jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

ykpivmgr: update to 1.7.0.

Browse source 
Patch is submited upstream at https://github.com/Yubico/yubico-piv-tool/pull/212
This commit is contained in:
Doan Tran Cong Danh 2019-10-02 10:39:34 +07:00 committed by Helmut Pozimski
parent 033794a915
commit 70f72a540b
3 changed files with 27 additions and 162 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

158
srcpkgs/ykpivmgr/patches/libressl.patch
View file

@ -1,158 +0,0 @@
--- tool/openssl-compat.c
+++ tool/openssl-compat.c
@@ -71,6 +71,10 @@
*iqmp = r->iqmp;
}
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest)
{
@@ -80,4 +84,4 @@
*pdigest = sig->digest;
}
-#endif /* OPENSSL_VERSION_NUMBER */
+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
--- tool/openssl-compat.h
+++ tool/openssl-compat.h
@@ -20,7 +20,6 @@
#include <openssl/ecdsa.h>
#include <openssl/dh.h>
#include <openssl/evp.h>
-#include <openssl/x509.h>
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
void RSA_get0_key(const RSA *r,
@@ -29,9 +28,15 @@
void RSA_get0_crt_params(const RSA *r,
const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp);
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+#include <openssl/x509.h>
+
void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
ASN1_OCTET_STRING **pdigest);
+#endif /* OPENSSL_VERSION_NUMBER || defined(LIBRESSL_VERSION_NUMBER) */
#endif /* _WINDOWS */
-#endif /* OPENSSL_VERSION_NUMBER */
#endif /* LIBCRYPTO_COMPAT_H */
--- tool/yubico-piv-tool.c
+++ tool/yubico-piv-tool.c
@@ -124,7 +124,7 @@
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
static int ec_key_ex_data_idx = -1;
struct internal_key {
@@ -688,7 +688,7 @@
goto request_out;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
memcpy(digest, oid, oid_len);
/* XXX: this should probably use X509_REQ_digest() but that's buggy */
if(!ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ_INFO), md, req->req_info,
@@ -721,7 +721,7 @@
fprintf(stderr, "Failed signing request.\n");
goto request_out;
}
- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
+ ASN1_BIT_STRING_set(req->signature, signature, sig_len);
/* mark that all bits should be used. */
req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
}
@@ -751,7 +751,7 @@
EVP_PKEY_free(public_key);
}
if(req) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
if(req->sig_alg->parameter) {
req->sig_alg->parameter = NULL;
}
@@ -884,7 +884,7 @@
if(nid == 0) {
goto selfsign_out;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
if(YKPIV_IS_RSA(algorithm)) {
signinput = digest;
len = oid_len + md_len;
@@ -912,7 +912,7 @@
fprintf(stderr, "Failed signing certificate.\n");
goto selfsign_out;
}
- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
+ ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
/* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
* should be subtracted from the bit string, thus making sure that the
* certificate can be validated. */
@@ -941,7 +941,7 @@
fclose(output_file);
}
if(x509) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
if(x509->sig_alg->parameter) {
x509->sig_alg->parameter = NULL;
x509->cert_info->signature->parameter = NULL;
diff --git ykcs11/openssl_utils.c ykcs11/openssl_utils.c
index 68fb29a..5a7f85d 100644
--- ykcs11/openssl_utils.c
+++ ykcs11/openssl_utils.c
@@ -165,7 +165,7 @@ CK_RV do_create_empty_cert(CK_BYTE_PTR in, CK_ULONG in_len, CK_BBOOL is_rsa,
X509_set_notBefore(cert, tm);
X509_set_notAfter(cert, tm);
-#if OPENSSL_VERSION_NUMBER < 10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
// Manually set the signature algorithms.
// OpenSSL 1.0.1i complains about empty DER fields
// 8 => md5WithRsaEncryption
diff --git ykcs11/tests/ykcs11_tests.c ykcs11/tests/ykcs11_tests.c
index 9fb51da..257c938 100644
--- ykcs11/tests/ykcs11_tests.c
+++ ykcs11/tests/ykcs11_tests.c
@@ -274,7 +274,7 @@ static void test_login() {
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if !((OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER))
static int bogus_sign(int dtype, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, const RSA *rsa) {
sigret = malloc(1);
@@ -385,7 +385,7 @@ static void test_import_and_sign_all_10() {
X509_set_notBefore(cert, tm);
X509_set_notAfter(cert, tm);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
cert->sig_alg->algorithm = OBJ_nid2obj(8);
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);
@@ -583,7 +583,7 @@ static void test_import_and_sign_all_10_RSA() {
X509_set_notBefore(cert, tm);
X509_set_notAfter(cert, tm);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
/* putting bogus data to signature to make some checks happy */
cert->sig_alg->algorithm = OBJ_nid2obj(8);
cert->cert_info->signature->algorithm = OBJ_nid2obj(8);

22
srcpkgs/ykpivmgr/patches/ssl_obsolete.patch Normal file
View file

@ -0,0 +1,22 @@
diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c
index d7e11d5..7cd15e3 100644
--- a/tool/yubico-piv-tool.c
+++ b/tool/yubico-piv-tool.c
@@ -751,7 +751,7 @@ static bool request_certificate(ykpiv_state *state, enum enum_key_format key_for
fprintf(stderr, "Failed signing request.\n");
goto request_out;
}
- M_ASN1_BIT_STRING_set(req->signature, signature, sig_len);
+ ASN1_STRING_set(req->signature, signature, sig_len);
/* mark that all bits should be used. */
req->signature->flags = ASN1_STRING_FLAG_BITS_LEFT;
}
@@ -1007,7 +1007,7 @@ static bool selfsign_certificate(ykpiv_state *state, enum enum_key_format key_fo
fprintf(stderr, "Failed signing certificate.\n");
goto selfsign_out;
}
- M_ASN1_BIT_STRING_set(x509->signature, signature, sig_len);
+ ASN1_STRING_set(x509->signature, signature, sig_len);
/* setting flags to ASN1_STRING_FLAG_BITS_LEFT here marks that no bits
* should be subtracted from the bit string, thus making sure that the
* certificate can be validated. */

9
srcpkgs/ykpivmgr/template
View file

@ -6,8 +6,8 @@ _libykcs_name="libykcs11"
_libykcs_desc="Yubikey PIV pkcs11 library"
pkgname=ykpivmgr
version=1.5.0
revision=5
version=1.7.0
revision=1
wrksrc="${_real_name}-${version}"
build_style=gnu-configure
configure_args="--enable-doxygen-man --program-transform-name='s/^yubico-piv-tool$/ykpivmgr/'"
@ -15,10 +15,11 @@ hostmakedepends="automake libtool gengetopt pkg-config doxygen perl"
makedepends="libressl-devel check-devel pcsclite-devel"
short_desc="Yubikey PIV management tool"
maintainer="Aloz1 <kno0001@gmail.com>"
license="BSD"
license="BSD-2-Clause"
homepage="https://developers.yubico.com/${_real_name}"
distfiles="https://developers.yubico.com/${_real_name}/Releases/${_real_name}-${version}.tar.gz"
checksum=c18375179ba25bf9d61365b3903f033f112897bbd54ca63c62fa153f2d05aaab
checksum=b428527e4031453a637128077983e782e9fea25df98e95e0fc27819b2e82fd7f
patch_args="-Np1"
post_extract() {
sed -i '/^yubico-piv-tool.1/,$d' tool/Makefile.am