./security/opensc, Smart Card drivers and middleware

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.16.0, Package name: opensc-0.16.0, Maintainer: pkgsrc-users

OpenSC provides a set of libraries and utilities to access smart cards.
Its main focus is on cards that support cryptographic operations, and
facilitate their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11 API
so applications supporting this API such as Mozilla Firefox and Thunderbird
can use it. OpenSC implements the PKCS#15 standard and aims to be compatible
with every software that does so, too.


Required to run:
[textproc/libxslt] [security/pcsc-lite]

Required to build:
[textproc/docbook-xsl]

Package options: pcsc-lite

Master sites:

SHA1: 8a5616ac514c4fbad50b0505dc61f082de3e479c
RMD160: f785df816560493baceb71e2197346c724fc0834
Filesize: 1719.158 KB

Version history: (Expand)


CVS history: (Expand)


   2016-08-04 15:08:25 by Makoto Fujiwara | Files touched by this commit (7) | Package updated
Log message:
Updated security/opensc to 0.16.0
--------------------------------
New in 0.16.0; 2016-05-15
* build
    link OpenSSL in static
    option: enable PKCS11 thread locking
* configuration
    use one configuration file for all systems
* tools:
    package revision as version
  ** pkcs11-tool
       keygen mechanism in pkcs11 tools
       write GOST public key
       fix CKA_SENSITIVE attribute of public keys
  ** opensc-explorer:
       added command find_tags
       allow ASN.1 decoding if the file seems incomplete
  ** pkcs15-tool:
       handle record-based files when doing file caching
       option to prine raw data
  ** sc-hsm-tool:
       status info support for SmartCard-HSM V2.0
  ** doc: some missing options are documented, added documentation
       for gid tool
* minidriver:
  support for ECC
  Windows x509 enrollment
  first implementation of CardDeleteContainer
  MD logs controlled by register and environment variable
* reader-pcsc
  fixed unreleased locks with pcsc-lite
  honour PC/SC pt 10 dwMaxAPDUDataSize
  added call back for getting vendor/product id
  restrict access to card handles after fork
  SCardGetAttrib is used to initialize reader's metadata
  by default only short APDUs supported
* pkcs11
  no slot reserved for hot plug
  no more slot created 'per-applications'
  atomic operation (TODO: expand)
  export all C_* symbols
  metadata initialized from package info
  fix registering pkcs11 mechanisms multiple times
  sloppy initialization for C_GetSlotInfo
* pkcs15
  cache of on-card files extended to application paths
  configuration option to enable/disable application
  make file cache dir configurable
  in key info data type introduced 'auxiliary data' -- container
      for the non-pkc15 data.
* OpenPGP
  support for Gnuk -- USB cryptographic token for GNU Privacy Guard
  build without OpenSSL
  implemented 'erase card'
  additional manufacturers
* MyEID
  support for 521 bit ECC keys
  ATRs for the new cards
* sc-hsm
  read/write support in minidriver
* rtecp
  delete keys
* GemSafeV1
  support for European Patent Office smart card
  sign with SHA256
* Gids
  first support for Gids smart card
* dnie
* Feitian PKI card
  new ATRs
* IsoApplet
  (fixes)
* starcos
  initial support for STARCOS 3.4 (German D-Trust cards)
* macosx
  install tokend to /Library/Security/ instead /System/Library/Security/
  fixed locking issue in pcsc reader
* PIV
  allow using of cards where default application in not PIV
  support for the Yubikey NEO
* italian-CNS
  italian-cns reg file for minidriver
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-09-07 22:00:09 by Greg Troxel | Files touched by this commit (1)
Log message:
Add patch that belongs in last commit
   2015-09-07 21:59:42 by Greg Troxel | Files touched by this commit (12) | Package updated
Log message:
Update to 0.15.0.  Some pkgsrc patches are now upstream.  Don't
install new bash completion files, given a lack of pkgsrc doctrine for
where they go.

New in 0.15.0; 2015-05-11
* new card drivers
  AzeDIT 3.5
  IsoApplet
  MaskTech
* libopensc
  allow extended length APDUs
  accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
  fixed sc_driver_version check
  adjusted send/receive size accoriding to card capabilities
  in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
  support multi-bytes tags
* pkcs15
  reviewed support and tool functions for public key
  public certs and pubkeys with an auth_id are treated as private
* pkcs11
  introduced  default PKCS#11 provider
  fetched real value of CKA_LOCAL for pubkey
  removed inconsistent attributes
  C_Digest issues
    no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
  target minimum OSX version to 10.7
  update the minimal building instructions.
  locate and target the latest SDK to build against.
  locate the best newest SDK present on the computer.
* build
  disable Secure Messaging if OpenSSL is not used
* tools
  util_get_pin helper function
* PIV
  Add AES support for PIV General Authenticate
  fixed invalid bit when writing PIV certificate object with gzipped certificate
  fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
  fixed failure due to re-authenticate of secure messaging when card is accessed
      by multiple PKCS11 sessions
* MyEID
  EC support for MyEID-v4 card
* openpgp
  extended options for openpgp-tool
* asepcos
  fixed puk handling
* sc-hsm
  support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
  improved error detection and reporting in sc-hsm-tool
  fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
  fix certificate delete bug
* IAS/ECC
  fixed PKCS#11 compliance issues
  support for Morpho IAS Agent Card
* cardos
  overwrite content of deleted private key
* win32
  setup improuvement
     look & feel
     custom actions with card registration
  minidriver impouvement
     fixed errors and warnings returned by Microsoft quality tool
     pin-pad support

