Commit graph

26 commits

Author SHA1 Message Date
mlelstv
909c32eae5 update from 0.16.0 to 0.19.0
Project moved from sourceforge to github.
2018-10-13 10:54:04 +00:00
mef
6c891ed83b Updated security/opensc to 0.16.0
--------------------------------
New in 0.16.0; 2016-05-15
* build
    link OpenSSL in static
    option: enable PKCS11 thread locking
* configuration
    use one configuration file for all systems
* tools:
    package revision as version
  ** pkcs11-tool
       keygen mechanism in pkcs11 tools
       write GOST public key
       fix CKA_SENSITIVE attribute of public keys
  ** opensc-explorer:
       added command find_tags
       allow ASN.1 decoding if the file seems incomplete
  ** pkcs15-tool:
       handle record-based files when doing file caching
       option to prine raw data
  ** sc-hsm-tool:
       status info support for SmartCard-HSM V2.0
  ** doc: some missing options are documented, added documentation
       for gid tool
* minidriver:
  support for ECC
  Windows x509 enrollment
  first implementation of CardDeleteContainer
  MD logs controlled by register and environment variable
* reader-pcsc
  fixed unreleased locks with pcsc-lite
  honour PC/SC pt 10 dwMaxAPDUDataSize
  added call back for getting vendor/product id
  restrict access to card handles after fork
  SCardGetAttrib is used to initialize reader's metadata
  by default only short APDUs supported
* pkcs11
  no slot reserved for hot plug
  no more slot created 'per-applications'
  atomic operation (TODO: expand)
  export all C_* symbols
  metadata initialized from package info
  fix registering pkcs11 mechanisms multiple times
  sloppy initialization for C_GetSlotInfo
* pkcs15
  cache of on-card files extended to application paths
  configuration option to enable/disable application
  make file cache dir configurable
  in key info data type introduced 'auxiliary data' -- container
      for the non-pkc15 data.
* OpenPGP
  support for Gnuk -- USB cryptographic token for GNU Privacy Guard
  build without OpenSSL
  implemented 'erase card'
  additional manufacturers
* MyEID
  support for 521 bit ECC keys
  ATRs for the new cards
* sc-hsm
  read/write support in minidriver
* rtecp
  delete keys
* GemSafeV1
  support for European Patent Office smart card
  sign with SHA256
* Gids
  first support for Gids smart card
* dnie
* Feitian PKI card
  new ATRs
* IsoApplet
  (fixes)
* starcos
  initial support for STARCOS 3.4 (German D-Trust cards)
* macosx
  install tokend to /Library/Security/ instead /System/Library/Security/
  fixed locking issue in pcsc reader
* PIV
  allow using of cards where default application in not PIV
  support for the Yubikey NEO
* italian-CNS
  italian-cns reg file for minidriver
2016-08-04 13:08:25 +00:00
jperkin
17661ff9a5 Bump PKGREVISION for security/openssl ABI bump. 2016-03-05 11:27:40 +00:00
gdt
cfb3135eff Update to 0.15.0. Some pkgsrc patches are now upstream. Don't
install new bash completion files, given a lack of pkgsrc doctrine for
where they go.

