* [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 @ 2023-04-06 14:50 Robin van der Gracht 2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht ` (3 more replies) 0 siblings, 4 replies; 12+ messages in thread From: Robin van der Gracht @ 2023-04-06 14:50 UTC (permalink / raw) To: ptxdist; +Cc: Robin van der Gracht Signed-off-by: Robin van der Gracht <robin@protonic.nl> --- rules/host-opensc.make | 2 +- rules/opensc.make | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rules/host-opensc.make b/rules/host-opensc.make index 0319064fd..24488de38 100644 --- a/rules/host-opensc.make +++ b/rules/host-opensc.make @@ -40,7 +40,7 @@ HOST_OPENSC_CONF_OPT := \ --disable-doc \ --disable-dnie-ui \ --disable-notify \ - --enable-tests=no \ + --disable-cmocka \ --disable-static HOST_OPENSC_CPPFLAGS := -Wno-implicit-fallthrough diff --git a/rules/opensc.make b/rules/opensc.make index 0278c53f1..dac5c3ecb 100644 --- a/rules/opensc.make +++ b/rules/opensc.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSC) += opensc # # Paths and names # -OPENSC_VERSION := 0.19.0 -OPENSC_MD5 := 40734b2343cf83c62c4c403f8a37475e +OPENSC_VERSION := 0.23.0 +OPENSC_MD5 := 35c599e673ae9205550974e2dcbe0825 OPENSC := OpenSC-$(OPENSC_VERSION) OPENSC_SUFFIX := tar.gz OPENSC_URL := https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)/$(OPENSC).$(OPENSC_SUFFIX) @@ -56,7 +56,7 @@ OPENSC_CONF_OPT := \ --disable-doc \ --disable-dnie-ui \ --disable-notify \ - --$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-tests \ + --$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-cmocka \ --disable-static # ---------------------------------------------------------------------------- -- 2.37.2 ^ permalink raw reply [flat|nested] 12+ messages in thread
* [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht @ 2023-04-06 14:50 ` Robin van der Gracht 2023-04-12 6:29 ` [ptxdist] [APPLIED] " Michael Olbrich 2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht ` (2 subsequent siblings) 3 siblings, 1 reply; 12+ messages in thread From: Robin van der Gracht @ 2023-04-06 14:50 UTC (permalink / raw) To: ptxdist; +Cc: Robin van der Gracht Signed-off-by: Robin van der Gracht <robin@protonic.nl> --- rules/pcsc-lite.make | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make index 128489aa6..d773a8bb6 100644 --- a/rules/pcsc-lite.make +++ b/rules/pcsc-lite.make @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_PCSC_LITE) += pcsc-lite # # Paths and names # -PCSC_LITE_VERSION := 1.8.23 -PCSC_LITE_MD5 := 3ba4b45456a500b5f1f22bf56a2dee38 +PCSC_LITE_VERSION := 1.9.8 +PCSC_LITE_MD5 := d063c6ca17c17fab39a85132811e155d PCSC_LITE_SUFFIX := tar.bz2 PCSC_LITE := pcsc-lite-$(PCSC_LITE_VERSION) PCSC_LITE_URL := https://pcsclite.apdu.fr/files/$(PCSC_LITE).$(PCSC_LITE_SUFFIX) -- 2.37.2 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [APPLIED] rules: pcsc-lite: Version bumb to 1.9.8 2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht @ 2023-04-12 6:29 ` Michael Olbrich 0 siblings, 0 replies; 12+ messages in thread From: Michael Olbrich @ 2023-04-12 6:29 UTC (permalink / raw) To: ptxdist; +Cc: Robin van der Gracht Thanks, applied as 35fe17af125df3a8e5e2774f4ec6845a6fc1abdf. Michael [sent from post-receive hook] On Wed, 12 Apr 2023 08:29:54 +0200, Robin van der Gracht <robin@protonic.nl> wrote: > Signed-off-by: Robin van der Gracht <robin@protonic.nl> > Message-Id: <20230406145016.3074015-2-robin@protonic.nl> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make > index 128489aa6b2f..d773a8bb60f2 100644 > --- a/rules/pcsc-lite.make > +++ b/rules/pcsc-lite.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_PCSC_LITE) += pcsc-lite > # > # Paths and names > # > -PCSC_LITE_VERSION := 1.8.23 > -PCSC_LITE_MD5 := 3ba4b45456a500b5f1f22bf56a2dee38 > +PCSC_LITE_VERSION := 1.9.8 > +PCSC_LITE_MD5 := d063c6ca17c17fab39a85132811e155d > PCSC_LITE_SUFFIX := tar.bz2 > PCSC_LITE := pcsc-lite-$(PCSC_LITE_VERSION) > PCSC_LITE_URL := https://pcsclite.apdu.fr/files/$(PCSC_LITE).$(PCSC_LITE_SUFFIX) ^ permalink raw reply [flat|nested] 12+ messages in thread
