[arch-commits] Commit in opensc/repos (10 files)

Sébastien Luttringer seblu at nymeria.archlinux.org
Sun Nov 3 18:13:59 UTC 2013


    Date: Sunday, November 3, 2013 @ 19:13:58
  Author: seblu
Revision: 100414

archrelease: copy trunk to community-x86_64, community-i686

Added:
  opensc/repos/community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
    (from rev 100413, opensc/trunk/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch)
  opensc/repos/community-i686/0002-epass2003-properly-disable-padding.patch
    (from rev 100413, opensc/trunk/0002-epass2003-properly-disable-padding.patch)
  opensc/repos/community-i686/PKGBUILD
    (from rev 100413, opensc/trunk/PKGBUILD)
  opensc/repos/community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
    (from rev 100413, opensc/trunk/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch)
  opensc/repos/community-x86_64/0002-epass2003-properly-disable-padding.patch
    (from rev 100413, opensc/trunk/0002-epass2003-properly-disable-padding.patch)
  opensc/repos/community-x86_64/PKGBUILD
    (from rev 100413, opensc/trunk/PKGBUILD)
Deleted:
  opensc/repos/community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
  opensc/repos/community-i686/PKGBUILD
  opensc/repos/community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
  opensc/repos/community-x86_64/PKGBUILD

------------------------------------------------------------------------------+
 /0001-pkcs15-regression-in-e35febe-compute-cert-length.patch                 |  228 ++++++++++
 /PKGBUILD                                                                    |  104 ++++
 community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch   |  114 -----
 community-i686/0002-epass2003-properly-disable-padding.patch                 |   39 +
 community-i686/PKGBUILD                                                      |   49 --
 community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch |  114 -----
 community-x86_64/0002-epass2003-properly-disable-padding.patch               |   39 +
 community-x86_64/PKGBUILD                                                    |   49 --
 8 files changed, 410 insertions(+), 326 deletions(-)

Deleted: community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
===================================================================
--- community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	2013-11-03 18:13:16 UTC (rev 100413)
+++ community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	2013-11-03 18:13:58 UTC (rev 100414)
@@ -1,114 +0,0 @@
-From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
-From: Viktor Tarasov <viktor.tarasov at gmail.com>
-Date: Tue, 25 Dec 2012 20:05:45 +0100
-Subject: [PATCH] pkcs15: regression in e35febe: compute cert length
-
-parse_x509_cert() reviewed.
-Now certificate's DER data are allocated and the DER data length is determined in one place.
-
-https://github.com/OpenSC/OpenSC/pull/114
-https://github.com/OpenSC/OpenSC/commit/e35febe
----
- src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
- 1 file changed, 19 insertions(+), 18 deletions(-)
-
-diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
-index 86bea25..9b08aac 100644
---- a/src/libopensc/pkcs15-cert.c
-+++ b/src/libopensc/pkcs15-cert.c
-@@ -34,13 +34,13 @@
- #include "pkcs15.h"
- 
- static int
--parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
-+parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
- {
- 	int r;
- 	struct sc_algorithm_id sig_alg;
--	struct sc_pkcs15_pubkey  * pubkey = NULL;
--	u8 *serial = NULL;
--	size_t serial_len = 0;
-+	struct sc_pkcs15_pubkey *pubkey = NULL;
-+	unsigned char *serial = NULL, *buf =  der->value;
-+	size_t serial_len = 0, data_len = 0, buflen = der->len;
- 	struct sc_asn1_entry asn1_version[] = {
- 		{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
- 		{ NULL, 0, 0, 0, NULL, NULL }
-@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs1
- 	if (obj == NULL)
- 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
- 
--	cert->data.len = objlen + (obj - buf);
-+	data_len = objlen + (obj - buf);
-+	cert->data.value = malloc(data_len);
-+	if (!cert->data.value)
-+		LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
-+	memcpy(cert->data.value, buf, data_len);
-+	cert->data.len = data_len;
-+
- 	r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
- 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
- 
- 	cert->version++;
- 
--	if (pubkey) {
--		cert->key = pubkey;
--		pubkey = NULL;
--	}
--	else {
-+	if (!pubkey)
- 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
--	}
-+	cert->key = pubkey;
-+
- 	sc_asn1_clear_algorithm_id(&sig_alg);
--	if (r < 0)
--		return r;
- 
- 	if (serial && serial_len)   {
- 		sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
- 		r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
- 		free(serial);
-+		LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
- 	}
- 
--	return r;
-+	return SC_SUCCESS;
- }
- 
- 
-@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_context *ctx,
- 	if (cert == NULL)
- 		return SC_ERROR_OUT_OF_MEMORY;
- 
--	rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
-+	rv = parse_x509_cert(ctx, cert_blob, cert);
- 
- 	*out = cert->key;
- 	cert->key = NULL;
-@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs1
- 		return SC_ERROR_OBJECT_NOT_FOUND;
- 	}
- 
--
- 	cert = malloc(sizeof(struct sc_pkcs15_cert));
- 	if (cert == NULL) {
- 		free(der.value);
- 		return SC_ERROR_OUT_OF_MEMORY;
- 	}
- 	memset(cert, 0, sizeof(struct sc_pkcs15_cert));
--	if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
-+	if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
- 		free(der.value);
- 		sc_pkcs15_free_certificate(cert);
- 		return SC_ERROR_INVALID_ASN1_OBJECT;
- 	}
-+	free(der.value);
- 
--	cert->data = der;
- 	*cert_out = cert;
- 	return SC_SUCCESS;
- }
--- 
-1.8.4
-

