mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0
@ 2023-04-06 14:50 Robin van der Gracht
  2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht
                   ` (3 more replies)
  0 siblings, 4 replies; 12+ messages in thread
From: Robin van der Gracht @ 2023-04-06 14:50 UTC (permalink / raw)
  To: ptxdist; +Cc: Robin van der Gracht

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
---
 rules/host-opensc.make | 2 +-
 rules/opensc.make      | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/host-opensc.make b/rules/host-opensc.make
index 0319064fd..24488de38 100644
--- a/rules/host-opensc.make
+++ b/rules/host-opensc.make
@@ -40,7 +40,7 @@ HOST_OPENSC_CONF_OPT	:= \
 	--disable-doc \
 	--disable-dnie-ui \
 	--disable-notify \
-	--enable-tests=no \
+	--disable-cmocka \
 	--disable-static
 
 HOST_OPENSC_CPPFLAGS := -Wno-implicit-fallthrough
diff --git a/rules/opensc.make b/rules/opensc.make
index 0278c53f1..dac5c3ecb 100644
--- a/rules/opensc.make
+++ b/rules/opensc.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSC) += opensc
 #
 # Paths and names
 #
-OPENSC_VERSION	:= 0.19.0
-OPENSC_MD5	:= 40734b2343cf83c62c4c403f8a37475e
+OPENSC_VERSION	:= 0.23.0
+OPENSC_MD5	:= 35c599e673ae9205550974e2dcbe0825
 OPENSC		:= OpenSC-$(OPENSC_VERSION)
 OPENSC_SUFFIX	:= tar.gz
 OPENSC_URL	:= https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)/$(OPENSC).$(OPENSC_SUFFIX)
@@ -56,7 +56,7 @@ OPENSC_CONF_OPT := \
 	--disable-doc \
 	--disable-dnie-ui \
 	--disable-notify \
-	--$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-tests \
+	--$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-cmocka \
 	--disable-static
 
 # ----------------------------------------------------------------------------
-- 
2.37.2




^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8
  2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht
@ 2023-04-06 14:50 ` Robin van der Gracht
  2023-04-12  6:29   ` [ptxdist] [APPLIED] " Michael Olbrich
  2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 12+ messages in thread
From: Robin van der Gracht @ 2023-04-06 14:50 UTC (permalink / raw)
  To: ptxdist; +Cc: Robin van der Gracht

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
---
 rules/pcsc-lite.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make
index 128489aa6..d773a8bb6 100644
--- a/rules/pcsc-lite.make
+++ b/rules/pcsc-lite.make
@@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_PCSC_LITE) += pcsc-lite
 #
 # Paths and names
 #
-PCSC_LITE_VERSION	:= 1.8.23
-PCSC_LITE_MD5		:= 3ba4b45456a500b5f1f22bf56a2dee38
+PCSC_LITE_VERSION	:= 1.9.8
+PCSC_LITE_MD5		:= d063c6ca17c17fab39a85132811e155d
 PCSC_LITE_SUFFIX	:= tar.bz2
 PCSC_LITE		:= pcsc-lite-$(PCSC_LITE_VERSION)
 PCSC_LITE_URL		:= https://pcsclite.apdu.fr/files/$(PCSC_LITE).$(PCSC_LITE_SUFFIX)
-- 
2.37.2




^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support
  2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht
  2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht
@ 2023-04-06 14:50 ` Robin van der Gracht
  2023-04-12  6:32   ` Michael Olbrich
  2023-04-12  6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich
  2023-04-14 10:03 ` [ptxdist] [APPLIED] " Michael Olbrich
  3 siblings, 1 reply; 12+ messages in thread
From: Robin van der Gracht @ 2023-04-06 14:50 UTC (permalink / raw)
  To: ptxdist; +Cc: Robin van der Gracht