* [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support 2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht 2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht @ 2023-04-06 14:50 ` Robin van der Gracht 2023-04-12 6:32 ` Michael Olbrich 2023-04-12 6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich 2023-04-14 10:03 ` [ptxdist] [APPLIED] " Michael Olbrich 3 siblings, 1 reply; 12+ messages in thread From: Robin van der Gracht @ 2023-04-06 14:50 UTC (permalink / raw) To: ptxdist; +Cc: Robin van der Gracht Signed-off-by: Robin van der Gracht <robin@protonic.nl> --- rules/pcsc-lite.in | 5 +++++ rules/pcsc-lite.make | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in index 016a70037..de1c288c3 100644 --- a/rules/pcsc-lite.in +++ b/rules/pcsc-lite.in @@ -18,6 +18,11 @@ menuconfig PCSC_LITE if PCSC_LITE +config PCSC_LITE_USB + bool "USB Support" + help + Add USB support. + config PCSC_LITE_LIBUDEV bool "libudev support" diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make index d773a8bb6..0c6edcbfe 100644 --- a/rules/pcsc-lite.make +++ b/rules/pcsc-lite.make @@ -38,7 +38,7 @@ PCSC_LITE_CONF_OPT := \ $(CROSS_AUTOCONF_USR) \ --$(call ptx/endis, PTXCONF_PCSC_LITE_SYSTEMD_UNIT)-libsystemd \ --disable-serial \ - --disable-usb \ + --$(call ptx/endis, PTXCONF_PCSC_LITE_USB)-usb \ --$(call ptx/endis, PTXCONF_PCSC_LITE_LIBUDEV)-libudev \ --disable-libusb \ --disable-polkit \ -- 2.37.2 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support 2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht @ 2023-04-12 6:32 ` Michael Olbrich 2023-04-12 7:56 ` Robin van der Gracht 0 siblings, 1 reply; 12+ messages in thread From: Michael Olbrich @ 2023-04-12 6:32 UTC (permalink / raw) To: Robin van der Gracht; +Cc: ptxdist On Thu, Apr 06, 2023 at 04:50:16PM +0200, Robin van der Gracht wrote: > Signed-off-by: Robin van der Gracht <robin@protonic.nl> > --- > rules/pcsc-lite.in | 5 +++++ > rules/pcsc-lite.make | 2 +- > 2 files changed, 6 insertions(+), 1 deletion(-) > > diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in > index 016a70037..de1c288c3 100644 > --- a/rules/pcsc-lite.in > +++ b/rules/pcsc-lite.in > @@ -18,6 +18,11 @@ menuconfig PCSC_LITE > > if PCSC_LITE > > +config PCSC_LITE_USB > + bool "USB Support" > + help > + Add USB support. Wrong indention. This should be tabs instead of spaces. I've fixed this while applying the patch. In the future, please run 'ptxdist lint' before sending patches. It will complain about all the small stuff like this. Michael > + > config PCSC_LITE_LIBUDEV > bool "libudev support" > > diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make > index d773a8bb6..0c6edcbfe 100644 > --- a/rules/pcsc-lite.make > +++ b/rules/pcsc-lite.make > @@ -38,7 +38,7 @@ PCSC_LITE_CONF_OPT := \ > $(CROSS_AUTOCONF_USR) \ > --$(call ptx/endis, PTXCONF_PCSC_LITE_SYSTEMD_UNIT)-libsystemd \ > --disable-serial \ > - --disable-usb \ > + --$(call ptx/endis, PTXCONF_PCSC_LITE_USB)-usb \ > --$(call ptx/endis, PTXCONF_PCSC_LITE_LIBUDEV)-libudev \ > --disable-libusb \ > --disable-polkit \ > -- > 2.37.2 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support 2023-04-12 6:32 ` Michael Olbrich @ 2023-04-12 7:56 ` Robin van der Gracht 2023-04-14 10:08 ` Michael Olbrich 0 siblings, 1 reply; 12+ messages in thread From: Robin van der Gracht @ 2023-04-12 7:56 UTC (permalink / raw) To: ptxdist On 12-04-2023 08:32, Michael Olbrich wrote: > On Thu, Apr 06, 2023 at 04:50:16PM +0200, Robin van der Gracht wrote: >> Signed-off-by: Robin van der Gracht <robin@protonic.nl> >> --- >> rules/pcsc-lite.in | 5 +++++ >> rules/pcsc-lite.make | 2 +- >> 2 files changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in >> index 016a70037..de1c288c3 100644 >> --- a/rules/pcsc-lite.in >> +++ b/rules/pcsc-lite.in >> @@ -18,6 +18,11 @@ menuconfig PCSC_LITE >> >> if PCSC_LITE >> >> +config PCSC_LITE_USB >> + bool "USB Support" >> + help >> + Add USB support. > > Wrong indention. This should be tabs instead of spaces. I've fixed this > while applying the patch. In the future, please run 'ptxdist lint' before > sending patches. It will complain about all the small stuff like this. > Ack. Thanks for pointing out the lint feature. Will do. Robin ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support 2023-04-12 7:56 ` Robin van der Gracht @ 2023-04-14 10:08 ` Michael Olbrich 0 siblings, 0 replies; 12+ messages in thread From: Michael Olbrich @ 2023-04-14 10:08 UTC (permalink / raw) To: Robin van der Gracht; +Cc: ptxdist On Wed, Apr 12, 2023 at 09:56:18AM +0200, Robin van der Gracht wrote: > On 12-04-2023 08:32, Michael Olbrich wrote: > > On Thu, Apr 06, 2023 at 04:50:16PM +0200, Robin van der Gracht wrote: > > > Signed-off-by: Robin van der Gracht <robin@protonic.nl> > > > --- > > > rules/pcsc-lite.in | 5 +++++ > > > rules/pcsc-lite.make | 2 +- > > > 2 files changed, 6 insertions(+), 1 deletion(-) > > > > > > diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in > > > index 016a70037..de1c288c3 100644 > > > --- a/rules/pcsc-lite.in > > > +++ b/rules/pcsc-lite.in > > > @@ -18,6 +18,11 @@ menuconfig PCSC_LITE > > > if PCSC_LITE > > > +config PCSC_LITE_USB > > > + bool "USB Support" > > > + help > > > + Add USB support. > > > > Wrong indention. This should be tabs instead of spaces. I've fixed this > > while applying the patch. In the future, please run 'ptxdist lint' before > > sending patches. It will complain about all the small stuff like this. > > > > Ack. Thanks for pointing out the lint feature. Will do. Sorry, I dropped it. I looked at this again, and I don't think it needs an option. USB support by itself doesn't really do anything. From what I can tell, most of the code depends on either udev (we have an option for that) or libusb (that's disabled). So I think we can just enable USB unconditionally. Michael -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht 2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht 2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht @ 2023-04-12 6:28 ` Michael Olbrich 2023-04-13 7:25 ` Robin van der Gracht 2023-04-14 10:03 ` [ptxdist] [APPLIED] " Michael Olbrich 3 siblings, 1 reply; 12+ messages in thread From: Michael Olbrich @ 2023-04-12 6:28 UTC (permalink / raw) To: Robin van der Gracht; +Cc: ptxdist On Thu, Apr 06, 2023 at 04:50:14PM +0200, Robin van der Gracht wrote: > Signed-off-by: Robin van der Gracht <robin@protonic.nl> With this update pkcs11-tool (from host-opensc) does not work correctly any more. I'm getting "error: OpenSSL error during RSA private key parsing" and then a segfault. For example with the host-ptx-code-signing-dev package. I'm not sure what's wrong here. Michael > --- > rules/host-opensc.make | 2 +- > rules/opensc.make | 6 +++--- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/rules/host-opensc.make b/rules/host-opensc.make > index 0319064fd..24488de38 100644 > --- a/rules/host-opensc.make > +++ b/rules/host-opensc.make > @@ -40,7 +40,7 @@ HOST_OPENSC_CONF_OPT := \ > --disable-doc \ > --disable-dnie-ui \ > --disable-notify \ > - --enable-tests=no \ > + --disable-cmocka \ > --disable-static > > HOST_OPENSC_CPPFLAGS := -Wno-implicit-fallthrough > diff --git a/rules/opensc.make b/rules/opensc.make > index 0278c53f1..dac5c3ecb 100644 > --- a/rules/opensc.make > +++ b/rules/opensc.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSC) += opensc > # > # Paths and names > # > -OPENSC_VERSION := 0.19.0 > -OPENSC_MD5 := 40734b2343cf83c62c4c403f8a37475e > +OPENSC_VERSION := 0.23.0 > +OPENSC_MD5 := 35c599e673ae9205550974e2dcbe0825 > OPENSC := OpenSC-$(OPENSC_VERSION) > OPENSC_SUFFIX := tar.gz > OPENSC_URL := https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)/$(OPENSC).