Path to this page:
./
security/opensc,
Smart Card drivers and middleware
Branch: CURRENT,
Version: 0.25.1nb3,
Package name: opensc-0.25.1nb3,
Maintainer: pkgsrc-usersOpenSC provides a set of libraries and utilities to access smart cards.
Its main focus is on cards that support cryptographic operations, and
facilitate their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11 API
so applications supporting this API such as Mozilla Firefox and Thunderbird
can use it. OpenSC implements the PKCS#15 standard and aims to be compatible
with every software that does so, too.
Required to run:[
textproc/libxslt] [
security/openssl] [
security/pcsc-lite]
Required to build:[
textproc/docbook-xsl] [
pkgtools/cwrappers]
Package options: pcsc-lite
Master sites:
Filesize: 1958.033 KB
Version history: (Expand)
- (2024-11-01) Updated to version: opensc-0.25.1nb3
- (2024-11-01) Updated to version: opensc-0.25.1nb2
- (2024-05-29) Updated to version: opensc-0.25.1nb1
- (2024-04-05) Updated to version: opensc-0.25.1
- (2024-03-07) Updated to version: opensc-0.25.0
- (2024-02-01) Updated to version: opensc-0.24.0
CVS history: (Expand)
2024-04-05 15:46:22 by Adam Ciarcinski | Files touched by this commit (2) | |
Log message:
opensc: updated to 0.25.1
OpenSC 0.25.1
General improvements
Add missing file to dist tarball to build documentation
minidriver
Fix RSA decryption with PKCS#1 v1.5 padding
Fix crash when app is not set
|
2024-03-07 11:00:27 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
opensc: updated to 0.25.0
New in 0.25.0; 2024-03-06
Security
CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in \
OpenSC
CVE-2024-1454: Potential use-after-free in AuthentIC driver during card \
enrollment in pkcs15init
General improvements
Update OpenSSL 1.1.1 to 3.0 in MacOS build
Remove support for old card drivers Akis, GPK, Incrypto34 and Westcos, disable \
Cyberflex driver
Fix 64b to 32b conversions
Improvements for the p11test
Fix reader initialization without SCardControl
Make RSA PKCS#1 v1.5 depadding constant-time
Add option for disabling PKCS#1 v1.5 depadding (type 01 and 02) on the card
Enable MSI signing via Signpath CI integration for Windows
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and \
PKCS#15 layer
minidriver
Fix wrong hash selection
pkcs11-tool
Simplify printing EC keys parameters
Add option to import GENERIC key
Add support for importing Ed25518/448 keys
drust-tool
Add tool for D-Trust cards
IDPrime
Support uncompressed certificates on IDPrime 940
Enhance IDPrime logging
Add SafeNet 5110+ FIPS token support
D-Trust Signature Cards
Add support for RSA D-Trust Signature Card 4.1 and 4.4
EstEID
Remove expired EstEID 3.* card support
ePass2003
Allow SW implementation with more SHA2 hashes and ECDSA
Fix EC key generation
SmartCard-HSM
Fix SELECT APDU command
MyEID
Update for PKCS#15 profile
Rutoken
Support for RSA 4096 key algorithm
OpenPGP
Fix decryption requiting Manage Security Environment for authentication key
|
2024-02-01 15:19:15 by Adam Ciarcinski | Files touched by this commit (3) | |
Log message:
opensc: updated to 0.24.0
New in 0.24.0; 2023-12-13
Security
CVE-2023-40660: Fix Potential PIN bypass
CVE-2023-40661: Important dynamic analyzers reports
CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using \
symmetric keys (f1993dc)
General improvements
Fix compatibility of EAC with OpenSSL 3.0
Enable use_file_cache by default
Use custom libctx with OpenSSL >= 3.0
Fix record-based files
Fix several race conditions
Run tests under Valgrind
Test signing of data bigger than 512 bytes
Update to OpenPACE 1.1.3
Implement logout for some of the card drivers
Fix wrong popup position of opensc-notify
Fixed various issues reported by OSS-Fuzz and Coverity regarding card drivers, \
PKCS#11 and PKCS#15 init
PKCS#11
Check card presence state in C_GetSessionInfo
Remove onepin-opensc-pkcs11 module
Do not use colons in the token info label
