giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove postecert and infocamere support because no longer issued (#1584) 

* Remove postecert and infocamere support because no longer issued

* Remove wrong changes

* reset NEWS

* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates

* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp

* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
This commit is contained in:
opensignature 2019-01-30 22:01:24 +01:00 committed by Frank Morgner
parent 09a594d0f0
commit 84f0a88edb
16 changed files with 20 additions and 1210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/files/files.html
View File

@ -775,8 +775,8 @@ app <em class="replaceable"><code>application</code></em> {
<code class="option">builtin_emulators = <em class="replaceable"><code>emulators</code></em>;</code>
</span></dt><dd><p>
List of the builtin pkcs15 emulators to test
(Default: <code class="literal">westcos, openpgp, infocamere,
starcert, tcos, esteid, itacns, postecert,
(Default: <code class="literal">westcos, openpgp,
starcert, tcos, esteid, itacns,
PIV-II, cac, gemsafeGPK, gemsafeV1, actalis,
atrust-acos, tccardos, entersafe, pteid,
oberthur, sc-hsm, dnie, gids, iasecc, jpki,

4
doc/files/opensc.conf.5.xml.in
View File

@ -1178,8 +1178,8 @@ app <replaceable>application</replaceable> {
</term>
<listitem><para>
List of the builtin pkcs15 emulators to test
(Default: <literal>westcos, openpgp, infocamere,
starcert, tcos, esteid, itacns, postecert,
(Default: <literal>westcos, openpgp,
starcert, tcos, esteid, itacns,
PIV-II, cac, gemsafeGPK, gemsafeV1, actalis,
atrust-acos, tccardos, entersafe, pteid,
oberthur, sc-hsm, dnie, gids, iasecc, jpki,

2
etc/opensc.conf.example.in
View File

@ -904,7 +904,7 @@ app default {
# enable_builtin_emulation = no;
#
# List of the builtin pkcs15 emulators to test
# Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
# Default: esteid, openpgp, tcos, starcert, itacns, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
# builtin_emulators = openpgp;
# additional settings per driver

4
src/libopensc/Makefile.am
View File

@ -51,8 +51,8 @@ libopensc_la_SOURCES_BASE = \
card-isoApplet.c card-masktech.c card-gids.c card-jpki.c \
card-npa.c \
\
pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \
pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \
pkcs15-openpgp.c pkcs15-starcert.c \
pkcs15-tcos.c pkcs15-esteid.c pkcs15-gemsafeGPK.c \
pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c pkcs15-piv.c \
pkcs15-cac.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \
pkcs15-oberthur.c pkcs15-itacns.c pkcs15-gemsafeV1.c pkcs15-sc-hsm.c \

4
src/libopensc/Makefile.mak
View File

@ -30,8 +30,8 @@ OBJECTS = \
card-masktech.obj card-gids.obj card-jpki.obj \
card-npa.obj \
\
pkcs15-openpgp.obj pkcs15-infocamere.obj pkcs15-starcert.obj \
pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-postecert.obj pkcs15-gemsafeGPK.obj \
pkcs15-openpgp.obj pkcs15-starcert.obj \
pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-gemsafeGPK.obj \
pkcs15-actalis.obj pkcs15-atrust-acos.obj pkcs15-tccardos.obj pkcs15-piv.obj \
pkcs15-cac.obj pkcs15-esinit.obj pkcs15-westcos.obj pkcs15-pteid.obj pkcs15-din-66291.obj \
pkcs15-oberthur.obj pkcs15-itacns.obj pkcs15-gemsafeV1.obj pkcs15-sc-hsm.obj \

7
src/libopensc/card-cardos.c
View File

@ -45,13 +45,6 @@ static struct sc_card_driver cardos_drv = {
static const struct sc_atr_table cardos_atrs[] = {
/* 4.0 */
{ "3b:e2:00:ff:c1:10:31:fe:55:c8:02:9c", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
/* Italian eID card, postecert */
{ "3b:e9:00:ff:c1:10:31:fe:55:00:64:05:00:c8:02:31:80:00:47", NULL, NULL, SC_CARD_TYPE_CARDOS_CIE_V1, 0, NULL },
/* Italian eID card, infocamere */
{ "3b:fb:98:00:ff:c1:10:31:fe:55:00:64:05:20:47:03:31:80:00:90:00:f3", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
/* Another Italian InfocamereCard */
{ "3b:fc:98:00:ff:c1:10:31:fe:55:c8:03:49:6e:66:6f:63:61:6d:65:72:65:28", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL },
{ "3b:f4:98:00:ff:c1:10:31:fe:55:4d:34:63:76:b4", NULL, NULL, SC_CARD_TYPE_CARDOS_GENERIC, 0, NULL},
/* cardos m4.2 and above */
{ "3b:f2:18:00:ff:c1:0a:31:fe:55:c8:06:8a", "ff:ff:0f:ff:00:ff:00:ff:ff:00:00:00:00", NULL, SC_CARD_TYPE_CARDOS_M4_2, 0, NULL },
/* CardOS 4.4 */

