rpms/opensc
5
0
Fork 0
Code Issues Pull Requests Releases Activity

opensc-0.16.0-1

Browse Source 
* all patches applied upstream
 * new gids-tool
 * the folder from taball is in lower case
This commit is contained in:
Jakub Jelen 2016-08-02 13:54:59 +02:00
parent 6111c51e42
commit c462078550
8 changed files with 10 additions and 665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/opensc-0.13.0.tar.gz
/opensc-0.14.0.tar.gz
/opensc-0.15.0.tar.gz
/opensc-0.16.0.tar.gz

120
opensc-0.15.0-cka_private.patch
View File

@ -1,120 +0,0 @@
commit 4df35b922c8eb7e0776a23260b65e570b33e4d42
Author: Nicholas Wilson <nicholas.wilson@realvnc.com>
Date: Tue Aug 11 14:02:52 2015 +0100
pkcs11: Fix to CKA_PRIVATE handling pcks11-tool
There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 2781302..c3861d5 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -1923,6 +1923,7 @@ static int parse_gost_private_key(EVP_PKEY *evp_key, struct gostkey_info *gost)
static int write_object(CK_SESSION_HANDLE session)
{
CK_BBOOL _true = TRUE;
+ CK_BBOOL _false = FALSE;
unsigned char contents[MAX_OBJECT_SIZE + 1];
int contents_len = 0;
unsigned char certdata[MAX_OBJECT_SIZE];
@@ -2026,28 +2027,24 @@ static int write_object(CK_SESSION_HANDLE session)
FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
FILL_ATTR(cert_templ[2], CKA_CLASS, &clazz, sizeof(clazz));
FILL_ATTR(cert_templ[3], CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
- n_cert_attr = 4;
+ FILL_ATTR(cert_templ[4], CKA_PRIVATE, &_false, sizeof(_false));
+ n_cert_attr = 5;
if (opt_object_label != NULL) {
- FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL,
- opt_object_label, strlen(opt_object_label));
+ FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
n_cert_attr++;
}
if (opt_object_id_len != 0) {
- FILL_ATTR(cert_templ[n_cert_attr], CKA_ID,
- opt_object_id, opt_object_id_len);
+ FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, opt_object_id, opt_object_id_len);
n_cert_attr++;
}
#ifdef ENABLE_OPENSSL
/* according to PKCS #11 CKA_SUBJECT MUST be specified */
- FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT,
- cert.subject, cert.subject_len);
+ FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
n_cert_attr++;
- FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER,
- cert.issuer, cert.issuer_len);
+ FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, cert.issuer, cert.issuer_len);
n_cert_attr++;
- FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER,
- cert.serialnum, cert.serialnum_len);
+ FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, cert.serialnum, cert.serialnum_len);
n_cert_attr++;
#endif
}
@@ -2150,9 +2147,12 @@ static int write_object(CK_SESSION_HANDLE session)
n_pubkey_attr = 3;
if (opt_is_private != 0) {
- FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
- &_true, sizeof(_true));
- n_data_attr++;
+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_true, sizeof(_true));
+ n_pubkey_attr++;
+ }
+ else {
+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_false, sizeof(_false));
+ n_pubkey_attr++;
}
if (opt_object_label != NULL) {
@@ -2180,15 +2180,12 @@ static int write_object(CK_SESSION_HANDLE session)
#ifdef ENABLE_OPENSSL
if (cert.subject_len != 0) {
- FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT,
- cert.subject, cert.subject_len);
+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
n_pubkey_attr++;
}
- FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS,
- rsa.modulus, rsa.modulus_len);
+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, rsa.modulus, rsa.modulus_len);
n_pubkey_attr++;
- FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT,
- rsa.public_exponent, rsa.public_exponent_len);
+ FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, rsa.public_exponent, rsa.public_exponent_len);
n_pubkey_attr++;
#endif
}
@@ -2202,8 +2199,11 @@ static int write_object(CK_SESSION_HANDLE session)
n_data_attr = 3;
if (opt_is_private != 0) {
- FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
- &_true, sizeof(_true));
+ FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_true, sizeof(_true));
+ n_data_attr++;
+ }
+ else {
+ FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_false, sizeof(_false));
n_data_attr++;
}
@@ -2227,8 +2227,7 @@ static int write_object(CK_SESSION_HANDLE session)
}
if (opt_object_label != NULL) {
- FILL_ATTR(data_templ[n_data_attr], CKA_LABEL,
- opt_object_label, strlen(opt_object_label));
+ FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
n_data_attr++;
}

