giomba/opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,402 Commits 1 Branch 30 Tags 20 MiB
0898d06944
Commit Graph

5391 Commits

Author SHA1 Message Date
Frank Morgner
00daa3f535 added error checking 2015-10-14 22:27:32 +02:00
Frank Morgner
9a82ddea8a fixed memory leak 2015-10-14 22:26:53 +02:00
vletoux
75d76f5ce4 Merge branch 'master' of https://github.com/OpenSC/OpenSC into OpenSC-master 
Conflicts:
	src/minidriver/minidriver.c
 2015-10-14 22:22:19 +02:00
Frank Morgner
5558b9d368 removed unused parameters 2015-10-14 22:17:33 +02:00
Frank Morgner
2ed4c8ae6c Adds error checking 2015-10-14 22:16:44 +02:00
Frank Morgner
94772c870a Adds error checking 2015-10-14 22:15:17 +02:00
Frank Morgner
c9420046c5 Removed unused parameter 2015-10-14 22:08:14 +02:00
Frank Morgner
77b5138860 Removed unused parameter 2015-10-14 22:02:35 +02:00
Frank Morgner
851e0a24ff Merge pull request #571 from frankmorgner/label 
Fixes accessing fixed size arrays
 2015-10-14 18:56:29 +02:00
Frank Morgner
ee5915700c Merge pull request #516 from frankmorgner/lock 
Only re-lock for Windows and Apple
 2015-10-13 14:11:29 +02:00
Doug Engert
0b268f789a Allow PIV driver to use cards where default application in not PIV 
card-piv.c was not selecting the PIV AID correctly from piv_find_aid.
This cause a CAC card that also has the PIV application to fail a VERIFY command
of the pin would use a VERIFY  APDU P2 where P2 for PIV is 80, but for CAC was 00.

A CAC card could work if the caller requested the serial number of the card
which did call piv_select_aid. All the OpenSC tools, minidriver and
PKCS#11 do this, but Tokend does not.

This is a partial fix for https://github.com/OpenSC/OpenSC/issues/570.
Tokend in later MacOS versions still has other issues.

A  more complete solution is needed for cards with multiple applications.

I do not have a CAC card or MAC to do any testing.

