3 files changed, 89 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch b/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch
new file mode 100644
index 0000000000..e270a8e2e6
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch
@@ -0,0 +1,33 @@
+From 6f868bbcd9e65447f459f74381c09d1e315a32f6 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 1 Dec 2022 20:08:53 +0100
+Subject: [PATCH 1/2] pkcs11-tool: Fix private key import
+Upstream-Status: Backport
+---
+ src/tools/pkcs11-tool.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index aae205fe2cd6..cfee8526d5b0 100644
+--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
+@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+                RSA_get0_factors(r, &r_p, &r_q);
+                RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
+ #else
+-               if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 ||
+               if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 ||
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 ||
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
+-                       EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
+                        util_fatal("OpenSSL error during RSA private key parsing");
+                       EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
+                }
+ #endif
+                RSA_GET_BN(rsa, private_exponent, r_d);
+-- 
+2.30.2
diff --git a/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch b/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch
new file mode 100644
index 0000000000..880a13ac61
--- /dev/null
+++ b/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch
@@ -0,0 +1,54 @@
+From 4b5702409e7feea8cb410254285c120c57c10e1b Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Thu, 1 Dec 2022 20:11:41 +0100
+Subject: [PATCH 2/2] pkcs11-tool: Log more information on OpenSSL errors
+Upstream-Status: Backport
+---
+ src/tools/pkcs11-tool.c | 15 ++++++---------
+ 1 file changed, 6 insertions(+), 9 deletions(-)
+diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
+index cfee8526d5b0..f2e6b1dd91cd 100644
+--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
+@@ -3641,10 +3641,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+        const BIGNUM *r_dmp1, *r_dmq1, *r_iqmp;
+        r = EVP_PKEY_get1_RSA(pkey);
+        if (!r) {
+-               if (private)
+-                       util_fatal("OpenSSL error during RSA private key parsing");
+-               else
+-                       util_fatal("OpenSSL error during RSA public key parsing");
+               util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public",
+                       ERR_error_string(ERR_peek_last_error(), NULL));
+        }
+ 
+        RSA_get0_key(r, &r_n, &r_e, NULL);
+@@ -3654,10 +3652,8 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+        BIGNUM *r_dmp1 = NULL, *r_dmq1 = NULL, *r_iqmp = NULL;
+        if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &r_n) != 1 ||
+                EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &r_e) != 1) {
+-               if (private)
+-                       util_fatal("OpenSSL error during RSA private key parsing");
+-               else
+-                       util_fatal("OpenSSL error during RSA public key parsing");
+               util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public",
+                       ERR_error_string(ERR_peek_last_error(), NULL));
+         }
+ #endif
+        RSA_GET_BN(rsa, modulus, r_n);
+@@ -3674,8 +3670,9 @@ parse_rsa_pkey(EVP_PKEY *pkey, int private, struct rsakey_info *rsa)
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 ||
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 ||
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 ||
+-                       util_fatal("OpenSSL error during RSA private key parsing");
+                        EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
+                       util_fatal("OpenSSL error during RSA private key parsing: %s",
+                               ERR_error_string(ERR_peek_last_error(), NULL));
+                }
+ #endif
+                RSA_GET_BN(rsa, private_exponent, r_d);
+-- 
+2.30.2
diff --git a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb b/meta-oe/recipes-support/opensc/opensc_0.23.0.bb
index b0f147c798..f68107df87 100644
--- a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb
+++ b/meta-oe/recipes-support/opensc/opensc_0.23.0.bb
@@ -14,6 +14,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
 #v0.21.0
 SRCREV = "5497519ea6b4af596628f8f8f2f904bacaa3148f"
 SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
+           file://0001-pkcs11-tool-Fix-private-key-import.patch \
+           file://0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch \
          "
 DEPENDS = "virtual/libiconv openssl"

diff --git a/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch b/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch new file mode 100644 index 0000000000..e270a8e2e6 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/0001-pkcs11-tool-Fix-private-key-import.patch
@@ -0,0 +1,33 @@
		1	From 6f868bbcd9e65447f459f74381c09d1e315a32f6 Mon Sep 17 00:00:00 2001
		2	From: Jakub Jelen <jjelen@redhat.com>
		3	Date: Thu, 1 Dec 2022 20:08:53 +0100
		4	Subject: [PATCH 1/2] pkcs11-tool: Fix private key import
		5
		6	Upstream-Status: Backport
		7	---
		8	src/tools/pkcs11-tool.c \| 4 ++--
		9	1 file changed, 2 insertions(+), 2 deletions(-)
		10
		11	diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
		12	index aae205fe2cd6..cfee8526d5b0 100644
		13	--- a/src/tools/pkcs11-tool.c
		14	+++ b/src/tools/pkcs11-tool.c
		15	@@ -3669,13 +3669,13 @@ parse_rsa_pkey(EVP_PKEY pkey, int private, struct rsakey_info rsa)
		16	RSA_get0_factors(r, &r_p, &r_q);
		17	RSA_get0_crt_params(r, &r_dmp1, &r_dmq1, &r_iqmp);
		18	#else
		19	- if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_d) != 1 \|\|
		20	+ if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_D, &r_d) != 1 \|\|
		21	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR1, &r_p) != 1 \|\|
		22	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 \|\|
		23	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 \|\|
		24	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 \|\|
		25	- EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT3, &r_iqmp) != 1) {
		26	util_fatal("OpenSSL error during RSA private key parsing");
		27	+ EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
		28	}
		29	#endif
		30	RSA_GET_BN(rsa, private_exponent, r_d);
		31	--
		32	2.30.2
		33


