src/libopensc/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use $sysconfdir/opensc for opensc.conf

src/tools/pkcs11-tool.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 pkcs11-tool: fix private key import

src/tools/pkcs11-tool.c | 15 6 + 9 - 0 !
1 file changed, 6 insertions(+), 9 deletions(-)

 pkcs11-tool: log more information on openssl errors

src/pkcs15init/pkcs15-cardos.c | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 pkcs15init: correct left length calculation to fix buffer overrun bug.
 Fixes #2785

From https://github.com/OpenSC/OpenSC/issues/2785:
The newly found issue exists in pkcs15-init module. Like the original bug in libopensc,
cardos_have_verifyrc_package in pkcs15-cardos.c scans an ans1 buffer for 2 tags.
The pointer p is moved after each sc_asn1_find_tag invocation,
which results in the miscalculation of the length of left bytes in buffer
and hence reading beyond the end of the buffer.

CVE-2023-2977 was assigned for this issue.

src/libopensc/card-myeid.c | 15 10 + 5 - 0 !
1 file changed, 10 insertions(+), 5 deletions(-)

 null pointer fix

Thanks to the clang analyzer:
 Null pointer passed to 2nd parameter expecting 'nonnull'
 [clang-analyzer-core.NonNullParamChecker]

	modified:   src/libopensc/card-myeid.c

src/libopensc/card-myeid.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 myeid: fixed cid 380538  out-of-bounds read (overrun)

also fixes output buffer size checking

src/libopensc/pkcs15-pin.c | 13 0 + 13 - 0 !
1 file changed, 13 deletions(-)

 fixed pin authentication bypass

If two processes are accessing a token, then one process may leave the
card usable with an authenticated PIN so that a key may sign/decrypt any
data. This is especially the case if the token does not support a way of
resetting the authentication status (logout).

We have some tracking of the authentication status in software via
PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a
PIN-prompt will appear even though the card may technically be unlocked
as described in the above example. However, before this change, an empty
PIN was not verified (likely yielding an error during PIN-verification),
but it was just checked whether the PIN is authenticated. This defeats
the purpose of the PIN verification, because an empty PIN is not the
correct one. Especially during OS Logon, we don't want that kind of
shortcut, but we want the user to verify the correct PIN (even though
the token was left unattended and authentication at the computer).

This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864.

src/libopensc/pkcs15.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 pkcs15: avoid buffer overflow when getting last update

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769

src/pkcs15init/pkcs15-setcos.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 setcos: avoid buffer underflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672

src/pkcs15init/pkcs15-oberthur.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 oberthur: avoid buffer overflow

Thanks oss-fuzz

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650

src/pkcs15init/pkcs15-lib.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 sc_pkcs15init_rmdir: prevent out of bounds write

fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53927

src/pkcs15init/pkcs15-cflex.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 pkcs15-cflex: check path length to prevent underflow

Thanks OSS-Fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58932

src/libopensc/muscle.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 check array bounds

Thanks OSS-Fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=54312

src/pkcs15init/profile.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 check length of string before making copy

Thanks OSS-Fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55851
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55998

src/common/Makefile.am | 6 4 + 2 - 0 !
src/common/constant-time.h | 128 128 + 0 - 0 !
src/libopensc/internal.h | 4 2 + 2 - 0 !
src/libopensc/padding.c | 102 71 + 31 - 0 !
src/libopensc/pkcs15-sec.c | 5 3 + 2 - 0 !
src/minidriver/minidriver.c | 4 2 + 2 - 0 !
6 files changed, 210 insertions(+), 39 deletions(-)

 reimplement removing of pkcs#1 v1.5 padding to be time constant

src/tests/unittests/Makefile.am | 7 5 + 2 - 0 !
src/tests/unittests/Makefile.mak | 3 2 + 1 - 0 !
src/tests/unittests/strip_pkcs1_2_padding.c | 204 204 + 0 - 0 !
3 files changed, 211 insertions(+), 3 deletions(-)

 add unit tests for pkcs#1 v1.5 de-padding

src/libopensc/pkcs15-sec.c | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 pkcs15-sec: remove logging after pkcs#1 v1.5 depadding