Thanks to https://github.com/mouse07410 who has a CAC card, and a Mac,
and has tested this fix.
 2015-10-11 19:14:02 -05:00
vletoux
747678c83d minidriver: remove unnecessary logs on console (certutil -scinfo) 2015-10-11 18:51:36 +02:00
vletoux
b968fcfb1f minidriver: Windows x509 enrollment works 
Removed cmap_record in sc_pkcs15_prkey_info (not used by any driver nor code)
Remove cardcf specific code (cardcf neutralized by CP_CACHE_MODE_NO_CACHE and it maintened by the Base CSP/KSP, not the minidriver)
Add conversion code for Windows GUID / OpenSC self computed GUID
 2015-10-11 15:20:04 +02:00
vletoux
bee1a450c9 minidriver: modified configuration functions 2015-10-11 10:39:02 +02:00
vletoux
7551baafbd minidriver: add crt secure functions (*_s) 2015-10-10 22:07:49 +02:00
vletoux
ebfb76d311 minidriver: fix library import for guid & one compilation warning 2015-10-10 19:01:14 +02:00
vletoux
8f4420cb78 minidriver: factorize container naming code 2015-10-10 15:39:27 +02:00
vletoux
227f48d7b0 minidriver: replace one sprintf by sprintf_s 2015-10-10 14:15:23 +02:00
Frank Morgner
da1d4cc78a Fix locking issue on OS X 
Works around Apple shipping PCSC-Lite headers without PCSC-Lite. Let's
say they do it for "backward compatibility"...
 2015-10-08 08:24:40 +02:00
Frank Morgner
a6b36507a3 removed unused parent in md directory/file 2015-10-06 22:49:32 +02:00
Frank Morgner
d18ddcb446 fixed accessing fixed size md file/directory name 2015-10-06 22:49:16 +02:00
Frank Morgner
6c61bf6815 fixed accessing fixed size guid 2015-10-06 22:49:16 +02:00
Olaf Kirch
f42a1c2563 Replace outdated address okir@lst.de -> okir@suse.de 
Signed-off-by: Olaf Kirch <okir@suse.de>
 2015-10-05 14:07:28 +02:00
Frank Morgner
137afb10b7 Check for NUL in label to test its presence 2015-10-05 08:30:47 +02:00
Frank Morgner
5b0332528f fixed accessing app_label in sc_pkcs15_data_info_t 2015-10-05 08:23:02 +02:00
vletoux
811a86e72a fix: set the container name as the id if md_guid_as_label is set 2015-10-04 19:49:31 +02:00
Frank Morgner
f9cd1fc476 fixed accessing fixed size cvc members 2015-10-04 17:53:51 +02:00
Frank Morgner
161e84f066 pkcs15-tool.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
35f028a57c pkcs15-init.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
d709347c2b pkcs15-crypt.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
191af692c8 print.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
e171789dad pintest.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
7c1feb1b8a pkcs15-oberthur.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
fa3f4d632c pkcs15-lib.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
1046d951ba framework-pkcs15.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
c56fe19b31 minidriver.c: fixed accessing label in sc_pkcs15_object_t 2015-10-04 17:33:14 +02:00
Frank Morgner
64417c271e fixed out of bounds access 2015-10-04 13:19:29 +02:00
Frank Morgner
78018a2b49 fixed string operation on fixed size array 2015-10-04 13:07:39 +02:00
Frank Morgner
d33517a58b fixed missing comma 2015-10-04 12:55:25 +02:00
Frank Morgner
9e500e0b9a fixed bad typecast 2015-10-04 12:52:49 +02:00
Frank Morgner
50e81d1de0 added missing break 2015-10-04 12:45:25 +02:00
vletoux
3edf32ca9c fix: when exporting immediatly an ECC key when the ECC key just has been created 
This test case is triggered when requesting a ECC certificate from ADCS:
NCryptCreatePersistedKey followed by NCryptExportKey
 2015-10-03 19:41:34 +02:00
vletoux
c3f2cb142f fix "use guid as label" 
Allow to use as pkcs15 label the windows container name (max: 39 characters)
 2015-10-03 18:59:52 +02:00
vletoux
b667645797 fix compilation warning 2015-10-03 18:56:19 +02:00
Frank Morgner
ac65af0669 Fixes unreleased locks with pcsc-lite 
This is a bug in PCSC-Lite propably won't be fixed, see
https://alioth.debian.org/tracker/index.php?func=detail&aid=315083&group_id=30105&atid=410088