816
src/libopensc/pkcs15-infocamere.c
View File

@ -1,816 +0,0 @@
/*
* PKCS15 emulation layer for 1202, 1203 and 1400 Infocamere card.
* To see how this works, run p15dump on your Infocamere card.
*
* Copyright (C) 2005, Sirio Capizzi <graaf@virgilio.it>
* Copyright (C) 2004, Antonino Iacono <ant_iacono@tin.it>
* Copyright (C) 2003, Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifdef ENABLE_ZLIB
#include <zlib.h>
#endif
#include "common/compat_strlcpy.h"
#include "pkcs15.h"
#include "log.h"
int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t *, struct sc_aid *aid,
sc_pkcs15emu_opt_t *);
static int (*set_security_env) (sc_card_t *, const sc_security_env_t *,
int);
static int set_sec_env(sc_card_t * card, const sc_security_env_t * env,
int se_num)
{
sc_security_env_t tenv = *env;
if (tenv.operation == SC_SEC_OPERATION_SIGN)
tenv.operation = SC_SEC_OPERATION_DECIPHER;
return set_security_env(card, &tenv, se_num);
}
static int do_sign(sc_card_t * card, const u8 * in, size_t inlen, u8 * out,
size_t outlen)
{
return card->ops->decipher(card, in, inlen, out, outlen);
}
static void set_string(char **strp, const char *value)
{
if (*strp)
free(*strp);
*strp = value ? strdup(value) : NULL;
}
#if 1
/* XXX: temporary copy of the old pkcs15emu functions,
* to be removed */
static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
const sc_pkcs15_id_t *id, const char *label,
const sc_path_t *path, int ref, int type,
unsigned int min_length,
unsigned int max_length,
int flags, int tries_left, const char pad_char, int obj_flags)
{
sc_pkcs15_auth_info_t info;
sc_pkcs15_object_t obj;
memset(&info, 0, sizeof(info));
memset(&obj, 0, sizeof(obj));
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
info.auth_id = *id;
info.attrs.pin.min_length = min_length;
info.attrs.pin.max_length = max_length;
info.attrs.pin.stored_length = max_length;
info.attrs.pin.type = type;
info.attrs.pin.reference = ref;
info.attrs.pin.flags = flags;
info.attrs.pin.pad_char = pad_char;
info.tries_left = tries_left;
info.logged_in = SC_PIN_STATE_UNKNOWN;
if (path)
info.path = *path;
if (type == SC_PKCS15_PIN_TYPE_BCD)
info.attrs.pin.stored_length /= 2;
strlcpy(obj.label, label, sizeof(obj.label));
obj.flags = obj_flags;
return sc_pkcs15emu_add_pin_obj(p15card, &obj, &info);
}
static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
const sc_pkcs15_id_t *id,
const char *label,
int type, unsigned int modulus_length, int usage,
const sc_path_t *path, int ref,
const sc_pkcs15_id_t *auth_id, int obj_flags)
{
sc_pkcs15_prkey_info_t info;
sc_pkcs15_object_t obj;
memset(&info, 0, sizeof(info));
memset(&obj, 0, sizeof(obj));
info.id = *id;
info.modulus_length = modulus_length;
info.usage = usage;
info.native = 1;
info.key_reference = ref;
if (path)
info.path = *path;
obj.flags = obj_flags;
strlcpy(obj.label, label, sizeof(obj.label));
if (auth_id != NULL)
obj.auth_id = *auth_id;
return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info);
}
static int sc_pkcs15emu_add_cert(sc_pkcs15_card_t *p15card,
int type, int authority, const sc_path_t *path,
const sc_pkcs15_id_t *id, const char *label, int obj_flags)
{
/* const char *label = "Certificate"; */
sc_pkcs15_cert_info_t info;
sc_pkcs15_object_t obj;
memset(&info, 0, sizeof(info));
memset(&obj, 0, sizeof(obj));
info.id = *id;
info.authority = authority;
if (path)
info.path = *path;
strlcpy(obj.label, label, sizeof(obj.label));
obj.flags = obj_flags;
return sc_pkcs15emu_add_x509_cert(p15card, &obj, &info);
}
#endif
static int infocamere_1200_init(sc_pkcs15_card_t * p15card)
{
const int prkey_usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
const int authprkey_usage = SC_PKCS15_PRKEY_USAGE_SIGN
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
| SC_PKCS15_PRKEY_USAGE_DECRYPT;
sc_card_t *card = p15card->card;
sc_path_t path;
sc_pkcs15_id_t id, auth_id;
char serial[256];
unsigned char certlen[2];
int authority, change_sign = 0;
struct sc_pkcs15_cert_info cert_info;
struct sc_pkcs15_object cert_obj;
const char *label = "User Non-repudiation Certificate";
const char *calabel = "CA Certificate";
const char *authlabel = "User Authentication Certificate";
const char *infocamere_cert_path[2] = {
"DF01C000",
"3F00000011111A02"
};
const char *infocamere_auth_certpath[2] = {
"11111A02",
"000011111B02"
};
const char *infocamere_cacert_path[2] = {
"DF01C008",
"000011114101"
};
const char *infocamere_auth_path[2] = {
"3F001111",
"3F0000001111"
};
const char *infocamere_nrepud_path[2] = {
"3F00DF01",
"3F0000001111"
};
const int infocamere_idpin_auth_obj[2] = {
0x95,
0x81
};
const int infocamere_idpin_nrepud_obj[2] = {
0x99,
0x81
};
const int infocamere_idprkey_auth_obj[2] = {
0x9B,
0x01
};
const int infocamere_idprkey_nrepud_obj[2] = {
0x84,
0x01
};
const char *authPIN = "Authentication PIN";
const char *nonrepPIN = "Non-repudiation PIN";
const char *authPRKEY = "Authentication Key";
const char *nonrepPRKEY = "Non repudiation Key";
const int flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
SC_PKCS15_PIN_FLAG_INITIALIZED |
SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
int r;
unsigned char chn[8];
size_t chn_len = sizeof chn;
sc_serial_number_t iccsn;
iccsn.len = sizeof iccsn.value;
r = sc_parse_ef_gdo(card, iccsn.value, &iccsn.len, chn, &chn_len);
if (r < 0)
return r;
if (!iccsn.len || chn_len < 2 || chn_len > 8) {
return SC_ERROR_WRONG_CARD;
}
sc_bin_to_hex(iccsn.value, iccsn.len, serial, sizeof(serial), 0);
if (!
(chn[0] == 0x12
&& (chn[1] == 0x02 || chn[1] == 0x03))) {
/* Not Infocamere Card */
return SC_ERROR_WRONG_CARD;
}
set_string(&p15card->tokeninfo->serial_number, serial);
if (chn[1] == 0x02)
set_string(&p15card->tokeninfo->label, "Infocamere 1202 Card");
else {
set_string(&p15card->tokeninfo->label, "Infocamere 1203 Card");
change_sign = 1;
}
set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere");
authority = 0;
/* Get the authentication certificate length */
sc_format_path(infocamere_auth_certpath[chn[1]-2], &path);
r = sc_select_file(card, &path, NULL);
if (r >= 0) {
sc_read_binary(card, 0, certlen, 2, 0);
/* Now set the certificate offset/len */
path.index = 2;
path.count = (certlen[1] << 8) + certlen[0];
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
sc_pkcs15_format_id("01", &cert_info.id);
cert_info.authority = authority;
cert_info.path = path;
strlcpy(cert_obj.label, authlabel, sizeof(cert_obj.label));
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0)
return SC_ERROR_INTERNAL;
/* XXX: the IDs for the key/pin in case of the 1203 type
* are wrong, therefore I disable them for now -- Nils */
if (!change_sign) {
/* add authentication PIN */
sc_format_path(infocamere_auth_path[chn[1]-2], &path);
sc_pkcs15_format_id("01", &id);
sc_pkcs15emu_add_pin(p15card, &id,
authPIN, &path, infocamere_idpin_auth_obj[chn[1]-2],
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
5, 8, flags, 3, 0,
SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE);
/* add authentication private key */
auth_id.value[0] = 1;
auth_id.len = 1;
sc_pkcs15emu_add_prkey(p15card, &id,
authPRKEY,
SC_PKCS15_TYPE_PRKEY_RSA,
1024, authprkey_usage,
&path, infocamere_idprkey_auth_obj[chn[1]-2],
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
}
}
/* Get the non-repudiation certificate length */
sc_format_path(infocamere_cert_path[chn[1]-2], &path);
if (sc_select_file(card, &path, NULL) < 0) {
return SC_ERROR_INTERNAL;
}
sc_read_binary(card, 0, certlen, 2, 0);
/* Now set the certificate offset/len */
path.index = 2;
path.count = (certlen[1] << 8) + certlen[0];
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
sc_pkcs15_format_id("02", &cert_info.id);
cert_info.authority = authority;
cert_info.path = path;
strlcpy(cert_obj.label, label, sizeof(cert_obj.label));
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0)
return SC_ERROR_INTERNAL;
/* Get the CA certificate length */
authority = 1;
sc_format_path(infocamere_cacert_path[chn[1]-2], &path);
r = sc_select_file(card, &path, NULL);
if (r >= 0) {
size_t len;
sc_read_binary(card, 0, certlen, 2, 0);
len = (certlen[1] << 8) + certlen[0];
if (len != 0) {
/* Now set the certificate offset/len */
path.index = 2;
path.count = len;
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
sc_pkcs15_format_id("03", &cert_info.id);
cert_info.authority = authority;
cert_info.path = path;
strlcpy(cert_obj.label, calabel, sizeof(cert_obj.label));
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
if (r < 0)
return SC_ERROR_INTERNAL;
}
}
/* add non repudiation PIN */
sc_format_path(infocamere_nrepud_path[chn[1]-2], &path);
sc_pkcs15_format_id("02", &id);
sc_pkcs15emu_add_pin(p15card, &id,
nonrepPIN, &path, infocamere_idpin_nrepud_obj[chn[1]-2],
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC, 5, 8, flags, 3, 0,
SC_PKCS15_CO_FLAG_MODIFIABLE | SC_PKCS15_CO_FLAG_PRIVATE);
/* add non repudiation private key */
auth_id.value[0] = 2;
auth_id.len = 1;
sc_pkcs15emu_add_prkey(p15card, &id, nonrepPRKEY,
SC_PKCS15_TYPE_PRKEY_RSA,
1024, prkey_usage,
&path, infocamere_idprkey_nrepud_obj[chn[1]-2],
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
/* return to MF */
sc_format_path("3F00", &path);
r = sc_select_file(card, &path, NULL);
if (r != SC_SUCCESS)
return r;
if (change_sign) {
/* save old signature funcs */
set_security_env = card->ops->set_security_env;
/* set new one */
card->ops->set_security_env = set_sec_env;
card->ops->compute_signature = do_sign;
}
return SC_SUCCESS;
}
static int infocamere_1400_set_sec_env(struct sc_card *card,
const struct sc_security_env *env,
int se_num)
{
int r;
struct sc_security_env tenv = *env;
if (tenv.operation == SC_SEC_OPERATION_SIGN)
tenv.operation = SC_SEC_OPERATION_DECIPHER;
if ((r =
card->ops->restore_security_env(card, 0x40)) == SC_SUCCESS)
return set_security_env(card, &tenv, se_num);
else
return r;
}
#ifdef ENABLE_ZLIB
static const u8 ATR_1400[] =
{ 0x3b, 0xfc, 0x98, 0x00, 0xff, 0xc1, 0x10, 0x31, 0xfe, 0x55, 0xc8,
0x03, 0x49, 0x6e, 0x66, 0x6f, 0x63, 0x61, 0x6d, 0x65, 0x72, 0x65,
0x28
};
/* Loads certificates.
* Certificates are stored in a ZLib compressed form with
* a 4 byte header, so we extract, decompress and cache
* them.
*/
static int loadCertificate(sc_pkcs15_card_t * p15card, int i,
const char *certPath, const char *certLabel)
{
unsigned char *compCert = NULL, *cert = NULL, size[2];
unsigned long int compLen, len;
sc_pkcs15_cert_info_t cert_info;
sc_pkcs15_object_t cert_obj;
sc_path_t cpath;
sc_card_t *card = p15card->card;
sc_pkcs15_id_t id;
int r;
memset(&cert_info, 0, sizeof(cert_info));
memset(&cert_obj, 0, sizeof(cert_obj));
sc_format_path(certPath, &cpath);
if (sc_select_file(card, &cpath, NULL) != SC_SUCCESS)
return SC_ERROR_WRONG_CARD;
sc_read_binary(card, 2, size, 2, 0);
compLen = (size[0] << 8) + size[1];
compCert = malloc(compLen * sizeof(unsigned char));
len = 4 * compLen; /*Approximation of the uncompressed size */
cert = malloc(len * sizeof(unsigned char));
if (!cert || !compCert) {
free(cert);
free(compCert);
return SC_ERROR_OUT_OF_MEMORY;
}
sc_read_binary(card, 4, compCert, compLen, 0);
if ((r = uncompress(cert, &len, compCert, compLen)) != Z_OK) {
sc_log(p15card->card->ctx, "Zlib error: %d", r);
return SC_ERROR_INTERNAL;
}
cpath.index = 0;
cpath.count = len;
sc_pkcs15_cache_file(p15card, &cpath, cert, len);
id.len=1;
id.value[0] = i + 1;
cert_info.id = id;
cert_info.path = cpath;
cert_info.authority = (i == 2);
strlcpy(cert_obj.label, certLabel, sizeof(cert_obj.label));
cert_obj.flags = SC_PKCS15_CO_FLAG_MODIFIABLE;
sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);
return SC_SUCCESS;
}
static int infocamere_1400_init(sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
sc_path_t path;
sc_pkcs15_id_t id, auth_id;
unsigned char serial[16];
int flags;
int r;
int hasAuthCert = 0;
const char *certLabel[] = { "User Non-repudiation Certificate",
"User Authentication Certificate",
"CA Certificate"
};
const char *certPath[] =
{ "300060000000", "300060000001", "300060000002" };
const char *pinLabel[] =
{ "Non-repudiation PIN", "Authentication PIN" };
int retries[] = { 3, -1 };
const char *keyPath[] = { "30004000001", "30004000002" };
const char *keyLabel[] =
{ "Non repudiation Key", "Authentication Key" };
static int usage[] = { SC_PKCS15_PRKEY_USAGE_NONREPUDIATION,
SC_PKCS15_PRKEY_USAGE_SIGN
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
| SC_PKCS15_PRKEY_USAGE_DECRYPT
};
auth_id.len = 1;
id.len = 1;
/* OpenSC doesn't define constants to identify BSOs for
* restoring security environment, so we overload
* the set_security_env function to support restore_sec_env */
set_security_env = card->ops->set_security_env;
card->ops->set_security_env = infocamere_1400_set_sec_env;
card->ops->compute_signature = do_sign;
p15card->opts.use_file_cache = 1;
sc_format_path("30000001", &path);
r = sc_select_file(card, &path, NULL);
if (r != SC_SUCCESS)
return SC_ERROR_WRONG_CARD;
sc_read_binary(card, 15, serial, 15, 0);
serial[15] = '\0';
set_string(&p15card->tokeninfo->serial_number, (char *)serial);
set_string(&p15card->tokeninfo->label, "Infocamere 1400 Card");
set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere");
if ((r = loadCertificate(p15card, 0, certPath[0], certLabel[0])) !=
SC_SUCCESS) {
sc_log(p15card->card->ctx, "%s", sc_strerror(r));
return SC_ERROR_WRONG_CARD;
}
hasAuthCert =
loadCertificate(p15card, 1, certPath[1],
certLabel[1]) == SC_SUCCESS;
loadCertificate(p15card, 2, certPath[2], certLabel[2]);
flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
SC_PKCS15_PIN_FLAG_INITIALIZED |
SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
/* adding PINs & private keys */
sc_format_path("30004000", &path);
id.value[0] = 1;
sc_pkcs15emu_add_pin(p15card, &id,
pinLabel[0], &path, 1,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
5, 8, flags, retries[0], 0,
SC_PKCS15_CO_FLAG_MODIFIABLE |
SC_PKCS15_CO_FLAG_PRIVATE);
sc_format_path(keyPath[0], &path);
auth_id.value[0] = 1;
sc_pkcs15emu_add_prkey(p15card, &id,
keyLabel[0],
SC_PKCS15_TYPE_PRKEY_RSA,
1024, usage[0],
&path, 1,
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
if (hasAuthCert) {
sc_format_path("30004000", &path);
id.value[0] = 2;
sc_pkcs15emu_add_pin(p15card, &id,
pinLabel[1], &path, 2,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
5, 8, flags, retries[1], 0,
SC_PKCS15_CO_FLAG_MODIFIABLE |
SC_PKCS15_CO_FLAG_PRIVATE);
sc_format_path(keyPath[1], &path);
auth_id.value[0] = 2;
sc_pkcs15emu_add_prkey(p15card, &id,
keyLabel[1],
SC_PKCS15_TYPE_PRKEY_RSA,
1024, usage[1],
&path, 2,
&auth_id,
SC_PKCS15_CO_FLAG_PRIVATE);
}
/* return to MF */
sc_format_path("3F00", &path);
r = sc_select_file(card, &path, NULL);
return r;
}
#endif
static const u8 ATR_1600[] = { 0x3B, 0xF4, 0x98, 0x00, 0xFF, 0xC1, 0x10,
0x31, 0xFE, 0x55, 0x4D, 0x34, 0x63, 0x76, 0xB4
};
static int infocamere_1600_init(sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
sc_path_t path;
sc_pkcs15_id_t id, auth_id;
unsigned char serial[17];
int flags;
int r;
int hasAuthCert = 0;
const char *certLabel[] = { "User Non-repudiation Certificate",
"User Authentication Certificate"
};
const char *certPath[] = { "200020010008", "20002001000E" };
const char *pinLabel[] =
{ "Non-repudiation PIN", "Authentication PIN" };
int retries[] = { 3, -1 };
const char *keyPath[] = { "200020010004", "20002001000A" };
const char *keyLabel[] =
{ "Non repudiation Key", "Authentication Key" };
static int usage[] = { SC_PKCS15_PRKEY_USAGE_NONREPUDIATION,
SC_PKCS15_PRKEY_USAGE_SIGN
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
| SC_PKCS15_PRKEY_USAGE_DECRYPT
};
auth_id.len = 1;
id.len = 1;
/* OpenSC doesn't define constants to identify BSOs for
* restoring security environment, so we overload
* the set_security_env function to support restore_sec_env */
set_security_env = card->ops->set_security_env;
card->ops->set_security_env = infocamere_1400_set_sec_env;
card->ops->compute_signature = do_sign;
sc_format_path("200020012002", &path);
r = sc_select_file(card, &path, NULL);
if (r != SC_SUCCESS)
return SC_ERROR_WRONG_CARD;
sc_read_binary(card, 30, serial, 16, 0);
serial[16] = '\0';
set_string(&p15card->tokeninfo->serial_number, (char *) serial);
set_string(&p15card->tokeninfo->label, "Infocamere 1600 Card");
set_string(&p15card->tokeninfo->manufacturer_id, "Infocamere");
/* Adding certificates.
* Certificates are stored in a ZLib compressed form with
* a 4 byte header, so we extract, decompress and cache
* them.
*/
sc_format_path(certPath[0], &path);
if (sc_select_file(card, &path, NULL) != SC_SUCCESS)
return SC_ERROR_WRONG_CARD;
id.value[0] = 1;
sc_pkcs15emu_add_cert(p15card,
SC_PKCS15_TYPE_CERT_X509, 0,
&path, &id, certLabel[0],
SC_PKCS15_CO_FLAG_MODIFIABLE);
sc_format_path(certPath[1], &path);
if (sc_select_file(card, &path, NULL) == SC_SUCCESS) {
hasAuthCert = 1;
id.value[0] = 2;
sc_pkcs15emu_add_cert(p15card,
SC_PKCS15_TYPE_CERT_X509, 1,
&path, &id, certLabel[1],
SC_PKCS15_CO_FLAG_MODIFIABLE);
}
flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
SC_PKCS15_PIN_FLAG_INITIALIZED |
SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
/* adding PINs & private keys */
sc_format_path("2000", &path);
id.value[0] = 1;
sc_pkcs15emu_add_pin(p15card, &id,
pinLabel[0], &path, 1,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
5, 8, flags, retries[0], 0,
SC_PKCS15_CO_FLAG_MODIFIABLE |
SC_PKCS15_CO_FLAG_PRIVATE);
sc_format_path(keyPath[0], &path);
auth_id.value[0] = 1;
sc_pkcs15emu_add_prkey(p15card, &id,
keyLabel[0],
SC_PKCS15_TYPE_PRKEY_RSA,
1024, usage[0],
&path, 1,
&auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
if (hasAuthCert) {
id.value[0] = 2;
sc_pkcs15emu_add_pin(p15card, &id,
pinLabel[1], &path, 2,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
5, 8, flags, retries[1], 0,
SC_PKCS15_CO_FLAG_MODIFIABLE |
SC_PKCS15_CO_FLAG_PRIVATE);
sc_format_path(keyPath[1], &path);
auth_id.value[0] = 2;
sc_pkcs15emu_add_prkey(p15card, &id,
keyLabel[1],
SC_PKCS15_TYPE_PRKEY_RSA,
1024, usage[1],
&path, 2,
&auth_id,
SC_PKCS15_CO_FLAG_PRIVATE);
}
/* return to MF */
sc_format_path("3F00", &path);
sc_select_file(card, &path, NULL);
return SC_SUCCESS;
}
static int infocamere_detect_card(sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
/* check if we have the correct card OS */
if (strcmp(card->name, "STARCOS")
&& strcmp(card->name, "CardOS M4"))
return SC_ERROR_WRONG_CARD;
return SC_SUCCESS;
}
int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t * p15card,
struct sc_aid *aid,
sc_pkcs15emu_opt_t * opts)
{
if (!(opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)) {
if (infocamere_detect_card(p15card))
return SC_ERROR_WRONG_CARD;
}
if (memcmp(p15card->card->atr.value, ATR_1600, sizeof(ATR_1600)) == 0)
return infocamere_1600_init(p15card);
#ifdef ENABLE_ZLIB
else if (memcmp(p15card->card->atr.value, ATR_1400, sizeof(ATR_1400)) ==
0)
return infocamere_1400_init(p15card);
#endif
else
return infocamere_1200_init(p15card);
}

369
src/libopensc/pkcs15-postecert.c
View File

@ -1,369 +0,0 @@
/*
* PKCS15 emulation layer for Postecert and Cnipa card.
* To see how this works, run p15dump on your Postecert or Cnipa Card.
*
* Copyright (C) 2004, Antonino Iacono <ant_iacono@tin.it>
* Copyright (C) 2003, Olaf Kirch <okir@suse.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include "common/compat_strlcpy.h"
#include "internal.h"
#include "pkcs15.h"
#include "log.h"
int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
static int (*set_security_env) (sc_card_t *, const sc_security_env_t *, int);
static int set_sec_env(sc_card_t * card, const sc_security_env_t *env,
int se_num)
{
sc_security_env_t tenv = *env;
if (tenv.operation == SC_SEC_OPERATION_SIGN)
tenv.operation = SC_SEC_OPERATION_DECIPHER;
return set_security_env(card, &tenv, se_num);
}
static int do_sign(sc_card_t * card, const u8 * in, size_t inlen, u8 * out,
size_t outlen)
{
return card->ops->decipher(card, in, inlen, out, outlen);
}
static void set_string(char **strp, const char *value)
{
if (*strp)
free(*strp);
*strp = value ? strdup(value) : NULL;
}
#if 1
/* XXX: temporary copy of the old pkcs15emu functions,
* to be removed */
static int sc_pkcs15emu_add_pin(sc_pkcs15_card_t *p15card,
const sc_pkcs15_id_t *id, const char *label,
const sc_path_t *path, int ref, int type,
unsigned int min_length,
unsigned int max_length,
int flags, int tries_left, const char pad_char, int obj_flags)
{
sc_pkcs15_auth_info_t info;
sc_pkcs15_object_t obj;
memset(&info, 0, sizeof(info));
memset(&obj, 0, sizeof(obj));
info.auth_id = *id;
info.auth_type = SC_PKCS15_PIN_AUTH_TYPE_PIN;
info.attrs.pin.min_length = min_length;
info.attrs.pin.max_length = max_length;
info.attrs.pin.stored_length = max_length;
info.attrs.pin.type = type;
info.attrs.pin.reference = ref;
info.attrs.pin.flags = flags;
info.attrs.pin.pad_char = pad_char;
info.tries_left = tries_left;
info.logged_in = SC_PIN_STATE_UNKNOWN;
if (path)
info.path = *path;
if (type == SC_PKCS15_PIN_TYPE_BCD)
info.attrs.pin.stored_length /= 2;
strlcpy(obj.label, label, sizeof(obj.label));
obj.flags = obj_flags;
return sc_pkcs15emu_add_pin_obj(p15card, &obj, &info);
}
static int sc_pkcs15emu_add_prkey(sc_pkcs15_card_t *p15card,
const sc_pkcs15_id_t *id,
const char *label,
int type, unsigned int modulus_length, int usage,
const sc_path_t *path, int ref,
const sc_pkcs15_id_t *auth_id, int obj_flags)
{
sc_pkcs15_prkey_info_t info;
sc_pkcs15_object_t obj;
memset(&info, 0, sizeof(info));
memset(&obj, 0, sizeof(obj));
info.id = *id;
info.modulus_length = modulus_length;
info.usage = usage;
info.native = 1;
info.key_reference = ref;
if (path)
info.path = *path;
obj.flags = obj_flags;
strlcpy(obj.label, label, sizeof(obj.label));
if (auth_id != NULL)
obj.auth_id = *auth_id;
return sc_pkcs15emu_add_rsa_prkey(p15card, &obj, &info);
}
static int sc_pkcs15emu_add_cert(sc_pkcs15_card_t *p15card,
int type, int authority, const sc_path_t *path,
const sc_pkcs15_id_t *id, const char *label, int obj_flags)
{
/* const char *label = "Certificate"; */
sc_pkcs15_cert_info_t info;
sc_pkcs15_object_t obj;
memset(&info, 0, sizeof(info));
memset(&obj, 0, sizeof(obj));
info.id = *id;
info.authority = authority;
if (path)
info.path = *path;
strlcpy(obj.label, label, sizeof(obj.label));
obj.flags = obj_flags;
return sc_pkcs15emu_add_x509_cert(p15card, &obj, &info);
}
#endif
static int sc_pkcs15emu_postecert_init(sc_pkcs15_card_t * p15card)
{
static int prkey_usage = SC_PKCS15_PRKEY_USAGE_NONREPUDIATION;
static int authprkey_usage = SC_PKCS15_PRKEY_USAGE_SIGN
| SC_PKCS15_PRKEY_USAGE_SIGNRECOVER
| SC_PKCS15_PRKEY_USAGE_ENCRYPT
| SC_PKCS15_PRKEY_USAGE_DECRYPT;
sc_card_t *card = p15card->card;
sc_path_t path;
sc_pkcs15_id_t id, auth_id;
unsigned char certlen[2];
unsigned char *certi = NULL;
int index_cert[4];
int count_cert[4];
int flags;
int authority;
size_t i, count;
int r;
int o = 0;
const char *label = "User Non-repudiation Certificate";
const char *calabel = "CA Certificate";
const char *catmslabel = "CA TimeStamper Certificate";
const char *authlabel = "User Authentication Certificate";
const char *postecert_auth_cert_path = "504B0001";
const char *authPIN = "Authentication PIN";
const char *nonrepPIN = "Non-repudiation PIN";