New in 0.15.0; 2015-05-11
* new card drivers
  AzeDIT 3.5
  IsoApplet
  MaskTech
* libopensc
  allow extended length APDUs
  accept no output for 'SELECT' MF and 'SELECT' DF_NAME APDUs
  fixed sc_driver_version check
  adjusted send/receive size accoriding to card capabilities
  in iso7816 make SELECT agnosting to sc_path_t's aid
* asn1
  support multi-bytes tags
* pkcs15
  reviewed support and tool functions for public key
  public certs and pubkeys with an auth_id are treated as private
* pkcs11
  introduced  default PKCS#11 provider
  fetched real value of CKA_LOCAL for pubkey
  removed inconsistent attributes
  C_Digest issues
    no check if buffer too small before update
* added support for Travis CI
* updated support of EC in libopensc, pkcs15 and pkcs11
* fixed number of warnings, resource leaks, overity-scan issues
* macosx
  target minimum OSX version to 10.7
  update the minimal building instructions.
  locate and target the latest SDK to build against.
  locate the best newest SDK present on the computer.
* build
  disable Secure Messaging if OpenSSL is not used
* tools
  util_get_pin helper function
* PIV
  Add AES support for PIV General Authenticate
  fixed invalid bit when writing PIV certificate object with gzipped certificate
  fixed bad caching behavior of PIV PKCS15 emulator
* ePass2003
  fixed failure due to re-authenticate of secure messaging when card is accessed
      by multiple PKCS11 sessions
* MyEID
  EC support for MyEID-v4 card
* openpgp
  extended options for openpgp-tool
* asepcos
  fixed puk handling
* sc-hsm
  support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
  improved error detection and reporting in sc-hsm-tool
  fixed Lc byte in VERIFY PIN block for PC/SC PIN PAD reader
  fix certificate delete bug
* IAS/ECC
  fixed PKCS#11 compliance issues
  support for Morpho IAS Agent Card
* cardos
  overwrite content of deleted private key
* win32
  setup improuvement
     look & feel
     custom actions with card registration
  minidriver impouvement
     fixed errors and warnings returned by Microsoft quality tool
     pin-pad support

New in 0.14.0; 2014-05-31
* new card driver DNIe
* extended existing drivers by support of
    Swedish eID card (gemsafeV1)
    EstEID 3.5 (mcrd)
* bogus javacard driver removed
* build
    return to the standard use of 'autoconf'
    CI specific bootstrap script: git commit stamp for the built packages
    windows friendly compile settings
    fixed a ton of compiler warnings
    fence against using EVP_sha256 mech
    debian packaging templates
    compile without OpenSSL and without SM
    enable compiler warnings by default
    win32
        add 'VarFileInfo' block to version-info
        include to MSI package 'openpgp-tool.exe'
        'version-info' resource for each target
* macOSX
    "graphical uninstaller" to distribution DMG
    update package building to modern tools
    new tool and SDK paths for OS X 10.8
    improved opensc-installer from distribution
    osx: target 10.9 (a free upgrade to anyone using 10.6+) from now on
    build 'fat' binaries i386
* common
    added getpass implementation for non windows
* libopensc
    allow for the pin to be entered on the keypad during issuing
    introduce 'encoded-content' to the sc_file data
    general usage method to allocate generalized time
* minidriver
    implemented 'CardChangeAuthenticator', 'CardGetChallenge' and 'CardUnblockPin'
    improved management of GUID
    use reader pin pad if available and allowed
    configuration options for
        compose GUID
        refuse create container mechanism
    add registers file for feitian cards
    fixed
        return code in 'CardGetContainerInfo'
        returned 'tries-left' for blocked card
        length of stripped data in RSADecrypt
* pkcs#11
    bind non-recognized card, generic 'init-token' procedure
    fixed
        CKA_VALUE of 'public-key' object
        fix ASN1 encoding issues
        PIN-NOT-INITIALIZED for the non-user PINs
        buffers overflow
        segfault due to the undefined 'application-file'
* pkcs15
    'direct' public key in PuKDF encoding
    implement SPKI public key encoding
    include and maintain minidriver framework data: cmap-record, md-flags, GUID, ..
    fixed
        encoding of 'SubjectPublicKeyInfo'
        DER encoding of 'issuer' and 'subject'
        PIN validation in 'pkcs15-verify'
        public key algorithm
        ECC public key encoding
        ECC ecpointQ
* pkcs15init
    introduce 'max-unblocks' PIN init parameter
    keep cert. blob in cert-info data
    file 'content' and 'prop-attrs' in the card profile
    in profile more AC operations are parsed
    fixed
        NULL pointer dereference error
        NULL 'store-key' handle
        ignore if no TokenInfo file to update
        set EC pubkey parameters from init data
* reader-pcsc
    fixed
        implicit pin modification
        pin checking when implicitly given
        verify/modify pinpad commands
* SM
    common SM 'increase-sequence-counter' procedure
    move SM APDU procedures to dedicated source file
    move SM common crypto procedures to the dedicated library
* doc
    documentation for --list-token-slots
* default driver
    do not send possibly arbitrary APDU-s to an unknown card.
    by default 'default' card driver is disabled
* sc-hsm
    Added support for
        persistent EC public keys generated from certificate signing requests
        token label to be set via C_InitToken or sc-hsm-tool
        unblock PIN using C_InitPIN()
    initialize EC key params
    fixed
        bug that prevents a newly generated 2048 key to show up at the PKCS#11 interface
        bug when changing SO-PIN with opensc-explorer sc-hsm-tool
        memory checking and removed warning
        problem deleting CA certificates sc-hsm
        public key format returned when generating ECC keys
    sc-hsm-tool
        better error handling for non-SmartCard-HSM cards
        support for DKEK password sharing scheme
        threshold scheme parameters to manpage
        crash on Windows when --wrap-key frees memory allocated in opensc.dll
* ias
    simplify the compute signature operation
* PIV
    use SPKI encoding for public key data
    extract public key from cert if no object on card
    fix
        segfault and valgrind issue
        gen_key to expect the proper PIV Key references
* CardOS
    build for Windows
    use information from AlgorithmInfo
    supported CardOS V5.0
* epass2003
    key generation allows stricter privkey/pubkey ACLs
    list_files implemented
    properly disable padding
    allow exponents other than 65537
* myeid
    fixed file-id in myeid.profile
* entersafe
    fix a bug when writing public key
* EstEID
    match card only based on presence of application.
* pteid
    do not call the iso7816 driver get_response operation
* myeid
    support of EC key is broken
2015-09-07 19:59:42 +00:00
joerg
609a167552 When replacing a buildlink3.mk inclusion with a plain BUILD_DEPENDS,
it helps to replace BUILDLINK_PREFIX, too. Hi wiz!
2015-08-27 19:06:44 +00:00
wiz
6273034c7c Use BUILD_DEPENDS instead of including buildlink3.mk for docbook-xsl. 2015-08-23 20:34:07 +00:00
gdt
eb5f81c36f Stop forcing pcsc-lite's library to be the libtool version.
opensc upstream has removed the use of ltdl.  Thus, it is not longer
reasonable to expect it to be able to dlopen a .la file.  So pass the
.so, not the .la, to configure, when using the pcsc-lite (default)
option.  Resolves a failure of pkcs15-init to load modules.
2014-03-17 18:21:42 +00:00
gdt
80bfdc7d0b Update to 0.13.0, based on wip/opensc (which is a post 0.13.0 git
snapshot) by Richard Hansen of BBN.

