Package: opensc
Version: 0.13.0-3
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu utopic ubuntu-patch
*** /tmp/tmprA8Vep/bug_body
In Ubuntu, the attached patch was applied to achieve the following:
* debian/patches/0002-fix-epass2003-support-from-upstream.patch:
Add upstream fixes for ePass2003 token. Cherry-picking commits
- 4c1cafe epass2003: key generation allows stricter privkey/pubkey ACLs
- b1a4775 epass2003: properly disable padding
- 83dc469 epass2003: list_files implemented
- ee48ea1 Fix to allow exponents other than 65537 for Feitian ePass 2003
(LP: #1176305)
Thanks for considering the patch.
-- System Information:
Debian Release: jessie/sid
APT prefers trusty-updates
APT policy: (500, 'trusty-updates'), (500, 'trusty-security'), (500,
'trusty-proposed'), (500, 'trusty'), (100, 'trusty-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13.0-24-generic (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru opensc-0.13.0/debian/changelog opensc-0.13.0/debian/changelog
diff -Nru opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch
--- opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch 1969-12-31 19:00:00.000000000 -0500
+++ opensc-0.13.0/debian/patches/0002-fix-epass2003-support-from-upstream.patch 2014-05-02 11:45:54.000000000 -0400
@@ -0,0 +1,120 @@
+## Description: add some description
+## Origin/Author: add some origin or author
+## Bug: bug URL
+Index: opensc-0.13.0/src/libopensc/card-epass2003.c
+===================================================================
+--- opensc-0.13.0.orig/src/libopensc/card-epass2003.c 2012-12-04 15:43:40.000000000 +0100
++++ opensc-0.13.0/src/libopensc/card-epass2003.c 2014-03-03 21:38:17.620039138 +0100
+@@ -117,8 +117,8 @@
+
+ memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ EVP_CIPHER_CTX_init(&ctx);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_EncryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ if (!EVP_EncryptUpdate(&ctx, output, &outl, input, length))
+ goto out;
+@@ -146,8 +146,8 @@
+
+ memcpy(iv_tmp, iv, EVP_MAX_IV_LENGTH);
+ EVP_CIPHER_CTX_init(&ctx);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_DecryptInit_ex(&ctx, cipher, NULL, key, iv_tmp);
++ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+
+ if (!EVP_DecryptUpdate(&ctx, output, &outl, input, length))
+ goto out;
+@@ -1003,10 +1003,10 @@
+
+ flags = SC_ALGORITHM_ONBOARD_KEY_GEN | SC_ALGORITHM_RSA_RAW | SC_ALGORITHM_RSA_HASH_NONE;
+
+- _sc_card_add_rsa_alg(card, 512, flags, 0x10001);
+- _sc_card_add_rsa_alg(card, 768, flags, 0x10001);
+- _sc_card_add_rsa_alg(card, 1024, flags, 0x10001);
+- _sc_card_add_rsa_alg(card, 2048, flags, 0x10001);
++ _sc_card_add_rsa_alg(card, 512, flags, 0);
++ _sc_card_add_rsa_alg(card, 768, flags, 0);
++ _sc_card_add_rsa_alg(card, 1024, flags, 0);
++ _sc_card_add_rsa_alg(card, 2048, flags, 0);
+
+ card->caps = SC_CARD_CAP_RNG | SC_CARD_CAP_APDU_EXT;
+
+@@ -1858,7 +1858,6 @@
+ LOG_FUNC_RETURN(card->ctx, r);
+ }
+
+-#if 0
+ static int
+ epass2003_list_files(struct sc_card *card, unsigned char *buf, size_t buflen)
+ {
+@@ -1867,9 +1866,9 @@
+ int r;
+
+ SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
+- sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x34, 0x00, 0x00);
++ sc_format_apdu(card, &apdu, SC_APDU_CASE_1, 0x34, 0x00, 0x00);
+ apdu.cla = 0x80;
+- apdu.le = 0x40;
++ apdu.le = 0;
+ apdu.resplen = sizeof(rbuf);
+ apdu.resp = rbuf;
+
+@@ -1887,7 +1886,6 @@
+
+ LOG_FUNC_RETURN(card->ctx, buflen);
+ }
+-#endif
+
+
+ static int
+@@ -2376,7 +2374,7 @@
+ epass2003_ops.compute_signature = epass2003_decipher;
+ epass2003_ops.create_file = epass2003_create_file;
+ epass2003_ops.delete_file = epass2003_delete_file;
+- /* epass2003_ops.list_files = epass2003_list_files; */
++ epass2003_ops.list_files = epass2003_list_files;
+ epass2003_ops.card_ctl = epass2003_card_ctl;
+ epass2003_ops.process_fci = epass2003_process_fci;
+ epass2003_ops.construct_fci = epass2003_construct_fci;
+Index: opensc-0.13.0/src/pkcs15init/pkcs15-epass2003.c
+===================================================================
+--- opensc-0.13.0.orig/src/pkcs15init/pkcs15-epass2003.c 2012-12-04 15:43:40.000000000 +0100
++++ opensc-0.13.0/src/pkcs15init/pkcs15-epass2003.c 2014-03-03 21:38:19.084039076 +0100
+@@ -507,6 +507,12 @@
+ sc_print_path(&file->path));
+ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "private key_info path: %s",
+ sc_print_path(&(key_info->path)));
++
++ r = sc_pkcs15init_authenticate(profile, p15card, file,
++ SC_AC_OP_DELETE);
++ SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
++ "generate key: pkcs15init_authenticate(SC_AC_OP_DELETE) failed");
++
+ r = sc_delete_file(p15card->card, &file->path);
+ /* create */
+ r = sc_pkcs15init_create_file(profile, p15card, file);
+@@ -558,6 +564,11 @@
+ r = sc_select_file(p15card->card, &pukf->path, NULL);
+ /* if exist, delete */
+ if (r == SC_SUCCESS) {
++ r = sc_pkcs15init_authenticate(profile, p15card, pukf,
++ SC_AC_OP_DELETE);
++ SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
++ "generate key - pubkey: pkcs15init_authenticate(SC_AC_OP_DELETE) failed");
++
+ r = sc_pkcs15init_delete_by_path(profile, p15card, &pukf->path);
+ if (r != SC_SUCCESS) {
+ sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
+@@ -573,6 +584,11 @@
+ goto failed;
+ }
+
++ r = sc_pkcs15init_authenticate(profile, p15card, pukf,
++ SC_AC_OP_UPDATE);
++ SC_TEST_RET(card->ctx, SC_LOG_DEBUG_NORMAL, r,
++ "generate key - pubkey: pkcs15init_authenticate(SC_AC_OP_UPDATE) failed");
++
+ /* generate key pair */
+ fidl = (file->id & 0xff) * FID_STEP;
+ file->id = (file->id & 0xff00) + fidl;
diff -Nru opensc-0.13.0/debian/patches/series opensc-0.13.0/debian/patches/series
--- opensc-0.13.0/debian/patches/series 2014-01-14 03:57:41.000000000 -0500
+++ opensc-0.13.0/debian/patches/series 2014-05-02 11:45:54.000000000 -0400
@@ -1 +1,2 @@
0001-pkcs15-regression-in-e35febe-compute-cert-length.patch
+0002-fix-epass2003-support-from-upstream.patch