$(OPENSC_SUFFIX) > @@ -56,7 +56,7 @@ OPENSC_CONF_OPT := \ > --disable-doc \ > --disable-dnie-ui \ > --disable-notify \ > - --$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-tests \ > + --$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-cmocka \ > --disable-static > > # ---------------------------------------------------------------------------- > -- > 2.37.2 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 2023-04-12 6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich @ 2023-04-13 7:25 ` Robin van der Gracht 2023-04-13 13:57 ` Michael Olbrich 0 siblings, 1 reply; 12+ messages in thread From: Robin van der Gracht @ 2023-04-13 7:25 UTC (permalink / raw) To: ptxdist [-- Attachment #1: Type: text/plain, Size: 798 bytes --] Hi Michael, On 12-04-2023 08:28, Michael Olbrich wrote: > On Thu, Apr 06, 2023 at 04:50:14PM +0200, Robin van der Gracht wrote: >> Signed-off-by: Robin van der Gracht <robin@protonic.nl> > > With this update pkcs11-tool (from host-opensc) does not work correctly any > more. I'm getting "error: OpenSSL error during RSA private key parsing" and > then a segfault. For example with the host-ptx-code-signing-dev package. > I'm not sure what's wrong here. I'm not seeing this error with our setup but we're on 2023.02.0 with openssl 1.1.1t. I did notice a fix for RSA key imports in the opensc repository shortly after version 0.23.0 was released. I've created a ptxdist patch that includes that patch. It's attached to this email. Can you verify if this fixes the error? Kind regards, Robin [-- Attachment #2: 0001-opensc-Add-patch-that-fixes-RSA-private-key-imports.patch --] [-- Type: text/x-patch, Size: 2553 bytes --] From 7c85dd2c365031bc793cac7ba29ac67e5105e144 Mon Sep 17 00:00:00 2001 From: Robin van der Gracht <robin@protonic.nl> Date: Thu, 13 Apr 2023 09:18:00 +0200 Subject: [PATCH] opensc: Add patch that fixes RSA private key imports Signed-off-by: Robin van der Gracht <robin@protonic.nl> --- ...1-pkcs11-tool-Fix-private-key-import.patch | 32 +++++++++++++++++++ patches/OpenSC-0.23.0/series | 1 + 2 files changed, 33 insertions(+) create mode 100644 patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch create mode 100644 patches/OpenSC-0.23.0/series diff --git a/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch new file mode 100644 index 000000000..a58fc69a4 --- /dev/null +++ b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch @@ -0,0 +1,32 @@ +From 9294183e07ff4944e3f5e590f343f5727636767e Mon Sep 17 00:00:00 2001 +From: Jakub Jelen <jjelen@redhat.com> +Date: Thu, 1 Dec 2022 20:08:53 +0100 +Subject: [PATCH] pkcs11-tool: Fix private key import + +--- + src/tools/pkcs11-tool.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c +index aae205fe..cfee8526 100644 +--- a/src/tools/pkcs11-tool.c ++++ b/src/tools/pkcs11-tool.c +@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) + RSA_get0_factors(r, &r_p, &r_q); + RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp); + #else +- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 || ++ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 || + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 || + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 || + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 || + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 || +- EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) { + util_fatal("OpenSSL error during RSA private key parsing"); ++ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) { + } + #endif + RSA_GET_BN(rsa, private_exponent, r_d); +-- +2.37.2 + diff --git a/patches/OpenSC-0.23.0/series b/patches/OpenSC-0.23.0/series new file mode 100644 index 000000000..ebefe3cd1 --- /dev/null +++ b/patches/OpenSC-0.23.0/series @@ -0,0 +1 @@ +0001-pkcs11-tool-Fix-private-key-import.patch -- 2.37.2 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 2023-04-13 7:25 ` Robin van der Gracht @ 2023-04-13 13:57 ` Michael Olbrich 2023-04-17 8:54 ` Robin van der Gracht 0 siblings, 1 reply; 12+ messages in thread From: Michael Olbrich @ 2023-04-13 13:57 UTC (permalink / raw) To: Robin van der Gracht; +Cc: ptxdist On Thu, Apr 13, 