24
opensc-0.15.0-eID-rsa2048.patch
View File

@ -1,24 +0,0 @@
From 74493ca73f8e3c21c098fecb42a7a08ead85e197 Mon Sep 17 00:00:00 2001
From: Henrik Andersson <henrik.4e@gmail.com>
Date: Fri, 13 May 2016 09:16:21 +0200
Subject: [PATCH] Add support for RSA with keylength 2048
This solves sign issues with swedish eID cards which have
RSA keys with length 2048. This also solves the issue #726.
---
src/libopensc/card-setcos.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c
index 2b0182a..a852180 100644
--- a/src/libopensc/card-setcos.c
+++ b/src/libopensc/card-setcos.c
@@ -215,6 +215,7 @@ static int setcos_init(sc_card_t *card)
_sc_card_add_rsa_alg(card, 512, flags, 0);
_sc_card_add_rsa_alg(card, 768, flags, 0);
_sc_card_add_rsa_alg(card, 1024, flags, 0);
+ _sc_card_add_rsa_alg(card, 2048, flags, 0);
}
break;
}

399
opensc-0.15.0-fork-issue.patch
View File

@ -1,399 +0,0 @@
diff --git a/configure.ac b/configure.ac
index 67aa5c4..e65c919 100644
--- a/configure.ac
+++ b/configure.ac
@@ -39,8 +39,8 @@ OPENSC_VS_FF_PRODUCT_NAME="VS_FF_PRODUCT_NAME"
# (Code changed: REVISION++)
# (Oldest interface removed: OLDEST++)
# (Interfaces added: CURRENT++, REVISION=0)
-OPENSC_LT_CURRENT="3"
-OPENSC_LT_OLDEST="3"
+OPENSC_LT_CURRENT="4"
+OPENSC_LT_OLDEST="4"
OPENSC_LT_REVISION="0"
OPENSC_LT_AGE="0"
OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))"
diff --git a/src/libopensc/card.c b/src/libopensc/card.c
index 2cb16f6..f3cb152 100644
--- a/src/libopensc/card.c
+++ b/src/libopensc/card.c
@@ -218,7 +218,8 @@ int sc_connect_card(sc_reader_t *reader, sc_card_t **card_out)
if (ops == NULL || ops->match_card == NULL) {
continue;
}
- else if (!ctx->enable_default_driver && !strcmp("default", drv->short_name)) {
+ else if (!(ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER)
+ && !strcmp("default", drv->short_name)) {
sc_log(ctx , "ignore 'default' card driver");
continue;
}
diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
index 5595dc4..15312f7 100644
--- a/src/libopensc/ctx.c
+++ b/src/libopensc/ctx.c
@@ -186,8 +186,7 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts)
if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
fclose(ctx->debug_file);
ctx->debug_file = stderr;
- ctx->paranoid_memory = 0;
- ctx->enable_default_driver = 0;
+ ctx->flags = 0;
#ifdef __APPLE__
/* Override the default debug log for OpenSC.tokend to be different from PKCS#11.
@@ -258,11 +257,13 @@ load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options *
sc_ctx_log_to_file(ctx, val);
}
- ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory",
- ctx->paranoid_memory);
+ if (scconf_get_bool (block, "paranoid-memory",
+ ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY))
+ ctx->flags |= SC_CTX_FLAG_PARANOID_MEMORY;
- ctx->enable_default_driver = scconf_get_bool (block, "enable_default_driver",
- ctx->enable_default_driver);
+ if (scconf_get_bool (block, "enable_default_driver",
+ ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER))
+ ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
val = scconf_get_str(block, "force_card_driver", NULL);
if (val) {
@@ -723,7 +724,9 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
return SC_ERROR_OUT_OF_MEMORY;
}
+ ctx->flags = parm->flags;
set_defaults(ctx, &opts);
+
list_init(&ctx->readers);
list_attributes_seeker(&ctx->readers, reader_list_seeker);
/* set thread context and create mutex object (if specified) */
diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
index 8c4e81f..e9a4d19 100644
--- a/src/libopensc/opensc.h
+++ b/src/libopensc/opensc.h
@@ -639,13 +639,25 @@ typedef struct {
unsigned long (*thread_id)(void);
} sc_thread_context_t;
+/** Stop modifing or using external resources
+ *
+ * Currently this is used to avoid freeing duplicated external resources for a
+ * process that has been forked. For example, a child process may want to leave
+ * the duplicated card handles for the parent process. With this flag the child
+ * process indicates that shall the reader shall ignore those resources when
+ * calling sc_disconnect_card.
+ */
+#define SC_CTX_FLAG_TERMINATE 0x00000001
+#define SC_CTX_FLAG_PARANOID_MEMORY 0x00000002
+#define SC_CTX_FLAG_DEBUG_MEMORY 0x00000004
+#define SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER 0x00000008
+
typedef struct sc_context {
scconf_context *conf;
scconf_block *conf_blocks[3];
char *app_name;
int debug;
- int paranoid_memory;
