From c6dc780e74cae32ccd71a0ae0e55646d0db0edd2 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 18 May 2021 02:34:43 -0400 Subject: [PATCH] import opensc-0.20.0-4.el8 --- SOURCES/opensc-0.20.0-CVE-2020-26570.patch | 31 +++++++ SOURCES/opensc-0.20.0-CVE-2020-26571.patch | 42 +++++++++ SOURCES/opensc-0.20.0-CVE-2020-26572.patch | 21 +++++ SOURCES/opensc-0.20.0-cac-pin-change.patch | 102 +++++++++++++++++++++ SOURCES/opensc-0.20.0-calloc0.patch | 102 +++++++++++++++++++++ SOURCES/opensc-0.20.0-file-cache.patch | 85 +++++++++++++++++ SOURCES/opensc-0.20.0-label-padding.patch | 24 +++++ SPECS/opensc.spec | 35 ++++++- 8 files changed, 441 insertions(+), 1 deletion(-) create mode 100644 SOURCES/opensc-0.20.0-CVE-2020-26570.patch create mode 100644 SOURCES/opensc-0.20.0-CVE-2020-26571.patch create mode 100644 SOURCES/opensc-0.20.0-CVE-2020-26572.patch create mode 100644 SOURCES/opensc-0.20.0-cac-pin-change.patch create mode 100644 SOURCES/opensc-0.20.0-calloc0.patch create mode 100644 SOURCES/opensc-0.20.0-file-cache.patch create mode 100644 SOURCES/opensc-0.20.0-label-padding.patch diff --git a/SOURCES/opensc-0.20.0-CVE-2020-26570.patch b/SOURCES/opensc-0.20.0-CVE-2020-26570.patch new file mode 100644 index 0000000..ad0320b --- /dev/null +++ b/SOURCES/opensc-0.20.0-CVE-2020-26570.patch @@ -0,0 +1,31 @@ +commit 6903aebfddc466d966c7b865fae34572bf3ed23e +Author: Frank Morgner +Date: Thu Jul 30 02:21:17 2020 +0200 + + Heap-buffer-overflow WRITE + + fixes https://oss-fuzz.com/testcase-detail/5088104168554496 + +diff --git a/src/libopensc/pkcs15-oberthur.c b/src/libopensc/pkcs15-oberthur.c +index a873aaa0..2fb32b8d 100644 +--- a/src/libopensc/pkcs15-oberthur.c ++++ b/src/libopensc/pkcs15-oberthur.c +@@ -271,11 +271,15 @@ sc_oberthur_read_file(struct sc_pkcs15_card *p15card, const char *in_path, + rv = sc_read_binary(card, 0, *out, sz, 0); + } + else { +- int rec; +- int offs = 0; +- int rec_len = file->record_length; ++ size_t rec; ++ size_t offs = 0; ++ size_t rec_len = file->record_length; + + for (rec = 1; ; rec++) { ++ if (rec > file->record_count) { ++ rv = 0; ++ break; ++ } + rv = sc_read_record(card, rec, *out + offs + 2, rec_len, SC_RECORD_BY_REC_NR); + if (rv == SC_ERROR_RECORD_NOT_FOUND) { + rv = 0; diff --git a/SOURCES/opensc-0.20.0-CVE-2020-26571.patch b/SOURCES/opensc-0.20.0-CVE-2020-26571.patch new file mode 100644 index 0000000..b07ac05 --- /dev/null +++ b/SOURCES/opensc-0.20.0-CVE-2020-26571.patch @@ -0,0 +1,42 @@ +commit ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 +Author: Frank Morgner +Date: Mon May 18 17:25:32 2020 +0200 + + fixed invalid read + + fixes https://oss-fuzz.com/testcase-detail/5765246676631552 + +diff --git a/src/libopensc/pkcs15-gemsafeGPK.c b/src/libopensc/pkcs15-gemsafeGPK.c +index e13f3b87..4b80daf2 100644 +--- a/src/libopensc/pkcs15-gemsafeGPK.c ++++ b/src/libopensc/pkcs15-gemsafeGPK.c +@@ -205,7 +205,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card) + + u8 sysrec[7]; + int num_keyinfo = 0; +- keyinfo kinfo[8]; /* will loook for 8 keys */ ++ keyinfo kinfo[9]; /* will look for 9 keys */ + u8 modulus_buf[ 1 + 1024 / 8]; /* tag+modulus */ + u8 *cp; + char buf[256]; +@@ -255,9 +255,9 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card) + + /* There may be more then one key in the directory. */ + /* we need to find them so we can associate them with the */ +- /* the certificate. The files are 0007 to 000f */ ++ /* the certificate. The files are 0007 to 000F */ + +- for (i = 7; i < 16; i++) { ++ for (i = 0x7; i <= 0xF; i++) { + path.value[0] = 0x00; + path.value[1] = i; + path.len = 2; +@@ -297,7 +297,7 @@ static int sc_pkcs15emu_gemsafeGPK_init(sc_pkcs15_card_t *p15card) + while (j--) + *cp++ = modulus_buf[j + 1]; + num_keyinfo++; +- } ++ } + + /* Get the gemsafe data with the cert */ + sc_format_path("3F000200004", &path); diff --git a/SOURCES/opensc-0.20.0-CVE-2020-26572.patch b/SOURCES/opensc-0.20.0-CVE-2020-26572.patch new file mode 100644 index 0000000..91a1249 --- /dev/null +++ b/SOURCES/opensc-0.20.0-CVE-2020-26572.patch @@ -0,0 +1,21 @@ +commit 9d294de90d1cc66956389856e60b6944b27b4817 +Author: Frank Morgner +Date: Thu Jun 4 10:04:10 2020 +0200 + + prevent out of bounds write + + fixes https://oss-fuzz.com/testcase-detail/5226571123392512 + +diff --git a/src/libopensc/card-tcos.c b/src/libopensc/card-tcos.c +index 673c2493..e88c80bd 100644 +--- a/src/libopensc/card-tcos.c ++++ b/src/libopensc/card-tcos.c +@@ -623,6 +623,8 @@ static int tcos_decipher(sc_card_t *card, const u8 * crgram, size_t crgram_len, + apdu.data = sbuf; + apdu.lc = apdu.datalen = crgram_len+1; + sbuf[0] = tcos3 ? 0x00 : ((data->pad_flags & SC_ALGORITHM_RSA_PAD_PKCS1) ? 0x81 : 0x02); ++ if (sizeof sbuf - 1 < crgram_len) ++ return SC_ERROR_INVALID_ARGUMENTS; + memcpy(sbuf+1, crgram, crgram_len); + + r = sc_transmit_apdu(card, &apdu); diff --git a/SOURCES/opensc-0.20.0-cac-pin-change.patch b/SOURCES/opensc-0.20.0-cac-pin-change.patch new file mode 100644 index 0000000..3163caf --- /dev/null +++ b/SOURCES/opensc-0.20.0-cac-pin-change.patch @@ -0,0 +1,102 @@ +diff --git a/src/libopensc/card-cac.c b/src/libopensc/card-cac.c +index 099923e5..61e69c88 100644 +--- a/src/libopensc/card-cac.c ++++ b/src/libopensc/card-cac.c +@@ -1793,7 +1793,7 @@ static int cac_find_and_initialize(sc_card_t *card, int initialize) + } + r = cac_process_ACA(card, priv); + if (r == SC_SUCCESS) { +- card->type = SC_CARD_TYPE_CAC_II; ++ card->type = SC_CARD_TYPE_CAC_ALT_HID; + card->drv_data = priv; + return r; + } +@@ -1869,6 +1869,8 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries + * FIPS 201 4.1.6.1 (numeric only) and * FIPS 140-2 + * (6 character minimum) requirements. + */ ++ sc_apdu_t apdu; ++ u8 sbuf[SC_MAX_APDU_BUFFER_SIZE]; + struct sc_card_driver *iso_drv = sc_get_iso7816_driver(); + + if (data->cmd == SC_PIN_CMD_CHANGE) { +@@ -1881,6 +1883,18 @@ static int cac_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries + return SC_ERROR_INVALID_DATA; + } + } ++ ++ /* We can change the PIN of Giesecke & Devrient CAC ALT tokens ++ * with a bit non-standard APDU */ ++ if (card->type == SC_CARD_TYPE_CAC_ALT_HID) { ++ int r = 0; ++ r = iso7816_build_pin_apdu(card, &apdu, data, sbuf, sizeof(sbuf)); ++ if (r < 0) ++ return r; ++ /* it requires P1 = 0x01 completely against the ISO specs */ ++ apdu.p1 = 0x01; ++ data->apdu = &apdu; ++ } + } + + return iso_drv->ops->pin_cmd(card, data, tries_left); +diff --git a/src/libopensc/cards.h b/src/libopensc/cards.h +index 0ec25a46..16846d15 100644 +--- a/src/libopensc/cards.h ++++ b/src/libopensc/cards.h +@@ -244,6 +244,7 @@ enum { + SC_CARD_TYPE_CAC_GENERIC, + SC_CARD_TYPE_CAC_I, + SC_CARD_TYPE_CAC_II, ++ SC_CARD_TYPE_CAC_ALT_HID, + + /* nPA cards */ + SC_CARD_TYPE_NPA = 34000, +diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c +index b1a0e88f..d41613b2 100644 +--- a/src/libopensc/iso7816.c ++++ b/src/libopensc/iso7816.c +@@ -1017,7 +1017,7 @@ iso7816_decipher(struct sc_card *card, + } + + +-static int ++int + iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu, + struct sc_pin_cmd_data *data, u8 *buf, size_t buf_len) + { +diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h +index b519c5d5..8ebf9fbd 100644 +--- a/src/libopensc/opensc.h ++++ b/src/libopensc/opensc.h +@@ -1664,6 +1664,19 @@ int iso7816_update_binary_sfid(sc_card_t *card, unsigned char sfid, + * */ + int iso7816_logout(sc_card_t *card, unsigned char pin_reference); + ++/* ++ * @brief Format PIN APDU for modifiction by card driver ++ * ++ * @param[in] card card ++ * @param[in] apdu apdu structure to update with PIN APDU ++ * @param[in] data pin command data to set into the APDU ++ * @param[in] buf buffer for APDU data field ++ * @param[in] buf_len maximum buffer length ++ */ ++int ++iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu, ++ struct sc_pin_cmd_data *data, u8 *buf, size_t buf_len); ++ + #ifdef __cplusplus + } + #endif +diff --git a/src/libopensc/pkcs15-cac.c b/src/libopensc/pkcs15-cac.c +index ccb27994..05056ea9 100644 +--- a/src/libopensc/pkcs15-cac.c ++++ b/src/libopensc/pkcs15-cac.c +@@ -79,6 +79,7 @@ static const char * cac_get_name(int type) + switch (type) { + case SC_CARD_TYPE_CAC_I: return ("CAC I"); + case SC_CARD_TYPE_CAC_II: return ("CAC II"); ++ case SC_CARD_TYPE_CAC_ALT_HID: return ("CAC ALT HID"); + default: break; + } + return ("CAC"); diff --git a/SOURCES/opensc-0.20.0-calloc0.patch b/SOURCES/opensc-0.20.0-calloc0.patch new file mode 100644 index 0000000..341dc5e --- /dev/null +++ b/SOURCES/opensc-0.20.0-calloc0.patch @@ -0,0 +1,102 @@ +From f1bcadfbe9d156adbe509b0860511ee41add0c67 Mon Sep 17 00:00:00 2001 +From: Frank Morgner +Date: Tue, 10 Mar 2020 12:13:29 +0100 +Subject: [PATCH] pkcs11: don't try to allocate 0 byte with calloc + +fixes #1978 +--- + src/pkcs11/pkcs11-global.c | 7 ++++++- + win32/Make.rules.mak | 4 ++-- + win32/winconfig.h.in | 2 ++ + 3 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c +index a3260314f8..671890309f 100644 +--- a/src/pkcs11/pkcs11-global.c ++++ b/src/pkcs11/pkcs11-global.c +@@ -456,6 +456,13 @@ CK_RV C_GetSlotList(CK_BBOOL tokenPresent, /* only slots with token prese + + card_detect_all(); + ++ if (list_empty(&virtual_slots)) { ++ sc_log(context, "returned 0 slots\n"); ++ *pulCount = 0; ++ rv = CKR_OK; ++ goto out; ++ } ++ + found = calloc(list_size(&virtual_slots), sizeof(CK_SLOT_ID)); + + if (found == NULL) { +diff --git a/win32/Make.rules.mak b/win32/Make.rules.mak +index 4f4971a72d..c6b1aac340 100644 +--- a/win32/Make.rules.mak ++++ b/win32/Make.rules.mak +@@ -1,7 +1,7 @@ + OPENSC_FEATURES = pcsc + + #Include support for minidriver +-MINIDRIVER_DEF = /DENABLE_MINIDRIVER ++#MINIDRIVER_DEF = /DENABLE_MINIDRIVER + + #Build MSI with the Windows Installer XML (WIX) toolkit, requires WIX >= 3.9 + !IF "$(WIX)" == "" +@@ -33,7 +33,7 @@ WIX_LIBS = "$(WIX)\SDK\$(WIXVSVER)\lib\$(PLATFORM)\dutil.lib" "$(WIX)\SDK\$(WIXV + SM_DEF = /DENABLE_SM + + #Build with debugging support +-#DEBUG_DEF = /DDEBUG ++DEBUG_DEF = /DDEBUG + + # If you want support for OpenSSL (needed for pkcs15-init tool, software hashing in PKCS#11 library and verification): + # - download and build OpenSSL +diff --git a/win32/winconfig.h.in b/win32/winconfig.h.in +index 94ed9b5475..fa682c5bcc 100644 +--- a/win32/winconfig.h.in ++++ b/win32/winconfig.h.in +@@ -103,6 +103,8 @@ + #define DEFAULT_ONEPIN_PKCS11_PROVIDER "@DEFAULT_ONEPIN_PKCS11_PROVIDER@" + #endif + ++#define PKCS11_THREAD_LOCKING ++ + #ifndef DEFAULT_SM_MODULE + #define DEFAULT_SM_MODULE "@DEFAULT_SM_MODULE@" + #endif + +commit 500ecd3d127975379e2310626c3ce94c3e7035ea +Author: Jakub Jelen +Date: Wed Nov 25 13:49:08 2020 +0100 + + pkcs11-tool: Avoid calloc with 0 argument + +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c +index 4015aaf1..89244795 100644 +--- a/src/tools/pkcs11-tool.c ++++ b/src/tools/pkcs11-tool.c +@@ -1270,15 +1270,18 @@ static void list_slots(int tokens, int refresh, int print) + if (rv != CKR_OK) + p11_fatal("C_GetSlotList(NULL)", rv); + free(p11_slots); +- p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID)); +- if (p11_slots == NULL) { +- perror("calloc failed"); +- exit(1); ++ p11_slots = NULL; ++ if (p11_num_slots > 0) { ++ p11_slots = calloc(p11_num_slots, sizeof(CK_SLOT_ID)); ++ if (p11_slots == NULL) { ++ perror("calloc failed"); ++ exit(1); ++ } ++ rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots); ++ if (rv != CKR_OK) ++ p11_fatal("C_GetSlotList()", rv); + } + +- rv = p11->C_GetSlotList(tokens, p11_slots, &p11_num_slots); +- if (rv != CKR_OK) +- p11_fatal("C_GetSlotList()", rv); + } + + if (!print) diff --git a/SOURCES/opensc-0.20.0-file-cache.patch b/SOURCES/opensc-0.20.0-file-cache.patch new file mode 100644 index 0000000..9dfce70 --- /dev/null +++ b/SOURCES/opensc-0.20.0-file-cache.patch @@ -0,0 +1,85 @@ +From 2a28dcd3f6e4af7a5b2d7d7810b26b6321dd1bf1 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 10 Nov 2020 14:44:43 +0100 +Subject: [PATCH 1/3] ctx: Use more standard cache directory + +https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html +--- + src/libopensc/ctx.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c +index 6b57170f01..d6058c070e 100644 +--- a/src/libopensc/ctx.c ++++ b/src/libopensc/ctx.c +@@ -1008,7 +1008,12 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize) + } + + #ifndef _WIN32 +- cache_dir = ".eid/cache"; ++ cache_dir = getenv("XDG_CACHE_HOME"); ++ if (cache_dir != NULL && cache_dir[0] != '\0') { ++ snprintf(buf, bufsize, "%s/%s", cache_dir, "opensc"); ++ return SC_SUCCESS; ++ } ++ cache_dir = ".cache/opensc"; + homedir = getenv("HOME"); + #else + cache_dir = "eid-cache"; +@@ -1020,7 +1025,7 @@ int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize) + homedir = temp_path; + } + #endif +- if (homedir == NULL) ++ if (homedir == NULL || homedir[0] == '\0') + return SC_ERROR_INTERNAL; + if (snprintf(buf, bufsize, "%s/%s", homedir, cache_dir) < 0) + return SC_ERROR_BUFFER_TOO_SMALL; + +From 7c1c6f6be47f55693647827259edcacc98761371 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 10 Nov 2020 15:07:42 +0100 +Subject: [PATCH 3/3] doc: Update documentation about the cache location + +--- + doc/files/opensc.conf.5.xml.in | 9 +++++++-- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/doc/files/opensc.conf.5.xml.in b/doc/files/opensc.conf.5.xml.in +index 118922a877..791f11669a 100644 +--- a/doc/files/opensc.conf.5.xml.in ++++ b/doc/files/opensc.conf.5.xml.in +@@ -1116,12 +1116,17 @@ app application { + + + +- HOME/.eid/cache/ (Unix) ++ $XDG_CACHE_HOME/opensc/ (If $XDG_CACHE_HOME is defined) + + + + +- USERPROFILE\.eid-cache\ (Windows) ++ $HOME/.cache/opensc/ (Unix) ++ ++ ++ ++ ++ $USERPROFILE\.eid-cache\ (Windows) + + + + +diff -up opensc-0.20.0/etc/opensc.conf.file-cache opensc-0.20.0/etc/opensc.conf +--- opensc-0.20.0/etc/opensc.conf.file-cache 2020-11-20 16:49:30.995526825 +0100 ++++ opensc-0.20.0/etc/opensc.conf 2020-11-20 16:50:07.665053280 +0100 +@@ -2,7 +2,7 @@ app default { + # debug = 3; + # debug_file = opensc-debug.txt; + framework pkcs15 { +- # use_file_caching = true; ++ use_file_caching = true; + } + reader_driver pcsc { + # The pinpad is disabled by default, + diff --git a/SOURCES/opensc-0.20.0-label-padding.patch b/SOURCES/opensc-0.20.0-label-padding.patch new file mode 100644 index 0000000..4cf26b8 --- /dev/null +++ b/SOURCES/opensc-0.20.0-label-padding.patch @@ -0,0 +1,24 @@ +commit 8d4af9eb0b799f22b25783e8e1b7af329b5a917b +Author: Frank Morgner +Date: Fri Jan 31 12:15:53 2020 +0100 + + pkcs11: fixed right padding of token label with ' ' + + fixes https://github.com/OpenSC/OpenSC/issues/1922 + +diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c +index e94eeeff..a1951c2e 100644 +--- a/src/pkcs11/framework-pkcs15.c ++++ b/src/pkcs11/framework-pkcs15.c +@@ -1122,9 +1122,10 @@ pkcs15_init_slot(struct sc_pkcs15_card *p15card, struct sc_pkcs11_slot *slot, + max_tokeninfo_len); + slot->token_info.label[max_tokeninfo_len] = ' '; + slot->token_info.label[max_tokeninfo_len+1] = '('; +- slot->token_info.label[max_tokeninfo_len+2+pin_len] = ')'; + strcpy_bp(slot->token_info.label+max_tokeninfo_len+2, + auth->label, pin_len); ++ strcpy_bp(slot->token_info.label+max_tokeninfo_len+2+pin_len, ++ ")", 32 - max_tokeninfo_len-2-pin_len); + } + } else { + /* PIN label is empty or just says non-useful "PIN", diff --git a/SPECS/opensc.spec b/SPECS/opensc.spec index dd17e23..e7a2759 100644 --- a/SPECS/opensc.spec +++ b/SPECS/opensc.spec @@ -3,7 +3,7 @@ Name: opensc Version: 0.20.0 -Release: 2%{?dist} +Release: 4%{?dist} Summary: Smart card library and applications Group: System Environment/Libraries @@ -16,6 +16,23 @@ Patch6: opensc-0.19.0-pinpad.patch Patch8: opensc-0.19.0-idprime.patch # https://github.com/OpenSC/OpenSC/pull/1987 Patch9: opensc-0.20.0-cardos.patch +# https://github.com/OpenSC/OpenSC/pull/2129 +Patch10: opensc-0.20.0-cac-pin-change.patch +# https://github.com/OpenSC/OpenSC/commit/6903aebf +Patch11: opensc-0.20.0-CVE-2020-26570.patch +# https://github.com/OpenSC/OpenSC/commit/ed55fcd2 +Patch12: opensc-0.20.0-CVE-2020-26571.patch +# https://github.com/OpenSC/OpenSC/commit/9d294de9 +Patch13: opensc-0.20.0-CVE-2020-26572.patch +# https://github.com/OpenSC/OpenSC/commit/8d4af9eb +Patch14: opensc-0.20.0-label-padding.patch +# https://github.com/OpenSC/OpenSC/commit/f1bcadfb +# https://github.com/OpenSC/OpenSC/pull/2166 +Patch15: opensc-0.20.0-calloc0.patch +# https://github.com/OpenSC/OpenSC/pull/2148 +# + configuration change by default +Patch16: opensc-0.20.0-file-cache.patch + BuildRequires: pcsc-lite-devel BuildRequires: readline-devel @@ -47,6 +64,13 @@ every software/card that does so, too. %patch6 -p1 -b .pinpad %patch8 -p1 -b .idprime %patch9 -p1 -b .cardos +%patch10 -p1 -b .cac-pin-change +%patch11 -p1 -b .CVE-2020-26570 +%patch12 -p1 -b .CVE-2020-26571 +%patch13 -p1 -b .CVE-2020-26572 +%patch14 -p1 -b .padding +%patch15 -p1 -b .calloc0 +%patch16 -p1 -b .file-cache cp -p src/pkcs15init/README ./README.pkcs15init cp -p src/scconf/README.scconf . @@ -205,6 +229,15 @@ fi %changelog +* Fri Nov 20 2020 Jakub Jelen - 0.20.0-4 +- Use file cache by default (#1892810) +- Avoid calloc with 0 argument (#1895401) + +* Tue Oct 20 2020 Jakub Jelen - 0.20.0-3 +- Support PIN change for HID Alt tokens (#1830901) +- Fix CVE-2020-26570, CVE-2020-26571 and CVE-2020-26572 +- Fix right padding of token labels of some cards (#1877973) + * Wed May 27 2020 Jakub Jelen - 0.20.0-2 - Unbreak different CardOS 5 configurations supporting raw RSA (#1830856)