2023 at 09:25:54AM +0200, Robin van der Gracht wrote: > Hi Michael, > > On 12-04-2023 08:28, Michael Olbrich wrote: > > On Thu, Apr 06, 2023 at 04:50:14PM +0200, Robin van der Gracht wrote: > > > Signed-off-by: Robin van der Gracht <robin@protonic.nl> > > > > With this update pkcs11-tool (from host-opensc) does not work correctly any > > more. I'm getting "error: OpenSSL error during RSA private key parsing" and > > then a segfault. For example with the host-ptx-code-signing-dev package. > > I'm not sure what's wrong here. > > I'm not seeing this error with our setup but we're on 2023.02.0 with openssl > 1.1.1t. So probably an issue with OpenSSL 3.x > I did notice a fix for RSA key imports in the opensc repository shortly > after version 0.23.0 was released. I've created a ptxdist patch that > includes that patch. It's attached to this email. > > Can you verify if this fixes the error? > > Kind regards, > Robin > From 7c85dd2c365031bc793cac7ba29ac67e5105e144 Mon Sep 17 00:00:00 2001 > From: Robin van der Gracht <robin@protonic.nl> > Date: Thu, 13 Apr 2023 09:18:00 +0200 > Subject: [PATCH] opensc: Add patch that fixes RSA private key imports > > Signed-off-by: Robin van der Gracht <robin@protonic.nl> > --- > ...1-pkcs11-tool-Fix-private-key-import.patch | 32 +++++++++++++++++++ > patches/OpenSC-0.23.0/series | 1 + > 2 files changed, 33 insertions(+) > create mode 100644 patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch > create mode 100644 patches/OpenSC-0.23.0/series > > diff --git a/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch > new file mode 100644 > index 000000000..a58fc69a4 > --- /dev/null > +++ b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch > @@ -0,0 +1,32 @@ > +From 9294183e07ff4944e3f5e590f343f5727636767e Mon Sep 17 00:00:00 2001 > +From: Jakub Jelen <jjelen@redhat.com> > +Date: Thu, 1 Dec 2022 20:08:53 +0100 > +Subject: [PATCH] pkcs11-tool: Fix private key import > + > +--- > + src/tools/pkcs11-tool.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c > +index aae205fe..cfee8526 100644 > +--- a/src/tools/pkcs11-tool.c > ++++ b/src/tools/pkcs11-tool.c > +@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) > + RSA_get0_factors(r, &r_p, &r_q); > + RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp); > + #else > +- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 || > ++ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 || > + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 || > + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 || > + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 || > + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 || > +- EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) { > + util_fatal("OpenSSL error during RSA private key parsing"); > ++ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) { This is broken. Probably a bad conflict resolution. The next upstream commit fixes this. So far it looks promising. I'll do some more testing and clean it up. Regards, Michael > + } > + #endif > + RSA_GET_BN(rsa, private_exponent, r_d); > +-- > +2.37.2 > + > diff --git a/patches/OpenSC-0.23.0/series b/patches/OpenSC-0.23.0/series > new file mode 100644 > index 000000000..ebefe3cd1 > --- /dev/null > +++ b/patches/OpenSC-0.23.0/series > @@ -0,0 +1 @@ > +0001-pkcs11-tool-Fix-private-key-import.patch > -- > 2.37.2 > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 2023-04-13 13:57 ` Michael Olbrich @ 2023-04-17 8:54 ` Robin van der Gracht 0 siblings, 0 replies; 12+ messages in thread From: Robin van der Gracht @ 2023-04-17 8:54 UTC (permalink / raw) To: ptxdist On 13-04-2023 15:57, Michael Olbrich wrote: > On Thu, Apr 13, 2023 at 09:25:54AM +0200, Robin van der Gracht wrote: ... >> +From 9294183e07ff4944e3f5e590f343f5727636767e Mon Sep 17 00:00:00 2001 >> +From: Jakub Jelen <jjelen@redhat.com> >> +Date: Thu, 1 Dec 2022 20:08:53 +0100 >> +Subject: [PATCH] pkcs11-tool: Fix private key import >> + >> +--- >> + src/tools/pkcs11-tool.c | 4 ++-- >> + 1 file changed, 2 insertions(+), 2 deletions(-) >> + >> +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c >> +index aae205fe..cfee8526 100644 >> +--- a/src/tools/pkcs11-tool.c >> ++++ b/src/tools/pkcs11-tool.c >> +@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa) >> + RSA_get0_factors(r, &r_p, &r_q); >> + RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp); >> + #else >> +- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 || >> ++ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 || >> + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 || >> + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 || >> + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 || >> + EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 || >> +- EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) { >> + util_fatal("OpenSSL error during RSA private key parsing"); >> ++ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) { > > This is broken. Probably a bad conflict resolution. The next upstream > commit fixes this. So far it looks promising. I'll do some more testing and > clean it up. I only compile tested the patch. Ok, thanks! Kind regards, Robin ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [ptxdist] [APPLIED] rules: opensc: Version bumb to 0.23.0 2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht ` (2 preceding siblings ...) 2023-04-12 6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich @ 2023-04-14 10:03 ` Michael Olbrich 3 siblings, 0 replies; 12+ messages in thread From: Michael Olbrich @ 2023-04-14 10:03 UTC (permalink / raw) To: ptxdist; +Cc: Robin van der Gracht Thanks, applied as 100b1f787e5ee13198844d25aa43b3911038559e. Michael [sent from post-receive hook] On Fri, 14 Apr 2023 12:03:45 +0200, Robin van der Gracht <robin@protonic.nl> wrote: > Signed-off-by: Robin van der Gracht <robin@protonic.nl> > Message-Id: <20230406145016.3074015-1-robin@protonic.nl> > Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> > > diff --git a/rules/host-opensc.make b/rules/host-opensc.make > index 0319064fdae4..24488de3853d 100644 > --- a/rules/host-opensc.make > +++ b/rules/host-opensc.make > @@ -40,7 +40,7 @@ HOST_OPENSC_CONF_OPT := \ > --disable-doc \ > --disable-dnie-ui \ > --disable-notify \ > - --enable-tests=no \ > + --disable-cmocka \ > --disable-static > > HOST_OPENSC_CPPFLAGS := -Wno-implicit-fallthrough > diff --git a/rules/opensc.make b/rules/opensc.make > index 0278c53f1e6a..dac5c3ecb277 100644 > --- a/rules/opensc.make > +++ b/rules/opensc.make > @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSC) += opensc > # > # Paths and names > # > -OPENSC_VERSION := 0.19.0 > -OPENSC_MD5 := 40734b2343cf83c62c4c403f8a37475e > +OPENSC_VERSION := 0.23.0 > +OPENSC_MD5 := 35c599e673ae9205550974e2dcbe0825 > OPENSC := OpenSC-$(OPENSC_VERSION) > OPENSC_SUFFIX := tar.gz > OPENSC_URL := https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)/$(OPENSC).$(OPENSC_SUFFIX) > @@ -56,7 +56,7 @@ OPENSC_CONF_OPT := \ > --disable-doc \ > --disable-dnie-ui \ > --disable-notify \ > - --$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-tests \ > + --$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-cmocka \ > --disable-static > > # ---------------------------------------------------------------------------- ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-04-17 8:55 UTC | newest] Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht 2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht 2023-04-12 6:29 ` [ptxdist] [APPLIED] " Michael Olbrich 2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht 2023-04-12 6:32 ` Michael Olbrich 2023-04-12 7:56 ` Robin van der Gracht 2023-04-14 10:08 ` Michael Olbrich 2023-04-12 6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich 2023-04-13 7:25 ` Robin van der Gracht 2023-04-13 13:57 ` Michael Olbrich 2023-04-17 8:54 ` Robin van der Gracht 2023-04-14 10:03 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox