From 41f06ec44a8ac2b3992f2581e64a39afc2ba8c04 Mon Sep 17 00:00:00 2001 From: tijl Date: Wed, 16 Apr 2014 20:07:15 +0000 Subject: New port: security/libbeid Support libraries for Belgian government-issued electronic identity cards. A PKCS #11 module is included that can be used with Mozilla Firefox. The distfile has been created from upstream trunk revision 1457. The patches included in the port fix all clang compiler warnings for -Wall -Wextra -Wno-unused-parameter. --- security/Makefile | 1 + security/libbeid/Makefile | 33 +++ security/libbeid/distinfo | 2 + security/libbeid/files/patch-cardlayer | 111 +++++++++ security/libbeid/files/patch-common | 183 +++++++++++++++ security/libbeid/files/patch-dialogs | 404 +++++++++++++++++++++++++++++++++ security/libbeid/files/patch-pkcs11 | 171 ++++++++++++++ security/libbeid/pkg-descr | 4 + security/libbeid/pkg-message | 19 ++ security/libbeid/pkg-plist | 14 ++ 10 files changed, 942 insertions(+) create mode 100644 security/libbeid/Makefile create mode 100644 security/libbeid/distinfo create mode 100644 security/libbeid/files/patch-cardlayer create mode 100644 security/libbeid/files/patch-common create mode 100644 security/libbeid/files/patch-dialogs create mode 100644 security/libbeid/files/patch-pkcs11 create mode 100644 security/libbeid/pkg-descr create mode 100644 security/libbeid/pkg-message create mode 100644 security/libbeid/pkg-plist (limited to 'security') diff --git a/security/Makefile b/security/Makefile index c06d04e1341e..04c7b1d2ad2b 100644 --- a/security/Makefile +++ b/security/Makefile @@ -250,6 +250,7 @@ SUBDIR += l5 SUBDIR += lasso SUBDIR += libassuan + SUBDIR += libbeid SUBDIR += libbf SUBDIR += libecc SUBDIR += libfprint diff --git a/security/libbeid/Makefile b/security/libbeid/Makefile new file mode 100644 index 000000000000..51676d48588d --- /dev/null +++ b/security/libbeid/Makefile @@ -0,0 +1,33 @@ +# $FreeBSD$ + +PORTNAME= libbeid +PORTVERSION= 4.0.6.1457 +CATEGORIES= security +MASTER_SITES= http://tijl.fastmail.fm/mirror/ + +MAINTAINER= tijl@FreeBSD.org +COMMENT= Belgian eID support libraries + +LICENSE= LGPL3 + +LIB_DEPENDS= libpcsclite.so:${PORTSDIR}/devel/pcsc-lite + +USES= dos2unix libtool pkgconfig tar:xz +USE_AUTOTOOLS= autoconf:env automake:env libtoolize:env +USE_GNOME= gtk20 + +DOS2UNIX_FILES= common/src/datafile.cpp common/src/logbase.cpp \ + common/src/util.cpp dialogs/src/dialogs.h pkcs11/src/asn1.c \ + pkcs11/src/log.h pkcs11/src/cal.cpp pkcs11/src/cal.h + +GNU_CONFIGURE= yes +CONFIGURE_ARGS= --disable-static + +post-patch: + @${REINPLACE_CMD} -e '/svn_revision/d' -e '/SUBDIRS/s/xpi//' \ + ${WRKSRC}/Makefile.am ${WRKSRC}/configure.ac + +pre-configure: + @(cd ${WRKSRC} && ${AUTORECONF} -i -f) + +.include diff --git a/security/libbeid/distinfo b/security/libbeid/distinfo new file mode 100644 index 000000000000..15f0511436a5 --- /dev/null +++ b/security/libbeid/distinfo @@ -0,0 +1,2 @@ +SHA256 (libbeid-4.0.6.1457.tar.xz) = 0e16f1229fb8e87aaa31465eb0aeb01a1d8cb4aeef5ac60c6db8ba6159f06ed6 +SIZE (libbeid-4.0.6.1457.tar.xz) = 444352 diff --git a/security/libbeid/files/patch-cardlayer b/security/libbeid/files/patch-cardlayer new file mode 100644 index 000000000000..6cd639dc0dbb --- /dev/null +++ b/security/libbeid/files/patch-cardlayer @@ -0,0 +1,111 @@ +--- cardlayer/src/cache.cpp.orig ++++ cardlayer/src/cache.cpp +@@ -202,10 +202,8 @@ + ; // TODO: log + else + { +- size_t tmpHeader = fwrite(&header, sizeof(tCacheHeader), 1, f); +- tmpHeader = tmpHeader; //avoid warning +- size_t tmpData = fwrite(oData.GetBytes(), 1, oData.Size(), f); +- tmpData = tmpData; //avoid warning ++ (void)fwrite(&header, sizeof(tCacheHeader), 1, f); ++ (void)fwrite(oData.GetBytes(), 1, oData.Size(), f); + fclose(f); + } + } +--- cardlayer/src/card.cpp.orig ++++ cardlayer/src/card.cpp +@@ -25,7 +25,7 @@ + + CCard::CCard(SCARDHANDLE hCard, CContext *poContext, CPinpad *poPinpad) : + m_hCard(hCard), m_poContext(poContext), m_poPinpad(poPinpad), +- m_oCache(poContext), m_ulLockCount(0), m_bSerialNrString(false),m_cardType(CARD_UNKNOWN) ++ m_oCache(poContext), m_cardType(CARD_UNKNOWN), m_ulLockCount(0), m_bSerialNrString(false) + { + } + +@@ -301,7 +301,7 @@ + { + // By default no caching, card must implement this method + // to allow certain files to be cached (in a certain way). +- tCacheInfo dontCache = {DONT_CACHE}; ++ tCacheInfo dontCache = {DONT_CACHE,0}; + + return dontCache; + } +--- cardlayer/src/pkcs15.cpp.orig ++++ cardlayer/src/pkcs15.cpp +@@ -27,7 +27,7 @@ + { + + const static tPin PinInvalid = {false, "",0,0,0,0,0,0, 0, 0, 0, 0, 0,PIN_ENC_BCD,"",""}; +- const static tCert CertInvalid = {false, "", 0, 0,0,0}; ++ const static tCert CertInvalid = {false, "", 0, 0,0,0,false,false,""}; + const static tPrivKey PrivKeyInvalid = {false, "", 0,0,0,0,0,0,0,"", 0,false}; + + // Hardcoded Beid V1 PINs, keys, certs -- to be removed +@@ -63,8 +63,7 @@ + { + } + +- CPKCS15::CPKCS15(CContext *poContext) : +- m_poContext(poContext) ++ CPKCS15::CPKCS15(CContext *poContext) + { + Clear(); + } +--- cardlayer/src/pkcs15.h.orig ++++ cardlayer/src/pkcs15.h +@@ -90,7 +90,6 @@ + + private: + CCard *m_poCard; +- CContext *m_poContext; + PKCS15Parser *m_poParser; + + #ifdef WIN32 +--- cardlayer/src/pkicard.cpp.orig ++++ cardlayer/src/pkicard.cpp +@@ -363,7 +363,7 @@ + tFileInfo CPkiCard::SelectFile(const std::string & csPath, bool bReturnFileInfo) + { + CByteArray oResp; +- tFileInfo xFileInfo = {0}; ++ tFileInfo xFileInfo = {0,0,0}; + + unsigned long ulPathLen = (unsigned long) csPath.size(); + if (ulPathLen % 4 != 0 || ulPathLen == 0) +--- cardlayer/src/reader.cpp.orig ++++ cardlayer/src/reader.cpp +@@ -280,8 +280,7 @@ + } + catch(CMWException &e) + { +- unsigned long err = e.GetError(); +- err = err; ++ (void)e.GetError(); + return m_oPKCS15.GetSerialNr(); + } + } +--- cardlayer/src/threadpool.cpp.orig ++++ cardlayer/src/threadpool.cpp +@@ -79,7 +79,7 @@ + m_bRunning = false; + } + +-void CEventCallbackThread::Stop() ++void CEventCallbackThread::Stop(unsigned long ulSleepFrequency) + { + m_bStop = true; + } +--- cardlayer/src/threadpool.h.orig ++++ cardlayer/src/threadpool.h +@@ -42,7 +42,7 @@ + + void Run(); + +- void Stop(); ++ void Stop(unsigned long ulSleepFrequency=100); + + bool HasStopped(); + diff --git a/security/libbeid/files/patch-common b/security/libbeid/files/patch-common new file mode 100644 index 000000000000..87ab86a8abfa --- /dev/null +++ b/security/libbeid/files/patch-common @@ -0,0 +1,183 @@ +--- common/src/bytearrayreader.cpp.orig ++++ common/src/bytearrayreader.cpp +@@ -24,7 +24,6 @@ + #include "bytearrayreader.h" + #include "bytearray.h" + +-const static unsigned long EXTRA_INCREMENT_LEN = 10; + + /***************** ByteArray **************************/ + +--- common/src/datafile.cpp.orig ++++ common/src/datafile.cpp +@@ -243,8 +243,7 @@ + while ( !bDone ) + { + memset(buffer, 0, MAX_BUFFER_LEN); +- wchar_t* tmp = fgetws( buffer, MAX_BUFFER_LEN, m_stream); +- tmp=tmp; // avoid warning ++ (void)fgetws( buffer, MAX_BUFFER_LEN, m_stream); + + szLine = buffer; + Trim(szLine); +@@ -1004,8 +1003,7 @@ + if ( buf[nLength] != '\n' && buf[nLength] != '\r' ) + buf[nLength++] = '\n'; + +- size_t tmp = fwrite(buf, sizeof( wchar_t ), nLength, stream); +- tmp = tmp; // avoid warning ++ (void)fwrite(buf, sizeof( wchar_t ), nLength, stream); + + return nLength; + } +--- common/src/dynamiclib.cpp.orig ++++ common/src/dynamiclib.cpp +@@ -42,7 +42,7 @@ + + void * CDynamicLib::GetAddress(const std::string & csFunctionName) + { +- if (m_module != m_module) ++ if (m_module == NULL) + return NULL; + + return PlatformGetAddress(csFunctionName.c_str()); +@@ -50,7 +50,7 @@ + + void CDynamicLib::Close() + { +- if (m_module != m_module) ++ if (m_module != NULL) + return PlatformClose(); + + m_module = NULL; +--- common/src/logbase.cpp.orig ++++ common/src/logbase.cpp +@@ -29,11 +29,7 @@ + #include "mw_util.h" + + #ifndef WIN32 +-#ifdef LINUX + #include "wintypes.h" +-#else +-#include "PCSC/wintypes.h" +-#endif + #include "sys/stat.h" + #include "util.h" + +@@ -567,6 +563,7 @@ + else + err = fopen_s(&m_f,utilStringNarrow(filename).c_str(),"a"); + #else ++ (void)bWchar; + m_f = fopen(utilStringNarrow(filename).c_str(),"a, ccs=UTF-8"); + if (m_f == NULL) err=errno; + #endif +--- common/src/mw_util.cpp.orig ++++ common/src/mw_util.cpp +@@ -271,7 +271,7 @@ + + if (r != -1 && csTmp != NULL) + { +- r = fprintf(stream, csTmp); ++ r = fputs(csTmp, stream); + free(csTmp); + } + +@@ -289,7 +289,7 @@ + + if (r != -1 && csTmp != NULL) + { +- r = fprintf(stream, csTmp); ++ r = fputs(csTmp, stream); + free(csTmp); + } + +@@ -306,7 +306,7 @@ + + if (r != -1 && csTmp != NULL) + { +- r = fprintf(stream, csTmp); ++ r = fputs(csTmp, stream); + free(csTmp); + } + +--- common/src/mw_util.h.orig ++++ common/src/mw_util.h +@@ -38,7 +38,6 @@ + #endif + + #if !defined __APPLE__ && !defined USE_WINERROR +-#include "error.h" + #endif + + #ifndef HAVE_ERRNO_T +--- common/src/mwexception.cpp.orig ++++ common/src/mwexception.cpp +@@ -34,14 +34,14 @@ + + // CMWEXCEPTION::CMWEXCEPTION(long lError, const char *cpFile, long lLine) + CMWException::CMWException(long lError, const char *cpFile, long lLine) +-: m_lError(lError), +- m_sFile(cpFile), ++: m_sFile(cpFile), ++ m_lError(lError), + m_lLine(lLine) + + { + } + +-const char* CMWException::what() throw() ++const char* CMWException::what() const throw() + { + return "CMWException, error code strings to be implemented"; + } +--- common/src/mwexception.h.orig ++++ common/src/mwexception.h +@@ -37,7 +37,7 @@ + //CMWException(long lError); + CMWException(long lError, const char *cpFile, long lLine); + ~CMWException () throw(){}; +- virtual const char* what() throw(); ++ virtual const char* what() const throw(); + + long GetError() const {return m_lError;}; + std::string GetFile() const {return m_sFile;}; +--- common/src/socket/socketclient.cpp.orig ++++ common/src/socket/socketclient.cpp +@@ -23,6 +23,7 @@ + #include "../util.h" + + #ifndef WIN32 ++#include + #include + #endif + +--- common/src/util.cpp.orig ++++ common/src/util.cpp +@@ -348,7 +348,7 @@ + /* Get our PID and build the name of the link in /proc */ + pid = getpid(); + +- if (snprintf(linkname, sizeof(linkname), "/proc/%i/exe", pid) < 0) ++ if (snprintf(linkname, sizeof(linkname), "/proc/%i/file", pid) < 0) + { + /* This should only happen on large word systems. I'm not sure + what the proper response is here. +@@ -474,7 +474,7 @@ + + if (r != -1 && csTmp != NULL) + { +- r = fprintf(stream, csTmp); ++ r = fputs(csTmp, stream); + free(csTmp); + } + +@@ -490,7 +490,7 @@ + + if (r != -1 && csTmp != NULL) + { +- r = fprintf(stream, csTmp); ++ r = fputs(csTmp, stream); + free(csTmp); + } + diff --git a/security/libbeid/files/patch-dialogs b/security/libbeid/files/patch-dialogs new file mode 100644 index 000000000000..8178a0a9033f --- /dev/null +++ b/security/libbeid/files/patch-dialogs @@ -0,0 +1,404 @@ +--- dialogs/src/dialogsgtk/beid-askaccess.c.orig ++++ dialogs/src/dialogsgtk/beid-askaccess.c +@@ -32,22 +32,15 @@ + + + enum { MSG_ACCESS_CARD_TITLE=1, MSG_ACCESS_CARD_QUESTION }; +-char* beid_messages[4][3]={ +- "en", "beID: Card Access", "The application [%s] wants to access the eID card. Do you want to accept it?", +- "nl", "beID: Lezen Kaart", "Het Programma [%s] vraagt toegang tot de eID kaart. Wil U dit toelaten?", +- "fr", "beID: Lecture de Carte", "l'application [%s] essaye d'accéder à la carte eID. Acceptez-vous?", +- "de", "beID: Kartenzugriff", "Die Anwendung [%s] will auf die eID-Karte zugreifen. Möchten Sie akzeptieren?" +- }; ++static char const *const beid_messages[4][3]={ ++ { "en", "beID: Card Access", "The application [%s] wants to access the eID card. Do you want to accept it?" }, ++ { "nl", "beID: Lezen Kaart", "Het Programma [%s] vraagt toegang tot de eID kaart. Wil U dit toelaten?" }, ++ { "fr", "beID: Lecture de Carte", "l'Application [%s] essaye d'accéder à la carte eID. Acceptez-vous?" }, ++ { "de", "beID: Kartenzugriff", "Die Anwendung [%s] will auf die eID-Karte zugreifen. Möchten Sie akzeptieren?" } ++}; + + #include "beid-i18n.h" + +-// event handler for delete-event. always approves the deletion +-/////////////////////////////////////////////////////////////// +-static gboolean on_delete_event( GtkWidget *widget, GdkEvent* event, gpointer pindialog) +-{ +- return TRUE; +-} +- + int main(int argc, char* argv[]) + { + int return_value; +@@ -63,7 +56,7 @@ + { + char message[2048]; + snprintf(message, sizeof(message)-2, _MSG_(MSG_ACCESS_CARD_QUESTION), caller_path); +- dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_OK_CANCEL,message); ++ dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_OK_CANCEL,"%s",message); + } + else + { +--- dialogs/src/dialogsgtk/beid-askpin.c.orig ++++ dialogs/src/dialogsgtk/beid-askpin.c +@@ -35,12 +35,12 @@ + #define EXIT_ERROR 2 + + enum { MSG_PIN_CODE_REQUIRED=1, MSG_PLEASE_ENTER_PIN }; +-char* beid_messages[4][3]={ +- "en", "beID: PIN Code Required", "The application\n[%s]\nrequests your eID PIN code.", +- "nl", "beID: PINcode Vereist", "Het programma\n[%s]\nvraagt uw eID PINcode", +- "fr", "beID: Code PIN Necessaire", "l'application\n[%s]\nvous demande votre code PIN eID", +- "de", "beID: PIN Code Required", "Die Anwendung\n[%s]\nfragt um Ihren eID PIN-code" +- }; ++static char const *const beid_messages[4][3]={ ++ { "en", "beID: PIN Code Required", "The application\n[%s]\nrequests your eID PIN code." }, ++ { "nl", "beID: PINcode Vereist", "Het programma\n[%s]\nvraagt uw eID PINcode" }, ++ { "fr", "beID: Code PIN Necessaire", "l'Application\n[%s]\nvous demande votre code PIN eID" }, ++ { "de", "beID: PIN Code Required", "Die Anwendung\n[%s]\nfragt um Ihren eID PIN-code" } ++}; + + #include "beid-i18n.h" + +@@ -58,7 +58,7 @@ + /////////////////////////////////////////////////////////////////////////////////////////// + void update_pin_label(PinDialogInfo *pindialog) + { +- int i; ++ size_t i; + gchar tmp[MAX_PIN_LENGTH*6]; + tmp[0]='\0'; + for(i=0;ipin);i++) +@@ -74,14 +74,14 @@ + { + gtk_dialog_set_response_sensitive(GTK_DIALOG(pindialog->dialog),GTK_RESPONSE_OK, TRUE); + gtk_dialog_set_default_response(GTK_DIALOG(pindialog->dialog),GTK_RESPONSE_OK); +- gtk_widget_grab_focus(pindialog->okbutton); ++ gtk_widget_grab_focus(GTK_WIDGET(pindialog->okbutton)); + + } + else + { + gtk_dialog_set_response_sensitive(GTK_DIALOG(pindialog->dialog), GTK_RESPONSE_OK, FALSE); + gtk_dialog_set_default_response(GTK_DIALOG(pindialog->dialog),GTK_RESPONSE_CANCEL); +- gtk_widget_grab_focus(pindialog->cancelbutton); ++ gtk_widget_grab_focus(GTK_WIDGET(pindialog->cancelbutton)); + } + } + +@@ -210,7 +210,7 @@ + char message[2048]; + pindialog_init(&pindialog); // setup PinDialogInfo structure + snprintf(message, sizeof(message)-2, _MSG_(MSG_PLEASE_ENTER_PIN), caller_path); +- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message); ++ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message); + } + else + { +@@ -218,8 +218,8 @@ + exit(EXIT_ERROR); + } + +- pindialog.cancelbutton=gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL); +- pindialog.okbutton =gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_OK, GTK_RESPONSE_OK); ++ pindialog.cancelbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_CANCEL,GTK_RESPONSE_CANCEL)); ++ pindialog.okbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_OK,GTK_RESPONSE_OK)); + + gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK); + gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_PIN_CODE_REQUIRED)); +--- dialogs/src/dialogsgtk/beid-badpin.c.orig ++++ dialogs/src/dialogsgtk/beid-badpin.c +@@ -16,6 +16,7 @@ + * http://www.gnu.org/licenses/. + **************************************************************************** */ + ++#include + #include + #include + #include +@@ -30,22 +31,23 @@ + #define EXIT_ERROR 2 + + enum { MSG_INCORRECT_PIN_CODE=1, MSG_N_ATTEMPTS_LEFT, MSG_LAST_ATTEMPT }; +-char* beid_messages[4][4]={ +- "en", "beID: Incorrect PIN Code", "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.", "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked.", +- "nl", "beID: Foutive PINcode", "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat u nog slechts %d pogingen hebt alvorens uw PIN code geblokkeerd wordt.", "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat bij de volgende incorrecte ingave uw PIN code geblokkeerd wordt.", +- "fr", "beID: Code PIN incorrect", "Vous avez entré un code PIN incorrect.\nVeuillez noter qu'il ne vous reste plus que %d tentatives avant que votre PIN soit bloqué", "Vous avez entré un code PIN incorrect.\nVieullez noter qu'a la prochaine entree incorrecte votre code PIN sera bloqué", +- "de", "beID: Incorrect PIN Code", "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.", "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked." +- }; ++static char const *const beid_messages[4][4]={ ++ { "en", "beID: Incorrect PIN Code", ++ "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.", ++ "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked." }, ++ { "nl", "beID: Foutive PINcode", ++ "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat u nog slechts %d pogingen hebt alvorens uw PIN code geblokkeerd wordt.", ++ "U hebt een foutive PIN code ingegeven.\nGelieve te noteren dat bij de volgende incorrecte ingave uw PIN code geblokkeerd wordt." }, ++ { "fr", "beID: Code PIN incorrect", ++ "Vous avez entré un code PIN incorrect.\nVeuillez noter qu'il ne vous reste plus que %d tentatives avant que votre PIN soit bloqué", ++ "Vous avez entré un code PIN incorrect.\nVieullez noter qu'a la prochaine entree incorrecte votre code PIN sera bloqué" }, ++ { "de", "beID: Incorrect PIN Code", ++ "You have entered an incorrect PIN code.\nPlease note that you have only %d attempts left before your PIN is blocked.", ++ "You have entered an incorrect PIN code.\nPlease note that at the next incorrect entry your PIN code will be blocked." } ++}; + + #include "beid-i18n.h" + +-// event handler for delete-event. always approves the deletion +-/////////////////////////////////////////////////////////////// +-static gboolean on_delete_event( GtkWidget *widget, GdkEvent* event, gpointer pindialog) +-{ +- return TRUE; +-} +- + int main(int argc, char* argv[]) + { + int return_value=EXIT_ERROR; +@@ -63,7 +65,7 @@ + if(attempts>1) + snprintf(message,sizeof(message)-2,_MSG_(MSG_N_ATTEMPTS_LEFT),attempts); + else +- snprintf(message,sizeof(message)-2,_MSG_(MSG_LAST_ATTEMPT)); ++ snprintf(message,sizeof(message)-2,"%s",_MSG_(MSG_LAST_ATTEMPT)); + } + else + { +@@ -71,7 +73,7 @@ + exit(EXIT_ERROR); + } + +- dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_WARNING,GTK_BUTTONS_OK,message); ++ dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_WARNING,GTK_BUTTONS_OK,"%s",message); + gtk_dialog_set_default_response(GTK_DIALOG(dialog),GTK_RESPONSE_OK); + gtk_window_set_title(GTK_WINDOW(dialog),_MSG_(MSG_INCORRECT_PIN_CODE)); + gtk_window_set_position(GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); +--- dialogs/src/dialogsgtk/beid-changepin.c.orig ++++ dialogs/src/dialogsgtk/beid-changepin.c +@@ -17,6 +17,7 @@ + * http://www.gnu.org/licenses/. + + **************************************************************************** */ ++#include + #include + #include + #include +@@ -36,13 +37,20 @@ + #define EXIT_ERROR 2 + + enum { MSG_CHANGE_PIN_CODE=1, MSG_PLEASE_ENTER_OLD_AND_NEW_PINS, MSG_CURRENT_PIN, MSG_NEW_PIN, MSG_NEW_PIN_AGAIN }; +-char* beid_messages[4][6]={ +- "en", "beID: Change PIN Code", "Request from Application [%s]:\n\nPlease enter your current eID PIN, followed by your new eID PIN (twice)", "Current PIN:", "New PIN:", "New PIN (again):", +- "nl", "beID: PIN Code Wijzigen", "Verzoek van programma [%s]:\n\nGelieve Uw bestaande eID PIN code, en tweemaal uw nieuwe eID PINcode in te voeren.", "Huidige PIN:", "Nieuwe PIN:", "Nieuwe PIN (opnieuw):", +- "fr", "beID: Changement de code PIN", "Demande de l'application [%s]:\n\nVeuillez entrer votre code PIN eID existant, suivi de votre nouveau code PIN eID (2 fois)", "Code PIN existant:", "Nouveau code PIN:","Nouveau code PIN (verification):", +- "de", "beID: PIN Code ändern", "Anfrage von Anwendug [%s]:\n\nBitte geben Sie ihren bestehenden eID PIN-Code, gefolgt von Ihrem neuen eID PIN-Code (zwei mal), ein", "Aktueller PIN-Code:", "Neuer PIN-Code:", "Neuer PIN-Code (noch einmal):" +- +- }; ++static char const *const beid_messages[4][6]={ ++ { "en", "beID: Change PIN Code", ++ "Request from application [%s]:\n\nPlease enter your current eID PIN, followed by your new eID PIN (twice)", ++ "Current PIN:", "New PIN:", "New PIN (again):" }, ++ { "nl", "beID: PIN Code Wijzigen", ++ "Verzoek van programma [%s]:\n\nGelieve Uw bestaande eID PIN code, en tweemaal uw nieuwe eID PINcode in te voeren.", ++ "Huidige PIN:", "Nieuwe PIN:", "Nieuwe PIN (opnieuw):" }, ++ { "fr", "beID: Changement de code PIN", ++ "Demande de l'application [%s]:\n\nVeuillez entrer votre code PIN eID existant, suivi de votre nouveau code PIN eID (2 fois)", ++ "Code PIN existant:", "Nouveau code PIN:", "Nouveau code PIN (verification):" }, ++ { "de", "beID: PIN Code ändern", ++ "Anfrage von Anwendug [%s]:\n\nBitte geben Sie ihren bestehenden eID PIN-Code, gefolgt von Ihrem neuen eID PIN-Code (zwei mal), ein", ++ "Aktueller PIN-Code:", "Neuer PIN-Code:", "Neuer PIN-Code (noch einmal):" } ++}; + + #include "beid-i18n.h" + +@@ -161,7 +169,7 @@ + { + char message[2048]; + snprintf(message, sizeof(message)-2, _MSG_(MSG_PLEASE_ENTER_OLD_AND_NEW_PINS), caller_path); +- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message); ++ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message); + } + else + { +@@ -169,8 +177,8 @@ + exit(EXIT_ERROR); + } + +- pindialog.cancelbutton =gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL); +- pindialog.okbutton =gtk_dialog_add_button(pindialog.dialog,GTK_STOCK_OK, GTK_RESPONSE_OK); ++ pindialog.cancelbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_CANCEL,GTK_RESPONSE_CANCEL)); ++ pindialog.okbutton=GTK_BUTTON(gtk_dialog_add_button(GTK_DIALOG(pindialog.dialog),GTK_STOCK_OK,GTK_RESPONSE_OK)); + + gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK); + gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_CHANGE_PIN_CODE)); +@@ -234,8 +242,8 @@ + { + case GTK_RESPONSE_OK: // if the user chose OK + { +- char* oldpin=gtk_entry_get_text(GTK_ENTRY(pindialog.originalPinEntry)); +- char* newpin=gtk_entry_get_text(GTK_ENTRY(pindialog.newPin0Entry)); ++ char const *oldpin=gtk_entry_get_text(GTK_ENTRY(pindialog.originalPinEntry)); ++ char const *newpin=gtk_entry_get_text(GTK_ENTRY(pindialog.newPin0Entry)); + printf("%s:%s\n",oldpin,newpin); // output the PINs to stdout + return_value=EXIT_OK; // and return OK + } +--- dialogs/src/dialogsgtk/beid-i18n.h.orig ++++ dialogs/src/dialogsgtk/beid-i18n.h +@@ -1,7 +1,7 @@ +-char* _MSG_(int msgnum) ++char const *_MSG_(int msgnum) + { +- char* message=beid_messages[0][msgnum]; // default=English +- char* lang=getenv("LANG"); ++ char const *message=beid_messages[0][msgnum]; // default=English ++ char const *lang=getenv("LANG"); + if(lang!