commit
ec70ee5c4d
|
@ -28,6 +28,15 @@ app default {
|
|||
#
|
||||
# profile_dir = @pkgdatadir@;
|
||||
|
||||
# Paranoid memory allocation.
|
||||
#
|
||||
# If set to 'true', then refuse to continue when locking of non-pageable
|
||||
# memory fails. This can cause subtle failures but is more secure when
|
||||
# you have a swap disk.
|
||||
# Default: false
|
||||
#
|
||||
# paranoid_memory = false;
|
||||
|
||||
# CT-API module configuration.
|
||||
reader_driver ctapi {
|
||||
# module /usr/local/towitoko/lib/libtowitoko.so {
|
||||
|
|
|
@ -147,7 +147,7 @@ static void add_drv(struct _sc_ctx_options *opts, const char *name)
|
|||
{
|
||||
struct _sc_driver_entry *lst;
|
||||
int *cp, max, i;
|
||||
|
||||
|
||||
lst = opts->cdrv;
|
||||
cp = &opts->ccount;
|
||||
max = SC_MAX_CARD_DRIVERS;
|
||||
|
@ -180,6 +180,7 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts)
|
|||
if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
|
||||
fclose(ctx->debug_file);
|
||||
ctx->debug_file = stderr;
|
||||
ctx->paranoid_memory = 0;
|
||||
#ifdef __APPLE__
|
||||
/* Override the default debug log for OpenSC.tokend to be different from PKCS#11.
|
||||
* TODO: Could be moved to OpenSC.tokend */
|
||||
|
@ -230,6 +231,9 @@ static int load_parameters(sc_context_t *ctx, scconf_block *block,
|
|||
if (val)
|
||||
sc_ctx_log_to_file(ctx, val);
|
||||
|
||||
ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory",
|
||||
ctx->paranoid_memory);
|
||||
|
||||
val = scconf_get_str(block, "force_card_driver", NULL);
|
||||
if (val) {
|
||||
if (opts->forced_card_driver)
|
||||
|
@ -255,12 +259,12 @@ static void load_reader_driver_options(sc_context_t *ctx)
|
|||
{
|
||||
struct sc_reader_driver *driver = ctx->reader_driver;
|
||||
scconf_block *conf_block = NULL;
|
||||
|
||||
|
||||
driver->max_send_size = 0;
|
||||
driver->max_recv_size = 0;
|
||||
|
||||
conf_block = sc_get_conf_block(ctx, "reader_driver", driver->short_name, 1);
|
||||
|
||||
|
||||
if (conf_block != NULL) {
|
||||
driver->max_send_size = scconf_get_int(conf_block, "max_send_size", driver->max_send_size);
|
||||
driver->max_recv_size = scconf_get_int(conf_block, "max_recv_size", driver->max_recv_size);
|
||||
|
@ -560,12 +564,12 @@ static void process_config_file(sc_context_t *ctx, struct _sc_ctx_options *opts)
|
|||
}
|
||||
blocks = scconf_find_blocks(ctx->conf, NULL, "app", ctx->app_name);
|
||||
if (blocks[0])
|
||||
ctx->conf_blocks[count++] = blocks[0];
|
||||
ctx->conf_blocks[count++] = blocks[0];
|
||||
free(blocks);
|
||||
if (strcmp(ctx->app_name, "default") != 0) {
|
||||
blocks = scconf_find_blocks(ctx->conf, NULL, "app", "default");
|
||||
if (blocks[0])
|
||||
ctx->conf_blocks[count] = blocks[0];
|
||||
ctx->conf_blocks[count] = blocks[0];
|
||||
free(blocks);
|
||||
}
|
||||
/* Above we add 2 blocks at most, but conf_blocks has 3 elements,
|
||||
|