Fixes https://github.com/OpenSC/OpenSC/issues/480
Closes https://github.com/OpenSC/OpenSC/pull/487
 2015-10-03 12:55:15 +02:00
Frank Morgner
5e242c5fb2 Merge pull request #560 from CardContact/fix_sc_pkcs15init_finalize_profile 
Removed error check to support card with PKCS#15 emulation but no mat…
 2015-10-02 15:18:14 +02:00
Frank Morgner
a15363198c Merge pull request #569 from mdealencar/patch-2 
fix: change SC_TERMINATE (undefined) to SC_CTX_FLAG_TERMINATE
 2015-10-02 15:16:42 +02:00
Frank Morgner
4f4643ee3e Merge pull request #452 from frankmorgner/memory-leaks 
Fix some memory leaks
 2015-10-02 15:13:34 +02:00
Frank Morgner
e0a4e0bfec Merge pull request #532 from frankmorgner/sloppy 
implemented sloppy initialization for C_GetSlotInfo
 2015-10-02 15:13:07 +02:00
Frank Morgner
f851197129 Merge pull request #565 from frankmorgner/sm-openssl 
Build a lightweight version of OpenSC
 2015-10-02 15:12:41 +02:00
mdealencar
34d6c10fa0 fix: change SC_TERMINATE (undefined) to SC_CTX_FLAG_TERMINATE 
This file was not compiling because SC_TERMINATE is not defined anywhere. It seems like the intended expression is what I propose.
 2015-10-01 08:38:23 -03:00
Frank Morgner
f252277fab Add configuration for sloppy PKCS#11 initialization 2015-10-01 12:44:41 +02:00
Frank Morgner
3307dd6f45 implemented sloppy initialization for C_GetSlotInfo 
Makes things work for Java and closes #523
 2015-10-01 12:44:41 +02:00
vletoux
a9897f9956 First implementation of CardDeleteContainer 
Container now can be created, deleted, in short, a read write card
 2015-09-30 22:52:37 +02:00
vletoux
67740fb955 quality improvement of CardDeriveKey 2015-09-30 22:49:41 +02:00
vletoux
9a590d64e4 do not reset the authentication state before each operation 2015-09-30 22:47:16 +02:00
Frank Morgner
c5cf4f69a2 Merge pull request #559 from philipWendland/ecc-sig-format 
ECDSA helper functions: strip zeroes when converting from R,S to sequence
 2015-09-30 08:14:25 +02:00
Frank Morgner
fb705b6a2d Merge pull request #563 from CardContact/fix_reselect_applet_for_pin_verification 
Fix reselect applet for pin verification
 2015-09-29 20:09:00 +02:00
vletoux
c00f9830ba force recompilation on integration plateforms 2015-09-25 22:56:26 +02:00
vletoux
701d45e89d fix delay load library import 2015-09-25 22:30:11 +02:00
vletoux
6cbeea3942 First ECC support for the minidriver 2015-09-25 22:22:29 +02:00
Andreas Schwier
83a28a1bc3 pkcs15: Observe path.aid for PIN operation 2015-09-25 11:56:32 +02:00
Andreas Schwier
7fd4edf7b6 Allow cards without EF.DIR using default application 
Removed error check to support card with PKCS#15 emulation but no matching card app
 2015-09-25 11:43:01 +02:00
Frank Morgner
7120a9b549 Merge pull request #554 from frankmorgner/fixes 
Some more fixes for problems reported by Coverity scan
 2015-09-25 11:13:17 +02:00
Frank Morgner
30c90448fb Adds missing Advapi32.lib to opensc_a.lib 2015-09-25 10:58:53 +02:00
Andreas Schwier
d8d47bb06f sc-hsm: Bind PIN object to applet aid to ensure SELECT before PIN verification 2015-09-23 15:38:57 +02:00
Andreas Schwier
c41153aa13 pkcs15: Select application defined by path.aid for PIN verification 2015-09-23 15:36:56 +02:00
Frank Morgner
e14e028453 Properly describe OpenSSL dependencies in .mak files 2015-09-23 08:23:28 +02:00
Frank Morgner
ffd85adae7 Decouples SM from OpenSSL 2015-09-24 14:46:30 +02:00
Frank Morgner
4814863d18 Merge pull request #551 from frankmorgner/507 
Fix OpenPGP driver to work correctly with YubiKey NEO
 2015-09-21 13:23:18 +02:00
Philip Wendland
328176d28b ECDSA helper functions: strip zeroes when converting from R,S to sequence 
For ECDSA signatures, there are multiple ways to format the signature:
- R|S (R and S filled with zeroes at the most significant bytes)
- ASN1 sequence of R,S integers (e.g. used by OpenSSL).