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
---
 rules/pcsc-lite.in   | 5 +++++
 rules/pcsc-lite.make | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in
index 016a70037..de1c288c3 100644
--- a/rules/pcsc-lite.in
+++ b/rules/pcsc-lite.in
@@ -18,6 +18,11 @@ menuconfig PCSC_LITE
 
 if PCSC_LITE
 
+config PCSC_LITE_USB
+        bool "USB Support"
+        help
+          Add USB support.
+
 config PCSC_LITE_LIBUDEV
 	bool "libudev support"
 
diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make
index d773a8bb6..0c6edcbfe 100644
--- a/rules/pcsc-lite.make
+++ b/rules/pcsc-lite.make
@@ -38,7 +38,7 @@ PCSC_LITE_CONF_OPT := \
 	$(CROSS_AUTOCONF_USR) \
 	--$(call ptx/endis, PTXCONF_PCSC_LITE_SYSTEMD_UNIT)-libsystemd \
 	--disable-serial \
-	--disable-usb \
+	--$(call ptx/endis, PTXCONF_PCSC_LITE_USB)-usb \
 	--$(call ptx/endis, PTXCONF_PCSC_LITE_LIBUDEV)-libudev \
 	--disable-libusb \
 	--disable-polkit \
-- 
2.37.2




^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0
  2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht
  2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht
  2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht
@ 2023-04-12  6:28 ` Michael Olbrich
  2023-04-13  7:25   ` Robin van der Gracht
  2023-04-14 10:03 ` [ptxdist] [APPLIED] " Michael Olbrich
  3 siblings, 1 reply; 12+ messages in thread
From: Michael Olbrich @ 2023-04-12  6:28 UTC (permalink / raw)
  To: Robin van der Gracht; +Cc: ptxdist

On Thu, Apr 06, 2023 at 04:50:14PM +0200, Robin van der Gracht wrote:
> Signed-off-by: Robin van der Gracht <robin@protonic.nl>

With this update pkcs11-tool (from host-opensc) does not work correctly any
more. I'm getting "error: OpenSSL error during RSA private key parsing" and
then a segfault. For example with the host-ptx-code-signing-dev package.
I'm not sure what's wrong here.

Michael

> ---
>  rules/host-opensc.make | 2 +-
>  rules/opensc.make      | 6 +++---
>  2 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/rules/host-opensc.make b/rules/host-opensc.make
> index 0319064fd..24488de38 100644
> --- a/rules/host-opensc.make
> +++ b/rules/host-opensc.make
> @@ -40,7 +40,7 @@ HOST_OPENSC_CONF_OPT	:= \
>  	--disable-doc \
>  	--disable-dnie-ui \
>  	--disable-notify \
> -	--enable-tests=no \
> +	--disable-cmocka \
>  	--disable-static
>  
>  HOST_OPENSC_CPPFLAGS := -Wno-implicit-fallthrough
> diff --git a/rules/opensc.make b/rules/opensc.make
> index 0278c53f1..dac5c3ecb 100644
> --- a/rules/opensc.make
> +++ b/rules/opensc.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSC) += opensc
>  #
>  # Paths and names
>  #
> -OPENSC_VERSION	:= 0.19.0
> -OPENSC_MD5	:= 40734b2343cf83c62c4c403f8a37475e
> +OPENSC_VERSION	:= 0.23.0
> +OPENSC_MD5	:= 35c599e673ae9205550974e2dcbe0825
>  OPENSC		:= OpenSC-$(OPENSC_VERSION)
>  OPENSC_SUFFIX	:= tar.gz
>  OPENSC_URL	:= https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)/$(OPENSC).$(OPENSC_SUFFIX)
> @@ -56,7 +56,7 @@ OPENSC_CONF_OPT := \
>  	--disable-doc \
>  	--disable-dnie-ui \
>  	--disable-notify \
> -	--$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-tests \
> +	--$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-cmocka \
>  	--disable-static
>  
>  # ----------------------------------------------------------------------------
> -- 
> 2.37.2
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [APPLIED] rules: pcsc-lite: Version bumb to 1.9.8
  2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht
@ 2023-04-12  6:29   ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2023-04-12  6:29 UTC (permalink / raw)
  To: ptxdist; +Cc: Robin van der Gracht

Thanks, applied as 35fe17af125df3a8e5e2774f4ec6845a6fc1abdf.

