Thanks to Andreas Schwier.
http://www.opensc-project.org/pipermail/opensc-devel/2012-September/018455.html
In PKCS#11 FW, the 'certificate' FW object is used to create corresponding 'public'key' FW object
or to get some of its attributes.
Seg.fault occured when, in the same session, the related certificate was destroyed and after that
there was the attempt to get such public key attributes.
To hold the raw certificate blob in 'sc_pkcs15_cert' data use the 'sc_pkcs15_der' data type.
also:
; in 'pkcs15-cert.c' use short call of the debug messages;
; in 'destroy-object' pkcs15 framework handler take into account the multi-application cards:
-- when binding card use the application info;
-- when finalizing profile use the application ID.
Fix autoreconf warnings:
$ autoreconf -vis -Wall
[...]
src/common/Makefile.am:12: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/libopensc/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/minidriver/Makefile.am:15: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/pkcs11/Makefile.am:10: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/pkcs15init/Makefile.am:36: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/scconf/Makefile.am:12: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/sm/Makefile.am:8: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/tests/Makefile.am:9: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/tools/Makefile.am:15: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
'PACE' is extremely card specific protocol and has not to be ostensibly
present in the common part of OpenSC:
* currently in OpenSC there is no card driver that supports or uses this protocol;
* amazing content of the common 'sc_perform_pace' -- beside the verbose logs
the only substantial action is to call the card/reader specific handler.
According to the current sources and the pull request 83
this 'common' procedure is called by the card driver or
card specific tool/operation.
* currently the 'PACE' can be thouroghly tested only by one person (Frank Morgner),
and only using the OpenSSL patched with the PACE specific patch.
So, at least a dedicated configuration option could be introduced when comiting PACE to the common part.
* common 'sc_perfom_pace' has the same role as the 'initialize-SM' handler of the existing SM framework
and can be implemented as card specific SM, as the others cards do.
This confirmed by Frank Morgner, the author of PACE commits and nPA card driver, himself.
(https://github.com/OpenSC/OpenSC/pull/83)
If tlvblock is not stored then the value is lost and the allocated
mempry is leaked.
Coverity: Resource leak (RESOURCE_LEAK)
Calling allocation function "pgp_build_tlv" on "tlvblock".
Coverity: Missing break in switch (MISSING_BREAK)
"A break statement was missing. The case SC_PKCS15_TYPE_PRKEY_EC was then
managed as a SC_PKCS15_TYPE_PRKEY_DSA" (Ludovic Rousseau)
"the break here has no sense, because LOG_TEST_RET will always return SC_ERROR_NOT_SUPPORTED before"
(Frank Morgner https://github.com/OpenSC/OpenSC/pull/85)
'break' is kept to satisfy coverity.
Fixed issues in pkcs11-tool/test_signature is card has RSA and ECDSA keys
Fixed bug in sc_pkcs11_signature_size that returns the wrong ECDSA signature size
Limit the number of cases when applicated re-selection of application DF to strict minimum.
I.e. only when pkcs11 login session is not locked and private key PKCS#15 object do not
contain the 'path' attribute.
"The encoding of {public,private}GOSTR3410Key uses tag [CONTEXT 3] which is reserved for KEAKey.
Caused by the fact, that the specifications (pkcs15,iso) don't define a encoding for GOST,
the genericKey encoding [CONTEXT 4] from iso-7816 should be used." (Andre)
* Make the OPENSC_DEBUG environment variable work even when no
conf file is available.
https://www.opensc-project.org/opensc/ticket/388
Signed-off-by: Viktor Tarasov <viktor.tarasov@gmail.com>
According to ch.4.2 of MyEID reference manual v1.7.6 the only possible value of P2 of 'SELECT' APDU is '00'.
For this reason, when caller do not request to return 'sc_file' data,
use the non-null dummy 'sc_file' pointer in the call of iso->select_file,
and thus avoid the P2 different from '00'.
Also log calls are replaced by its short forms,
and resolved the 'trailing spaces' issues.
When OpenSC is used with a card that enforces user_consent
and the calling PKCS#11 application does not understand how
to handle the CKA_ALWAYS_AUTHENTICATE, signature operations
will fail.
OpenSC will not cache a PIN that protects a user_consent
object as one would expect.
This mods allows PINs to be cached even if protecting a
user_consent object by adding
pin_cache_ignore_user_consent = true;
option in opensc.conf.
Thunderbird is the prime example of this situation.
Mozilla has accepted mods (357025 and 613507) to support
CKA_ALWAYS_AUTHENTICATE that will appear in NSS-3.14 but
this may be some time before this version is in vendor
distribution.
In file included from pkcs15.c:30:
cardctl.h:870: error: expected specifier-qualifier-list before 'time_t'
Change-Id: I5faad5462ba6268fd7cf48a04f41e1755597ad0c
The card contains only 1 certificate, which can be used for encrypting.
But this certificate is bound with authentication key, so when decrypting,
the authentication key will be presented to check.
This commit allows to bypass the check in driver. However, it is not enough.
The users have to import the same key to "Encryption key" to help the card find
right key to work.
OpenPGP: Add log and comments.
OpenPGP: Pretend to select dummy files.
Some files are needed by pkcs15init, but not exist in OpenPGP card.
We pretend to know these dummy files to make pkcs15init successful.
Compilation error on windows:
when declaring array use explicit size, add pkcs15-openpgp.obj in Makefile.mak
OpenPGP: Some indentations need to be tab-size-independent.
OpenPGP: Check for null data when storing fingerprints.
OpenPGP: Allow to provide creation time to store (when gen/import key).
Old: Only store current time.
New: Can provide time to store, not only calculate current time.
OpenPGP: Correct setting content of pubkey blobs after key generation.
cardctl: Add definitions to support key import in OpenPGP.