It is rare that the filling with zeroes is needed.
But if it is, in the second case, the filling zeroes should not be there
or the verification of the signature by OpenSSL will fail.
 2015-09-20 22:34:39 +02:00
Philip Wendland
09fb1e71a9 IsoApplet: add PIN to pincache upon creation 2015-09-18 17:02:45 +02:00
Philip Wendland
6bffeb7a36 IsoApplet: fix dead code 2015-09-18 17:02:45 +02:00
Doug Engert
24a3999386 Fix indentation for readability 2015-09-17 19:03:44 -05:00
Frank Morgner
c399bc94ec piv-tool: fixed resource leak 2015-09-17 22:32:07 +02:00
Frank Morgner
2dca6ced06 pkcs15-oberthur: fixed resource leak 2015-09-17 22:32:07 +02:00
Frank Morgner
4e280b4741 pkcs15-lib: fixed resource leak 2015-09-17 22:32:07 +02:00
Frank Morgner
5854aff155 pkcs15-epass2003: fixed resource leak 2015-09-17 22:32:06 +02:00
Frank Morgner
4fd359406e iasecc-sdo: fixed resource leak 2015-09-17 22:32:06 +02:00
Frank Morgner
1308fd0618 cwa14890: fixed resource leak 2015-09-17 22:32:06 +02:00
Frank Morgner
7fe4819a02 card-tcos: fixed resource leak 2015-09-17 22:32:06 +02:00
Frank Morgner
1e2a42dae5 Fixes warning about unused variables 2015-09-17 22:24:33 +02:00
Frank Morgner
fe31aceacb Fixes signature of iasecc_read_public_key 2015-09-17 22:24:33 +02:00
Frank Morgner
be073396be Fixes warnings about unused variables/functions 2015-09-17 22:24:33 +02:00
Frank Morgner
0fe282414f Fixed warning about unused function 2015-09-17 22:24:33 +02:00
Frank Morgner
5902587889 Removed dead code 2015-09-17 22:24:33 +02:00
Frank Morgner
c22ffd95bf Fixed warning about unused variable 2015-09-17 22:24:33 +02:00
Frank Morgner
6c01750ba8 Removes dead code 2015-09-17 22:24:33 +02:00
Frank Morgner
e4bce1ca61 Fixes dependency on uninitialized data 2015-09-17 22:24:33 +02:00
Frank Morgner
07038225a7 Fixes out of bounds read 2015-09-17 22:24:33 +02:00
Frank Morgner
69320f9d54 Checks for out of bounds write 2015-09-17 22:24:33 +02:00
Frank Morgner
f08985086a Fixes potential buffer overrun 2015-09-17 22:24:33 +02:00
Frank Morgner
69de207c21 Fixes bad type cast 2015-09-17 22:24:33 +02:00
Frank Morgner
59254d9d88 Checks on errors for ftell and fseek 2015-09-17 22:24:33 +02:00
Frank Morgner
b5de72fe13 fix potention NULL deref 2015-09-17 22:24:33 +02:00
Frank Morgner
63a9ad79b6 Assumes that p15card->card are set 
The check for NULL was bogus anyway
 2015-09-17 22:24:33 +02:00
Frank Morgner
8a225eb42b Avoids potential NULL pointer deref 2015-09-17 22:24:33 +02:00
Frank Morgner
30d4f52718 Checks untrusted input 2015-09-17 22:24:33 +02:00
Frank Morgner
ba3890f8e0 Checks result of calloc 2015-09-17 22:24:33 +02:00
Frank Morgner
de58f51012 msc: check the length of input 2015-09-17 22:24:33 +02:00
Frank Morgner
d20290d2b3 openpgp: match application, not ATR 
fixes #391
closes #507
 2015-09-16 09:48:23 +02:00
Robert Ou
b28c48afe0 Fix OpenPGP driver to work correctly with YubiKey NEO 2015-09-16 09:48:23 +02:00
Frank Morgner
8aba7b9598 added missing files to WiX installer 
fixes https://github.com/OpenSC/OpenSC/issues/488
 2015-09-16 04:18:12 +02:00
Frank Morgner
cc6d7677da Merge pull request #550 from frankmorgner/appveyor 
adjust Make.rules.mak to work with AppVeyor
 2015-09-14 18:35:54 +02:00
Frank Morgner
bf654540c5 Merge pull request #545 from frankmorgner/duplicate 
avoid registering pkcs11 mechanisms multiple times
 2015-09-14 12:41:37 +02:00
Frank Morgner
fb9dfc5b71 fixed warnings about possible data loss 2015-09-14 10:52:31 +02:00
Nguyễn Hồng Quân
76b6b483c7 Merge branch 'master' into gnuk 2015-09-13 22:09:59 +08:00
Frank Morgner
a906c6d7b8 Merge pull request #530 from NWilson/yubikey-neo-pin 
Yubikey NEO pin functions support
 2015-09-12 18:51:10 +02:00
Frank Morgner
5944915e0e Merge pull request #549 from frankmorgner/547 
fixed bad string comparison
 2015-09-11 12:47:04 +02:00
Frank Morgner
0f2b9a4a4e Merge pull request #543 from frankmorgner/appveyor 
Use AppVeyor as good as we can
 2015-09-10 16:40:58 +02:00
Frank Morgner
819a6686c9 use _WIN32 instead of WIN32 2015-09-10 15:23:18 +02:00
Frank Morgner
17c0ffc17e Merge pull request #520 from frankmorgner/vendor-product 
added call back for getting vendor/product id
 2015-09-10 09:41:07 +02:00
Frank Morgner
6e3f94b3c9 fixed bad string comparison 
fixes #547
 2015-09-10 08:31:30 +02:00
Frank Morgner
d551f9a8e0 avoid registering pkcs11 mechanisms multiple times 
fixes #349
 2015-09-07 09:53:02 +02:00
Frank Morgner
b0c1e1fc89 Merge pull request #540 from nioncode/readDataObjectRawOption 
add '--raw' option to pkcs15-tools '--read-data-object'
 2015-09-04 15:31:16 +02:00
Nicolas Schneider
f44e229865 update help message to clarify that --raw only affects stdout behavior 2015-09-04 13:04:24 +02:00
Andreas Schwier
72e25db360 sc-hsm: Add status info support for SmartCard-HSM V2.0 2015-09-03 21:49:24 +02:00
Nicolas Schneider
68796edf36 add '--raw' option to output 8 bit data instead of its hex representation 2015-09-03 15:09:23 +02:00
Frank Morgner
b2508b6c59 removed workaround for HP USB Smart Card Keyboard 
Has been fixed by the CCID driver
https://lists.alioth.debian.org/pipermail/pcsclite-cvs-commit/2011-March/005218.html
 2015-09-02 10:49:12 +02:00
Frank Morgner
cf2a9cbbb0 added call back for getting vendor/product id 
implementation taken from
83142d4cae
 2015-09-02 10:47:29 +02:00
Frank Morgner
29b85b43c0 Merge pull request #483 from adminmt/master 
Update ATR and ATR mask for MaskTech smartcards
 2015-09-02 10:41:06 +02:00
Andreas Kemnade
9456db90fc handle record-based files correctly when doing file caching 
implementation copied from `sc_pkcs15_read_file`