New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
    Swedish eID card (gemsafeV1)
    EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
    return to the standard use of 'autoconf'
    CI specific bootstrap script: git commit stamp for the built packages
    windows friendly compile settings
    fixed a ton of compiler warnings
    fence against using EVP_sha256 mech
    debian packaging templates
    compile without OpenSSL and without SM
    enable compiler warnings by default
    win32
        add 'VarFileInfo' block to version-info
        include to MSI package 'openpgp-tool.exe'
        'version-info' resource for each target
* macOSX
    "graphical uninstaller" to distribution DMG
    update package building to modern tools
    new tool and SDK paths for OS X 10.8
    improved opensc-installer from distribution
    osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
    build 'fat' binaries i386
* common
    added getpass implementation for non windows
* libopensc
    allow for the pin to be entered on the keypad during issuing
    introduce 'encoded-content' to the sc_file data
    general usage method to allocate generalized time
* minidriver
    implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
    improved management of GUID
    use reader pin pad if available and allowed
    configuration options for
        compose GUID
        refuse create container mechanism
    add registers file for feitian cards
    fixed
        return code in 'CardGetContainerInfo'
        returned 'tries-left' for blocked card
        length of stripped data in RSADecrypt
* pkcs#11
    bind non-recognized card, generic 'init-token' procedure
    fixed
        CKA_VALUE of 'public-key' object
        fix ASN1 encoding issues
        PIN-NOT-INITIALIZED for the non-user PINs
        buffers overflow
        segfault due to the undefined 'application-file'
* pkcs15
    'direct' public key in PuKDF encoding
    implement SPKI public key encoding
    include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
    fixed
        encoding of 'SubjectPublicKeyInfo'
        DER encoding of 'issuer' and 'subject'
        PIN validation in 'pkcs15-verify'
        public key algorithm
        ECC public key encoding
        ECC ecpointQ
* pkcs15init
    introduce 'max-unblocks' PIN init parameter
    keep cert. blob in cert-info data
    file 'content' and 'prop-attrs' in the card profile
    in profile more AC operations are parsed
    fixed
        NULL pointer dereference error
        NULL 'store-key' handle
        ignore if no TokenInfo file to update
        set EC pubkey parameters from init data
* reader-pcsc
    fixed
        implicit pin modification
        pin checking when implicitly given
        verify/modify pinpad commands
* SM
    common SM 'increase-sequence-counter' procedure
    move SM APDU procedures to dedicated source file
    move SM common crypto procedures to the dedicated library
* doc
    documentation for --list-token-slots
* default driver
    do not send possibly arbitrary APDU-s to an unknown card.
    by default 'default' card driver is disabled
* sc-hsm
    Added support for
        persistent EC public keys generated from certificate signing requests
        token label to be set via C_InitToken or sc-hsm-tool
        unblock PIN using C_InitPIN()
    initialize EC key params
    fixed
        bug that prevents a newly generated 2048 key to show up at the PKCS#11 \ 
interface
        bug when changing SO-PIN with opensc-explorer sc-hsm-tool
        memory checking and removed warning
        problem deleting CA certificates sc-hsm
        public key format returned when generating ECC keys
    sc-hsm-tool
        better error handling for non-SmartCard-HSM cards
        support for DKEK password sharing scheme
        threshold scheme parameters to manpage
        crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
    simplify the compute signature operation
* PIV
    use SPKI encoding for public key data
    extract public key from cert if no object on card
    fix
        segfault and valgrind issue
        gen_key to expect the proper PIV Key references
* CardOS
    build for Windows
    use information from AlgorithmInfo
    supported CardOS V5.0
* epass2003
    key generation allows stricter privkey/pubkey ACLs
    list_files implemented
    properly disable padding
    allow exponents other than 65537
* myeid
    fixed file-id in myeid.profile
* entersafe
    fix a bug when writing public key
* EstEID
    match card only based on presence of application.
* pteid
    do not call the iso7816 driver get_response operation
* myeid
    support of EC key is broken
   2015-08-27 21:06:44 by Joerg Sonnenberger | Files touched by this commit (1)
Log message:
When replacing a buildlink3.mk inclusion with a plain BUILD_DEPENDS,
it helps to replace BUILDLINK_PREFIX, too. Hi wiz!
   2015-08-23 22:34:07 by Thomas Klausner | Files touched by this commit (3)
Log message:
Use BUILD_DEPENDS instead of including buildlink3.mk for docbook-xsl.
   2014-03-17 19:21:43 by Greg Troxel | Files touched by this commit (2)
Log message:
Stop forcing pcsc-lite's library to be the libtool version.

opensc upstream has removed the use of ltdl.  Thus, it is not longer
reasonable to expect it to be able to dlopen a .la file.  So pass the
.so, not the .la, to configure, when using the pcsc-lite (default)
option.  Resolves a failure of pkcs15-init to load modules.