const char *authPRKEY = "Authentication Key";
const char *nonrepPRKEY = "Non repudiation Key";
memset(index_cert, 0, sizeof(index_cert));
memset(count_cert, 0, sizeof(count_cert));
/* Get the non-repudiation certificate length */
sc_format_path(postecert_auth_cert_path, &path);
if (sc_select_file(card, &path, NULL) < 0) {
r = SC_ERROR_WRONG_CARD;
goto failed;
}
set_string(&p15card->tokeninfo->label, "Postecert & Cnipa Card");
set_string(&p15card->tokeninfo->manufacturer_id, "Postecert");
set_string(&p15card->tokeninfo->serial_number, "0000");
sc_read_binary(card, 0, certlen, 2, 0);
/* Now set the certificate offset/len */
count = (certlen[0] << 8) + certlen[1];
if (count < 256)
return SC_ERROR_INTERNAL;
certi = malloc(count);
if (!certi)
return SC_ERROR_OUT_OF_MEMORY;
sc_read_binary(card, 0, certi, count - 500, 0);
for (i = 2; i < (count - 256); i++) {
/* this file contain more than one certificate */
if (*(certi + i) == 0x30 && *(certi + i + 1) == 0x82
&& *(certi + i + 4) == 0x30 && *(certi + i + 5) == 0x82
&& *(certi + i + 2) > 1 && *(certi + i + 2) < 8
&& *(certi + i + 6) <= *(certi + i + 2)) {
index_cert[o] = i;
count_cert[o] =
(*(certi + i + 2) << 8) + *(certi + i + 3) + 4;
o++;
if (o >= 4)
break;
i += (*(certi + i + 2) << 8) + *(certi + i + 3);
}
}
free(certi);
path.index = index_cert[0];
path.count = count_cert[0];
id.value[0] = 1;
id.len = 1;
authority = 1;
sc_pkcs15emu_add_cert(p15card,
SC_PKCS15_TYPE_CERT_X509, authority,
&path, &id, calabel, SC_PKCS15_CO_FLAG_MODIFIABLE);
path.index = index_cert[1];
path.count = count_cert[1];
id.value[0] = 2;
id.len = 1;
authority = 1;
sc_pkcs15emu_add_cert(p15card,
SC_PKCS15_TYPE_CERT_X509, authority,
&path, &id, catmslabel, SC_PKCS15_CO_FLAG_MODIFIABLE);
path.index = index_cert[2];
path.count = count_cert[2];
id.value[0] = 3;
id.len = 1;
authority = 0;
sc_pkcs15emu_add_cert(p15card,
SC_PKCS15_TYPE_CERT_X509, authority,
&path, &id, label, SC_PKCS15_CO_FLAG_MODIFIABLE);
path.index = index_cert[3];
path.count = count_cert[3];
id.value[0] = 4;
id.len = 1;
sc_pkcs15emu_add_cert(p15card,
SC_PKCS15_TYPE_CERT_X509, authority,
&path, &id, authlabel, SC_PKCS15_CO_FLAG_MODIFIABLE);
flags = SC_PKCS15_PIN_FLAG_CASE_SENSITIVE |
SC_PKCS15_PIN_FLAG_INITIALIZED | SC_PKCS15_PIN_FLAG_NEEDS_PADDING;
/* add authentication PIN */
sc_format_path("3F00504B", &path);
id.value[0] = 1;
sc_pkcs15emu_add_pin(p15card, &id,
authPIN, &path, 0x82,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
6, 14, flags, 3, 0,
SC_PKCS15_CO_FLAG_MODIFIABLE |
SC_PKCS15_CO_FLAG_PRIVATE);
/* add authentication private key */
id.value[0] = 4;
auth_id.value[0] = 1;
auth_id.len = 1;
sc_pkcs15emu_add_prkey(p15card, &id,
authPRKEY,
SC_PKCS15_TYPE_PRKEY_RSA,
1024, authprkey_usage,
&path, 0x06, &auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
/* add non repudiation PIN */
sc_format_path("3F00504B", &path);
id.value[0] = 2;
sc_pkcs15emu_add_pin(p15card, &id,
nonrepPIN, &path, 0x82,
SC_PKCS15_PIN_TYPE_ASCII_NUMERIC,
6, 14, flags, 3, 0,
SC_PKCS15_CO_FLAG_MODIFIABLE |
SC_PKCS15_CO_FLAG_PRIVATE);
/* add non repudiation private key */
id.value[0] = 3;
auth_id.value[0] = 2;
sc_pkcs15emu_add_prkey(p15card, &id,
nonrepPRKEY,
SC_PKCS15_TYPE_PRKEY_RSA,
1024, prkey_usage,
&path, 0x01, &auth_id, SC_PKCS15_CO_FLAG_PRIVATE);
/* return to MF */
sc_format_path("3F00", &path);
r = sc_select_file(card, &path, NULL);
if (r != SC_SUCCESS)
return r;
{
/* save old signature funcs */
set_security_env = card->ops->set_security_env;
/* set new one */
card->ops->set_security_env = set_sec_env;
card->ops->compute_signature = do_sign;
}
return 0;
failed:
sc_log(card->ctx,
"Failed to initialize Postecert and Cnipa emulation: %s\n",
sc_strerror(r));
return r;
}
static int postecert_detect_card(sc_pkcs15_card_t * p15card)
{
sc_card_t *card = p15card->card;
/* check if we have the correct card OS */
if (strcmp(card->name, "CardOS M4"))
return SC_ERROR_WRONG_CARD;
return SC_SUCCESS;
}
int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t * p15card,
struct sc_aid *aid,
sc_pkcs15emu_opt_t * opts)
{
if (opts && opts->flags & SC_PKCS15EMU_FLAGS_NO_CHECK)
return sc_pkcs15emu_postecert_init(p15card);
else {
int r = postecert_detect_card(p15card);
if (r)
return SC_ERROR_WRONG_CARD;
return sc_pkcs15emu_postecert_init(p15card);
}
}