closes #372
 2015-09-02 10:35:18 +02:00
Andreas Kemnade
c9efb2f643 make file cache dir configurable 
in cases where you use pam_pkcs11, HOME might not be set
so paths based on $HOME are not usable, so that the combination
of home and caching does not work. Having the paths configurable
(together with a good setting of access rights)
resolves that problem.
 2015-09-02 10:34:35 +02:00
Nguyễn Hồng Quân
a64bbc55aa [OpenPGP] Fix building without OpenSSL. 2015-08-31 22:24:16 +08:00
Nguyễn Hồng Quân
70890a8f61 Merge branch 'master' into gnuk 
Conflicts:
	src/libopensc/card-openpgp.c
	src/tools/openpgp-tool.c
 2015-08-31 21:55:14 +08:00
Frank Morgner
3f43bc46ef Merge pull request #534 from frankmorgner/card-sizes 
reactivate handling of `0` for max_recv/send_size
 2015-08-31 13:31:19 +02:00
Martin Paljak
8da31d271e Fix for #183: export more symbols 
- also export C_Initialize and C_Finalize to please vmware-view
- have a single pkcs11.exports file for both pkcs11-spy and opensc-pkcs11
 2015-08-30 18:58:00 +03:00
Frank Morgner
fc02cb1093 added documentation for sc_get_max_recv/send_size 2015-08-26 22:02:35 +02:00
Frank Morgner
2d9802308f reactivate handling of 0 for max_recv/send_size 
The special value still needs to be handled for commands that are issued
during card initialization. This especially concerns T=0 cards that need
to use iso_get_response.

fixes #533
regression of 85b79a3332
 2015-08-26 02:55:35 +02:00
Nicholas Wilson
2897e6fb5c Leniently interpret the ISO7816 return codes in card-piv.c 
This adds support for the Yubikey NEO. I'm not sure whether it breaks
the specification, or follows some other version of the spec, but in my
testing it returns SW1=0x63, SW2=0x0N for N PIN tries remaining.
Ignoring the top nibble seems a harmless change to the behaviour to
support this device.
 2015-08-25 15:53:32 +01:00
Nicholas Wilson
5a11d0e2fd Add support for C_GetTokenInfo pin status flags for ISO7816 cards 
This is already supported for a couple of the card drivers, but
since it's a general feature of ISO7816 it should go in iso7816.c,
rather than the current situation where identical code for this is
copy and pasted in each driver.