Copied: opensc/repos/community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch (from rev 100413, opensc/trunk/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch)
===================================================================
--- community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	                        (rev 0)
+++ community-i686/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	2013-11-03 18:13:58 UTC (rev 100414)
@@ -0,0 +1,114 @@
+From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
+From: Viktor Tarasov <viktor.tarasov at gmail.com>
+Date: Tue, 25 Dec 2012 20:05:45 +0100
+Subject: [PATCH] pkcs15: regression in e35febe: compute cert length
+
+parse_x509_cert() reviewed.
+Now certificate's DER data are allocated and the DER data length is determined in one place.
+
+https://github.com/OpenSC/OpenSC/pull/114
+https://github.com/OpenSC/OpenSC/commit/e35febe
+---
+ src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 18 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
+index 86bea25..9b08aac 100644
+--- a/src/libopensc/pkcs15-cert.c
++++ b/src/libopensc/pkcs15-cert.c
+@@ -34,13 +34,13 @@
+ #include "pkcs15.h"
+ 
+ static int
+-parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
++parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
+ {
+ 	int r;
+ 	struct sc_algorithm_id sig_alg;
+-	struct sc_pkcs15_pubkey  * pubkey = NULL;
+-	u8 *serial = NULL;
+-	size_t serial_len = 0;
++	struct sc_pkcs15_pubkey *pubkey = NULL;
++	unsigned char *serial = NULL, *buf =  der->value;
++	size_t serial_len = 0, data_len = 0, buflen = der->len;
+ 	struct sc_asn1_entry asn1_version[] = {
+ 		{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
+ 		{ NULL, 0, 0, 0, NULL, NULL }
+@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs1
+ 	if (obj == NULL)
+ 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
+ 
+-	cert->data.len = objlen + (obj - buf);
++	data_len = objlen + (obj - buf);
++	cert->data.value = malloc(data_len);
++	if (!cert->data.value)
++		LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
++	memcpy(cert->data.value, buf, data_len);
++	cert->data.len = data_len;
++
+ 	r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
+ 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
+ 
+ 	cert->version++;
+ 
+-	if (pubkey) {
+-		cert->key = pubkey;
+-		pubkey = NULL;
+-	}
+-	else {
++	if (!pubkey)
+ 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
+-	}
++	cert->key = pubkey;
++
+ 	sc_asn1_clear_algorithm_id(&sig_alg);
+-	if (r < 0)
+-		return r;
+ 
+ 	if (serial && serial_len)   {
+ 		sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
+ 		r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
+ 		free(serial);
++		LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
+ 	}
+ 
+-	return r;
++	return SC_SUCCESS;
+ }
+ 
+ 
+@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_context *ctx,
+ 	if (cert == NULL)
+ 		return SC_ERROR_OUT_OF_MEMORY;
+ 
+-	rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
++	rv = parse_x509_cert(ctx, cert_blob, cert);
+ 
+ 	*out = cert->key;
+ 	cert->key = NULL;
+@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs1
+ 		return SC_ERROR_OBJECT_NOT_FOUND;
+ 	}
+ 
+-
+ 	cert = malloc(sizeof(struct sc_pkcs15_cert));
+ 	if (cert == NULL) {
+ 		free(der.value);
+ 		return SC_ERROR_OUT_OF_MEMORY;
+ 	}
+ 	memset(cert, 0, sizeof(struct sc_pkcs15_cert));
+-	if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
++	if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
+ 		free(der.value);
+ 		sc_pkcs15_free_certificate(cert);
+ 		return SC_ERROR_INVALID_ASN1_OBJECT;
+ 	}
++	free(der.value);
+ 
+-	cert->data = der;
+ 	*cert_out = cert;
+ 	return SC_SUCCESS;
+ }
+-- 
+1.8.4
+