=NULL && strlen(lang)==5 && lang[2]=='_') + { + int i; +--- dialogs/src/dialogsgtk/beid-spr-askpin.c.orig ++++ dialogs/src/dialogsgtk/beid-spr-askpin.c +@@ -34,12 +34,12 @@ + #define EXIT_ERROR 2 + + enum { MSG_PIN_CODE_REQUIRED=1, MSG_PLEASE_ENTER_PIN }; +-char* beid_messages[4][3]={ +- "en", "beID: PIN Code Required", "The application [%s] requests your eID PIN code on the secure pinpad reader:\n[%s]..", +- "nl", "beID: PINcode Vereist", "Het programma [%s] vraagt uw eID PIN code in te geven op de beveiligde kaartlezer:\n[%s].", +- "fr", "beID: Code PIN Necessaire", "l'application [%s] vous demande d'entrer votre code PIN eID sur le lecteur securise\n[%s]..", +- "de", "beID: PIN Code Required", "Die Anwendung [%s] fragt um Ihren eID PIN-Code auf dem sicheren Kartenleser:\n[%s].." +- }; ++static char const* const beid_messages[4][3]={ ++ { "en", "beID: PIN Code Required", "The application [%s] requests your eID PIN code on the secure pinpad reader:\n[%s].." }, ++ { "nl", "beID: PINcode Vereist", "Het programma [%s] vraagt uw eID PIN code in te geven op de beveiligde kaartlezer:\n[%s].." }, ++ { "fr", "beID: Code PIN Necessaire", "l'Application [%s] vous demande d'entrer votre code PIN eID sur le lecteur securise\n[%s].." }, ++ { "de", "beID: PIN Code Required", "Die Anwendung [%s] fragt um Ihren eID PIN-Code auf dem sicheren Kartenleser:\n[%s].." } ++}; + + #include "beid-i18n.h" + +@@ -88,7 +88,7 @@ + // create new message dialog with CANCEL button in standard places, in center of user's screen + /////////////////////////////////////////////////////////////////////////////////////////////////////////////////// + +- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message); ++ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message); + gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK); + gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_PIN_CODE_REQUIRED)); + gtk_window_set_position(GTK_WINDOW(pindialog.dialog), GTK_WIN_POS_CENTER); +--- dialogs/src/dialogsgtk/beid-spr-changepin.c.orig ++++ dialogs/src/dialogsgtk/beid-spr-changepin.c +@@ -34,12 +34,12 @@ + #define EXIT_ERROR 2 + + enum { MSG_CHANGE_PIN_CODE=1, MSG_PLEASE_CHANGE_PIN }; +-char* beid_messages[4][3]={ +- "en", "beID: Change PIN Code", "Request from Application [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s]..", +- "nl", "beID: Wijziging PINcode", "Verzoek van programma [%s]:\n\nGelieve uw eID PIN code op de beveiligde kaartlezer:\n[%s]\nte willen wijzigen.", +- "fr", "beID: Changement de code PIN", "Demande de l'application [%s]:\n\nVeuillez changer votre code PIN eID sur le lecteur securise\n[%s]..", +- "de", "beID: Change PIN Code", "Anfrage von Anwendug [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s].." +- }; ++static char const *const beid_messages[4][3]={ ++ { "en", "beID: Change PIN Code", "Request from Application [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s].." }, ++ { "nl", "beID: Wijziging PINcode", "Verzoek van programma [%s]:\n\nGelieve uw eID PIN code te wijzigen op de beveiligde kaartlezer:\n[%s].." }, ++ { "fr", "beID: Changement de code PIN", "Demande de l'application [%s]:\n\nVeuillez changer votre code PIN eID sur le lecteur securise\n[%s].." }, ++ { "de", "beID: Change PIN Code", "Anfrage von Anwendug [%s]:\n\nPlease change your eID PIN code on the secure pinpad reader:\n[%s].." } ++}; + + #include "beid-i18n.h" + +@@ -60,7 +60,6 @@ + + int main(int argc, char* argv[]) + { +- char pid_path[PATH_MAX]; + int return_value=EXIT_ERROR; + PinDialogInfo pindialog; // this struct contains all dialog objects + char caller_path[1024]; +@@ -89,7 +88,7 @@ + exit(EXIT_ERROR); + } + +- pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,message); ++ pindialog.dialog=gtk_message_dialog_new(NULL,GTK_DIALOG_MODAL,GTK_MESSAGE_QUESTION,GTK_BUTTONS_NONE,"%s",message); + gtk_dialog_set_default_response(GTK_DIALOG(pindialog.dialog),GTK_RESPONSE_OK); + gtk_window_set_title(GTK_WINDOW(pindialog.dialog),_MSG_(MSG_CHANGE_PIN_CODE)); + gtk_window_set_position(GTK_WINDOW(pindialog.dialog), GTK_WIN_POS_CENTER); +--- dialogs/src/dialogs.h.orig ++++ dialogs/src/dialogs.h +@@ -27,6 +27,7 @@ + #ifndef __DIALOGS_H__ + #define __DIALOGS_H__ + ++#include + #include + + #ifdef WIN32 +--- dialogs/src/dialogsgtk/dlgs_gtk.cpp.orig ++++ dialogs/src/dialogsgtk/dlgs_gtk.cpp +@@ -56,12 +56,13 @@ + + + +-bool MW_PERROR(tLevel level, tModule mod, char* comment) ++static bool MW_PERROR(tLevel level, tModule mod, char const *comment) + { + char err_txt[256],log_txt[1024]; + wchar_t wide_log_txt[1024]; + +- snprintf(log_txt,sizeof(log_txt),"%s:%s",comment,strerror_r(errno,err_txt,sizeof(err_txt))); ++ strerror_r(errno,err_txt,sizeof(err_txt)); ++ snprintf(log_txt,sizeof(log_txt),"%s:%s",comment,err_txt); + mbstowcs(wide_log_txt,log_txt,sizeof(wide_log_txt)); + return MWLOG(level,mod,wide_log_txt); + } +@@ -112,7 +113,7 @@ + char count[4]; + MWLOG(LEV_DEBUG,MOD_DLG,L"eIDMW::DlgBadPin called"); + +- snprintf(count,sizeof(count)-2,"%1d",ulRemainingTries); ++ snprintf(count,sizeof(count)-2,"%1lu",ulRemainingTries); + char* response=sdialog_call_modal(QUOTEME(BEID_BADPIN_DIALOG),count); + free(response); + return DLG_OK; +--- dialogs/src/dialogsgtk/parent.c.orig ++++ dialogs/src/dialogsgtk/parent.c +@@ -1,4 +1,6 @@ ++#include + #include ++#include + #include "config.h" + #include "parent.h" + +@@ -9,7 +11,7 @@ + char proc_path[32]; + ssize_t exec_path_len=-1; + +- snprintf(proc_path,sizeof(proc_path)-1,"/proc/%d/exe",getppid()); ++ snprintf(proc_path,sizeof(proc_path)-1,"/proc/%d/file",getppid()); + if((exec_path_len=readlink(proc_path,exec_path,exec_path_size-1))!