OpenPGP: Add support for key import at driver level.
Correct the way to parse response data.
Updated wrong blob for pubkey info <~~ Fix.
OpenPGP: Store creation time after generating keys.
OpenPGP: Put_data: Handle the case that DO exists but its blob does not.
When checking DO before writing, relying on blobs only will miss the case that DO exists but its blob does not, when DO is non-readable.
OpenPGP: Set algorithm attributes before generating key.
OpenPGP: Add dependency of OpenSSL.
OpenPGP: Calculate and store fingerprint.
Calculate and store fingerprint after generating key.
OpenPGP: Update blob of pubkey info.
Update blob holding pubkey info after generating key.
OpenPGP: Add step to update card algorithms.
Update card algorithms after generating key. However, this step is not implemented yet, because of suspection about wrong data (see code comment).
CKA_ALWAYS_AUTHENTICATE implies CKU_CONTEXT_SPECIFIC login, but all this
key really should need is a C_Login with CKU_USER.
The historical reason for having CKA_ALWAYS_AUTHENTICATE set was to keep
Firefox/NSS from using that particular key for SSL connections. However,
starting with Firefox 8, NSS ignores Non Repudiation certificates for
SSL and that makes the CKA_ALWAYS_AUTHENTICATE workaround unnecessary.
Now that Firefox is fixed, drop the workaround in OpenSC so that
applications that follow the pkcs11 spec wouldn't have to login twice to
access the key.
For some cards some APDUs are always transmitted in a plain mode,
even if SM session is opened.
For these APDUs the 'get_sm_apdu' card's handler returns SUCCESS without wrapped APDU version.
In such cases 'transmit' is called for the plain APDU.
when freeing key object, do not throw an error if supplied key pointer is NULL;
sc_pkcs15_free_prkey() procedure should not free the supplied key pointer,
the body of this procedure is replaced by body of sc_pkcs15_erase_prkey().
staitc sc_pkcs15_erase_prkey() is not more used.
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* don't zero-fill the DO's contents but empty it
* get rid of unnecessary variables
* select parent DF after deletion (required by to ISO 7816-9)
* don't try to delete MF
Fail on idx > 0 in order to avoid the requirement to read from the DO.
The DO may be read-protected, and this might either fail or produce
wrong results.
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* update comment
* check that blob->data is defined
* fix writing new data to the correct offset
* use calloc() instead of malloc() & memset()
* align pgp_ops function pointer list
* make sure variables of type u8 do only get passed fitting data
* use LOG_FUNC_CALLED() .. LOG_FUNC_RETURN for "symmetric" logging
* leave most of the spcial casing in ADPU handling to sc_adpu_transmit()
* use SC_ADPU_CASE_1 for empty buffer (avoids special casing Lc=0)
* clean up log strings & comments
Replace the "one-trick-pony" pgp_do_iswritable() with a more generic
function returning the blob matching the passed tag.
This way we can get rid of the one-line function pgp_blob_iswritable() too.
comparisons like these can be done in the caller.
Set pin references to 0x01 - 0x03 instead of 0x81 - 0x83.
The PINs are referenced as PIN1- PIN3 (resp. PW1 - PW3) in the OpenPGP
card specification.
Technically the APDUs to verify/change the PINs contain the values OR-ed
with 0x80, but this is just a technical detail of the implementation
which the emulated file system can hide in pgp_pin_cmd().
Pros & Cons:
+ consistent PIN naming
+ no trouble entering the correct PIN names in opensc-explorer et.al.
("verify CHV1" is way better than "verify CHV129")
- manually entering the correct APDU for VERIFY is a bit more complex.
(who does this anyway, when there are better functions)
While at it, change if .. elsif ... cascade to switch statement.
Decode/encode 'subjectName' attribute from the 'CommonPubkeyAttributes'
Use macros for the size of the asn1_entry tables.
Use short call form for debug messages.
Procedure to convert the pkcs15 public key to EVP_PKEY type key.
Coding style issues.
Decoding/encoding of the 'algReference' attribute from the 'CommonKeyAttributes'.
Use macros for the size of the asn1_entry tables.
Use short call form for debug messages.
Procedure to deduce from certificate the attributes of private key PKCS#15 object.
Procedure to convert the pkcs15 private key to EVP_PKEY type key.
Coding style issues.
* parse more extened capabilities & features into a private enum
* for v2.0 cards, always parse the "historical bytes" DO
reason: ATR may be static and thus cannot reflect the state
PKCS#15 spec v1.1 says:
TokenInfo.version: This field contains the number of the particular version
of this specification the application is based upon. For this version of this
document, the value of version shall be 0 (v1).
Thanks to Martin Paljak for the finding.
To be used in windows:
"In Windows, file handles can not be shared between DLL-s, each DLL has a separate file handle table.
For that reason reopen debug file before every debug message."
sc_context_repair() procedure from Hunter William
"Workaround some threading and data lifetime issues when card handle changes and need to re-associate card"
http://www.opensc-project.org/pipermail/opensc-devel/2011-December/017445.html
Introduce some usefull define macros, error code 'inconsistent configuration'.
Introduce procedure to calculate CRC32 digest,
to be used in minidriver to calculate the 'freshness' values.
At the moment symbolic names for the on-card applications are 'generic', 'protected'.
This distinction used by pkcs11 and minidriver module to select the
'master' application in the cases when only reduced number of slots (one)
can be exposed by module (minidriver) or particular configuration (pkcs11).
Determine data for sc_pkcs15_card's tokeninfo structure
from sc_pkcs15_card's card structure.
This makes sure the two stay consistent as much as possible.
new commands for opensc-explorer and bugfix for iso7816 driver
- opensc-explorer: new find command:
tested; nice, useful feature.
- opensc-explorer: pace:
no means to test -- accepted.
- iso driver:
really bug, thanks.