Present profile objects in all slots with the CKA_TOKEN attribute to resolve \
issues with NSS
Use secure memory for PUK
Don't logout to preserve concurrent access from different processes
Add more examples to manual page
Present profile objects in all virtual slots
Provide CKA_TOKEN attribute for profile objects
Improve --slot parameter documentation
PKCS#15
Honor cache offsets when writing file cache
Prevent needless amount of PIN prompts from pkcs15init layer
Propagate CKA_EXTRACTABLE and SC_PKCS15_PRKEY_ACCESS_SENSITIVE from and back to \
PKCS#11
Minidriver
Fix for private keys that do not need a PIN
Unbreak decipher when the first null byte of PKCS#1.5 padding is missing
pkcs11-tool
Fix RSA key import with OpenSSL 3.0
Add support for attribute filtering when listing objects
Add support for --private flag when writing certificates
Add support for non-AEAD ciphers to the test mode
Show CKA_SIGN attribute for secret keys
Do not attempt to read CKA_ALWAYS_AUTHENTICATE on secret keys
Show Sign/VerifyRecover attributes
Add option to import generic keys
westcos-tool
Generate 2k RSA keys by default (b53fc5c)
pkcs11-register
Disable autostart on Linux by default
IDPrime
Add support for IDPrime MD 830, 930 and 940
Add support for SafeNet eToken 5110 token
Process index even without keyrefmap and use correct label for second PIN
Add support for Gemalto IDPrime 940C
EPass2003
Change of PIN requires verification of the PIN
Fix incorrect CMAC computation for subkeys
Use true random number for mutual authentication for SM
Add verification of data coming from the token in the secure messaging mode
Avoid success when using unsupported digest and fix data length for RAW ECDSA \
signatures
OpenPGP
Fix select data command
Unbreak ed/curve25519 support
eOI
Add support for Slovenian eID card (eOI)
Italian CNS
Add support for IDEMIA (Oberthur) tokens
PIV
Add support for Swissbit iShield FIDO2 Authenticator
Implement PIV secure messaging
SkeID
Add support for Slovak eID cards
isoApplet
Support ECDSA with off-card hashing
MyEID
Fix WRAP operation when using T0
Identify changes on the card and enable use_file_cache
Workaround for unwrapping using 2K RSA key
SC-HSM
Add support for opensc-tool --serial
Fix unwrapping of 4096 keys with handling reader limits
Indicate supported hashes and MGF1s
|
2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message:
*: recursive bump for icu 74.1
|
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message:
*: bump for openssl 3
|
2023-08-14 18:08:32 by Emmanuel Dreyfus | Files touched by this commit (3) | |
Log message:
Fix for security/opensc regression
When security/opensc was updated to 0.23.0, it gained a
--enable-notify configure flag.
The feature adds a libopensc dependency on libglib, which in turns
brings libpthread into the game.
When using the opensc-pkcs11.so module with a non threaded program
such as ssh(1), libopensc will load some thread-enabled glib function
that attemps to initialize pthread stuff. That would require libpthread
to be linked in, and if it is not the case, module load aborts.
Here is the crash in action:
Program received signal SIGABRT, Aborted.
0x000072403899c46a in _lwp_kill () from /lib/libc.so.12
(gdb) bt
#0 0x000072403899c46a in _lwp_kill () from /lib/libc.so.12
#1 0x0000724038849223 in __libc_thr_create_stub () from /lib/libc.so.12
#2 0x0000724036a9c3ee in ?? ()
#3 0x0000000000000000 in ?? ()
This change turns the notify feature into a disabled by default
option so that opensc-pkcs11.so can work agan with ssh(1).
|
2023-06-06 14:42:56 by Taylor R Campbell | Files touched by this commit (1319) |
Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.
Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).
No change to BUILD_DEPENDS as used correctly inside buildlink3.
As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html
|
2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | |
Log message:
revbump after textproc/icu update
|