Mostly the update is straightforward, with a bit more effort to avoid
pthreads.  (Threads are not ok because pam modules dlopen opensc, and
pam modules are used from nonthreaded programs.)

New in 0.13.0; 2012-12-04
* New card driver ePass2003.
* OpenPGP card:
  greatly improved card driver and PKCS#15 emulation;
  implemented write (pkcs15init) mode;
  greatly enhanced documentation and tools.
* ECDSA keys supported in 'read' and 'write' modes by
  internal PKCS#15 library, PKCS#11 and tools.
* Minidriver in 'write' mode.
* SM: secure messaging in GlobalPlatform-SP01 and CW14890 specifications;
      supported by ePass2003, IAS/ECC and AuthentIC cards;
      "ACL" and "APDU" modes to trigger secure messaging session;
      'local' version of the external secure messaging module.
* PKCS#15: support of 'secret-key' PKCS#15 objects
           support of 'authentication-object' PKCS#15 objects
           support of 'algReference' common key PKCS#15 attribute
           support of 'algReference' common key PKCS#15 attribute
           support of 'subjectName' common public key PKCS#15 attribute
* PKCS#11: removed 'onepin' version of pkcs#11 module
           configuration options to expose slots for PINs and present on-card applications.
           support GOSTR3410 generate key mechanism
* Support of PACE reader.
* Remove libltdl reference.
* ECDSA supported by MyEID card
* New card driver for the SmartCard-HSM, a light-weight hardware security module
* New useful commands in 'opensc-explorer' tool: 'find', 'put-data', ...
* fixed SIGV issue due to the unsupported public key format
* fixes for the number of documentation issues
2014-03-14 20:49:56 +00:00
tron
c64e9eb269 Recursive PKGREVISION bump for OpenSSL API version bump. 2014-02-12 23:18:26 +00:00
wiz
e03c03b6dc Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump. 2014-01-01 11:52:02 +00:00
ryoon
f8e628f818 * .include "../../devel/readline/buildlink3.mk" with USE_GNU_READLINE=yes
are replaced with .include "../../devel/readline/buildlink3.mk", and
  USE_GNU_READLINE are removed,

* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
  are replaced with .include "../../mk/readline.buildlink3.mk".
2013-07-15 02:02:17 +00:00
jperkin
becd113253 PKGREVISION bumps for the security/openssl 1.0.1d update. 2013-02-06 23:20:50 +00:00
pettai
f1b9e4f675 bump revision 2012-12-15 01:13:59 +00:00
gdt
68ebc234db Merge Makefile.common into Makefile, because opensc-signer is gone.
This does not make any functional changes - it is just rearranging and
comments.
2012-12-03 20:14:14 +00:00
gdt
aae9e42a51 Update to 0.12.2.
Thanks to manu@ for testing and resolving pcsc-lite ptthread leakage
problems.

Note that pcsc-lite and openct should be an options group.

Disable some obsolete CONFIGURE_ARGS.

Work around assumption that either getopt_long_only is present or
allgetopt functions must be provided.

Finnish EID patches have been applied upstream (from whence they came,
perhaps).

From upstream NEWS:

Complete change history is available online:
http://www.opensc-project.org/opensc/timeline

New in 0.12.2; 2011-07-15
* Builds are now silent by default when OpenSC is built from source on Unix.
* Using --wait with command line tools works with 64bit Linux again.
* Greatly improved OpenPGP card support, including OpenPGP 2.0 cards
  like the one found in German Privacy Foundation CryptoStick.
* Fixed support for FINeID cards issued after 01.03.2011 with 2048bit keys.
* #256: Fixed support for TCOS cards (broken since 0.12.0).
* Added support for IDKey-cards to TCOS3 driver.
* #361: Improved PC/SC driver to fetch the maximum PIN sizes from the open
  source CCID driver. This fixes the issue for Linux/OSX with recent driver.
* WindowsInstaller now installs only static DLL-s (PKCS#11, minidriver) to
  system folder.
* Fix FINeID cards for organizations.
* Several smaller bugs and compiler warnings fixed.

New in 0.12.1; 2011-05-17
* New card driver: IAS/ECC 1.0.1
* rutoken-tool has been deprecated and removed.
* eidenv and piv-tool utilities now have manual pages.
* pkcs11-tool now requires the use of --module parameter.
* All tools can now use an ATR as an argument to --reader, to skip to the
  card with given ATR.
* opensc-tool -l with -v now shows information about the inserted cards.
* Creating files have an enforced upper size limit, 64K
* Support for multiple PKCS#15 applications with different AID-s.
  PKCS#15 applications can be listed with pkcs15-tool --list-applications.
  Binding to a specific AID with PKCS#15 tools can be done with --aid.
* Hex strings (like card ATR or APDU-s) can now be separated by space, in
  addition to colons.
* Pinpad readers known to be bogus are now ignored by OpenSC. At the moment
  only "HP USB Smart Card Keyboard" is disabled.
* Windows installer is now distributed as a statically built MSI, for both
  x86 and x64.
* Numerous compiler warnings, unused code and internal bugs have been
  eliminated.