diff --git a/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch b/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch new file mode 100644 index 0000000000..880a13ac61 --- /dev/null +++ b/meta-oe/recipes-support/opensc/files/0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch
@@ -0,0 +1,54 @@
		1	From 4b5702409e7feea8cb410254285c120c57c10e1b Mon Sep 17 00:00:00 2001
		2	From: Jakub Jelen <jjelen@redhat.com>
		3	Date: Thu, 1 Dec 2022 20:11:41 +0100
		4	Subject: [PATCH 2/2] pkcs11-tool: Log more information on OpenSSL errors
		5
		6	Upstream-Status: Backport
		7	---
		8	src/tools/pkcs11-tool.c \| 15 ++++++---------
		9	1 file changed, 6 insertions(+), 9 deletions(-)
		10
		11	diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
		12	index cfee8526d5b0..f2e6b1dd91cd 100644
		13	--- a/src/tools/pkcs11-tool.c
		14	+++ b/src/tools/pkcs11-tool.c
		15	@@ -3641,10 +3641,8 @@ parse_rsa_pkey(EVP_PKEY pkey, int private, struct rsakey_info rsa)
		16	const BIGNUM r_dmp1, r_dmq1, *r_iqmp;
		17	r = EVP_PKEY_get1_RSA(pkey);
		18	if (!r) {
		19	- if (private)
		20	- util_fatal("OpenSSL error during RSA private key parsing");
		21	- else
		22	- util_fatal("OpenSSL error during RSA public key parsing");
		23	+ util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public",
		24	+ ERR_error_string(ERR_peek_last_error(), NULL));
		25	}
		26
		27	RSA_get0_key(r, &r_n, &r_e, NULL);
		28	@@ -3654,10 +3652,8 @@ parse_rsa_pkey(EVP_PKEY pkey, int private, struct rsakey_info rsa)
		29	BIGNUM r_dmp1 = NULL, r_dmq1 = NULL, *r_iqmp = NULL;
		30	if (EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_N, &r_n) != 1 \|\|
		31	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &r_e) != 1) {
		32	- if (private)
		33	- util_fatal("OpenSSL error during RSA private key parsing");
		34	- else
		35	- util_fatal("OpenSSL error during RSA public key parsing");
		36	+ util_fatal("OpenSSL error during RSA %s key parsing: %s", private ? "private" : "public",
		37	+ ERR_error_string(ERR_peek_last_error(), NULL));
		38	}
		39	#endif
		40	RSA_GET_BN(rsa, modulus, r_n);
		41	@@ -3674,8 +3670,9 @@ parse_rsa_pkey(EVP_PKEY pkey, int private, struct rsakey_info rsa)
		42	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_FACTOR2, &r_q) != 1 \|\|
		43	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT1, &r_dmp1) != 1 \|\|
		44	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_EXPONENT2, &r_dmq1) != 1 \|\|
		45	- util_fatal("OpenSSL error during RSA private key parsing");
		46	EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_COEFFICIENT1, &r_iqmp) != 1) {
		47	+ util_fatal("OpenSSL error during RSA private key parsing: %s",
		48	+ ERR_error_string(ERR_peek_last_error(), NULL));
		49	}
		50	#endif
		51	RSA_GET_BN(rsa, private_exponent, r_d);
		52	--
		53	2.30.2
		54


diff --git a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb b/meta-oe/recipes-support/opensc/opensc_0.23.0.bb index b0f147c798..f68107df87 100644 --- a/meta-oe/recipes-support/opensc/opensc_0.23.0.bb +++ b/meta-oe/recipes-support/opensc/opensc_0.23.0.bb
@@ -14,6 +14,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=cb8aedd3bced19bd8026d96a8b6876d7"
14	#v0.21.0	14	#v0.21.0
15	SRCREV = "5497519ea6b4af596628f8f8f2f904bacaa3148f"	15	SRCREV = "5497519ea6b4af596628f8f8f2f904bacaa3148f"
16	SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \	16	SRC_URI = "git://github.com/OpenSC/OpenSC;branch=master;protocol=https \
		17	file://0001-pkcs11-tool-Fix-private-key-import.patch \
		18	file://0002-pkcs11-tool-Log-more-information-on-OpenSSL-errors.patch \
17	"	19	"
18	DEPENDS = "virtual/libiconv openssl"	20	DEPENDS = "virtual/libiconv openssl"
19		21