Implements PC/SC interface to PACE-enabled readers defined in PC/SC
pt. 10 AMD 1 and BSI TR-03119.
PACE can be started using `sc_perform_pace`. This function currently
calls the new `perform_pace` from `struct sc_reader_operations`, if the
reader has the needed capabilities. `sc_perform_pace` could also be
extended with a stand-alone implementation of PACE (code could be
imported from here http://vsmartcard.sourceforge.net/npa/README.html).
Note that the reader's PACE capabilities are correctly determined by
calling GetReaderPACECapabilities.
OpenSC's new PACE capabilities can be tested using the `npa-tool` from
the Virtual Smart Card Architecture (see link above).
* Print out warning when mlock fails, and continue.
* The warning required a ctx to be passed in, so that means
changing a few function signatures.
https://www.opensc-project.org/opensc/ticket/389
Specify the path of the Address PIN for IAS-based cards in order to properly
read the Citizen Address Data object. Remove the "Citizen Data" object
association with the Address PIN, as it incorrectly describes the card layout.
http://www.opensc-project.org/opensc/ticket/400.
Change-Id: I7ca81d6d15c5e2b137ff3c9a40b7471eb2fad55c
../../src/libopensc/cardctl.h:231:30: warning: comma at end of enumerator list
../../src/libopensc/cardctl.h:629:13: warning: comma at end of enumerator list
The code that treated a timeout as success was never reached, because the
surrounding if eliminated the possibility of entering the block when the return code
from SCardGetStatusChange was SCARD_E_TIMEOUT.
Issue found by Coverity Scan.
Some pinpads do not support PIN size less than 4 or greater than 8.
PC/SC v2 part 10 allows to ask the driver/reader for the supported
values. This avoids to have the SECURE PIN CCID command rejected by the
reader.
This should fix OpenSC ticket #361 "card-entersafe should ask the pinpad
reader for the maximum pin size"
The timeout parameter of SCardGetStatusChange() is a DWORD (unsigned
int). An int timeout parameter was used instead.
The problem happens on 64-bits architectures where DWORD is 64-bits long
and int is only 32-bits long. The sign extension C mechanism transforms
the PC/SC value INFINITE into -1 instead of 4294967295.
See http://www.opensc-project.org/pipermail/opensc-devel/2011-June/016831.html
"Kobil KAAN Advanced Reader, "waiting for card" timeout"
Remove links pointing to the blob to be deleted from other blobs in the
blob tree structure, so that removing a subordinate blob does not hurt
its parent or siblings.
Signed-off-by: Peter Marschall <peter@adpm.de>
* get file as parameter & fail if it is NULL
* allow parent to be NULL
* do not rely on DO info to be passed as parameter,
search it yourself using the global DO info list for the card.
* infer file type automatically from DO info matching the file ID.
Signed-off-by: Peter Marschall <peter@adpm.de>
DO FF is a "catch-all" DO that returns all the infos contained in the other
DOs in one hierarchy.
It is hence duplicate and not necessary.
Signed-off-by: Peter Marschall <peter@adpm.de>
Also include forgotten DO C3 in keylength calculation.
It contains the parameters for the authentication key.
Signed-off-by: Peter Marschall <peter@adpm.de>
can be loaded at ADMINISTRATION life cycle phase to change
the behavior of the VERIFY command in regard to return codes.
When that package is loaded, the PIN can be created with this
"verifyRC" flag in cardos.profile if the return code must be
ISO7816-4 compliant (63Cx with x being the value of the remaining
retry counter when required verification has failed).
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5558 c6295689-39f2-0310-b995-f0e70906c6a9
If 'serialNumber' attribute is absent in the 'TokenInfo' data,
in the parsed data, this attribute will be set to the value of the card's serial.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5547 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-wrap.c can be removed. Clarified/changed the meaning of "insecure" flag to pkcs15-init tool,
which will be needed to explicitly enforce the creation of a key which does not require a PIN.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5510 c6295689-39f2-0310-b995-f0e70906c6a9
card-openpgp.c:584: warning: comparison between signed and unsigned
card-openpgp.c: In function ‘pgp_card_ctl’:
card-openpgp.c:1036: warning: unused variable ‘priv’
card-openpgp.c: In function ‘pgp_init’:
card-openpgp.c:272: warning: ‘child’ may be used uninitialized in this function
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5504 c6295689-39f2-0310-b995-f0e70906c6a9
Rewrite bebyte conversion functions:
* check whether the buffer passed is non-NULL
* for conversions to bebytes, return the buffer passed
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5498 c6295689-39f2-0310-b995-f0e70906c6a9
Use ushort2bebytes instead of calculating the mapping to IDs ourselves.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5497 c6295689-39f2-0310-b995-f0e70906c6a9
Instead of jumping out of the loop when the correct child is found,
and checking afterwards again if we found the correct object,
do everything directly in the loop and return from there.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5496 c6295689-39f2-0310-b995-f0e70906c6a9
Extend pgp_get_card_features() to get card's flags & supported algorithms
from the card:
* get algorith values from "algorithm attributes" DOs 0x00c1 - 0x00c3
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5495 c6295689-39f2-0310-b995-f0e70906c6a9
Extend pgp_get_card_features() with these features:
* get SC_CARD_CAP_RNG capability from "extended capabilities" DO 0x00c0
* for OpenPGP 2.0 cards get max_send_size / max_recv_size values
from "extended capabilities" DI 0x00c0
* get max_pin_len from "CHV status bytes" DO 0x00c4
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5494 c6295689-39f2-0310-b995-f0e70906c6a9
Add a new function pgp_get_card_features() to get the card's capabilities,
algorithms, features, ... instead of doing it all in pgp_init():
* get SC_CARD_CAP_APDU_EXT capability from ATR
* for openPGP 2.0 cards, if not found in ATR,
get SC_CARD_CAP_APDU_EXT capability from "historical bytes" DO 0x5f52
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5493 c6295689-39f2-0310-b995-f0e70906c6a9
In pgp_read_blob(), check if the pointer to the function we want to call
is defined.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5492 c6295689-39f2-0310-b995-f0e70906c6a9
Have separate copies of pgp_objects[] data elements specific to the card's
version, and extend these structures with additional information:
* Some spec changes cannot be compatibly expressed in one common
simple data structure without making it too complex.