Copied: opensc/repos/community-i686/0002-epass2003-properly-disable-padding.patch (from rev 100413, opensc/trunk/0002-epass2003-properly-disable-padding.patch)
===================================================================
--- community-i686/0002-epass2003-properly-disable-padding.patch	                        (rev 0)
+++ community-i686/0002-epass2003-properly-disable-padding.patch	2013-11-03 18:13:58 UTC (rev 100414)
@@ -0,0 +1,39 @@
+From b1a4775310a4e30d8fd5c1cc91e60971f922e64a Mon Sep 17 00:00:00 2001
+From: Zbigniew Halas <zhalas at gmail.com>
+Date: Wed, 27 Feb 2013 23:44:02 +0000
+Subject: [PATCH] epass2003: properly disable padding
+
+EVP_CIPHER_CTX_set_padding needs to be called after EVP_EncryptInit_ex
+and EVP_DecryptInit_ex, otherwise padding is re-enabled, which in turn
+causes buffer overruns
+---
+ src/libopensc/card-epass2003.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
+index 80088b9..6f04573 100644
+--- a/src/libopensc/card-epass2003.c
++++ b/src/libopensc/card-epass2003.c
+@@ -117,8 +117,8 @@
+ 
+ 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ 	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 	EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 
+ 	if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
+ 		goto out;
+@@ -146,8 +146,8 @@
+ 
+ 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ 	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 	EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 
+ 	if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
+ 		goto out;
+-- 
+1.8.4
+

Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD	2013-11-03 18:13:16 UTC (rev 100413)
+++ community-i686/PKGBUILD	2013-11-03 18:13:58 UTC (rev 100414)
@@ -1,49 +0,0 @@
-# $Id$
-# Maintainer: Sébastien Luttringer
-# Contributor: kevku <kevku at msn.com>
-
-pkgname=opensc
-pkgver=0.13.0
-pkgrel=3
-pkgdesc='Tools and libraries for smart cards'
-arch=('x86_64' 'i686')
-url='https://github.com/OpenSC/OpenSC/wiki'
-license=('LGPL')
-backup=('etc/opensc.conf')
-makedepends=('docbook-xsl')
-depends=('openssl' 'pcsclite' 'libltdl')
-options=('!emptydirs')
-source=("http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
-        '0001-pkcs15-regression-in-e35febe-compute-cert-length.patch')
-md5sums=('74a10de6c646bdaae307d6dc9e9accc0'
-         '49a0989c169decf6876a3a9631289dbc')
-
-prepare() {
-  patch -p1 -d $pkgname-$pkgver < 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
-}
-
-build() {
-  cd $pkgname-$pkgver
-  export LIBS=-lltdl
-  _sheetdir=(/usr/share/xml/docbook/xsl-stylesheets-*)
-  ./configure \
-    --prefix=/usr \
-    --sysconfdir=/etc \
-    --enable-man \
-    --enable-doc \
-    --enable-readline \
-    --enable-openssl \
-    --enable-pcsc \
-    --enable-zlib \
-    --enable-sm \
-    --with-xsl-stylesheetsdir="$_sheetdir"
-  make
-}
-
-package(){
-  cd $pkgname-$pkgver
-  make DESTDIR="$pkgdir" install
-  install -D -m644 etc/opensc.conf "$pkgdir/etc/opensc.conf"
-}
-
-# vim:set ts=2 sw=2 et:

