[pkg-opensc-commit] [opensc] 02/04: debian/patches/0001-pkcs15_compute_cert_length.diff: Fix for cert length computation on EID cards. Thanks to Martin-Éric Racine and apologies to Belgium for the delay. (Closes: #721588)

Eric Dorland eric at moszumanska.debian.org
Sun Mar 23 19:03:38 UTC 2014 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit af597134d8d1185b765e142c1e2e9edaf2067853
Author: Eric Dorland <eric at debian.org>
Date:   Sat Mar 22 17:24:49 2014 -0400

    debian/patches/0001-pkcs15_compute_cert_length.diff: Fix for cert length computation on EID cards. Thanks to Martin-Éric Racine and apologies to Belgium for the delay. (Closes: #721588)
---
 debian/changelog                                   |   3 +
 .../patches/0001-pkcs15_compute_cert_length.diff   | 109 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 3 files changed, 113 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1981a55..ac5da08 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ opensc (0.13.0-4) unstable; urgency=medium
 
   * debian/control, debian/rules: Switch to dh-autoreconf. (Closes:
     #735380)
+  * debian/patches/0001-pkcs15_compute_cert_length.diff: Fix for cert
+    length computation on EID cards. Thanks to Martin-Éric Racine and
+    apologies to Belgium for the delay. (Closes: #721588)
 
  --
 
diff --git a/debian/patches/0001-pkcs15_compute_cert_length.diff b/debian/patches/0001-pkcs15_compute_cert_length.diff
new file mode 100644
index 0000000..b2de773
--- /dev/null
+++ b/debian/patches/0001-pkcs15_compute_cert_length.diff
@@ -0,0 +1,109 @@
+From cc5a171ddcc8e49b2252135daac9ad3aa6d66ae7 Mon Sep 17 00:00:00 2001
+From: Viktor Tarasov <viktor.tarasov at gmail.com>
+Date: Tue, 25 Dec 2012 20:05:45 +0100
+Subject: [PATCH] pkcs15: regression in e35febe: compute cert length
+
+parse_x509_cert() reviewed.
+Now certificate's DER data are allocated and the DER data length is determined in one place.
+
+https://github.com/OpenSC/OpenSC/pull/114
+https://github.com/OpenSC/OpenSC/commit/e35febe
+---
+ src/libopensc/pkcs15-cert.c | 37 +++++++++++++++++++------------------
+ 1 file changed, 19 insertions(+), 18 deletions(-)
+
+--- a/src/libopensc/pkcs15-cert.c
++++ b/src/libopensc/pkcs15-cert.c
+@@ -34,13 +34,13 @@
+ #include "pkcs15.h"
+ 
+ static int
+-parse_x509_cert(sc_context_t *ctx, const u8 *buf, size_t buflen, struct sc_pkcs15_cert *cert)
++parse_x509_cert(sc_context_t *ctx, struct sc_pkcs15_der *der, struct sc_pkcs15_cert *cert)
+ {
+ 	int r;
+ 	struct sc_algorithm_id sig_alg;
+-	struct sc_pkcs15_pubkey  * pubkey = NULL;
+-	u8 *serial = NULL;
+-	size_t serial_len = 0;
++	struct sc_pkcs15_pubkey *pubkey = NULL;
++	unsigned char *serial = NULL, *buf =  der->value;
++	size_t serial_len = 0, data_len = 0, buflen = der->len;
+ 	struct sc_asn1_entry asn1_version[] = {
+ 		{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, &cert->version, NULL },
+ 		{ NULL, 0, 0, 0, NULL, NULL }
+@@ -87,30 +87,32 @@ parse_x509_cert(sc_context_t *ctx, const
+ 	if (obj == NULL)
+ 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "X.509 certificate not found");
+ 
+-	cert->data.len = objlen + (obj - buf);
++	data_len = objlen + (obj - buf);
++	cert->data.value = malloc(data_len);
++	if (!cert->data.value)
++		LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
++	memcpy(cert->data.value, buf, data_len);
++	cert->data.len = data_len;
++
+ 	r = sc_asn1_decode(ctx, asn1_cert, obj, objlen, NULL, NULL);
+ 	LOG_TEST_RET(ctx, r, "ASN.1 parsing of certificate failed");
+ 
+ 	cert->version++;
+ 
+-	if (pubkey) {
+-		cert->key = pubkey;
+-		pubkey = NULL;
+-	}
+-	else {
++	if (!pubkey)
+ 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_ASN1_OBJECT, "Unable to decode subjectPublicKeyInfo from cert");
+-	}
++	cert->key = pubkey;
++
+ 	sc_asn1_clear_algorithm_id(&sig_alg);
+-	if (r < 0)
+-		return r;
+ 
+ 	if (serial && serial_len)   {
+ 		sc_format_asn1_entry(asn1_serial_number + 0, serial, &serial_len, 1);
+ 		r = sc_asn1_encode(ctx, asn1_serial_number, &cert->serial, &cert->serial_len);
+ 		free(serial);
++		LOG_TEST_RET(ctx, r, "ASN.1 encoding of serial failed");
+ 	}
+ 
+-	return r;
++	return SC_SUCCESS;
+ }
+ 
+ 
+@@ -125,7 +127,7 @@ sc_pkcs15_pubkey_from_cert(struct sc_con
+ 	if (cert == NULL)
+ 		return SC_ERROR_OUT_OF_MEMORY;
+ 
+-	rv = parse_x509_cert(ctx, cert_blob->value, cert_blob->len, cert);
++	rv = parse_x509_cert(ctx, cert_blob, cert);
+ 
+ 	*out = cert->key;
+ 	cert->key = NULL;
+@@ -158,20 +160,19 @@ sc_pkcs15_read_certificate(struct sc_pkc
+ 		return SC_ERROR_OBJECT_NOT_FOUND;
+ 	}
+ 
+-
+ 	cert = malloc(sizeof(struct sc_pkcs15_cert));
+ 	if (cert == NULL) {
+ 		free(der.value);
+ 		return SC_ERROR_OUT_OF_MEMORY;
+ 	}
+ 	memset(cert, 0, sizeof(struct sc_pkcs15_cert));
+-	if (parse_x509_cert(p15card->card->ctx, der.value, der.len, cert)) {
++	if (parse_x509_cert(p15card->card->ctx, &der, cert)) {
+ 		free(der.value);
+ 		sc_pkcs15_free_certificate(cert);
+ 		return SC_ERROR_INVALID_ASN1_OBJECT;
+ 	}
++	free(der.value);
+ 
+-	cert->data = der;
+ 	*cert_out = cert;
+ 	return SC_SUCCESS;
+ }
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..c3eda77
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+0001-pkcs15_compute_cert_length.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git

More information about the pkg-opensc-commit mailing list