
+-		if (private)
+-			util_fatal("OpenSSL error during RSA private key parsing");
+-		else
+-			util_fatal("OpenSSL error during RSA public key parsing");
++		util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public",
++			ERR_error_string(ERR_peek_last_error(), NULL));
+ 	 }
+ #endif
+ 	RSA_GET_BN(rsa, modulus, r_n);
+@@ -3674,8 +3670,9 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
+-			util_fatal("OpenSSL error during RSA private key parsing");
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
++			util_fatal("OpenSSL error during RSA private key parsing: %s",
++				ERR_error_string(ERR_peek_last_error(), NULL));
+ 		}
+ #endif
+ 		RSA_GET_BN(rsa, private_exponent, r_d);
+
+From 267da3e81f1fc23a9ccce1462ab5deb1a4d4aec5 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 1 Dec 2022 20:38:31 +0100
+Subject: [PATCH 3/4] Reproducer for broken pkcs11-tool key import
+
+---
+ tests/Makefile.am                | 10 ++++---
+ tests/test-pkcs11-tool-import.sh | 48 ++++++++++++++++++++++++++++++++
+ 2 files changed, 54 insertions(+), 4 deletions(-)
+ create mode 100755 tests/test-pkcs11-tool-import.sh
+
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index d378e2ee00..9d8a24c321 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -14,8 +14,9 @@ dist_noinst_SCRIPTS = common.sh \
+                       test-pkcs11-tool-test-threads.sh \
+                       test-pkcs11-tool-sign-verify.sh \
+                       test-pkcs11-tool-allowed-mechanisms.sh \
+-                      test-pkcs11-tool-sym-crypt-test.sh\
+-                      test-pkcs11-tool-unwrap-wrap-test.sh
++                      test-pkcs11-tool-sym-crypt-test.sh \
++                      test-pkcs11-tool-unwrap-wrap-test.sh \
++                      test-pkcs11-tool-import.sh
+ 
+ .NOTPARALLEL:
+ TESTS = \
+@@ -25,8 +26,9 @@ TESTS = \
+         test-pkcs11-tool-test.sh \
+         test-pkcs11-tool-test-threads.sh \
+         test-pkcs11-tool-allowed-mechanisms.sh \
+-        test-pkcs11-tool-sym-crypt-test.sh\
+-        test-pkcs11-tool-unwrap-wrap-test.sh
++        test-pkcs11-tool-sym-crypt-test.sh \
++        test-pkcs11-tool-unwrap-wrap-test.sh \
++        test-pkcs11-tool-import.sh
+ XFAIL_TESTS = \
+         test-pkcs11-tool-test-threads.sh \
+         test-pkcs11-tool-test.sh
+diff --git a/tests/test-pkcs11-tool-import.sh b/tests/test-pkcs11-tool-import.sh
+new file mode 100755
+index 0000000000..76ff8e51be
+--- /dev/null
++++ b/tests/test-pkcs11-tool-import.sh
+@@ -0,0 +1,48 @@
++#!/bin/bash
++SOURCE_PATH=${SOURCE_PATH:-..}
++
++source $SOURCE_PATH/tests/common.sh
++
++echo "======================================================="
++echo "Setup SoftHSM"
++echo "======================================================="
++if [[ ! -f $P11LIB ]]; then
++    echo "WARNING: The SoftHSM is not installed. Can not run this test"
++    exit 77;
++fi
++card_setup
++
++ID="0100"
++OPTS=""
++for KEYTYPE in "RSA" "EC"; do
++    echo "======================================================="
++    echo "Generate and import $KEYTYPE keys"
++    echo "======================================================="
++    if [ "$KEYTYPE" == "RSA" ]; then
++        ID="0100"
++    elif [ "$KEYTYPE" == "EC" ]; then
++        ID="0200"
++        OPTS="-pkeyopt ec_paramgen_curve:P-521"
++    fi
++    openssl genpkey -out "${KEYTYPE}_private.der" -outform DER -algorithm $KEYTYPE $OPTS
++    assert $? "Failed to generate private $KEYTYPE key"
++    $PKCS11_TOOL --write-object "${KEYTYPE}_private.der" --id "$ID" --type privkey \
++        --label "$KEYTYPE" -p "$PIN" --module "$P11LIB"
++    assert $? "Failed to write private $KEYTYPE key"
++
++    openssl pkey -in "${KEYTYPE}_private.der" -out "${KEYTYPE}_public.der" -pubout -inform DER -outform DER
++    assert $? "Failed to convert private $KEYTYPE key to public"
++    $PKCS11_TOOL --write-object "${KEYTYPE}_public.der" --id "$ID" --type pubkey --label "$KEYTYPE" \
++        -p $PIN --module $P11LIB
++    assert $? "Failed to write public $KEYTYPE key"
++    # certificate import already tested in all other tests
++
++    rm "${KEYTYPE}_private.der" "${KEYTYPE}_public.der"
++done
++
++echo "======================================================="
++echo "Cleanup"
++echo "======================================================="
++card_cleanup
++
++exit $ERRORS
+
+From 63a7bceeca43ece1eee201ef7a974b20b294ba4e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jakuje@gmail.com>
+Date: Fri, 2 Dec 2022 18:07:43 +0100
+Subject: [PATCH 4/4] Simplify the new test
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Co-authored-by: Veronika Hanulíková <61348757+xhanulik@users.noreply.github.com>
+---
+ tests/test-pkcs11-tool-import.sh | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/tests/test-pkcs11-tool-import.sh b/tests/test-pkcs11-tool-import.sh
+index 76ff8e51be..c90b3b4926 100755
+--- a/tests/test-pkcs11-tool-import.sh
++++ b/tests/test-pkcs11-tool-import.sh
+@@ -12,15 +12,13 @@ if [[ ! -f $P11LIB ]]; then
+ fi
+ card_setup
+ 
+-ID="0100"
+-OPTS=""
+ for KEYTYPE in "RSA" "EC"; do
+     echo "======================================================="
+     echo "Generate and import $KEYTYPE keys"
+     echo "======================================================="
+-    if [ "$KEYTYPE" == "RSA" ]; then
+-        ID="0100"
+-    elif [ "$KEYTYPE" == "EC" ]; then
++    ID="0100"
++    OPTS=""
++    if [ "$KEYTYPE" == "EC" ]; then
+         ID="0200"
+         OPTS="-pkeyopt ec_paramgen_curve:P-521"
+     fi
+

opensc-32b-arch.patch

@@ -1,33 +0,0 @@
-commit 6bc05d7037041e543d627248ca9df90723426ce1
-Author: Jakub Jelen <jjelen@redhat.com>
-Date:   Tue Aug 10 16:30:40 2021 +0200
-
-    p11test: Fix invalid format string on 32b architectures
-
-diff --git a/src/tests/p11test/p11test.c b/src/tests/p11test/p11test.c
-index dbac167d..49de6a93 100644
---- a/src/tests/p11test/p11test.c
-+++ b/src/tests/p11test/p11test.c
-@@ -139,7 +139,7 @@ int main(int argc, char** argv) {
- 		return -1;
- 	}
- 
--	debug_print("Card info:\n\tPIN %s\n\tPIN LENGTH %lu\n\t",
-+	debug_print("Card info:\n\tPIN %s\n\tPIN LENGTH %zu\n\t",
- 		token.pin, token.pin_length);
- 
- 	return cmocka_run_group_tests(readonly_tests_without_initialization,
-diff --git a/src/tests/p11test/p11test_case_pss_oaep.c b/src/tests/p11test/p11test_case_pss_oaep.c
-index 1d876a5b..5a6ae9d0 100644
---- a/src/tests/p11test/p11test_case_pss_oaep.c
-+++ b/src/tests/p11test/p11test_case_pss_oaep.c
-@@ -402,7 +402,7 @@ int oaep_encrypt_decrypt_test(test_cert_t *o, token_info_t *info, test_mech_t *m
- 	if (message_length < 0) {
- 		mech->usage_flags &= ~CKF_DECRYPT;
- 		debug_print(" [SKIP %s ] Too small modulus (%ld bits)"
--			" or too large hash %s (%lu B) for OAEP", o->id_str,
-+			" or too large hash %s (%zu B) for OAEP", o->id_str,
- 			o->bits, get_mechanism_name(mech->hash),
- 			get_hash_length(mech->hash));
- 		return 0;
-

opensc-gcc11.patch

@@ -1,16 +0,0 @@
-diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
-index d251495c..e48f3189 100644
---- a/src/tools/opensc-explorer.c
-+++ b/src/tools/opensc-explorer.c
-@@ -2030,9 +2030,9 @@ static int do_put_data(int argc, char **argv)
- static int do_apdu(int argc, char **argv)
- {
- 	sc_apdu_t apdu;
--	u8 buf[SC_MAX_EXT_APDU_BUFFER_SIZE];
-+	u8 buf[SC_MAX_EXT_APDU_BUFFER_SIZE] = {0};
- 	u8 rbuf[SC_MAX_EXT_APDU_BUFFER_SIZE];
--	size_t len, i;
-+	size_t len = 0, i;
- 	int r;
- 
- 	if (argc < 1)

opensc.spec

@@ -2,8 +2,8 @@
 %define nssdb %{_sysconfdir}/pki/nssdb
 
 Name:           opensc
-Version:        0.22.0
-Release:        2%{?dist}
+Version:        0.23.0
+Release:        1%{?dist}
 Summary:        Smart card library and applications
 