2
src/libopensc/pkcs15-pubkey.c
View File

@ -1625,7 +1625,7 @@ sc_pkcs15_convert_pubkey(struct sc_pkcs15_pubkey *pkcs15_key, void *evp_key)
X = BN_new();
Y = BN_new();
if (X && Y && EC_KEY_get0_group(eckey))
r = EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey),
r = EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(eckey),
point, X, Y, NULL);
if (r == 1) {
dst->xy.len = BN_num_bytes(X) + BN_num_bytes(Y);

2
src/libopensc/pkcs15-syn.c
View File

@ -37,12 +37,10 @@
struct sc_pkcs15_emulator_handler builtin_emulators[] = {
{ "westcos", sc_pkcs15emu_westcos_init_ex },
{ "openpgp", sc_pkcs15emu_openpgp_init_ex },
{ "infocamere", sc_pkcs15emu_infocamere_init_ex },
{ "starcert", sc_pkcs15emu_starcert_init_ex },
{ "tcos", sc_pkcs15emu_tcos_init_ex },
{ "esteid", sc_pkcs15emu_esteid_init_ex },
{ "itacns", sc_pkcs15emu_itacns_init_ex },
{ "postecert", sc_pkcs15emu_postecert_init_ex },
{ "PIV-II", sc_pkcs15emu_piv_init_ex },
{ "cac", sc_pkcs15emu_cac_init_ex },
{ "gemsafeGPK", sc_pkcs15emu_gemsafeGPK_init_ex },

2
src/libopensc/pkcs15-syn.h
View File

@ -31,11 +31,9 @@ extern "C" {
int sc_pkcs15emu_westcos_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts);
int sc_pkcs15emu_openpgp_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
int sc_pkcs15emu_infocamere_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
int sc_pkcs15emu_starcert_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
int sc_pkcs15emu_tcos_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
int sc_pkcs15emu_esteid_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
int sc_pkcs15emu_postecert_init_ex(sc_pkcs15_card_t *, struct sc_aid *, sc_pkcs15emu_opt_t *);
int sc_pkcs15emu_piv_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts);
int sc_pkcs15emu_cac_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts);
int sc_pkcs15emu_gemsafeGPK_init_ex(sc_pkcs15_card_t *p15card, struct sc_aid *, sc_pkcs15emu_opt_t *opts);

5
src/libopensc/sc-ossl-compat.h
View File

@ -77,6 +77,11 @@ extern "C" {
#define OPENSSL_malloc_init()
#endif
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coordinates
#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coordinates
#endif
/*
* OpenSSL-1.1.0-pre5 has hidden the RSA and DSA structures
* One can no longer use statements like rsa->n = ...

3
src/pkcs11/openssl.c
View File

@ -32,6 +32,7 @@
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#include <openssl/conf.h>
#include <openssl/opensslconf.h> /* for OPENSSL_NO_* */
#include "libopensc/sc-ossl-compat.h"
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#endif /* OPENSSL_NO_EC */
@ -401,7 +402,7 @@ static CK_RV gostr3410_verify_data(const unsigned char *pubkey, unsigned int pub
ASN1_OCTET_STRING_free(octet);
P = EC_POINT_new(group);
if (P && X && Y)
r = EC_POINT_set_affine_coordinates_GFp(group,
r = EC_POINT_set_affine_coordinates_GFp(group,
P, X, Y, NULL);
BN_free(X);
BN_free(Y);

2
src/tools/piv-tool.c
View File

@ -33,7 +33,6 @@
/* Module only built if OPENSSL is enabled */
#include <openssl/opensslv.h>
#include "libopensc/sc-ossl-compat.h"
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
@ -57,6 +56,7 @@
#include "libopensc/cardctl.h"
#include "libopensc/asn1.h"
#include "util.h"
#include "libopensc/sc-ossl-compat.h"
static const char *app_name = "piv-tool";

2
src/tools/pkcs11-tool.c
View File

@ -36,7 +36,6 @@
#ifdef ENABLE_OPENSSL
#include <openssl/opensslv.h>
#include "libopensc/sc-ossl-compat.h"
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
@ -62,6 +61,7 @@
#include "common/compat_strlcat.h"
#include "common/compat_strlcpy.h"
#include "util.h"
#include "libopensc/sc-ossl-compat.h"
#ifdef _WIN32
#ifndef STDOUT_FILENO

2
win32/Make.rules.mak
View File

@ -79,7 +79,7 @@ CANDLEFLAGS = -dOpenSSL="$(OPENSSL_DIR)" $(CANDLEFLAGS)
!ENDIF
# If you want support for zlib (Used for PIV, infocamere and actalis):
# If you want support for zlib (Used for PIV and actalis):
# - Download zlib-dll and
# - uncomment the line starting with ZLIB_DEF
# - set the ZLIB_INCL_DIR below to the zlib include lib proceeded by "/I"