However, some cards apparently don't support this feature and count
it as a failed PIN attempt, so I've added a flag for now to indicate
whether the card supports this feature. It future, it could be moved
to blacklist cards rather than whitelist them, subject to more testing.
 2015-08-25 15:53:27 +01:00
adminmt
56c376489f ATR update card-masktech.c, customactions.cpp 
changed atqb + mask of MaskTech smart card (a) and (c)
removed MaskTech smart card (d)
added atr mask to MaskTech smart card (a) and (b)
 2015-08-24 12:51:54 +02:00
Nicholas Wilson
4df35b922c pkcs11: Fix to CKA_PRIVATE handling pcks11-tool 
There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
 2015-08-23 12:41:38 +02:00
Viktor Tarasov
ff2d88a724 libopensc: uncomplete changes in c48afdbf breaks windows builds 2015-08-16 20:18:29 +02:00
Martin Paljak
9cae888dd8 Merge pull request #522 from HenryJacques/login_pin_fix 
really set the --login option when using --pin
 2015-08-12 16:49:17 +03:00
Frank Morgner
2e21163273 cardos: probe for transceive length 2015-08-11 23:08:41 +02:00
Frank Morgner
85b79a3332 don't always overwrite max_send_size/max_recv_size 
If the reader announces extended length support, but the card driver
leaves max_send_size/max_recv_size at `0`, max_send_size/max_recv_size
previously would have been overwritten with the reader's size though the
card might not have set SC_CARD_CAP_APDU_EXT. This commit fixes this
behavior.

Additionally card->max_send_size/max_recv_size is always initialized to
a value different from 0 after the card initialization. This removes the
need to check for this special value in all subsequent calls.
 2015-08-11 23:08:41 +02:00
HenryJacques
c14be48ed9 really set the --login option when using --pin 
Until now, if -p was used without -l, we didn't authenticate to the token (see man pkcs11-tool)
 2015-08-11 18:03:31 +02:00
Nguyễn Hồng Quân
6409202c2f [OpenPGP] Fix warnings about type conversion. 2015-08-08 14:17:12 +08:00
Andreas Schwier
d6774aae40 Fixed wrong APDU case declaration detected after PR #500 2015-08-04 17:51:46 +02:00
Frank Morgner
5e352ea477 Merge pull request #504 from frankmorgner/find_tags 
Find tags with GET DATA
 2015-08-04 10:32:23 +02:00
Frank Morgner
d7d64ee8d4 Merge pull request #494 from frankmorgner/fork 
After a fork do not release resources shared with parent
 2015-08-04 10:32:01 +02:00
Frank Morgner
e95707362f Merge pull request #357 from fancycode/startcos34_dtrust 
Added initial support for STARCOS 3.4 (German D-Trust cards).
 2015-07-31 15:40:30 +02:00
Frank Morgner
c48afdbfcb Merge pull request #500 from frankmorgner/reader_max_data_size 
honour PC/SC pt 10 dwMaxAPDUDataSize
 2015-07-31 15:35:32 +02:00
Frank Morgner
6bedd70ea3 Merge pull request #499 from frankmorgner/asn1 
asn1: fixed parsing "end of content"
 2015-07-31 15:35:19 +02:00
Frank Morgner
d7496cc3b4 Merge pull request #498 from frankmorgner/pkcs11 
fixed segfault for uninitialized IsoApplet
 2015-07-31 15:35:08 +02:00
Frank Morgner
24d91acf69 opensc-explorer: added command find_tags 2015-07-30 11:29:14 +02:00
Martin Paljak
c6c8c6cdb0 Fix dead code: 
../../src/libopensc/errors.h:73:37: warning: statement with no effect [-Wunused-value]
 #define SC_ERROR_INVALID_ARGUMENTS  -1300
                                     ^
card-masktech.c:181:48: note: in expansion of macro 'SC_ERROR_INVALID_ARGUMENTS'
  if (crgram_len > SC_MAX_EXT_APDU_BUFFER_SIZE) SC_ERROR_INVALID_ARGUMENTS;
 2015-07-30 10:12:04 +03:00
Frank Morgner
f71ef838e9 implemented get_data for iso7816 
mostly copied over from CardOS implementation
 2015-07-30 08:18:07 +02:00
Frank Morgner
c92e3b4f98 honour PC/SC pt 10 dwMaxAPDUDataSize 
closes #306
 2015-07-28 09:49:44 +02:00
Frank Morgner
b44c98e4d8 asn1: fixed parsing "end of content" 
fixes #190
 2015-07-28 09:10:54 +02:00
Frank Morgner
b3dc5ea32a fixed segfault for uninitialized IsoApplet 
fixes #400
 2015-07-27 18:43:51 +02:00
Frank Morgner
6cfd71c387 avoid double detecting card on uninitialized reader 
initialize_reader already calls detect_card
 2015-07-27 16:15:33 +02:00
Andreas Jellinghaus
9fed9591ca Fix regression test crypt0007: it deals with 1024 bit keys (not 1048). 
Signed-off-by: Andreas Jellinghaus <andreas@ionisiert.de>
 2015-07-26 21:35:29 +02:00
Andreas Jellinghaus
4dfbf24a3e Fix regression test suite: rename parameters to new names. 
Signed-off-by: Andreas Jellinghaus <andreas@ionisiert.de>
 2015-07-26 21:34:51 +02:00
Frank Morgner
28de49b34c Merge pull request #448 from sschutte/patch-1 
Create minidriver-italian-cns.reg
 2015-07-23 13:11:39 +02:00
Frank Morgner
ee68165b1d Merge pull request #474 from germanblanco/memory_allocation_5 
Fixing part of the memory allocation problems in DNIe module. Issue #472
 2015-07-23 13:10:14 +02:00
Frank Morgner
142323af10 Merge pull request #476 from germanblanco/dnie_ui_depends_on_ssl 
Empty user-interface.c if there is no SSL support. Related with issue #362
 2015-07-23 13:08:46 +02:00
Frank Morgner
7cec500e54 added flags to sc_context_t 
- is initialized in sc_context_create with parm->flags
- removes members paranoid_memory and enable_default_driver
 2015-07-22 17:30:21 +02:00
Frank Morgner
edc839e072 restrict access to card handles after fork 
fixes #333
closes #493
 2015-07-22 16:46:04 +02:00
German Blanco
317cc302db making the size of e_tx in cwa-dnie.c dynamic 2015-07-10 12:38:22 +02:00
Nguyễn Hồng Quân
d0e3d1be3d Fix tab & spaces 2015-07-04 00:21:38 +08:00
Hubitronic
5898eab373 Update card-muscle.c 
re-enable opensc.conf flexibility again
 2015-06-18 16:28:11 +02:00
German Blanco
030f4d1559 Empty user-interface.c if there is no SSL support. 2015-06-01 08:21:25 +02:00
German Blanco
0d14f3ffee Correct initializing of a variable in card-dnie and revert buffer size change in cwa-dnie. 2015-06-01 07:46:59 +02:00
German Blanco
76517b7d43 Fixing part of the memory allocation problems in DNIe module. 2015-05-26 21:44:13 +02:00
Doug Engert
b48fa70308 sc_pkcs11_card improvements 
This is name change only fix.