* depending on specification version, only deal with those DOs
that are legal within that version
* add information or read & write access conditions
* add information for non-toplevel and/or write-only DOs
* use symbolic names for constants
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5491 c6295689-39f2-0310-b995-f0e70906c6a9
Re-structure pgp_finish() for easier reading.
While at it, check for priv != NULL before free()ing it.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5486 c6295689-39f2-0310-b995-f0e70906c6a9
Instrument functions used in the card operations table pgp_ops[]
with log macros to ease debugging.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5485 c6295689-39f2-0310-b995-f0e70906c6a9
Write a short comment at the beginning of each function,
shortly sketching what the function does.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5484 c6295689-39f2-0310-b995-f0e70906c6a9
The element size in struct do_info is never used. Get rid of it.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5483 c6295689-39f2-0310-b995-f0e70906c6a9
Implement card_ctl(), crrently restricted only to SC_CARDCTL_GET_SERIALNR.
The card's serial number is copied from the respective bytes in the AID.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5482 c6295689-39f2-0310-b995-f0e70906c6a9
free() the memory already reserved when the file identifying the OpenPGP
application fails & reset the pointers in the card strcuture back to NULL.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5481 c6295689-39f2-0310-b995-f0e70906c6a9
Depending on the card's capabilities and the necessity (requested response
size > 256) allow extended APDUs in all functions talking to the card.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5480 c6295689-39f2-0310-b995-f0e70906c6a9
adapt pgp_get_pubkey() and pgp_read_blob() to make use of the information
about the "extended Lc/Le" capabilities.
This allows reading OpenPGP Card v2.0 keys!
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5479 c6295689-39f2-0310-b995-f0e70906c6a9
According to OpenPGP card specs 1.1 & 2.0 historical bytes in the ATR
indicate capabilities:
* bit 0x40 of the 3rd byte of the compact-TLV entry with TL 0x73 tells
whether the card supports extended Lc/Le fields in APDUs.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5478 c6295689-39f2-0310-b995-f0e70906c6a9
Detect and react on out of memory errors in pgp_new_blob() and its callers.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5477 c6295689-39f2-0310-b995-f0e70906c6a9
* NULL-ify freed data pointer
* avoid unnecessary malloc() calls
* cope with malloc() errors
* do not rely on blob->file for be set
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5474 c6295689-39f2-0310-b995-f0e70906c6a9
* pgp_iterate_blobs(): walk through the blob tree
* pgp_free_blob(): free a blob
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5472 c6295689-39f2-0310-b995-f0e70906c6a9
Leverage the fact that OpenPGP cards use TLV encoding according to
ASN.1 BER-encoding rules and use sc_asn1_read_tag() as the workhorse
within pgp_enumerate_blob().
There's one peculiarity though:
OpenPGP cards expect 'cla' to be merged into 'tag'.
This is done manually after calling sc_asn1_read_tag().
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5471 c6295689-39f2-0310-b995-f0e70906c6a9
Added:
* 00c4: new top-level DO in 2.0
can also be found inside constructed DOs 006E/0073 in 2.0 & 1.1
* 0101: new optional top-level DO starting in 1.1
for private use
max 254 bytes;
access: read - always; write - verify CHV2
* 0102: new optional top-level DO starting in 1.1
for private use
max 254 bytes;
access: read - always; write - verify CHV3
* 5f52: new top-level DO in 2.0
can also be found inside constructed DOs 006E in 2.0
* 7f21: new optional top-level DO in 2.0
use: card holder certificate (e.g. X.509) for the AUT key in the card
Removed:
* 0073: never a top-level DO, but part of top-level constructed DO 006E
Changed:
* 005e: not a constructed DO, but a simple/primitive DO
Note:
Trying to read non-existent top-level DOs or top-level DOs that weren't defined
in a spec version later than the current card's version does not hurt.
They are returned as empty.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5468 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-actalis.c: In function 'sc_pkcs15emu_actalis_init':
pkcs15-actalis.c:232: warning: dereferencing type-punned pointer will
break strict-aliasing rules
Never cast a pointer between types of different sizes. On 64-bit Unix
(LP64) int is 32 bits long and long is 64 bits long.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5462 c6295689-39f2-0310-b995-f0e70906c6a9
card-piv.c: In function 'piv_write_binary':
card-piv.c:1364: warning: signed and unsigned type in conditional expression
count is a size_t and must be casted in an int since the fucntion
returns an int.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5461 c6295689-39f2-0310-b995-f0e70906c6a9
Once written the 'compulsorily use' data cannot be changed.
Write this data immediately after a new key slot has been created.
It helps to avoid further confusion between 'use new key slot' and 'reuse existing slot'.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5402 c6295689-39f2-0310-b995-f0e70906c6a9
; dedicated function to parse ACLs from DOCP data;
; when converting ACL chack and parse ACLs;
; change prototype of the internal static functions.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5396 c6295689-39f2-0310-b995-f0e70906c6a9
Most of the card producers interpret 'send' values in 'IO buffer size' data as "maximum APDU data size" .
The last Oberthur's card strictly follows specification and interpret these values as "maximum APDU command size".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5392 c6295689-39f2-0310-b995-f0e70906c6a9
EC parameters can be presented in a three forms: namedCurve, OID and implicit data.