@ -583,7 +587,7 @@ int sc_ctx_detect_readers(sc_context_t *ctx)
|
|||
|
||||
if (drv->ops->detect_readers != NULL)
|
||||
r = drv->ops->detect_readers(ctx);
|
||||
|
||||
|
||||
sc_mutex_unlock(ctx, ctx->mutex);
|
||||
|
||||
return r;
|
||||
|
@ -642,7 +646,7 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
|
|||
sc_release_context(ctx);
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
|
||||
set_defaults(ctx, &opts);
|
||||
list_init(&ctx->readers);
|
||||
list_attributes_seeker(&ctx->readers, reader_list_seeker);
|
||||
|
@ -684,7 +688,7 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
|
|||
|
||||
load_reader_driver_options(ctx);
|
||||
ctx->reader_driver->ops->init(ctx);
|
||||
|
||||
|
||||
load_card_drivers(ctx, &opts);
|
||||
load_card_atrs(ctx);
|
||||
if (opts.forced_card_driver) {
|
||||
|
@ -724,7 +728,7 @@ int sc_wait_for_event(sc_context_t *ctx, unsigned int event_mask, sc_reader_t **
|
|||
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
|
||||
if (ctx->reader_driver->ops->wait_for_event != NULL)
|
||||
return ctx->reader_driver->ops->wait_for_event(ctx, event_mask, event_reader, event, timeout, reader_states);
|
||||
|
||||
|
||||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
|
|
|
@ -603,6 +603,7 @@ typedef struct sc_context {
|
|||
scconf_block *conf_blocks[3];
|
||||
char *app_name;
|
||||
int debug;
|
||||
int paranoid_memory;
|
||||
|
||||
FILE *debug_file;
|
||||
char *preferred_language;
|
||||
|
@ -1147,7 +1148,7 @@ int sc_base64_decode(const char *in, u8 *out, size_t outlen);
|
|||
* @param len length of the memory buffer
|
||||
*/
|
||||
void sc_mem_clear(void *ptr, size_t len);
|
||||
void *sc_mem_alloc_secure(size_t len);
|
||||
void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len);
|
||||
int sc_mem_reverse(unsigned char *buf, size_t len);
|
||||
|
||||
int sc_get_cache_dir(sc_context_t *ctx, char *buf, size_t bufsize);
|
||||
|
|
|
@ -533,7 +533,7 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
|
|||
obj = obj->next;
|
||||
}
|
||||
|
||||
r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);
|
||||
r = sc_pkcs15_allocate_object_content(ctx, pin_obj, pin, pinlen);
|
||||
if (r != SC_SUCCESS) {
|
||||
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Failed to allocate object content");
|
||||
return;
|
||||
|
|
|
@ -2033,7 +2033,8 @@ void sc_pkcs15_free_object_content(struct sc_pkcs15_object *obj)
|
|||
obj->content.len = 0;
|
||||
}
|
||||
|
||||
int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *obj,
|
||||
int sc_pkcs15_allocate_object_content(struct sc_context *ctx,
|
||||
struct sc_pkcs15_object *obj,
|
||||
const unsigned char *value, size_t len)
|
||||
{
|
||||
unsigned char *tmp_buf;
|
||||
|
@ -2049,7 +2050,7 @@ int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *obj,
|
|||
/* Need to pass by temporary variable,
|
||||
* because 'value' and 'content.value' pointers can be the sames.
|
||||
*/
|
||||
tmp_buf = (unsigned char *)sc_mem_alloc_secure(len);
|
||||
tmp_buf = (unsigned char *)sc_mem_alloc_secure(ctx, len);
|
||||
if (!tmp_buf)
|
||||
return SC_ERROR_OUT_OF_MEMORY;
|
||||
|
||||
|
|
|
@ -812,7 +812,7 @@ int sc_pkcs15_make_absolute_path(const sc_path_t *parent, sc_path_t *child);
|
|||
void sc_pkcs15_free_object_content(struct sc_pkcs15_object *);
|
||||
|
||||
/* Allocate and set object content */
|
||||
int sc_pkcs15_allocate_object_content(struct sc_pkcs15_object *,
|
||||
int sc_pkcs15_allocate_object_content(struct sc_context *, struct sc_pkcs15_object *,
|
||||
const unsigned char *, size_t);
|
||||
|
||||
struct sc_supported_algo_info *sc_pkcs15_get_supported_algo(struct sc_pkcs15_card *,
|
||||
|
|
|
@ -158,7 +158,7 @@ int sc_format_oid(struct sc_object_id *oid, const char *in)
|
|||
oid->value[ii] = -1;
|
||||
|
||||
p = in;
|
||||
|
||||
|
||||
for (ii=0; ii < SC_MAX_OBJECT_ID_OCTETS; ii++) {
|
||||
oid->value[ii] = strtol(p, &q, 10);
|
||||
if (!*q)
|
||||
|
@ -200,7 +200,7 @@ int sc_detect_card_presence(sc_reader_t *reader)
|
|||
SC_FUNC_RETURN(reader->ctx, SC_LOG_DEBUG_NORMAL, r);
|
||||
}
|
||||
|
||||
int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len,
|
||||
int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len,
|
||||
int idx, int count)
|
||||
{
|
||||
if (path == NULL || id == NULL || id_len == 0 || id_len > SC_MAX_PATH_SIZE)
|
||||
|
@ -212,7 +212,7 @@ int sc_path_set(sc_path_t *path, int type, const u8 *id, size_t id_len,
|
|||
path->type = type;
|
||||
path->index = idx;
|
||||
path->count = count;
|
||||
|
||||
|
||||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -340,11 +340,11 @@ int sc_compare_path_prefix(const sc_path_t *prefix, const sc_path_t *path)
|
|||
|
||||
const sc_path_t *sc_get_mf_path(void)
|
||||
{
|
||||
static const sc_path_t mf_path = {
|
||||
{0x3f, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 2,
|
||||
0,
|
||||
0,
|
||||
SC_PATH_TYPE_PATH,
|
||||
static const sc_path_t mf_path = {
|
||||
{0x3f, 0x00, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, 2,
|
||||
0,
|
||||
0,
|
||||
SC_PATH_TYPE_PATH,
|
||||
{{0},0}
|
||||
};
|
||||
return &mf_path;
|
||||
|
@ -687,7 +687,7 @@ int _sc_parse_atr(sc_reader_t *reader)
|
|||
atr_len--;
|
||||
} else
|
||||
tx[i] = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (atr_len <= 0)
|
||||
return 0;
|
||||
|
@ -698,21 +698,29 @@ int _sc_parse_atr(sc_reader_t *reader)
|
|||
return 0;
|
||||
}
|
||||
|
||||
void *sc_mem_alloc_secure(size_t len)
|
||||
void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len)
|
||||
{
|
||||
void *pointer;
|
||||
|
||||
int locked = 0;
|
||||
|
||||
pointer = calloc(len, sizeof(unsigned char));
|
||||
if (!pointer)
|
||||
return NULL;
|
||||
#ifdef HAVE_SYS_MMAN_H
|
||||
/* TODO Windows support and mprotect too */
|
||||
/* Do not swap the memory */
|
||||
if (mlock(pointer, len) == -1) {
|
||||
free(pointer);
|
||||
return NULL;
|
||||
}
|
||||
if (mlock(pointer, len) >= 0)
|
||||
locked = 1;
|
||||
#endif
|
||||
if (!locked) {
|
||||
if (ctx->paranoid_memory) {
|
||||
sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set");
|
||||
free (pointer);
|
||||
pointer = NULL;
|
||||
} else {
|
||||
sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, sensitive data may be paged to disk");
|
||||
}
|
||||
}
|
||||
return pointer;
|
||||
}
|
||||
|
||||
|
@ -744,8 +752,8 @@ int sc_mem_reverse(unsigned char *buf, size_t len)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
sc_remote_apdu_allocate(struct sc_remote_data *rdata,
|
||||
static int
|
||||
sc_remote_apdu_allocate(struct sc_remote_data *rdata,
|
||||
struct sc_remote_apdu **new_rapdu)
|
||||
{
|
||||
struct sc_remote_apdu *rapdu = NULL, *rr;
|
||||
|
@ -778,7 +786,7 @@ sc_remote_apdu_allocate(struct sc_remote_data *rdata,
|
|||
return SC_SUCCESS;
|
||||
}
|
||||
|
||||
static void
|
||||
static void
|
||||
sc_remote_apdu_free (struct sc_remote_data *rdata)
|
||||
{
|
||||
struct sc_remote_apdu *rapdu = NULL;
|
||||
|
@ -849,7 +857,7 @@ int sc_mutex_destroy(const sc_context_t *ctx, void *mutex)
|
|||
|
||||
unsigned long sc_thread_id(const sc_context_t *ctx)
|
||||
{
|
||||
if (ctx == NULL || ctx->thread_ctx == NULL ||
|
||||
if (ctx == NULL || ctx->thread_ctx == NULL ||
|
||||
ctx->thread_ctx->thread_id == NULL)
|
||||
return 0UL;
|
||||
else
|
||||
|
|
|
@ -580,7 +580,7 @@ authentic_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p
|
|||
sdo->file = file_p_prvkey;
|
||||
sc_log(ctx, "sdo->file:%p", sdo->file);
|
||||
|
||||
rv = sc_pkcs15_allocate_object_content(object, (unsigned char *)sdo, sizeof(struct sc_authentic_sdo));
|
||||
rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo, sizeof(struct sc_authentic_sdo));
|
||||
LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
|
||||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
|
@ -644,7 +644,7 @@ authentic_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15c
|
|||
|
||||
authentic_free_sdo_data(sdo);
|
||||
|
||||
rv = sc_pkcs15_allocate_object_content(object, pubkey->data.value, pubkey->data.len);
|
||||
rv = sc_pkcs15_allocate_object_content(ctx, object, pubkey->data.value, pubkey->data.len);
|
||||
LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content");
|
||||
|
||||
LOG_FUNC_RETURN(ctx, rv);
|
||||
|
|
|
@ -1038,7 +1038,7 @@ iasecc_pkcs15_create_key(struct sc_profile *profile, struct sc_pkcs15_card *p15c
|
|||
LOG_TEST_RET(ctx, rv, "Cannot create key slot");
|
||||
}
|
||||
|
||||
rv = sc_pkcs15_allocate_object_content(object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
|
||||
rv = sc_pkcs15_allocate_object_content(ctx, object, (unsigned char *)sdo_prvkey, sizeof(struct iasecc_sdo));
|
||||
LOG_TEST_RET(ctx, rv, "Failed to allocate PrvKey SDO as object content");
|
||||
|
||||
rv = iasecc_pkcs15_fix_private_key_attributes(profile, p15card, object, (struct iasecc_sdo *)object->content.value);
|
||||
|
@ -1135,7 +1135,7 @@ iasecc_pkcs15_generate_key(struct sc_profile *profile, sc_pkcs15_card_t *p15card
|
|||
LOG_TEST_RET(ctx, rv, "encode private key access rules failed");
|
||||
|
||||
/* SDO PrvKey data replaced by public part of generated key */
|
||||
rv = sc_pkcs15_allocate_object_content(object, pubkey->data.value, pubkey->data.len);
|
||||
rv = sc_pkcs15_allocate_object_content(ctx, object, pubkey->data.value, pubkey->data.len);
|
||||
LOG_TEST_RET(ctx, rv, "Failed to allocate public key as object content");
|
||||
|
||||
iasecc_sdo_free(card, sdo_pubkey);
|
||||
|
|
|
@ -1427,7 +1427,7 @@ awp_update_df_create_prvkey(struct sc_pkcs15_card *p15card, struct sc_profile *p
|
|||
rv = sc_pkcs15_read_certificate(p15card, cert_info, &p15cert);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: cannot get certificate");
|
||||
|
||||
rv = sc_pkcs15_allocate_object_content(cert_obj, p15cert->data, p15cert->data_len);
|
||||
rv = sc_pkcs15_allocate_object_content(ctx, cert_obj, p15cert->data, p15cert->data_len);
|
||||
SC_TEST_RET(ctx, SC_LOG_DEBUG_NORMAL, rv, "AWP 'update private key' DF failed: cannot allocate content");
|
||||
|
||||
rv = awp_encode_cert_info(p15card, cert_obj, &icert);
|
||||
|
|
Loading…
Reference in New Issue