New in 0.12.0; 2010-12-22
* OpenSC uses a single reader driver, specified at compile time.
* New card driver: Italian eID (CNS) by Emanuele Pucciarelli.
* New card driver: Portuguese eID by João Poupino.
* New card driver: westcos by François Leblanc.
* pkcs11-tool can use a slot based on ID, label or index in the slot list.
* PIN flags are updated from supported cards when C_GetTokenInfo is called.
* Support for CardOS 4.4 cards added.
* Fature to exclude readers from OpenSC PKCS#11 via "ignored_readers"
  configuration file entry.
* #229: Support semi-automatic fixes to cards personalized with older and
  broken OpenSC versions.
* Software keys removed from pkcs15-init and the PKCS#11 module. OpenSC
  can either generate keys on card or import plaintext keys to the card, but
  will never generate plaintext key material in software by itself.
  All traces of a software token (PKCS#15 Section 7) shall be removed.
* Updates to PC/SC driver to build with pcsc-lite >= 1.6.2
* Build script for a binary Mac OS X installer for 10.5 and 10.6 systems.
  Binary installer includes OpenSC.tokend for platform integration.
  10.6 installer includes engine_pkcs11.
* Modify Rutoken S binary interfaces by Aktiv Co.
* Support GOST R 34.10-2001 and GOST R 34.11-94 by Aktiv Co.
* CardOS driver now emulates sign on rsa keys with sign+decrypt usage
  with padding and decrypt(). This is compatible with old cards and
  card initialized by Siemens software. Removed "--split-key" option,
  as it is no longer needed.
* Improved debugging support: debug level 3 will show everything
  except of ASN1 and card matching debugging (usualy not needed).
* Massive changes to libopensc. This library is now internal, only
  used by opensc-pkcs11.so and command line tools. Header files are
  no longer installed, library should not be used by other applications.
  Please use generic PKCS#11 interface instead.
* #include file statements cleaned up: first include "config.h", then
  system headers, then additional libraries, then headers in opensc
  (but from other directories), then header files from same directory.
  Fix path to reference headers, remove src/include/ directory.
* Various source code fixes and improvements.
* OpenSC now depends on xsltproc utility and docbook-xsl to build docs and man
* Remove iconv dependency. EstEID driver now uses the commonName from the
  certificate for card label.
* Possibility to change the default behavior for card resets via
  opensc.conf.
2012-11-30 14:44:34 +00:00
manu
e5cd2cc7aa Restore opensc-pkcs11.so functionnality on NetBSD-6.0. libpthread shall
not be loaded by dlopen(), therefore we remove the useless dependency on
-lpthread
2012-10-24 08:33:51 +00:00
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
sbd
7e83a80380 Add missing devel/readline and devel/zlib buildlinks.
Bump PKGREVISION
2011-11-16 07:25:15 +00:00
kivinen
727a619126 Added support for new 2048 bit FINEID cards. 2011-05-27 10:05:52 +00:00
drochner
032ef02efb add patch from upstream to protect for possible buffer overflows from
rogue cards (SA42658)
2010-12-16 18:00:59 +00:00
drochner
b12e02d483 update to 0.11.13
This is basically to switch to libassuan2.

other changes: minor fixes
2010-09-01 15:59:22 +00:00
wiz
579796a3e5 Recursive PKGREVISION bump for jpeg update to 8. 2010-01-17 12:02:03 +00:00
joerg
3fbb207985 Recursive bump for libltdl 2009-12-15 21:54:17 +00:00
hasso
3c370e2a3e More license info to my packages. 2009-06-08 19:11:30 +00:00
hasso
7626be6b1d Update to 0.11.7. Changes from 0.11.6:
* hide_empty_slots now on by default.
* pinpad supported fixed for Mac OS X.
* ruToken driver was updated.
* openct virtual readers reduced to 2 by default.
* link with iconv on Mac OS X for i18n support.
* Security issue: Fix private data support. [CVE-2009-0368]
* Enable lock_login by default.
* Disable allow_soft_keygen by default.
2009-02-27 07:35:30 +00:00
hasso
ba79afa667 OpenSC provides a set of libraries and utilities to access smart cards.
Its main focus is on cards that support cryptographic operations, and
facilitate their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11 API
so applications supporting this API such as Mozilla Firefox and Thunderbird
can use it. OpenSC implements the PKCS#15 standard and aims to be compatible
with every software that does so, too.
2009-02-26 10:50:05 +00:00