This new data type will facilitate manipulation of ec-parameters in the OpenSC tools and library.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5386 c6295689-39f2-0310-b995-f0e70906c6a9
On Windows every DLL has their own file descriptor table, thus specifying
-v from any of the OpenSC tools resulted in a crash when the tool tried to override
ctx->debug_file with stderr.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5359 c6295689-39f2-0310-b995-f0e70906c6a9
... when serial number was asked for the first time.
Then return the stored value for the every next request of serial number.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5348 c6295689-39f2-0310-b995-f0e70906c6a9
There is no need to carry around that attribute, because it's easy to look up the 'file' as needed. This is done by issuing a single sc_select_file command in sc_pkcs15init_update_any_df (pkcs15-lib.c).
The parameter 'file' of sc_pkcs15_add_df (pkcs15.c) became useless too and was removed in turn.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5316 c6295689-39f2-0310-b995-f0e70906c6a9
dir.c:212: warning: comparison between signed and unsigned
dir.c:220: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5298 c6295689-39f2-0310-b995-f0e70906c6a9
asn1.c:747: warning: comparison between signed and unsigned
asn1.c:785: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5297 c6295689-39f2-0310-b995-f0e70906c6a9
On Mac OS X the HP smart card keyboard claims secure PIN entry support but the PIN is transmitted to host.
Disregard the pinpad flag for this reader. Other readers claiming pinpad support but having problems to follow in this list.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5273 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur.c: In function 'sc_pkcs15emu_oberthur_add_pubkey':
pkcs15-oberthur.c:585: warning: statement with no effect
pkcs15-oberthur.c: In function 'sc_pkcs15emu_oberthur_add_cert':
pkcs15-oberthur.c:654: warning: statement with no effect
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5269 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-itacns.c: In function 'itacns_add_data_files':
pkcs15-itacns.c:478: warning: declaration of 'list_size' shadows a global declaration
../../src/common/simclist.h:497: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5267 c6295689-39f2-0310-b995-f0e70906c6a9
card-iasecc.c: In function 'iasecc_get_serialnr':
card-iasecc.c:2218: warning: declaration of 'ii' shadows a previous local
card-iasecc.c:2165: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5266 c6295689-39f2-0310-b995-f0e70906c6a9
card-iasecc.c: In function 'iasecc_select_file':
card-iasecc.c:647: warning: declaration of 'rv' shadows a previous local
card-iasecc.c:635: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5265 c6295689-39f2-0310-b995-f0e70906c6a9
card-iasecc.c:1529: warning: declaration of 'ffs' shadows a global declaration
/usr/include/string.h:121: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5264 c6295689-39f2-0310-b995-f0e70906c6a9
card-authentic.c: In function 'authentic_chv_verify_pinpad':
card-authentic.c:1255: warning: declaration of 'ffs' shadows a global declaration
/usr/include/string.h:121: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5262 c6295689-39f2-0310-b995-f0e70906c6a9
card-westcos.c: In function 'westcos_init':
card-westcos.c:255: warning: declaration of 'priv_data' shadows a previous local
card-westcos.c:210: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5261 c6295689-39f2-0310-b995-f0e70906c6a9
card-piv.c:179: warning: 'oid_prime256v1' defined but not used
card-piv.c:180: warning: 'oid_secp384r1' defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5260 c6295689-39f2-0310-b995-f0e70906c6a9
card-oberthur.c: In function 'auth_pin_verify_pinpad':
card-oberthur.c:1581: warning: declaration of 'ffs' shadows a global declaration
/usr/include/string.h:121: warning: shadowed declaration is here
card-oberthur.c: In function 'auth_pin_reset_oberthur_style':
card-oberthur.c:1802: warning: declaration of 'ffs' shadows a global declaration
/usr/include/string.h:121: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5259 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c: In function 'refresh_attributes':
reader-pcsc.c:339: warning: declaration of 'rv' shadows a previous local
reader-pcsc.c:273: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5258 c6295689-39f2-0310-b995-f0e70906c6a9
reader-pcsc.c: In function 'refresh_attributes':
reader-pcsc.c:337: warning: declaration of 'state' shadows a previous local
reader-pcsc.c:272: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5257 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-pubkey.c: In function 'sc_pkcs15_pubkey_from_spki_filename':
pkcs15-pubkey.c:944: warning: 'buflen' may be used uninitialized in this function
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5256 c6295689-39f2-0310-b995-f0e70906c6a9
ctx.c: In function 'sc_context_create':
ctx.c:646: warning: implicit declaration of function 'lt_dlinit'
ctx.c:646: warning: nested extern declaration of 'lt_dlinit'
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5255 c6295689-39f2-0310-b995-f0e70906c6a9
after r5186 the SC_MAX_APDU_BUFFER_SIZE has been increased
and so existing defintion of Le value became invalid.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5233 c6295689-39f2-0310-b995-f0e70906c6a9
in r5186 the SC_MAX_APDU_BUFFER_SIZE has been increased
and so the previous defintion of Le value became invalid.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5225 c6295689-39f2-0310-b995-f0e70906c6a9
even if the normal usage does not allow sign.
This is need when initializing a card when called by
OpenSSL req -engine
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5215 c6295689-39f2-0310-b995-f0e70906c6a9
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
The registry in no longer used to pass the
handles provided by BaseCSP. sc_ctx_use_reader
is used instead. (uses r5190)
A decryption routine was added as it is needed by login.
Key container names are based on the card serial
number and cert ID. The must be unique as they
are searched for in the certificate store to
find the card to insert in some situations.
If the handles change, the association to the reader
and card is refreshed as it may be a different card
or reader. (uses r5127)
Extra low lowel debugging was added. To use
it the CARDMOD_LOW_LEVEL_DEBUG but be defined in
cardmod.c This can log entries before and sc_context
is established.