- int enable_default_driver;
+ unsigned long flags;
FILE *debug_file;
char *debug_filename;
@@ -719,7 +731,7 @@ typedef struct {
* dependend configuration data). If NULL the name "default"
* will be used. */
const char *app_name;
- /** flags, currently unused */
+ /** context flags */
unsigned long flags;
/** mutex functions to use (optional) */
sc_thread_context_t *thread_ctx;
diff --git a/src/libopensc/reader-ctapi.c b/src/libopensc/reader-ctapi.c
index 919c3f0..c526500 100644
--- a/src/libopensc/reader-ctapi.c
+++ b/src/libopensc/reader-ctapi.c
@@ -116,6 +116,9 @@ static int refresh_attributes(sc_reader_t *reader)
u8 cmd[5], rbuf[256], sad, dad;
unsigned short lr;
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
cmd[0] = CTBCS_CLA;
cmd[1] = CTBCS_INS_STATUS;
cmd[2] = CTBCS_P1_CT_KERNEL;
@@ -158,6 +161,9 @@ static int ctapi_internal_transmit(sc_reader_t *reader,
u8 dad, sad;
unsigned short lr;
char rv;
+
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
if (control)
dad = 1;
@@ -235,6 +241,9 @@ static int ctapi_connect(sc_reader_t *reader)
unsigned short lr;
int r;
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
cmd[0] = CTBCS_CLA;
cmd[1] = CTBCS_INS_REQUEST;
cmd[2] = CTBCS_P1_INTERFACE1;
@@ -280,7 +289,9 @@ static int ctapi_release(sc_reader_t *reader)
{
struct ctapi_private_data *priv = GET_PRIV_DATA(reader);
- priv->funcs.CT_close(priv->ctn);
+
+ if (!(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
+ priv->funcs.CT_close(priv->ctn);
free(priv);
return 0;
diff --git a/src/libopensc/reader-openct.c b/src/libopensc/reader-openct.c
index a276d52..2d7d6bd 100644
--- a/src/libopensc/reader-openct.c
+++ b/src/libopensc/reader-openct.c
@@ -154,7 +154,7 @@ static int openct_reader_release(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
if (data) {
- if (data->h)
+ if (data->h && !(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
ct_reader_disconnect(data->h);
sc_mem_clear(data, sizeof(*data));
reader->drv_data = NULL;
@@ -174,6 +174,9 @@ static int openct_reader_detect_card_presence(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
reader->flags = 0;
if (!data->h && !(data->h = ct_reader_connect(data->num)))
return 0;
@@ -197,6 +200,9 @@ openct_reader_connect(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
if (data->h)
ct_reader_disconnect(data->h);
@@ -242,7 +248,7 @@ static int openct_reader_disconnect(sc_reader_t *reader)
struct driver_data *data = (struct driver_data *) reader->drv_data;
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
- if (data->h)
+ if (data->h && !(reader->flags & SC_TERMINATE))
ct_reader_disconnect(data->h);
data->h = NULL;
return SC_SUCCESS;
@@ -256,6 +262,9 @@ openct_reader_internal_transmit(sc_reader_t *reader,
struct driver_data *data = (struct driver_data *) reader->drv_data;
int rc;
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
/* Hotplug check */
if ((rc = openct_reader_reconnect(reader)) < 0)
return rc;
@@ -324,6 +333,9 @@ static int openct_reader_perform_verify(sc_reader_t *reader, struct sc_pin_cmd_d
u8 buf[254];
int rc;
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
/* Hotplug check */
if ((rc = openct_reader_reconnect(reader)) < 0)
return rc;
@@ -382,6 +394,9 @@ static int openct_reader_lock(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
/* Hotplug check */
if ((rc = openct_reader_reconnect(reader)) < 0)
return rc;
@@ -408,6 +423,9 @@ static int openct_reader_unlock(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
/* Not connected */
if (data->h == NULL)
return 0;
diff --git a/src/libopensc/reader-pcsc.c b/src/libopensc/reader-pcsc.c
index 666265d..7c26a25 100644
--- a/src/libopensc/reader-pcsc.c
+++ b/src/libopensc/reader-pcsc.c
@@ -184,6 +184,9 @@ static int pcsc_internal_transmit(sc_reader_t *reader,
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
card = priv->pcsc_card;
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
sSendPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol);
sSendPci.cbPciLength = sizeof(sSendPci);
sRecvPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol);
@@ -284,6 +287,9 @@ static int refresh_attributes(sc_reader_t *reader)
sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "%s check", reader->name);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
if (priv->reader_state.szReader == NULL) {
priv->reader_state.szReader = reader->name;
priv->reader_state.dwCurrentState = SCARD_STATE_UNAWARE;
