027ccad439
allow specifying the size of OpenSSL secure memory
...
... and set it for builds where we're linking OpenSSL statically (i.e.
Windows and macOS)
fixes https://github.com/OpenSC/OpenSC/issues/1515
2018-11-13 15:50:17 +01:00
eddea6f3c2
fix logic of send/recv sizes in config files
...
- they are not set if
SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, ...
fails
- regarding max_send_size the logic is inverted
2018-11-09 08:56:53 +01:00
c032b2f15d
CID 320271 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
3c0a16dc39
CID 321790 ( #1 of 1): Resource leak (RESOURCE_LEAK)
2018-11-06 15:53:17 +01:00
1e7bb83659
CID 324485 ( #1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)
2018-11-06 15:53:17 +01:00
609095a4f4
CID 325860 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
54c9d65a48
CID 325861 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
c6d252611b
openpgp-tool: add missing length check in prettify_name()
2018-11-06 12:41:19 +01:00
4e5805dc5d
openpgp-tool: don't uppercase hex string
2018-11-06 12:41:19 +01:00
afda163dc6
openpgp-tool: fix typo
2018-11-06 12:41:19 +01:00
ec3830fe66
openpgp-tool: use more compatible strftime() format spec
...
Replace the Single UNIX specific shorthand %T for %H:%M:%S with the latter
to keep MingW happy.
2018-11-06 12:41:19 +01:00
85258f2951
openpgp-tool: use key type to indicate key to generate
...
Instead of only expecting a key length, and implicitly assuming RSA
as the key algorithm, introduce option --key-type to pass the key type
as a string.
When generating the key determine key algorithm and attributes based on
the key type passed.
If no key was given, default to "rsa2048".
2018-11-06 12:41:19 +01:00
c9f5e05aca
openpgp-tool: new option --key-info to display key info
2018-11-06 12:41:19 +01:00
1866c3e930
openpgp-tool: new option --card-info to display card info
2018-11-06 12:41:19 +01:00
263b945f62
md: added support for PSS
2018-11-06 12:38:57 +01:00
99a9029848
md: use constants for AlgId comparison
2018-11-06 12:38:47 +01:00
22c8204a2f
Merge remote-tracking branch 'upstream/pr/1393'
...
closes https://github.com/OpenSC/OpenSC/pull/1393
2018-11-06 10:51:24 +01:00
13c7574510
PIV: less debugging
...
- debugging pointers is useless in static log file
- removed double debugging of APDUs
2018-11-06 01:42:41 +01:00
eaed345a76
Add missing header file to the tarball
2018-11-05 09:15:20 +01:00
9342f8ad0a
padding: Fix error checking in RSA-PSS
2018-11-05 09:15:20 +01:00
0f5d73d816
framework-pkcs15.c: Add SHA224 mechanism for PKCS#1.5
2018-11-05 09:15:20 +01:00
8ccc39352a
p11test: Do not report incomplete key pairs
2018-11-05 09:15:20 +01:00
d2671ee05b
framework-pkcs15.c: Add PKCS#1 mechanisms also if SC_ALGORITHM_RSA_HASH_NONE is defined
2018-11-05 09:15:20 +01:00
7e0ef7c16c
framework-pkcs15.c: Reformat
...
* Reasonable line lengths
* Correct indentation
* Add missing SHA224 mechanism
2018-11-05 09:15:20 +01:00
7cced08a88
coolkey: Check return values from list initialization (coverity)
...
>>> CID 324484: Error handling issues (CHECKED_RETURN)
>>> Calling "list_init" without checking return value (as is done elsewhere 8 out of 9 times).
2018-11-05 09:15:20 +01:00
f276f7f8f4
coverity: Add allocation check
...
*** CID 323588: Uninitialized variables (UNINIT)
/src/libopensc/sc.c: 873 in sc_mem_secure_alloc()
2018-11-05 09:15:20 +01:00
351e0d2bd6
Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts
2018-11-02 13:42:41 +02:00
b35fb19ec4
Resolved conflict in pkcs15_create_secret_key
2018-11-02 13:28:51 +02:00
26025b2f5d
pkcs15-tool: list & dump cleanups
...