Copied: opensc/repos/community-i686/PKGBUILD (from rev 100413, opensc/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD	                        (rev 0)
+++ community-i686/PKGBUILD	2013-11-03 18:13:58 UTC (rev 100414)
@@ -0,0 +1,52 @@
+# $Id$
+# Maintainer: Sébastien Luttringer
+# Contributor: kevku <kevku at msn.com>
+
+pkgname=opensc
+pkgver=0.13.0
+pkgrel=4
+pkgdesc='Tools and libraries for smart cards'
+arch=('x86_64' 'i686')
+url='https://github.com/OpenSC/OpenSC/wiki'
+license=('LGPL')
+backup=('etc/opensc.conf')
+makedepends=('docbook-xsl')
+depends=('openssl' 'pcsclite' 'libltdl')
+options=('!emptydirs')
+source=("http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+        '0001-pkcs15-regression-in-e35febe-compute-cert-length.patch'
+        '0002-epass2003-properly-disable-padding.patch')
+md5sums=('74a10de6c646bdaae307d6dc9e9accc0'
+         '49a0989c169decf6876a3a9631289dbc'
+         '68fe80c8fb6c28c0bcf9d36e3245e4ae')
+
+prepare() {
+  patch -p1 -d $pkgname-$pkgver < 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
+  patch -p1 -d $pkgname-$pkgver < 0002-epass2003-properly-disable-padding.patch
+}
+
+build() {
+  cd $pkgname-$pkgver
+  export LIBS=-lltdl
+  _sheetdir=(/usr/share/xml/docbook/xsl-stylesheets-*)
+  ./configure \
+    --prefix=/usr \
+    --sysconfdir=/etc \
+    --enable-man \
+    --enable-doc \
+    --enable-readline \
+    --enable-openssl \
+    --enable-pcsc \
+    --enable-zlib \
+    --enable-sm \
+    --with-xsl-stylesheetsdir="$_sheetdir"
+  make
+}
+
+package(){
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  install -D -m644 etc/opensc.conf "$pkgdir/etc/opensc.conf"
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
===================================================================
--- community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	2013-11-03 18:13:16 UTC (rev 100413)
+++ community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	2013-11-03 18:13:58 UTC (rev 100414)
@@ -1,114 +0,0 @@
-From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
-From: Viktor Tarasov <viktor.tarasov at gmail.com>
-Date: Tue, 25 Dec 2012 20:05:45 +0100
-Subject: [PATCH] pkcs15: regression in e35febe: compute cert length
-
-parse_x509_cert() reviewed.
-Now certificate's DER data are allocated and the DER data length is determined in one place.
-
-https://github.com/OpenSC/OpenSC/pull/114
-https://github.com/OpenSC/OpenSC/commit/e35febe
----
- src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
- 1 file changed, 19 insertions(+), 18 deletions(-)
-
-diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
-index 86bea25..9b08aac 100644
---- a/src/libopensc/pkcs15-cert.c
-+++ b/src/libopensc/pkcs15-cert.c
-@@ -34,13 +34,13 @@
- #include "pkcs15.h"
- 
- static int
--parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
-+parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
- {
- 	int r;
- 	struct sc_algorithm_id sig_alg;
--	struct sc_pkcs15_pubkey  * pubkey = NULL;
--	u8 *serial = NULL;
--	size_t serial_len = 0;
-+	struct sc_pkcs15_pubkey *pubkey = NULL;
-+	unsigned char *serial = NULL, *buf =  der->value;
-+	size_t serial_len = 0, data_len = 0, buflen = der->len;
- 	struct sc_asn1_entry asn1_version[] = {
- 		{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
- 		{ NULL, 0, 0, 0, NULL, NULL }
-@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs1
- 	if (obj == NULL)
- 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
- 
--	cert->data.len = objlen + (obj - buf);
-+	data_len = objlen + (obj - buf);
-+	cert->data.value = malloc(data_len);
-+	if (!cert->data.value)
-+		LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
-+	memcpy(cert->data.value, buf, data_len);
-+	cert->data.len = data_len;
-+
- 	r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
- 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
- 
- 	cert->version++;
- 
--	if (pubkey) {
--		cert->key = pubkey;
--		pubkey = NULL;
--	}
--	else {
-+	if (!pubkey)
- 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
--	}
-+	cert->key = pubkey;
-+
- 	sc_asn1_clear_algorithm_id(&sig_alg);
--	if (r < 0)
--		return r;
- 
- 	if (serial && serial_len)   {
- 		sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
- 		r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
- 		free(serial);
-+		LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
- 	}
- 
--	return r;
-+	return SC_SUCCESS;
- }
- 
- 
-@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_context *ctx,
- 	if (cert == NULL)
- 		return SC_ERROR_OUT_OF_MEMORY;
- 
--	rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
-+	rv = parse_x509_cert(ctx, cert_blob, cert);
- 
- 	*out = cert->key;
- 	cert->key = NULL;
-@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs1
- 		return SC_ERROR_OBJECT_NOT_FOUND;
- 	}
- 
--
- 	cert = malloc(sizeof(struct sc_pkcs15_cert));
- 	if (cert == NULL) {
- 		free(der.value);
- 		return SC_ERROR_OUT_OF_MEMORY;
- 	}
- 	memset(cert, 0, sizeof(struct sc_pkcs15_cert));
--	if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
-+	if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
- 		free(der.value);
- 		sc_pkcs15_free_certificate(cert);
- 		return SC_ERROR_INVALID_ASN1_OBJECT;
- 	}
-+	free(der.value);
- 
--	cert->data = der;
- 	*cert_out = cert;
- 	return SC_SUCCESS;
- }
--- 
-1.8.4
-

Copied: opensc/repos/community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch (from rev 100413, opensc/trunk/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch)
===================================================================
--- community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	                        (rev 0)
+++ community-x86_64/0001-pkcs15-regression-in-e35febe-compute-cert-length.patch	2013-11-03 18:13:58 UTC (rev 100414)
@@ -0,0 +1,114 @@
+From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
+From: Viktor Tarasov <viktor.tarasov at gmail.com>
+Date: Tue, 25 Dec 2012 20:05:45 +0100
+Subject: [PATCH] pkcs15: regression in e35febe: compute cert length
+
+parse_x509_cert() reviewed.
+Now certificate's DER data are allocated and the DER data length is determined in one place.
+
+https://github.com/OpenSC/OpenSC/pull/114
+https://github.com/OpenSC/OpenSC/commit/e35febe
+---
+ src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 18 deletions(-)
+
+diff --git a/src/libopensc/pkcs15-cert.c b/src/libopensc/pkcs15-cert.c
+index 86bea25..9b08aac 100644
+--- a/src/libopensc/pkcs15-cert.c
++++ b/src/libopensc/pkcs15-cert.c
+@@ -34,13 +34,13 @@
+ #include "pkcs15.h"
+ 
+ static int
+-parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
++parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
+ {
+ 	int r;
+ 	struct sc_algorithm_id sig_alg;
+-	struct sc_pkcs15_pubkey  * pubkey = NULL;
+-	u8 *serial = NULL;
+-	size_t serial_len = 0;
++	struct sc_pkcs15_pubkey *pubkey = NULL;
++	unsigned char *serial = NULL, *buf =  der->value;
++	size_t serial_len = 0, data_len = 0, buflen = der->len;
+ 	struct sc_asn1_entry asn1_version[] = {
+ 		{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
+ 		{ NULL, 0, 0, 0, NULL, NULL }
+@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs1
+ 	if (obj == NULL)
+ 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
+ 
+-	cert->data.len = objlen + (obj - buf);
++	data_len = objlen + (obj - buf);
++	cert->data.value = malloc(data_len);
++	if (!cert->data.value)
++		LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
++	memcpy(cert->data.value, buf, data_len);
++	cert->data.len = data_len;
++
+ 	r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
+ 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
+ 
+ 	cert->version++;
+ 
+-	if (pubkey) {
+-		cert->key = pubkey;
+-		pubkey = NULL;
+-	}
+-	else {
++	if (!pubkey)
+ 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
+-	}
++	cert->key = pubkey;
++
+ 	sc_asn1_clear_algorithm_id(&sig_alg);
+-	if (r < 0)
+-		return r;
+ 
+ 	if (serial && serial_len)   {
+ 		sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
+ 		r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
+ 		free(serial);
++		LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
+ 	}
+ 
+-	return r;
++	return SC_SUCCESS;
+ }
+ 
+ 
+@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_context *ctx,
+ 	if (cert == NULL)
+ 		return SC_ERROR_OUT_OF_MEMORY;
+ 
+-	rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
++	rv = parse_x509_cert(ctx, cert_blob, cert);
+ 
+ 	*out = cert->key;
+ 	cert->key = NULL;
+@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkcs15_card *p15card, const struct sc_pkcs1
+ 		return SC_ERROR_OBJECT_NOT_FOUND;
+ 	}
+ 
+-
+ 	cert = malloc(sizeof(struct sc_pkcs15_cert));
+ 	if (cert == NULL) {
+ 		free(der.value);
+ 		return SC_ERROR_OUT_OF_MEMORY;
+ 	}
+ 	memset(cert, 0, sizeof(struct sc_pkcs15_cert));
+-	if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
++	if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
+ 		free(der.value);
+ 		sc_pkcs15_free_certificate(cert);
+ 		return SC_ERROR_INVALID_ASN1_OBJECT;
+ 	}
++	free(der.value);
+ 
+-	cert->data = der;
+ 	*cert_out = cert;
+ 	return SC_SUCCESS;
+ }
+-- 
+1.8.4
+

Copied: opensc/repos/community-x86_64/0002-epass2003-properly-disable-padding.patch (from rev 100413, opensc/trunk/0002-epass2003-properly-disable-padding.patch)
===================================================================
--- community-x86_64/0002-epass2003-properly-disable-padding.patch	                        (rev 0)
+++ community-x86_64/0002-epass2003-properly-disable-padding.patch	2013-11-03 18:13:58 UTC (rev 100414)
@@ -0,0 +1,39 @@
+From b1a4775310a4e30d8fd5c1cc91e60971f922e64a Mon Sep 17 00:00:00 2001
+From: Zbigniew Halas <zhalas at gmail.com>
+Date: Wed, 27 Feb 2013 23:44:02 +0000
+Subject: [PATCH] epass2003: properly disable padding
+
+EVP_CIPHER_CTX_set_padding needs to be called after EVP_EncryptInit_ex
+and EVP_DecryptInit_ex, otherwise padding is re-enabled, which in turn
+causes buffer overruns
+---
+ src/libopensc/card-epass2003.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libopensc/card-epass2003.c b/src/libopensc/card-epass2003.c
+index 80088b9..6f04573 100644
+--- a/src/libopensc/card-epass2003.c
++++ b/src/libopensc/card-epass2003.c
+@@ -117,8 +117,8 @@
+ 
+ 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ 	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 	EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 
+ 	if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
+ 		goto out;
+@@ -146,8 +146,8 @@
+ 
+ 	memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ 	EVP_CIPHER_CTX_init(&ctx);
+-	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 	EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++	EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ 
+ 	if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
+ 		goto out;
+-- 
+1.8.4
+

Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD	2013-11-03 18:13:16 UTC (rev 100413)
+++ community-x86_64/PKGBUILD	2013-11-03 18:13:58 UTC (rev 100414)
@@ -1,49 +0,0 @@
-# $Id$
-# Maintainer: Sébastien Luttringer
-# Contributor: kevku <kevku at msn.com>
-
-pkgname=opensc
-pkgver=0.13.0
-pkgrel=3
-pkgdesc='Tools and libraries for smart cards'
-arch=('x86_64' 'i686')
-url='https://github.com/OpenSC/OpenSC/wiki'
-license=('LGPL')
-backup=('etc/opensc.conf')
-makedepends=('docbook-xsl')
-depends=('openssl' 'pcsclite' 'libltdl')
-options=('!emptydirs')
-source=("http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
-        '0001-pkcs15-regression-in-e35febe-compute-cert-length.patch')
-md5sums=('74a10de6c646bdaae307d6dc9e9accc0'
-         '49a0989c169decf6876a3a9631289dbc')
-
-prepare() {
-  patch -p1 -d $pkgname-$pkgver < 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
-}
-
-build() {
-  cd $pkgname-$pkgver
-  export LIBS=-lltdl
-  _sheetdir=(/usr/share/xml/docbook/xsl-stylesheets-*)
-  ./configure \
-    --prefix=/usr \
-    --sysconfdir=/etc \
-    --enable-man \
-    --enable-doc \
-    --enable-readline \
-    --enable-openssl \
-    --enable-pcsc \
-    --enable-zlib \
-    --enable-sm \
-    --with-xsl-stylesheetsdir="$_sheetdir"
-  make
-}
-
-package(){
-  cd $pkgname-$pkgver
-  make DESTDIR="$pkgdir" install
-  install -D -m644 etc/opensc.conf "$pkgdir/etc/opensc.conf"
-}
-
-# vim:set ts=2 sw=2 et:

Copied: opensc/repos/community-x86_64/PKGBUILD (from rev 100413, opensc/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2013-11-03 18:13:58 UTC (rev 100414)
@@ -0,0 +1,52 @@
+# $Id$
+# Maintainer: Sébastien Luttringer
+# Contributor: kevku <kevku at msn.com>
+
+pkgname=opensc
+pkgver=0.13.0
+pkgrel=4
+pkgdesc='Tools and libraries for smart cards'
+arch=('x86_64' 'i686')
+url='https://github.com/OpenSC/OpenSC/wiki'
+license=('LGPL')
+backup=('etc/opensc.conf')
+makedepends=('docbook-xsl')
+depends=('openssl' 'pcsclite' 'libltdl')
+options=('!emptydirs')
+source=("http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+        '0001-pkcs15-regression-in-e35febe-compute-cert-length.patch'
+        '0002-epass2003-properly-disable-padding.patch')
+md5sums=('74a10de6c646bdaae307d6dc9e9accc0'
+         '49a0989c169decf6876a3a9631289dbc'
+         '68fe80c8fb6c28c0bcf9d36e3245e4ae')
+
+prepare() {
+  patch -p1 -d $pkgname-$pkgver < 0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
+  patch -p1 -d $pkgname-$pkgver < 0002-epass2003-properly-disable-padding.patch
+}
+
+build() {
+  cd $pkgname-$pkgver
+  export LIBS=-lltdl
+  _sheetdir=(/usr/share/xml/docbook/xsl-stylesheets-*)
+  ./configure \
+    --prefix=/usr \
+    --sysconfdir=/etc \
+    --enable-man \
+    --enable-doc \
+    --enable-readline \
+    --enable-openssl \
+    --enable-pcsc \
+    --enable-zlib \
+    --enable-sm \
+    --with-xsl-stylesheetsdir="$_sheetdir"
+  make
+}
+
+package(){
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir" install
+  install -D -m644 etc/opensc.conf "$pkgdir/etc/opensc.conf"
+}
+
+# vim:set ts=2 sw=2 et:




More information about the arch-commits mailing list