Michael

[sent from post-receive hook]

On Wed, 12 Apr 2023 08:29:54 +0200, Robin van der Gracht <robin@protonic.nl> wrote:
> Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> Message-Id: <20230406145016.3074015-2-robin@protonic.nl>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make
> index 128489aa6b2f..d773a8bb60f2 100644
> --- a/rules/pcsc-lite.make
> +++ b/rules/pcsc-lite.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_PCSC_LITE) += pcsc-lite
>  #
>  # Paths and names
>  #
> -PCSC_LITE_VERSION	:= 1.8.23
> -PCSC_LITE_MD5		:= 3ba4b45456a500b5f1f22bf56a2dee38
> +PCSC_LITE_VERSION	:= 1.9.8
> +PCSC_LITE_MD5		:= d063c6ca17c17fab39a85132811e155d
>  PCSC_LITE_SUFFIX	:= tar.bz2
>  PCSC_LITE		:= pcsc-lite-$(PCSC_LITE_VERSION)
>  PCSC_LITE_URL		:= https://pcsclite.apdu.fr/files/$(PCSC_LITE).$(PCSC_LITE_SUFFIX)



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support
  2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht
@ 2023-04-12  6:32   ` Michael Olbrich
  2023-04-12  7:56     ` Robin van der Gracht
  0 siblings, 1 reply; 12+ messages in thread
From: Michael Olbrich @ 2023-04-12  6:32 UTC (permalink / raw)
  To: Robin van der Gracht; +Cc: ptxdist

On Thu, Apr 06, 2023 at 04:50:16PM +0200, Robin van der Gracht wrote:
> Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> ---
>  rules/pcsc-lite.in   | 5 +++++
>  rules/pcsc-lite.make | 2 +-
>  2 files changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in
> index 016a70037..de1c288c3 100644
> --- a/rules/pcsc-lite.in
> +++ b/rules/pcsc-lite.in
> @@ -18,6 +18,11 @@ menuconfig PCSC_LITE
>  
>  if PCSC_LITE
>  
> +config PCSC_LITE_USB
> +        bool "USB Support"
> +        help
> +          Add USB support.

Wrong indention. This should be tabs instead of spaces. I've fixed this
while applying the patch. In the future, please run 'ptxdist lint' before
sending patches. It will complain about all the small stuff like this.

Michael

> +
>  config PCSC_LITE_LIBUDEV
>  	bool "libudev support"
>  
> diff --git a/rules/pcsc-lite.make b/rules/pcsc-lite.make
> index d773a8bb6..0c6edcbfe 100644
> --- a/rules/pcsc-lite.make
> +++ b/rules/pcsc-lite.make
> @@ -38,7 +38,7 @@ PCSC_LITE_CONF_OPT := \
>  	$(CROSS_AUTOCONF_USR) \
>  	--$(call ptx/endis, PTXCONF_PCSC_LITE_SYSTEMD_UNIT)-libsystemd \
>  	--disable-serial \
> -	--disable-usb \
> +	--$(call ptx/endis, PTXCONF_PCSC_LITE_USB)-usb \
>  	--$(call ptx/endis, PTXCONF_PCSC_LITE_LIBUDEV)-libudev \
>  	--disable-libusb \
>  	--disable-polkit \
> -- 
> 2.37.2
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support
  2023-04-12  6:32   ` Michael Olbrich
@ 2023-04-12  7:56     ` Robin van der Gracht
  2023-04-14 10:08       ` Michael Olbrich
  0 siblings, 1 reply; 12+ messages in thread
From: Robin van der Gracht @ 2023-04-12  7:56 UTC (permalink / raw)
  To: ptxdist

On 12-04-2023 08:32, Michael Olbrich wrote:
> On Thu, Apr 06, 2023 at 04:50:16PM +0200, Robin van der Gracht wrote:
>> Signed-off-by: Robin van der Gracht <robin@protonic.nl>
>> ---
>>   rules/pcsc-lite.in   | 5 +++++
>>   rules/pcsc-lite.make | 2 +-
>>   2 files changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in
>> index 016a70037..de1c288c3 100644
>> --- a/rules/pcsc-lite.in
>> +++ b/rules/pcsc-lite.in
>> @@ -18,6 +18,11 @@ menuconfig PCSC_LITE
>>   
>>   if PCSC_LITE
>>   
>> +config PCSC_LITE_USB
>> +        bool "USB Support"
>> +        help
>> +          Add USB support.
> 
> Wrong indention. This should be tabs instead of spaces. I've fixed this
> while applying the patch. In the future, please run 'ptxdist lint' before
> sending patches. It will complain about all the small stuff like this.
> 

Ack. Thanks for pointing out the lint feature. Will do.

Robin



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0
  2023-04-12  6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich
@ 2023-04-13  7:25   ` Robin van der Gracht
  2023-04-13 13:57     ` Michael Olbrich
  0 siblings, 1 reply; 12+ messages in thread
From: Robin van der Gracht @ 2023-04-13  7:25 UTC (permalink / raw)
  To: ptxdist

[-- Attachment #1: Type: text/plain, Size: 798 bytes --]

Hi Michael,

On 12-04-2023 08:28, Michael Olbrich wrote:
> On Thu, Apr 06, 2023 at 04:50:14PM +0200, Robin van der Gracht wrote:
>> Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> 
> With this update pkcs11-tool (from host-opensc) does not work correctly any
> more. I'm getting "error: OpenSSL error during RSA private key parsing" and
> then a segfault. For example with the host-ptx-code-signing-dev package.
> I'm not sure what's wrong here.

I'm not seeing this error with our setup but we're on 2023.02.0 with 
openssl 1.1.1t.

I did notice a fix for RSA key imports in the opensc repository shortly 
after version 0.23.0 was released. I've created a ptxdist patch that 
includes that patch. It's attached to this email.

Can you verify if this fixes the error?

Kind regards,
Robin

[-- Attachment #2: 0001-opensc-Add-patch-that-fixes-RSA-private-key-imports.patch --]
[-- Type: text/x-patch, Size: 2553 bytes --]

From 7c85dd2c365031bc793cac7ba29ac67e5105e144 Mon Sep 17 00:00:00 2001
From: Robin van der Gracht <robin@protonic.nl>
Date: Thu, 13 Apr 2023 09:18:00 +0200
Subject: [PATCH] opensc: Add patch that fixes RSA private key imports

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
---
 ...1-pkcs11-tool-Fix-private-key-import.patch | 32 +++++++++++++++++++
 patches/OpenSC-0.23.0/series                  |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch
 create mode 100644 patches/OpenSC-0.23.0/series

diff --git a/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch
new file mode 100644
index 000000000..a58fc69a4
--- /dev/null
+++ b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch
@@ -0,0 +1,32 @@
+From 9294183e07ff4944e3f5e590f343f5727636767e Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 1 Dec 2022 20:08:53 +0100
+Subject: [PATCH] pkcs11-tool: Fix private key import
+
+---
+ src/tools/pkcs11-tool.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index aae205fe..cfee8526 100644
+--- a/src/tools/pkcs11-tool.c
++++ b/src/tools/pkcs11-tool.c
+@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+ 		RSA_get0_factors(r, &r_p, &r_q);
+ 		RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
+ #else
+-		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 ||
++		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
+ 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
+-			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
+ 			util_fatal("OpenSSL error during RSA private key parsing");
++			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
+ 		}
+ #endif
+ 		RSA_GET_BN(rsa, private_exponent, r_d);
+-- 
+2.37.2
+
diff --git a/patches/OpenSC-0.23.0/series b/patches/OpenSC-0.23.0/series
new file mode 100644
index 000000000..ebefe3cd1
--- /dev/null
+++ b/patches/OpenSC-0.23.0/series
@@ -0,0 +1 @@
+0001-pkcs11-tool-Fix-private-key-import.patch
-- 
2.37.2


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0
  2023-04-13  7:25   ` Robin van der Gracht
@ 2023-04-13 13:57     ` Michael Olbrich
  2023-04-17  8:54       ` Robin van der Gracht
  0 siblings, 1 reply; 12+ messages in thread
From: Michael Olbrich @ 2023-04-13 13:57 UTC (permalink / raw)
  To: Robin van der Gracht; +Cc: ptxdist

On Thu, Apr 13, 2023 at 09:25:54AM +0200, Robin van der Gracht wrote:
> Hi Michael,
> 
> On 12-04-2023 08:28, Michael Olbrich wrote:
> > On Thu, Apr 06, 2023 at 04:50:14PM +0200, Robin van der Gracht wrote:
> > > Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> > 
> > With this update pkcs11-tool (from host-opensc) does not work correctly any
> > more. I'm getting "error: OpenSSL error during RSA private key parsing" and
> > then a segfault. For example with the host-ptx-code-signing-dev package.
> > I'm not sure what's wrong here.
> 
> I'm not seeing this error with our setup but we're on 2023.02.0 with openssl
> 1.1.1t.

So probably an issue with OpenSSL 3.x

> I did notice a fix for RSA key imports in the opensc repository shortly
> after version 0.23.0 was released. I've created a ptxdist patch that
> includes that patch. It's attached to this email.
> 
> Can you verify if this fixes the error?
> 
> Kind regards,
> Robin

> From 7c85dd2c365031bc793cac7ba29ac67e5105e144 Mon Sep 17 00:00:00 2001
> From: Robin van der Gracht <robin@protonic.nl>
> Date: Thu, 13 Apr 2023 09:18:00 +0200
> Subject: [PATCH] opensc: Add patch that fixes RSA private key imports
> 
> Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> ---
>  ...1-pkcs11-tool-Fix-private-key-import.patch | 32 +++++++++++++++++++
>  patches/OpenSC-0.23.0/series                  |  1 +
>  2 files changed, 33 insertions(+)
>  create mode 100644 patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch
>  create mode 100644 patches/OpenSC-0.23.0/series
> 
> diff --git a/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch
> new file mode 100644
> index 000000000..a58fc69a4
> --- /dev/null
> +++ b/patches/OpenSC-0.23.0/0001-pkcs11-tool-Fix-private-key-import.patch
> @@ -0,0 +1,32 @@
> +From 9294183e07ff4944e3f5e590f343f5727636767e Mon Sep 17 00:00:00 2001
> +From: Jakub Jelen <jjelen@redhat.com>
> +Date: Thu, 1 Dec 2022 20:08:53 +0100
> +Subject: [PATCH] pkcs11-tool: Fix private key import
> +
> +---
> + src/tools/pkcs11-tool.c | 4 ++--
> + 1 file changed, 2 insertions(+), 2 deletions(-)
> +
> +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
> +index aae205fe..cfee8526 100644
> +--- a/src/tools/pkcs11-tool.c
> ++++ b/src/tools/pkcs11-tool.c
> +@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
> + 		RSA_get0_factors(r, &r_p, &r_q);
> + 		RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
> + #else
> +-		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 ||
> ++		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 ||
> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 ||
> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
> +-			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
> + 			util_fatal("OpenSSL error during RSA private key parsing");
> ++			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {

This is broken. Probably a bad conflict resolution. The next upstream
commit fixes this. So far it looks promising. I'll do some more testing and
clean it up.