The use of "texte" was replaced, as it looked like there
could be buffer overflows. It was replaced with a
loghex routine.
SC_ALGORITHM_RSA_HASH_MD5_SHA1 can now be used
(IE uses this.)
Several other bugs were fixed.
The code can now bue used for AD login, and was tested
with swaping cards duirng login, and with several readers.
The code is still experimental, and for login to work,
the dlls were moved to system32.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5192 c6295689-39f2-0310-b995-f0e70906c6a9
It is used by cardmod to pass in pointers to the PC/SC handles
provided by the caller of cardmod. Other drivers will return
an error if this routine called.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5190 c6295689-39f2-0310-b995-f0e70906c6a9
to PIV KEY Management keys and certificates, includeing the Retired keys.
This applies to 0.12.0 and needs to be in 0.12.1
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5189 c6295689-39f2-0310-b995-f0e70906c6a9
p15card-helper.c:263:22: warning: Although the value stored to 'r' is used in
the enclosing expression, the value is never actually read from 'r'
...!= (r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info))) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
p15card-helper.c:237:22: warning: Although the value stored to 'r' is used in
the enclosing expression, the value is never actually read from 'r'
...if(SC_SUCCESS != (r = sc_select_file(card, &cert_info.path, NULL))) {
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
p15card-helper.c:224:3: warning: Value stored to 'r' is never read
r = SC_SUCCESS;
^ ~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5182 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur.c:353:3: warning: Value stored to 'len' is never read
len = sizeof(label) - 1;
^ ~~~~~~~~~~~~~~~~~
pkcs15-oberthur.c:587:3: warning: Value stored to 'sz' is never read
...sz = len > sizeof(key_obj.label) - 1 ? sizeof(key_obj.label) - 1 : len;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15-oberthur.c:669:2: warning: Value stored to 'offs' is never read
offs += 2 + len;
^ ~~~~~~~
pkcs15-oberthur.c:656:3: warning: Value stored to 'sz' is never read
...sz = len > sizeof(cobj.label) - 1 ? sizeof(cobj.label) - 1 : len;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5181 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tccardos.c:253:3: warning: Value stored to 'pinType' is never read
pinType = key_descr & TC_CARDOS_PIN_MASK;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5179 c6295689-39f2-0310-b995-f0e70906c6a9
card-authentic.c:913:33: warning: Field access results in a dereference of a
null pointer (loaded from variable 'apdus')
rv = sc_check_sw(card, apdus->sw1, apdus->sw2);
~~~~~ ^
card-authentic.c:958:33: warning: Field access results in a dereference of a
null pointer (loaded from variable 'apdus')
rv = sc_check_sw(card, apdus->sw1, apdus->sw2);
~~~~~ ^
card-authentic.c:1001:33: warning: Field access results in a dereference of a
null pointer (loaded from variable 'apdus')
rv = sc_check_sw(card, apdus->sw1, apdus->sw2);
~~~~~ ^
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5176 c6295689-39f2-0310-b995-f0e70906c6a9
card-authentic.c:440:2: warning: Value stored to 'resp_len' is never read
resp_len = sizeof(resp);
^ ~~~~~~~~~~~~
card-authentic.c:1053:4: warning: Value stored to 'acls' is never read
acls = acls_NEVER;
^ ~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5175 c6295689-39f2-0310-b995-f0e70906c6a9
card-ias.c:132:32: warning: Although the value stored to 'ins' is used in the
enclosing expression, the value is never actually read from 'ins'
r = len = pad = use_pin_pad = ins = p1 = 0;
^ ~~~~~~
card-ias.c:132:2: warning: Value stored to 'r' is never read
r = len = pad = use_pin_pad = ins = p1 = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
card-ias.c:366:2: warning: Value stored to 'ctx' is never read
ctx = card->ctx;
^ ~~~~~~~~~
card-ias.c:361:6: warning: Although the value stored to 'pathlen' is used in the
enclosing expression, the value is never actually read from 'pathlen'
r = pathlen = stripped_len = offset = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
card-ias.c:361:2: warning: Value stored to 'r' is never read
r = pathlen = stripped_len = offset = 0;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
card-ias.c:361:31: warning: Although the value stored to 'offset' is used in the
enclosing expression, the value is never actually read from 'offset'
r = pathlen = stripped_len = offset = 0;
^ ~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5174 c6295689-39f2-0310-b995-f0e70906c6a9
card-westcos.c:1066:4: warning: Value stored to 'r' is never read
r = SC_ERROR_INVALID_ARGUMENTS;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5173 c6295689-39f2-0310-b995-f0e70906c6a9
card-asepcos.c:446:19: warning: Value stored to 'p' during its initialization is
never read
u8 buf[64], *p = buf;
^ ~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5172 c6295689-39f2-0310-b995-f0e70906c6a9
card-piv.c:614:2: warning: Value stored to 'buf_end' is never read
buf_end = rp + buf_len;
^ ~~~~~~~~~~~~
card-piv.c:1129:3: warning: Value stored to 'r' is never read
r = 0;
^ ~
card-piv.c:1478:2: warning: Value stored to 'q' is never read
q = rbuf;
^ ~~~~
card-piv.c:1628:2: warning: Value stored to 'q' is never read
q = rbuf;
^ ~~~~
card-piv.c:2456:4: warning: Value stored to 'certobjlen' is never read
certobjlen = 0;
^ ~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5170 c6295689-39f2-0310-b995-f0e70906c6a9
card-atrust-acos.c:548:2: warning: Value stored to 'keyID' is never read
keyID = env->key_ref[0];
^ ~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5169 c6295689-39f2-0310-b995-f0e70906c6a9
If card is NULL we can't dereference card->ctx to log an error
We must assume card i snever NULL
card-oberthur.c:1537:3: warning: Field access results in a dereference of a null
pointer (loaded from variable 'card')
...SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS)...
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
card-oberthur.c:1537:24: note: instantiated from:
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ...
~~~~ ^
card-oberthur.c:2258:3: warning: Field access results in a dereference of a null
pointer (loaded from variable 'card')
...SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_INVALID_ARGUMENTS)...
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
card-oberthur.c:2258:24: note: instantiated from:
SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, ...
~~~~ ^
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5168 c6295689-39f2-0310-b995-f0e70906c6a9
card-oberthur.c:1539:2: warning: Value stored to 'prv' is never read
prv = (struct auth_private_data *) card->drv_data;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5167 c6295689-39f2-0310-b995-f0e70906c6a9
card-starcos.c:657:5: warning: Value stored to 'p' is never read
*p++ = file->record_length & 0xff;
^~~
card-starcos.c:652:5: warning: Value stored to 'p' is never read
*p++ = file->record_length & 0xff;
^~~
card-starcos.c:647:5: warning: Value stored to 'p' is never read
*p++ = file->size & 0xff;
^~~
card-starcos.c:609:4: warning: Value stored to 'p' is never read
*p++ = tmp; /* SM ISF */
^~~
card-starcos.c:572:4: warning: Value stored to 'p' is never read
*p++ = tmp;
^~~
card-starcos.c:1024:2: warning: Value stored to 'keyID' is never read
keyID = env->key_ref[0];
^ ~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5166 c6295689-39f2-0310-b995-f0e70906c6a9
card-mcrd.c:1023:20: warning: Value stored to 'linep' during its initialization
is never read
char line[256], *linep = line;
^ ~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5165 c6295689-39f2-0310-b995-f0e70906c6a9
card-flex.c:358:2: warning: Value stored to 'left' is never read
left = *p++;
^ ~~~~
card-flex.c:358:10: warning: Value stored to 'p' is never read
left = *p++;
^~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5163 c6295689-39f2-0310-b995-f0e70906c6a9
muscle.c:417:2: warning: Value stored to 'ptr' is never read
ptr += newPinLength;
^ ~~~~~~~~~~~~
muscle.c:918:2: warning: Value stored to 'inPtr' is never read
inPtr += toSend;
^ ~~~~~~
muscle.c:917:2: warning: Value stored to 'left' is never read
left -= toSend;
^ ~~~~~~
muscle.c:1012:26: warning: Value stored to 'p' is never read
ushort2bebytes(p, use); p+=2;
^ ~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5160 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-gemsafeV1.c:262:5: warning: Value stored to 'endptr' is never read
endptr = (char *)(apdu.resp + apdu.resplen);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5159 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15.c:1033:3: warning: Value stored to 'r' is never read
r = sc_pkcs15_parse_df(p15card, df);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15.c:1677:3: warning: Value stored to 'obj_len' is never read
obj_len = p - oldp;
^ ~~~~~~~~
pkcs15.c:1948:4: warning: Value stored to 'r' is never read
r = len;
^ ~~~
pkcs15.c:1942:6: warning: Value stored to 'record_len' is never read
record_len = head[2] * 256 + head[3];
^ ~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5158 c6295689-39f2-0310-b995-f0e70906c6a9
apdu.c:166:5: warning: Value stored to 'p' is never read
*p++ = (u8)apdu->le;
^~~
apdu.c:156:4: warning: Value stored to 'p' is never read
p += apdu->lc & 0xff;
^ ~~~~~~~~~~~~~~~
apdu.c:147:5: warning: Value stored to 'p' is never read
*p++ = (u8)apdu->le;
^~~
apdu.c:139:3: warning: Value stored to 'p' is never read
p += apdu->lc;
^ ~~~~~~~~
apdu.c:118:3: warning: Value stored to 'p' is never read
p += apdu->lc;
^ ~~~~~~~~
apdu.c:112:5: warning: Value stored to 'p' is never read
*p++ = (u8)apdu->le;
^~~
apdu.c:107:5: warning: Value stored to 'p' is never read
*p++ = (u8)apdu->le;
^~~
apdu.c:102:4: warning: Value stored to 'p' is never read
*p++ = (u8)apdu->le;
^~~
apdu.c:99:5: warning: Value stored to 'p' is never read
*p++ = (u8)0x00;
^~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5157 c6295689-39f2-0310-b995-f0e70906c6a9
ef-atr.c:41:16: warning: Value stored to 'category' during its initialization is
never read
unsigned char category = *buf;
^ ~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5156 c6295689-39f2-0310-b995-f0e70906c6a9
log.c:107:2: warning: Value stored to 'left' is never read
left -= r;
^ ~
log.c:106:2: warning: Value stored to 'p' is never read
p += r;
^ ~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5154 c6295689-39f2-0310-b995-f0e70906c6a9
sc.c:667:12: warning: The left operand of '>=' is a garbage value
if (tx[2] >= 0)
~~~~~ ^
sc.c:656:12: warning: The left operand of '>=' is a garbage value
if (tx[0] >= 0) {
~~~~~ ^
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5152 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-pubkey.c:787:5: warning: no previous prototype for function
'sc_pkcs15_read_der_file' [-Wmissing-prototypes]
int sc_pkcs15_read_der_file(sc_context_t *ctx, char * filename,
^
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5131 c6295689-39f2-0310-b995-f0e70906c6a9
Such PIN codes were erroneously cached in memory, even though not used with revalidation..
User consent relates to private keys, not PIN codes.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5124 c6295689-39f2-0310-b995-f0e70906c6a9
- do nothing if child has 'aid';
- child inherit the parents's 'aid' if this one exists;
- child inherit parents's path of type 'DF NAME' as 'aid';
- return if child path is zero length;
- finaly concatenate parent and child paths.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5108 c6295689-39f2-0310-b995-f0e70906c6a9
for some cards to prepare security environment for the PSO operation
card driver may need the value of 'algRef' attribut of tokenInfo.supportedAlgorithm.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5092 c6295689-39f2-0310-b995-f0e70906c6a9
This extension is used by multi-applications cards when EF.ODF with EF.tokenInfo
and xDF with (secure) data objects are placed in a different applications.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5082 c6295689-39f2-0310-b995-f0e70906c6a9
* Correct naming: openpgp not opengpg
* Set the card name from ATR table
* Add card type enums
* Currently OpenPGP is read-only.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5072 c6295689-39f2-0310-b995-f0e70906c6a9
For some cards the acl bytes, retrived from 'select' response, can reference
a SE (and not directly PIN).
In such case, to proceed an authentication for the card operation
the information about the SE's CRTs is needed.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5066 c6295689-39f2-0310-b995-f0e70906c6a9
not all application DF have and can be selected by its file-id.
So, new member in 'sc_path' will help to describe the full path to some EF(DF) inside a card.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5047 c6295689-39f2-0310-b995-f0e70906c6a9
; 'known' pkcs#15 applications are moved to the head of the card applications array;
; card specific 'bind finalization' code moved to the dedicated procedures;
; remove unused sc_application member, procedures;
; remove commented code;
; add debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5045 c6295689-39f2-0310-b995-f0e70906c6a9
Most smart cards currently have only 64K or 128K of EEPROM. This will give better errors earlier for people trying to import huge keyfiles with TrueCrypt.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5030 c6295689-39f2-0310-b995-f0e70906c6a9
when used with virtual reader, the APDUs can be buffered in the reader's
internal buffer, before sending it to the distant card.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5021 c6295689-39f2-0310-b995-f0e70906c6a9
add 'current_ef' and 'current_df' member to 'sc_card_cache'.
The main purpose of this is to reduce number of APDU transactions.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5002 c6295689-39f2-0310-b995-f0e70906c6a9
That patch prevents the repeated attachment of objects to obj_list, because it marks an EF as enumerated as soon the first object was successfully appended.
Left over from #266.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4983 c6295689-39f2-0310-b995-f0e70906c6a9
If re-validation of a cached PIN fails, then free that cached PIN to ensure that it isn't used again for re-validation.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4924 c6295689-39f2-0310-b995-f0e70906c6a9
Native keys are generated with exponent 65537, imported keys can now have any (?) exponent.
Tested with openssl genrsa -3/-f4 keys.
Improves r4910 and closes#297
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4915 c6295689-39f2-0310-b995-f0e70906c6a9
emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
support routines. Add definitions for EC keys,
parameters and extensions to structures.
Add the sc_card_find_ec_alg, sc_pkcs15_decode_pubkey_ec,
sc_pkcs15_encode_pubkey_ec, sc_pkcs15emu_add_ec_prkey,
sc_pkcs15emu_add_ec_pubkey routines.
Only EC named curves are currently supported.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4902 c6295689-39f2-0310-b995-f0e70906c6a9
* Detect different cards based on ATR-s and on card objects
* Set the card name from the ATR table
* Conditionally add support for 2048b keys
* Add workarounds for broken MULTOS and JavaCard cards.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4893 c6295689-39f2-0310-b995-f0e70906c6a9
One of the few cards that has two different ATR-s is the EstonianEid card. The changing ATR (especially if
it has different protocol information and historical bytes) can cause confusion in many places, like
Microsoft BaseCSP or certain versions of pcsc-lite.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4890 c6295689-39f2-0310-b995-f0e70906c6a9
Compilation fails on Mac OS X (but not on GNU/Linux):
Undefined symbols:
"_sc_pkcs15emu_postponed_load", referenced from:
-exported_symbol[s_list] command line option
ld: symbol(s) not found
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4879 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15.c: object search continues with normal processing, even if enumeration of some files failed
pkcs15.h: obsolete prototype removed
pkcs15-syn.c: now obsolete function sc_pkcs15emu_postponed_load removed
fixes: #266
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4877 c6295689-39f2-0310-b995-f0e70906c6a9
to pkcs15-pubkey.c and call the new sc_pkcs15_pubkey_from_spki.
Add sc_pkcs15_pubkey_from_spki_filename to allow a file to
contain the subjectPubkeyInfo, which will be used the the PIV
driver when EC is implemented. The format of the file, is the
same as an X509 certificate subjectPublicKeyInfo and what
OpenSSL calls an EVP_PKEY, which includes the algorithm,
any parameters and the public key.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4874 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tcos.c:216: warning: declaration of ‘r’ shadows a previous local
pkcs15-tcos.c:194: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4868 c6295689-39f2-0310-b995-f0e70906c6a9
card-itacns.c:90: warning: no previous prototype for ‘itacns_match_cns_card’
card-itacns.c:125: warning: no previous prototype for ‘itacns_match_cie_card’
card-itacns.c:146: warning: no previous prototype for ‘itacns_match_card’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4861 c6295689-39f2-0310-b995-f0e70906c6a9
This makes it universal, as some cards don't have the personal data file (Digi-ID)
It also makes it a bit ugly, as the common name is the name and personal ID code
concatenated like "FIRSTNAME,LASTNAME,123456789"
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4817 c6295689-39f2-0310-b995-f0e70906c6a9
r4761 added a test in the wrong place. Second fix
r4804 added the test in the correct place. This fix
removes one of the tests added by r4761
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4806 c6295689-39f2-0310-b995-f0e70906c6a9
sc_pkcs15_cert now has pointer to sc_pkcs15_pubkey, allowing it to
be removed and used separatly.
sc_pkcs15_pubkey now has pointer to sc_algorithm_id to faclitate
addition of other key algorithms and their parameters.
Various code changes to free these structures and references
to the structures have been changed.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4805 c6295689-39f2-0310-b995-f0e70906c6a9