 License:        LGPLv2+
@@ -11,16 +11,10 @@ URL:            https://github.com/OpenSC/OpenSC/wiki
 Source0:        https://github.com/OpenSC/OpenSC/releases/download/%{version}/%{name}-%{version}.tar.gz
 Source1:        opensc.module
 Patch1:         opensc-0.19.0-pinpad.patch
-# https://github.com/OpenSC/OpenSC/pull/2241/
-Patch5:         %{name}-gcc11.patch
-# https://github.com/OpenSC/OpenSC/pull/2343
-Patch7:         %{name}-32b-arch.patch
 # File caching by default (#2000626)
-Patch8:         %{name}-%{version}-file-cache.patch
-# https://github.com/OpenSC/OpenSC/pull/2414 (#2007029)
-Patch9:         %{name}-%{version}-detect-empty.patch
+Patch8:         %{name}-0.22.0-file-cache.patch
 
-BuildRequires: make
+BuildRequires:  make
 BuildRequires:  pcsc-lite-devel
 BuildRequires:  readline-devel
 BuildRequires:  openssl-devel
@@ -31,6 +25,7 @@ BuildRequires:  bash-completion
 BuildRequires:  zlib-devel
 # For tests
 BuildRequires:  libcmocka-devel
+BuildRequires:  vim-common
 %if ! 0%{?rhel}
 BuildRequires:  softhsm
 %endif
@@ -56,10 +51,7 @@ every software/card that does so, too.
 %prep
 %setup -q
 %patch1 -p1 -b .pinpad
-%patch5 -p1 -b .gcc11
-%patch7 -p1 -b .32b
 %patch8 -p1 -b .file-cache
-%patch9 -p1 -b .detect-empty
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@@ -75,21 +67,19 @@ sed -i -e 's/opensc.conf/opensc-%{_arch}.conf/g' src/libopensc/Makefile.in
 sed -i -e 's|"/lib /usr/lib\b|"/%{_lib} %{_libdir}|' configure # lib64 rpaths
 %set_build_flags
 CFLAGS="$CFLAGS -Wstrict-aliasing=2 -Wno-deprecated-declarations"
-%configure  --disable-static \
+%configure --disable-static \
   --disable-autostart-items \
   --disable-notify \
   --disable-assert \
   --enable-pcsc \
   --enable-cmocka \
-  --enable-sm \
-  --with-pcsc-provider=libpcsclite.so.1
+  --enable-sm
 %make_build
 
 
 %check
 make check
 
-
 %install
 %make_install
 install -Dpm 644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/p11-kit/modules/opensc.module
@@ -119,9 +109,6 @@ rm -f $RPM_BUILD_ROOT%{_libdir}/libopensc.so
 # remove the .pc file so we do not confuse users #1673139
 rm -f $RPM_BUILD_ROOT%{_libdir}/pkgconfig/*.pc
 rm -f $RPM_BUILD_ROOT%{_libdir}/libsmm-local.so
-%if 0%{?rhel} && 0%{?rhel} < 7
-rm -rf %{buildroot}%{_datadir}/bash-completion/
-%endif
 
 # the npa-tool builds to nothing since we do not have OpenPACE library
 rm -rf %{buildroot}%{_bindir}/npa-tool
@@ -132,7 +119,6 @@ rm -rf %{buildroot}%{_bindir}/pkcs11-register
 rm -rf %{buildroot}%{_mandir}/man1/pkcs11-register.1*
 
 # Remove the notification files
-rm %{buildroot}%{_bindir}/opensc-notify
 rm %{buildroot}%{_datadir}/applications/org.opensc.notify.desktop
 rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 
@@ -140,9 +126,7 @@ rm %{buildroot}%{_mandir}/man1/opensc-notify.1*
 %files
 %doc COPYING NEWS README*
 
-%if ! 0%{?rhel} || 0%{?rhel} >= 7
 %{_datadir}/bash-completion/*
-%endif
 
 %ifarch %{ix86}
 %{_mandir}/man5/opensc-%{_arch}.conf.5*

sources

@@ -1 +1 @@
-SHA512 (opensc-0.22.0.tar.gz) = 70ad5f1219f2ec2a5529a30d8e9955510c77c87d0bc857d5951c7227c75cf9de1c6071f43dd3816a2034123ebd902709793ff776e84d5379fdd54c811ccfaaee
+SHA512 (opensc-0.23.0.tar.gz) = cd102cd64e719c59153960a4921b7525055045f16e6f6ffa8c9def6ce999a9c5098267b41f8753b41107f626bea20c34561002f5d38eddb4ce6b371913a17a1b