Regards,
Michael

> + 		}
> + #endif
> + 		RSA_GET_BN(rsa, private_exponent, r_d);
> +-- 
> +2.37.2
> +
> diff --git a/patches/OpenSC-0.23.0/series b/patches/OpenSC-0.23.0/series
> new file mode 100644
> index 000000000..ebefe3cd1
> --- /dev/null
> +++ b/patches/OpenSC-0.23.0/series
> @@ -0,0 +1 @@
> +0001-pkcs11-tool-Fix-private-key-import.patch
> -- 
> 2.37.2
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [APPLIED] rules: opensc: Version bumb to 0.23.0
  2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht
                   ` (2 preceding siblings ...)
  2023-04-12  6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich
@ 2023-04-14 10:03 ` Michael Olbrich
  3 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2023-04-14 10:03 UTC (permalink / raw)
  To: ptxdist; +Cc: Robin van der Gracht

Thanks, applied as 100b1f787e5ee13198844d25aa43b3911038559e.

Michael

[sent from post-receive hook]

On Fri, 14 Apr 2023 12:03:45 +0200, Robin van der Gracht <robin@protonic.nl> wrote:
> Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> Message-Id: <20230406145016.3074015-1-robin@protonic.nl>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/rules/host-opensc.make b/rules/host-opensc.make
> index 0319064fdae4..24488de3853d 100644
> --- a/rules/host-opensc.make
> +++ b/rules/host-opensc.make
> @@ -40,7 +40,7 @@ HOST_OPENSC_CONF_OPT	:= \
>  	--disable-doc \
>  	--disable-dnie-ui \
>  	--disable-notify \
> -	--enable-tests=no \
> +	--disable-cmocka \
>  	--disable-static
>  
>  HOST_OPENSC_CPPFLAGS := -Wno-implicit-fallthrough
> diff --git a/rules/opensc.make b/rules/opensc.make
> index 0278c53f1e6a..dac5c3ecb277 100644
> --- a/rules/opensc.make
> +++ b/rules/opensc.make
> @@ -15,8 +15,8 @@ PACKAGES-$(PTXCONF_OPENSC) += opensc
>  #
>  # Paths and names
>  #
> -OPENSC_VERSION	:= 0.19.0
> -OPENSC_MD5	:= 40734b2343cf83c62c4c403f8a37475e
> +OPENSC_VERSION	:= 0.23.0
> +OPENSC_MD5	:= 35c599e673ae9205550974e2dcbe0825
>  OPENSC		:= OpenSC-$(OPENSC_VERSION)
>  OPENSC_SUFFIX	:= tar.gz
>  OPENSC_URL	:= https://github.com/OpenSC/OpenSC/releases/download/$(OPENSC_VERSION)/$(OPENSC).$(OPENSC_SUFFIX)
> @@ -56,7 +56,7 @@ OPENSC_CONF_OPT := \
>  	--disable-doc \
>  	--disable-dnie-ui \
>  	--disable-notify \
> -	--$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-tests \
> +	--$(call ptx/endis,PTXCONF_OPENSC_TESTSUITE)-cmocka \
>  	--disable-static
>  
>  # ----------------------------------------------------------------------------



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support
  2023-04-12  7:56     ` Robin van der Gracht
@ 2023-04-14 10:08       ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2023-04-14 10:08 UTC (permalink / raw)
  To: Robin van der Gracht; +Cc: ptxdist

On Wed, Apr 12, 2023 at 09:56:18AM +0200, Robin van der Gracht wrote:
> On 12-04-2023 08:32, Michael Olbrich wrote:
> > On Thu, Apr 06, 2023 at 04:50:16PM +0200, Robin van der Gracht wrote:
> > > Signed-off-by: Robin van der Gracht <robin@protonic.nl>
> > > ---
> > >   rules/pcsc-lite.in   | 5 +++++
> > >   rules/pcsc-lite.make | 2 +-
> > >   2 files changed, 6 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/rules/pcsc-lite.in b/rules/pcsc-lite.in
> > > index 016a70037..de1c288c3 100644
> > > --- a/rules/pcsc-lite.in
> > > +++ b/rules/pcsc-lite.in
> > > @@ -18,6 +18,11 @@ menuconfig PCSC_LITE
> > >   if PCSC_LITE
> > > +config PCSC_LITE_USB
> > > +        bool "USB Support"
> > > +        help
> > > +          Add USB support.
> > 
> > Wrong indention. This should be tabs instead of spaces. I've fixed this
> > while applying the patch. In the future, please run 'ptxdist lint' before
> > sending patches. It will complain about all the small stuff like this.
> > 
> 
> Ack. Thanks for pointing out the lint feature. Will do.

Sorry, I dropped it. I looked at this again, and I don't think it needs an
option. USB support by itself doesn't really do anything. From what I can
tell, most of the code depends on either udev (we have an option for that)
or libusb (that's disabled). So I think we can just enable USB
unconditionally.

Michael

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0
  2023-04-13 13:57     ` Michael Olbrich
@ 2023-04-17  8:54       ` Robin van der Gracht
  0 siblings, 0 replies; 12+ messages in thread
From: Robin van der Gracht @ 2023-04-17  8:54 UTC (permalink / raw)
  To: ptxdist

On 13-04-2023 15:57, Michael Olbrich wrote:
> On Thu, Apr 13, 2023 at 09:25:54AM +0200, Robin van der Gracht wrote:
...
>> +From 9294183e07ff4944e3f5e590f343f5727636767e Mon Sep 17 00:00:00 2001
>> +From: Jakub Jelen <jjelen@redhat.com>
>> +Date: Thu, 1 Dec 2022 20:08:53 +0100
>> +Subject: [PATCH] pkcs11-tool: Fix private key import
>> +
>> +---
>> + src/tools/pkcs11-tool.c | 4 ++--
>> + 1 file changed, 2 insertions(+), 2 deletions(-)
>> +
>> +diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
>> +index aae205fe..cfee8526 100644
>> +--- a/src/tools/pkcs11-tool.c
>> ++++ b/src/tools/pkcs11-tool.c
>> +@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
>> + 		RSA_get0_factors(r, &r_p, &r_q);
>> + 		RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
>> + #else
>> +-		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 ||
>> ++		if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 ||
>> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 ||
>> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
>> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
>> + 			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
>> +-			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
>> + 			util_fatal("OpenSSL error during RSA private key parsing");
>> ++			EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
> 
> This is broken. Probably a bad conflict resolution. The next upstream
> commit fixes this. So far it looks promising. I'll do some more testing and
> clean it up.

I only compile tested the patch.
Ok, thanks!

Kind regards,
Robin



^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2023-04-17  8:55 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-06 14:50 [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Robin van der Gracht
2023-04-06 14:50 ` [ptxdist] [PATCH 2/3] rules: pcsc-lite: Version bumb to 1.9.8 Robin van der Gracht
2023-04-12  6:29   ` [ptxdist] [APPLIED] " Michael Olbrich
2023-04-06 14:50 ` [ptxdist] [PATCH 3/3] rules: pcsc-lite: Add option for building with USB support Robin van der Gracht
2023-04-12  6:32   ` Michael Olbrich
2023-04-12  7:56     ` Robin van der Gracht
2023-04-14 10:08       ` Michael Olbrich
2023-04-12  6:28 ` [ptxdist] [PATCH 1/3] rules: opensc: Version bumb to 0.23.0 Michael Olbrich
2023-04-13  7:25   ` Robin van der Gracht
2023-04-13 13:57     ` Michael Olbrich
2023-04-17  8:54       ` Robin van der Gracht
2023-04-14 10:03 ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox