diff --git a/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch b/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch deleted file mode 100644 index e270a8e2e6..0000000000 --- a/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 6f868bbcd9e65447f459f74381c09d1e315a32f6 Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Thu, 1 Dec 2022 20:08:53 +0100 -Subject: [PATCH 1/2] pkcs11-tool: Fix private key import - -Upstream-Status: Backport ---- - src/tools/pkcs11-tool.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c -index aae205fe2cd6..cfee8526d5b0 100644 ---- a/src/tools/pkcs11-tool.c -+++ b/src/tools/pkcs11-tool.c -@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) - RSA_get0_factors(r, &r_p, &r_q); - RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp); - #else -- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 || -+ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 || -- EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) { - util_fatal("OpenSSL error during RSA private key parsing"); -+ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) { - } - #endif - RSA_GET_BN(rsa, private_exponent, r_d); --- -2.30.2 - diff --git a/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch b/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch deleted file mode 100644 index 880a13ac61..0000000000 --- a/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch +++ /dev/null @@ -1,54 +0,0 @@ -From 4b5702409e7feea8cb410254285c120c57c10e1b Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Thu, 1 Dec 2022 20:11:41 +0100 -Subject: [PATCH 2/2] pkcs11-tool: Log more information on OpenSSL errors - -Upstream-Status: Backport ---- - src/tools/pkcs11-tool.c | 15 ++++++--------- - 1 file changed, 6 insertions(+), 9 deletions(-) - -diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c -index cfee8526d5b0..f2e6b1dd91cd 100644 ---- a/src/tools/pkcs11-tool.c -+++ b/src/tools/pkcs11-tool.c -@@ -3641,10 +3641,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) - const BIGNUM *r_dmp1, *r_dmq1, *r_iqmp; - r = EVP_PKEY_get1_RSA(pkey); - if (!r) { -- if (private) -- util_fatal("OpenSSL error during RSA private key parsing"); -- else -- util_fatal("OpenSSL error during RSA public key parsing"); -+ util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public", -+ ERR_error_string(ERR_peek_last_error(), NULL)); - } - - RSA_get0_key(r, &r_n, &r_e, NULL); -@@ -3654,10 +3652,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) - BIGNUM *r_dmp1 = NULL, *r_dmq1 = NULL, *r_iqmp = NULL; - if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &r_n) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &r_e) != 1) { -- if (private) -- util_fatal("OpenSSL error during RSA private key parsing"); -- else -- util_fatal("OpenSSL error during RSA public key parsing"); -+ util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public", -+ ERR_error_string(ERR_peek_last_error(), NULL)); - } - #endif - RSA_GET_BN(rsa, modulus, r_n); -@@ -3674,8 +3670,9 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 || - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 || -- util_fatal("OpenSSL error during RSA private key parsing"); - EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) { -+ util_fatal("OpenSSL error during RSA private key parsing: %s", -+ ERR_error_string(ERR_peek_last_error(), NULL)); - } - #endif - RSA_GET_BN(rsa, private_exponent, r_d); --- -2.30.2 - diff --git a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch b/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch deleted file mode 100644 index 165fc316bf..0000000000 --- a/meta-oe/recipes-support/opensc/files/CVE-2023-2977.patch +++ /dev/null @@ -1,54 +0,0 @@ -CVE: CVE-2023-2977 -Upstream-Status: Backport [ https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a ] -Signed-off-by: Lee Chee Yang - - -From 81944d1529202bd28359bede57c0a15deb65ba8a Mon Sep 17 00:00:00 2001 -From: fullwaywang -Date: Mon, 29 May 2023 10:38:48 +0800 -Subject: [PATCH] pkcs15init: correct left length calculation to fix buffer - overrun bug. Fixes #2785 - ---- - src/pkcs15init/pkcs15-cardos.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c -index 9715cf390f..f41f73c349 100644 ---- a/src/pkcs15init/pkcs15-cardos.c -+++ b/src/pkcs15init/pkcs15-cardos.c -@@ -872,7 +872,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) - sc_apdu_t apdu; - u8 rbuf[SC_MAX_APDU_BUFFER_SIZE]; - int r; -- const u8 *p = rbuf, *q; -+ const u8 *p = rbuf, *q, *pp; - size_t len, tlen = 0, ilen = 0; - - sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0xca, 0x01, 0x88); -@@ -888,13 +888,13 @@ static int cardos_have_verifyrc_package(sc_card_t *card) - return 0; - - while (len != 0) { -- p = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); -- if (p == NULL) -+ pp = sc_asn1_find_tag(card->ctx, p, len, 0xe1, &tlen); -+ if (pp == NULL) - return 0; - if (card->type == SC_CARD_TYPE_CARDOS_M4_3) { - /* the verifyRC package on CardOS 4.3B use Manufacturer ID 0x01 */ - /* and Package Number 0x07 */ -- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x01, &ilen); -+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x01, &ilen); - if (q == NULL || ilen != 4) - return 0; - if (q[0] == 0x07) -@@ -902,7 +902,7 @@ static int cardos_have_verifyrc_package(sc_card_t *card) - } else if (card->type == SC_CARD_TYPE_CARDOS_M4_4) { - /* the verifyRC package on CardOS 4.4 use Manufacturer ID 0x03 */ - /* and Package Number 0x02 */ -- q = sc_asn1_find_tag(card->ctx, p, tlen, 0x03, &ilen); -+ q = sc_asn1_find_tag(card->ctx, pp, tlen, 0x03, &ilen); - if (q == NULL || ilen != 4) - return 0; - if (q[0] == 0x02) diff --git a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb b/meta-oe/recipes-support/opensc/opensc_0.24.0.bb similarity index 85% rename from meta-oe/recipes-support/opensc/opensc_0.23.0.bb rename to meta-oe/recipes-support/opensc/opensc_0.24.0.bb index b3fc1f0458..fd64cf9e85 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.24.0.bb @@ -12,11 +12,8 @@ LICENSE = "LGPL-2.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7" #v0.21.0 -SRCREV = "5497519ea6b4af596628f8f8f2f904bacaa3148f" +SRCREV = "f15d0c5295f3247ae56bf976cf411fec4b47b6ec" SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \ - file://0001-pkcs11-tool-Fix-private-key-import.patch \ - file://0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch \ - file://CVE-2023-2977.patch \ " DEPENDS = "virtual/libiconv openssl" @@ -44,6 +41,7 @@ FILES:${PN} += "\ ${libdir}/pkcs11-spy.so \ " FILES:${PN}-dev += "\ + ${libdir}/onepin-opensc-pkcs11.so \ ${libdir}/pkcs11/opensc-pkcs11.so \ ${libdir}/pkcs11/onepin-opensc-pkcs11.so \ ${libdir}/pkcs11/pkcs11-spy.so \