=-1) + exec_path[exec_path_len]='\0'; + return exec_path_len; +--- dialogs/src/dialogsgtk/parent.h.orig ++++ dialogs/src/dialogsgtk/parent.h +@@ -1,2 +1,4 @@ ++#include ++ + ssize_t get_parent_path(char* exec_path, size_t exec_path_size); + +--- dialogs/src/dialogsgtk/single_dialog.c.orig ++++ dialogs/src/dialogsgtk/single_dialog.c +@@ -40,14 +40,15 @@ + #define DPRINTF(format,args...) fprintf(stderr, format , ## args) + #define DERROR(label) perror(label) + #else +-#define DPRINTF +-#define DERROR ++#define DPRINTF(format,args...) ++#define DERROR(label) + #endif + + + /* the sdialog_call_modal function borrows from readpass.c in the OpenSSH distribution, whose Copyright is as follows: + * + * START OF extra (C) NOTICE FOR sdialog_call_modal() ++ */ + + /* $OpenBSD: readpass.c,v 1.47 2006/08/03 03:34:42 deraadt Exp $ */ + /* diff --git a/security/libbeid/files/patch-pkcs11 b/security/libbeid/files/patch-pkcs11 new file mode 100644 index 000000000000..a301e4261047 --- /dev/null +++ b/security/libbeid/files/patch-pkcs11 @@ -0,0 +1,171 @@ +--- pkcs11/src/asn1.c.orig ++++ pkcs11/src/asn1.c +@@ -253,7 +253,7 @@ + /* check if we are decoding inside a BIT STRING: iNumTag == parent_tag */ + /* first octet of bit string is the number of unused bits at the end of the bitstring */ + /* in CER/DER: unused bits are always zero. And if they aren't zero, we still don't need to know the nr. of unused bits */ +- if ((iNumTag == 0x03) ) ++ if (iNumTag == 0x03) + { + p_cDat++; + iLen--; +--- pkcs11/src/cal.cpp.orig ++++ pkcs11/src/cal.cpp +@@ -865,7 +865,7 @@ + std::string szReader; + // char cBuffer[250]; + // unsigned char ucBuffer[250]; +- char* plabel = NULL; ++ char const *plabel = NULL; + CTLVBuffer oTLVBuffer; + P11_SLOT *pSlot = NULL; + CK_ATTRIBUTE ID_DATA[]= BEID_TEMPLATE_ID_DATA; +@@ -1026,8 +1026,8 @@ + std::string szReader; + char cBuffer[250]; + // unsigned char ucBuffer[250]; +- char* plabel = NULL; +- char* pobjectID = NULL; ++ char const *plabel = NULL; ++ char const *pobjectID = NULL; + unsigned long ulLen=0; + CTLVBuffer oTLVBuffer; + CTLVBuffer oTLVBufferAddress;//need second buffer object, as memory is only freed when this object is destructed +@@ -1061,7 +1061,7 @@ + pobjectID = BEID_OBJECTID_ID; + ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject, + (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) oFileData.GetBytes(),(CK_ULONG)oFileData.Size(), +- pobjectID, (CK_ULONG)strlen(pobjectID)); ++ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID)); + if (ret) goto cleanup; + + oTLVBuffer.ParseTLV(oFileData.GetBytes(), oFileData.Size()); +@@ -1075,7 +1075,7 @@ + oTLVBuffer.FillUTF8Data(ID_LABELS[i].tag, cBuffer, &ulLen); + plabel = ID_LABELS[i].name; + ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject, +- (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) cBuffer,ulLen,pobjectID, (CK_ULONG)strlen(pobjectID)); ++ (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) cBuffer,ulLen,(CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID)); + if (ret) goto cleanup; + } + if(dataType != CACHED_DATA_TYPE_ALL){ +@@ -1087,7 +1087,7 @@ + pobjectID = BEID_OBJECTID_ADDRESS; + ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject, + (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) oFileData.GetBytes(),(CK_ULONG)oFileData.Size(), +- pobjectID, (CK_ULONG)strlen(pobjectID)); ++ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID)); + if (ret) goto cleanup; + oTLVBufferAddress.ParseTLV(oFileData.GetBytes(), oFileData.Size()); + nrOfItems = sizeof(ADDRESS_LABELS)/sizeof(BEID_DATA_LABELS_NAME); +@@ -1099,7 +1099,7 @@ + plabel = ADDRESS_LABELS[i].name; + ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject, + (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) cBuffer,ulLen, +- pobjectID, (CK_ULONG)strlen(pobjectID)); ++ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(pobjectID)); + if (ret) goto cleanup; + } + if(dataType != CACHED_DATA_TYPE_ALL){ +@@ -1111,7 +1111,7 @@ + oFileData = oReader.ReadFile(BEID_FILE_PHOTO); + ret = p11_add_slot_ID_object(pSlot, ID_DATA, sizeof(ID_DATA)/sizeof(CK_ATTRIBUTE), CK_TRUE, CKO_DATA, CK_FALSE, &hObject, + (CK_VOID_PTR)plabel, (CK_ULONG)strlen(plabel),(CK_VOID_PTR) oFileData.GetBytes(),(CK_ULONG)oFileData.Size(), +- pobjectID, (CK_ULONG)strlen(BEID_OBJECTID_PHOTO)); ++ (CK_VOID_PTR)pobjectID, (CK_ULONG)strlen(BEID_OBJECTID_PHOTO)); + if (ret) goto cleanup; + if(dataType != CACHED_DATA_TYPE_ALL){ + break; +--- pkcs11/src/cal.h.orig ++++ pkcs11/src/cal.h +@@ -179,7 +179,7 @@ + + typedef struct BEID_DATA_LABELS_NAME { + unsigned char tag; +- char* name; ++ char const * name; + }BEID_DATA_LABELS_NAME; + + #define BEID_LABEL_DATA_FILE "DATA_FILE" +--- pkcs11/src/log.h.orig ++++ pkcs11/src/log.h +@@ -60,42 +60,42 @@ + + static P11_MAP_TYPE const P11_CLASS_TYPES[]= + { +- { CKO_DATA, "CKO_DATA" }, +- { CKO_CERTIFICATE, "CKO_CERTIFICATE" }, +- { CKO_PUBLIC_KEY, "CKO_PUBLIC_KEY" }, +- { CKO_PRIVATE_KEY, "CKO_PRIVATE_KEY" }, +- { CKO_SECRET_KEY, "CKO_SECRET_KEY" }, +- { CKO_HW_FEATURE, "CKO_HW_FEATURE" }, +- { CKO_DOMAIN_PARAMETERS, "CKO_DOMAIN_PARAMETERS" }, +- { CKO_VENDOR_DEFINED, "CKO_VENDOR_DEFINED" }, +- {0,0} ++ { CKO_DATA, "CKO_DATA", 0 }, ++ { CKO_CERTIFICATE, "CKO_CERTIFICATE", 0 }, ++ { CKO_PUBLIC_KEY, "CKO_PUBLIC_KEY", 0 }, ++ { CKO_PRIVATE_KEY, "CKO_PRIVATE_KEY", 0 }, ++ { CKO_SECRET_KEY, "CKO_SECRET_KEY", 0 }, ++ { CKO_HW_FEATURE, "CKO_HW_FEATURE", 0 }, ++ { CKO_DOMAIN_PARAMETERS, "CKO_DOMAIN_PARAMETERS", 0 }, ++ { CKO_VENDOR_DEFINED, "CKO_VENDOR_DEFINED", 0 }, ++ {0,0,0} + }; + + static P11_MAP_TYPE const P11_CERTIFICATE_TYPES[]= + { +- { CKC_X_509, "CKC_X_509" }, +- { CKC_X_509_ATTR_CERT, "CKC_X_509_ATTR_CERT" }, +- {0,0} ++ { CKC_X_509, "CKC_X_509", 0 }, ++ { CKC_X_509_ATTR_CERT, "CKC_X_509_ATTR_CERT", 0 }, ++ {0,0,0} + }; + + static P11_MAP_TYPE const P11_KEY_TYPES[]= + { +- { CKK_RSA, "CKK_RSA" }, +- { CKK_DSA, "CKK_DSA" }, +- { CKK_DH, "CKK_DH" }, +- { CKK_ECDSA, "CKK_ECDSA" }, +- { CKK_EC, "CKK_EC" }, +- { CKK_RC2, "CKK_RC2" }, +- { CKK_RC4, "CKK_RC4" }, +- { CKK_RC5, "CKK_RC5" }, +- { CKK_DES, "CKK_DES" }, +- { CKK_DES3, "CKK_DES3" }, +- { CKK_CAST, "CKK_CAST" }, +- { CKK_CAST3, "CKK_CAST3" }, +- { CKK_CAST128, "CKK_CAST128" }, +- { CKK_IDEA, "CKK_IDEA" }, +- { CKK_AES, "CKK_AES" }, +- {0,0} ++ { CKK_RSA, "CKK_RSA", 0 }, ++ { CKK_DSA, "CKK_DSA", 0 }, ++ { CKK_DH, "CKK_DH", 0 }, ++ { CKK_ECDSA, "CKK_ECDSA", 0 }, ++ { CKK_EC, "CKK_EC", 0 }, ++ { CKK_RC2, "CKK_RC2", 0 }, ++ { CKK_RC4, "CKK_RC4", 0 }, ++ { CKK_RC5, "CKK_RC5", 0 }, ++ { CKK_DES, "CKK_DES", 0 }, ++ { CKK_DES3, "CKK_DES3", 0 }, ++ { CKK_CAST, "CKK_CAST", 0 }, ++ { CKK_CAST3, "CKK_CAST3", 0 }, ++ { CKK_CAST128, "CKK_CAST128", 0 }, ++ { CKK_IDEA, "CKK_IDEA", 0 }, ++ { CKK_AES, "CKK_AES", 0 }, ++ {0,0,0} + }; + + static P11_MAP_TYPE const P11_ATTR_TYPES[]= { +@@ -159,7 +159,7 @@ + { CKA_RESET_ON_INIT, "CKA_RESET_ON_INIT", 0 }, + { CKA_HAS_RESET, "CKA_HAS_RESET", 0 }, + { CKA_VENDOR_DEFINED, "CKA_VENDOR_DEFINED", 0 }, +- {0,0} ++ {0,0,0} + }; + + diff --git a/security/libbeid/pkg-descr b/security/libbeid/pkg-descr new file mode 100644 index 000000000000..14edf1f9ebab --- /dev/null +++ b/security/libbeid/pkg-descr @@ -0,0 +1,4 @@ +Support libraries for Belgian government-issued electronic identity cards. +A PKCS #11 module is included that can be used with Mozilla Firefox. + +WWW: https://code.google.com/p/eid-mw/ diff --git a/security/libbeid/pkg-message b/security/libbeid/pkg-message new file mode 100644 index 000000000000..67763ce3f3f6 --- /dev/null +++ b/security/libbeid/pkg-message @@ -0,0 +1,19 @@ +WARNING: +The private keys on the eID cards are created by the Belgian government and +not by the citizens. You should assume that the government can forge digital +signatures and decrypt encrypted content. + +The procfs file system must be mounted on /proc for these libraries to work +correctly. + +To use your eID in Firefox you can add libbeidpkcs11.so as a security module: +- Make sure you have installed a pcsc-lite driver for your card reader (such + as devel/libccid) and that pcscd is running (add pcscd_enable="YES" to + /etc/rc.conf and start the service by running "service pcscd start"). +- Connect your card reader. +- In Firefox go to Edit->Preferences->Advanced->Certificates and press + "Security Devices", then "Load". +- Enter a name such as "Belgian eID" and browse for libbeidpkcs11.so. Then + close the two windows by pressing "OK" twice. +- If all went well you can now plug in your eID card and see your certificates + listed under "View Certificates->Your Certificates". diff --git a/security/libbeid/pkg-plist b/security/libbeid/pkg-plist new file mode 100644 index 000000000000..9c0073d4071a --- /dev/null +++ b/security/libbeid/pkg-plist @@ -0,0 +1,14 @@ +lib/libbeidcardlayer.so +lib/libbeidcommon.so +lib/libbeidcommon.so.0 +lib/libbeidcommon.so.0.0.0 +lib/libbeiddialogs.so +lib/libbeidpkcs11.so +lib/libbeidpkcs11.so.0 +lib/libbeidpkcs11.so.0.0.0 +libexec/beid-askaccess +libexec/beid-askpin +libexec/beid-badpin +libexec/beid-changepin +libexec/beid-spr-askpin +libexec/beid-spr-changepin -- cgit