@@ -505,7 +511,8 @@ static int pcsc_disconnect(sc_reader_t * reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
- priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action);
+ if (!(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
+ priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action);
reader->flags = 0;
return SC_SUCCESS;
}
@@ -518,6 +525,9 @@ static int pcsc_lock(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
rv = priv->gpriv->SCardBeginTransaction(priv->pcsc_card);
switch (rv) {
@@ -555,6 +565,9 @@ static int pcsc_unlock(sc_reader_t *reader)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
rv = priv->gpriv->SCardEndTransaction(priv->pcsc_card, priv->gpriv->transaction_end_action);
priv->locked = 0;
@@ -597,12 +610,18 @@ static int pcsc_cancel(sc_context_t *ctx)
struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *)ctx->reader_drv_data;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
+
+ if (ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
#ifndef _WIN32
if (gpriv->pcsc_wait_ctx != -1) {
rv = gpriv->SCardCancel(gpriv->pcsc_wait_ctx);
- if (rv == SCARD_S_SUCCESS)
+ if (rv == SCARD_S_SUCCESS) {
/* Also close and clear the waiting context */
rv = gpriv->SCardReleaseContext(gpriv->pcsc_wait_ctx);
+ gpriv->pcsc_wait_ctx = -1;
+ }
}
#else
rv = gpriv->SCardCancel(gpriv->pcsc_ctx);
@@ -747,7 +766,7 @@ static int pcsc_finish(sc_context_t *ctx)
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
if (gpriv) {
- if (gpriv->pcsc_ctx != -1)
+ if (gpriv->pcsc_ctx != -1 && !(ctx->flags & SC_CTX_FLAG_TERMINATE))
gpriv->SCardReleaseContext(gpriv->pcsc_ctx);
if (gpriv->dlhandle != NULL)
sc_dlclose(gpriv->dlhandle);
@@ -1693,6 +1712,9 @@ pcsc_pin_cmd(sc_reader_t *reader, struct sc_pin_cmd_data *data)
SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
+ if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
+ return SC_ERROR_NOT_ALLOWED;
+
if (priv->gpriv->SCardControl == NULL)
return SC_ERROR_NOT_SUPPORTED;
@@ -1982,8 +2004,8 @@ static int transform_pace_output(u8 *rbuf, size_t rbuflen,
static int
pcsc_perform_pace(struct sc_reader *reader, void *input_pace, void *output_pace)
{
- struct establish_pace_channel_input *pace_input = (struct establish_pace_channel_input *) input_pace;
- struct establish_pace_channel_output *pace_output = (struct establish_pace_channel_output *) output_pace;
+ struct establish_pace_channel_input *pace_input = (struct establish_pace_channel_input *) input_pace;
+ struct establish_pace_channel_output *pace_output = (struct establish_pace_channel_output *) output_pace;
struct pcsc_private_data *priv;
u8 rbuf[SC_MAX_EXT_APDU_BUFFER_SIZE], sbuf[SC_MAX_EXT_APDU_BUFFER_SIZE];
size_t rcount = sizeof rbuf, scount = sizeof sbuf;
diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
index 052d6eb..5cddd32 100644
--- a/src/libopensc/sc.c
+++ b/src/libopensc/sc.c
@@ -806,7 +806,7 @@ void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len)
locked = 1;
#endif
if (!locked) {
- if (ctx->paranoid_memory) {
+ if (ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY) {
sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set");
free (pointer);
pointer = NULL;
diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
index a01cbab..349ee29 100644
--- a/src/pkcs11/pkcs11-global.c
+++ b/src/pkcs11/pkcs11-global.c
@@ -202,9 +202,11 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
unsigned int i;
sc_context_param_t ctx_opts;
- /* Handle fork() exception */
#if !defined(_WIN32)
+ /* Handle fork() exception */
if (current_pid != initialized_pid) {
+ if (context)
+ context->flags |= SC_CTX_FLAG_TERMINATE;
C_Finalize(NULL_PTR);
}
initialized_pid = current_pid;
diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
index fa2581b..75588df 100644
--- a/src/tools/opensc-explorer.c
+++ b/src/tools/opensc-explorer.c
@@ -1836,7 +1836,7 @@ int main(int argc, char * const argv[])
return 1;
}
- ctx->enable_default_driver = 1;
+ ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
if (verbose > 1) {
ctx->debug = verbose;
diff --git a/src/tools/opensc-tool.c b/src/tools/opensc-tool.c
index d907984..aea526e 100644
--- a/src/tools/opensc-tool.c
+++ b/src/tools/opensc-tool.c
@@ -758,7 +758,7 @@ int main(int argc, char * const argv[])
return 1;
}
- ctx->enable_default_driver = 1;
+ ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
if (verbose > 1) {
ctx->debug = verbose;

31
opensc-0.15.0-pubkey-crash.patch
View File

@ -1,31 +0,0 @@
From 6e5ae841eb398b6393d7349d45f2386f820c9f5f Mon Sep 17 00:00:00 2001
From: LE TOUX Vincent <HG2025@sdmn01.sirius.infra.com>
Date: Sat, 2 Jan 2016 09:31:36 +0100
Subject: [PATCH] fix a pkcs11 crash when the public key reading fails
---
src/pkcs11/framework-pkcs15.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index e103550..8496f43 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -772,9 +772,11 @@ __pkcs15_prkey_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_prkey_
if (sc_pkcs15_compare_id(&pubkey->pub_info->id, id)) {
sc_log(context, "Associating object %d as public key", i);
pk->prv_pubkey = pubkey;
- sc_pkcs15_dup_pubkey(context, pubkey->pub_data, &pk->pub_data);
- if (pk->prv_info->modulus_length == 0)
- pk->prv_info->modulus_length = pubkey->pub_info->modulus_length;
+ if (pubkey->pub_data) {
+ sc_pkcs15_dup_pubkey(context, pubkey->pub_data, &pk->pub_data);
+ if (pk->prv_info->modulus_length == 0)
+ pk->prv_info->modulus_length = pubkey->pub_info->modulus_length;
+ }
}
}
}
--
2.5.0

75
opensc-export-symbols.patch
View File

@ -1,75 +0,0 @@
diff --git a/src/pkcs11/pkcs11-spy.exports b/src/pkcs11/pkcs11-spy.exports
index 562ecea..9b9b01c 100644
--- a/src/pkcs11/pkcs11-spy.exports
+++ b/src/pkcs11/pkcs11-spy.exports
@@ -1 +1,70 @@
+C_Initialize
+C_Finalize
+C_GetInfo
C_GetFunctionList
+C_GetSlotList
+C_GetSlotInfo
+C_GetTokenInfo
+C_GetMechanismList
+C_GetMechanismInfo
+C_InitToken
+C_InitPIN
+C_SetPIN
+C_OpenSession
+C_CloseSession
+C_CloseAllSessions
+C_GetSessionInfo
+C_GetOperationState
+C_SetOperationState
+C_Login
+C_Logout
+C_CreateObject
+C_CopyObject
+C_DestroyObject
+C_GetObjectSize
+C_GetAttributeValue
+C_SetAttributeValue
+C_FindObjectsInit
+C_FindObjects
+C_FindObjectsFinal
+C_EncryptInit
+C_Encrypt
+C_EncryptUpdate
+C_EncryptFinal
+C_DecryptInit
+C_Decrypt
+C_DecryptUpdate
+C_DecryptFinal
+C_DigestInit
+C_Digest
+C_DigestUpdate
+C_DigestKey
+C_DigestFinal
+C_SignInit
+C_Sign
+C_SignUpdate
+C_SignFinal
+C_SignRecoverInit
+C_SignRecover
+C_VerifyInit
+C_Verify
+C_VerifyUpdate
+C_VerifyFinal
+C_VerifyRecoverInit
+C_VerifyRecover
+C_DigestEncryptUpdate
+C_DecryptDigestUpdate
+C_SignEncryptUpdate
+C_DecryptVerifyUpdate
+C_GenerateKey
+C_GenerateKeyPair
+C_WrapKey
+C_UnwrapKey
+C_DeriveKey
+C_SeedRandom
+C_GenerateRandom
+C_GetFunctionStatus
+C_CancelFunction
+C_WaitForSlotEvent
+C_Initialize
+C_Finalize

23
opensc.spec
View File

@ -1,6 +1,6 @@
Name: opensc
Version: 0.15.0
Release: 6%{?dist}
Version: 0.16.0
Release: 1%{?dist}
Summary: Smart card library and applications
Group: System Environment/Libraries
@ -20,12 +20,6 @@ Requires: pcsc-lite
Obsoletes: mozilla-opensc-signer < 0.12.0
Obsoletes: opensc-devel < 0.12.0
Patch0: opensc-0.15.0-fork-issue.patch
Patch1: opensc-export-symbols.patch
Patch2: opensc-0.15.0-pubkey-crash.patch
Patch3: opensc-0.15.0-eID-rsa2048.patch
Patch4: opensc-0.15.0-cka_private.patch
%description
OpenSC provides a set of libraries and utilities to work with smart cards. Its
main focus is on cards that support cryptographic operations, and facilitate
@ -37,13 +31,7 @@ every software/card that does so, too.
%prep
%setup -q -n OpenSC-%{version}
%patch0 -p1 -b .fork-issue
%patch1 -p1 -b .export-symbols
%patch2 -p1 -b .pubkey-crash
%patch3 -p1 -b .eID-rsa2048
%patch4 -p1 -b .cka-private
%setup -q -n opensc-%{version}
cp -p src/pkcs15init/README ./README.pkcs15init
cp -p src/scconf/README.scconf .
@ -104,6 +92,7 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
%{_bindir}/cryptoflex-tool
%{_bindir}/eidenv
%{_bindir}/iasecc-tool
%{_bindir}/gids-tool
%{_bindir}/netkey-tool
%{_bindir}/openpgp-tool
%{_bindir}/opensc-explorer
@ -128,6 +117,7 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
%{_mandir}/man1/cardos-tool.1*
%{_mandir}/man1/cryptoflex-tool.1*
%{_mandir}/man1/eidenv.1*
%{_mandir}/man1/gids-tool.1*
%{_mandir}/man1/iasecc-tool.1*
%{_mandir}/man1/netkey-tool.1*
%{_mandir}/man1/openpgp-tool.1*
@ -145,6 +135,9 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
%changelog
* Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-1
- New upstream release 0.16.0 (#1306071)
* Tue Jul 12 2016 Jakub Jelen <jjelen@redhat.com> - 0.15.0-6
- Add support for 2048 key length (#1350588)
- Explicitly set CKA_PRIVATE to false when writing certificates (#1272127)

2
sources
View File

@ -1 +1 @@
f266024e5a9630821ffa0ac14f72e369 opensc-0.15.0.tar.gz
724d128f23cd7a74b28d04300ce7bcbd opensc-0.16.0.tar.gz