To prevent Marvin attack on RSA PKCS#1 v1.5 padding
when logging the return value, signaling the padding error.

src/pkcs11/framework-pkcs15.c | 54 41 + 13 - 0 !
1 file changed, 41 insertions(+), 13 deletions(-)

 framework-pkcs15.c: handle pkcs#1 v1.5 depadding constant-time

In order to not disclose time side-channel when the depadding
fails, do the same operations as for case when depadding ends
with success.

src/pkcs11/mechanism.c | 17 13 + 4 - 0 !
1 file changed, 13 insertions(+), 4 deletions(-)

 mechanism: handle pkcs#1 v1.5 depadding constant-time

src/minidriver/minidriver.c | 37 23 + 14 - 0 !
1 file changed, 23 insertions(+), 14 deletions(-)

 minidriver: make cardrsadecrypt constant-time

src/pkcs11/pkcs11-object.c | 9 6 + 3 - 0 !
src/pkcs11/sc-pkcs11.h | 5 5 + 0 - 0 !
2 files changed, 11 insertions(+), 3 deletions(-)

 pkcs11-object: remove return value logging

To prevent Marvin attack on RSA PKCS#1 v1.5 padding
when logging the return value, signaling the padding error.

src/pkcs11/misc.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 misc: compare return value constant-time

src/tests/unittests/strip_pkcs1_2_padding.c | 22 11 + 11 - 0 !
1 file changed, 11 insertions(+), 11 deletions(-)

 unittests: do not use uninitialized memory

Thanks Coverity CID 414676, 414677, 414678,
414679, 414680, 414681, 414682, 414683, 414684,
414685, 414686

src/common/constant-time.h | 6 6 + 0 - 0 !
src/minidriver/minidriver.c | 4 2 + 2 - 0 !
src/pkcs11/framework-pkcs15.c | 4 2 + 2 - 0 !
3 files changed, 10 insertions(+), 4 deletions(-)

 fix constant-time comparison of negative values

Thanks Coverity CID 414687

src/libopensc/padding.c | 15 9 + 6 - 0 !
1 file changed, 9 insertions(+), 6 deletions(-)

 padding: set correct output length in pkcs#1 v1.5 depadding

src/minidriver/minidriver.c | 8 2 + 6 - 0 !
1 file changed, 2 insertions(+), 6 deletions(-)

 minidriver: remove logging to prevent marvin attack

src/tests/unittests/strip_pkcs1_2_padding.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 unittests: test correct output length for pkcs#1 v1.5 depadding

src/minidriver/minidriver.c | 14 8 + 6 - 0 !
1 file changed, 8 insertions(+), 6 deletions(-)

 minidriver: refactor inversion of decrypted buffer

src/pkcs15init/pkcs15-authentic.c | 16 9 + 7 - 0 !
1 file changed, 9 insertions(+), 7 deletions(-)

 authentic: avoid memory leaks

Thanks oss-fuzz

src/pkcs15init/pkcs15-authentic.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 authentic: avoid use after free

Thanks oss-fuzz

src/libopensc/card-openpgp.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 openpgp: do not accept non-matching key responses

When generating RSA key pair using PKCS#15 init, the driver could accept
responses relevant to ECC keys, which made further processing in the
pkcs15-init failing/accessing invalid parts of structures.

Thanks oss-fuzz!

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

src/libopensc/card-openpgp.c | 17 12 + 5 - 0 !
1 file changed, 12 insertions(+), 5 deletions(-)

 openpgp: avoid buffer overflow when writing fingerprint

Fix also surrounding code to return error (not just log it)
when some step fails.

Thanks oss-fuzz

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

src/libopensc/card-gids.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 gids: avoid using uninitialized memory

Thanks Matteo Marini for report

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

src/pkcs15init/profile.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 pkcs15init: avoid using uninitialized memory

Thanks Matteo Marini for report

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

src/libopensc/card-cac1.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 cac: correctly calculate certificate length based on the resplen

Thanks Matteo Marini for report

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

src/libopensc/card-cac.c | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 cac: fix uninitialized values

Thanks Matteo Marini for report

src/libopensc/card-cardos.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 cardos: fix uninitialized values

Thanks Matteo Marini for report

src/libopensc/asn1.c | 4 3 + 1 - 0 !
src/libopensc/card-dnie.c | 8 6 + 2 - 0 !
2 files changed, 9 insertions(+), 3 deletions(-)

 card-dnie: check apdu response length and asn1 lengths

Thanks Matteo Marini for report

src/libopensc/muscle.c | 21 11 + 10 - 0 !
1 file changed, 11 insertions(+), 10 deletions(-)

 muscle: report invalid sw when reading object

Thanks Matteo Marini for report

src/libopensc/card-mcrd.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 card-mcrd: check length of response buffer in select

Thanks Matteo Marini for report

src/libopensc/pkcs15-cert.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 pkcs15-cert.c: initialize oid length

In case it is not set later.

Thanks Matteo Marini for report

src/libopensc/card-gids.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 card-gids: use actual length of reponse buffer

Thanks Matteo Marini for report

src/libopensc/card-cac.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 cac: check return value when selecting aid

Thanks Matteo Marini for report

src/libopensc/pkcs15-tcos.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 pkcs15-tcos: check number of read bytes for cert

Thanks Matteo Marini for report

src/libopensc/card-cardos.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 cardos: return error when response length is 0

Thanks Matteo Marini for report

src/libopensc/card-piv.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 card-piv: initialize variables for tag and cla

In case they are not later initialize later by
sc_asn1_read_tag() function.

Thanks Matteo Marini for report

src/libopensc/pkcs15-sc-hsm.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 pkcs15-sc-hsm: initialize variables for tag and cla

In case they are not later initialize later by
sc_asn1_read_tag() function.

Thanks Matteo Marini for report

src/libopensc/pkcs15-gemsafeV1.c | 20 15 + 5 - 0 !
1 file changed, 15 insertions(+), 5 deletions(-)

 pkcs15-gemsafev1: check length of buffer for object

src/libopensc/card-jpki.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 card-jpki: check number of read bytes

Thanks Matteo Marini for report

src/libopensc/pkcs15-tcos.c | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 pkcs15-tcos: check return value of serial num conversion

Thanks Matteo Marini for report

src/libopensc/pkcs15-tcos.c | 35 21 + 14 - 0 !
1 file changed, 21 insertions(+), 14 deletions(-)

 pkcs15-tcos: check certificate length before accessing

Thanks Matteo Marini for report

src/pkcs15init/pkcs15-lib.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 pkcs15-lib: report transport key error

Thanks Matteo Marini for report

src/pkcs15init/pkcs15-starcos.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 pkcs15-starcos: check length of file to be non-zero

Thanks Matteo Marini for report

src/libopensc/iasecc-sdo.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 iasecc-sdo: check length of data before dereferencing

Thanks Matteo Marini for report

src/libopensc/card-oberthur.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 card-oberthur: check length of serial number

Thanks Matteo Marini for report

src/pkcs15init/pkcs15-setcos.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 pkcs15-setcos: check length of generated key

Thanks Matteo Marini for report

src/libopensc/iasecc-sdo.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 iasecc-sdo: check length of data when parsing

Thanks Matteo Marini for report

src/pkcs15init/pkcs15-sc-hsm.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 pkcs15-sc-hsm: properly check length of file list

Thanks Matteo Marini for report

src/libopensc/card-coolkey.c | 11 8 + 3 - 0 !
1 file changed, 8 insertions(+), 3 deletions(-)

 card-coolkey: check length of buffer before conversion

Thanks Matteo Marini for report

src/libopensc/card-entersafe.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 card-entersafe: check length of serial number

Thanks Matteo Marini for report