* when listing public keys, do not cut object labels in compact mode
* when listing private keys in compact mode, left align labels
* make hex codes at least 2 chars wide by changing "0x%X" to "0x%02X"
2018-11-01 12:25:04 +01:00
c70888f9ab
allow compilation with --disable-shared
2018-11-01 00:17:22 +01:00
54cb1099a0
fixed warnings about precision loss
2018-11-01 00:17:22 +01:00
5c7b7bb0b1
fixed minor XCode documentation warnings
2018-11-01 00:17:22 +01:00
f88419bc63
Removed pointless curly brackets
2018-10-31 10:36:50 +02:00
7bb53423a1
Code cleanup and minor corrections according to review. pkcs15-lib: Extractable keys are now marked as native. Check return value of check_key_compatibility in more explicit way to avoid misunderstandings.
2018-10-31 10:36:41 +02:00
90ec7123ba
Corrections and code cleanup as requested in review. Changed value to void* in sc_sec_env_param_t, because param_type defines type of the value. Fixed handling of secret key length in framework-pkcs15 and pkcs15-lib: CKA_VALUE_LEN from PKCS#11 is in bytes, PKCS#15 objects need key length in bits. Rebased on top of upstream/master and resolved merge conflicts.
2018-10-31 10:27:03 +02:00
84317f4e9d
Fixing missing call to sc_unlock.
2018-10-31 10:27:03 +02:00
8ebb43d440
Removed #ifdef USE_PKCS15_INIT around __pkcs15_create_secret_key_object. This function is now used also when reading and parsing a card, not only when creating new objects.
2018-10-31 10:27:03 +02:00
ec297b618f
sc_pkcs15_wrap: Fixed checking target key type. (checked partly from wrapping key)
2018-10-31 10:27:03 +02:00
e636b64377
Fixed: Return OK by PKCS#11 convention if NULL out buffer is provided, when caller wants to query required buffer size.
2018-10-31 10:27:03 +02:00
f2c041d290
card-myeid: Removed NULL out buffer assertion to allow caller to query required buffer size.
...
mechanism.c: Bug fix to sc_pkcs11_wrap. Wrong operation was stopped in end of the function.
2018-10-31 10:27:03 +02:00
287a63c704
Fixes to key wrapping and unwrapping code: Set IV correctly in symmetric unwrap. Correctly distinguish symmetric and asymmetric operation when building APDUs. Check CKA_TOKEN from the pkcs15 object in framework_pkcs15. Updated some comments.
2018-10-31 10:27:03 +02:00
861d8b308b
Fixed myeid_unwrap with symmetric keys: set correct p2 and no padding indicator byte.
2018-10-31 10:27:03 +02:00
4ce7e5289b
Fixed setting secret key length. CKA_VALUE_LEN comes as number of bytes, so multiply it by 8 to set correct bit length to the key file.
2018-10-31 10:27:03 +02:00
eba75ead20
framework-pkcs15: set CKA_EXTRACTABLE into pkcs#15 secret key object's access flags when set. pkcs15-sec: Return needed buffer size correctly when an insufficient buffer is provided.
2018-10-31 10:27:03 +02:00
f74150b53d
Proprietary attribute bits in FCP had to be adjusted due to conflicts with existing attributes. The needed changes were made to both card and OpenSC code.
2018-10-31 10:27:03 +02:00
c891ad2aad
Fixed version check for key wrapping functionality. Return needed buffer size in myeid_wrap_key, if no buffer or too small buffer is provided.
2018-10-31 10:27:03 +02:00
6b8c284d3e
Fixing pointer conversion that is invalid on some architectures.
2018-10-31 10:27:03 +02:00
550d4eb030
Small fixes to key wrapping and unwrapping. Handle target file ref using sc_sec_env_param type. Transmit initialization vector in symmetric key operations from PKCS#11 layer (mechanism param) to the card driver level, allow setting it in sc_set_security_env.
2018-10-31 10:27:03 +02:00
2487bc18d1
When creating symmetric keys, use CKK_ definitions (key type) rather than CKM_ definitions (mechanism) to specify the key type.
2018-10-31 10:24:19 +02:00
7454133272
Added flags to distinguish AES ECB and CBC modes. Added SC_ALGORIHM_UNDEFINED definition to be used with CKK_GENERIC_SECRET type keys. Added sc_sec_env_param type, which can be used to define additional parameters when settings security environment. This is now used for setting IV in symmetric crypto and target EF in key wrapping/unwrapping.
2018-10-31 10:24:19 +02:00
Frank Morgner
Andreas Kemnade
Peter Marschall
Jakub Jelen
Hannu Honkanen
Lars Silvén
Lars Silvén