    The variable name "card" was being used to refer to a struct sc_card or a struct sc_pkcs11_card
    in some files including sc_pkcs11.h. In other files the variable name "p11card" is used for struct sc_pkcs11_card.
    This creates hard to read code, such as: slot->card->card.

    All definitations of sc_pkcs11_card *card now use p11card as the variable name.

Fix #471
 2015-05-24 11:41:29 +02:00
David Woodhouse
8c94662e96 Add --test-fork option to pkcs11-tool 
The PKCS#11 Usage Guide, at least up to v2.40, says that calling
C_Initialize() in the child after fork is "considered to be good
Cryptoki programming practice, since it can prevent the existence of
dangling duplicate resources that were created at the time of the fork()
call."

(It neglects to mention that doing so in the child of a multi-threaded
process is a clear violation of POSIX, mind you. Not to mention being
utterly pointless if all you're going to do in the child is exec something
else anyway.)

Regardless of the sagacity of this recommendation, we need to cope when
it happens. Historically, we've been quite bad at that. Let's add a test
to pkcs11-tool in the hope it'll help...

Fixes #464
 2015-05-16 12:18:54 +02:00
vletoux
01b395e636 card-masktech.c: add 2 more ATR 
Fixes #465
 2015-05-16 12:09:08 +02:00
drew thomas
5be35fb3f4 muscle: change TyfoneAT historical bytes to 'Tyfone 242R2' 
Fixes #467
 2015-05-16 11:59:58 +02:00
Andreas Kemnade
a09ca246a7 libopensc: initialize value returned by sc_select_file 
several places in the code expect sc_select_file to set *file_out to NULL
in case of failure. Adjust the function to behave like this.

Fixes #460
 2015-05-13 10:19:38 +02:00
Andreas Kemnade
6a6ef61d1a some more error checks in minidriver in regards to card ejects 2015-05-13 10:11:05 +02:00
vletoux
492ffe0fd7 iso7816.c: allow file length stored in more than 2 bytes 
as indicated in iso7816-4 chapter 7.4.3 table 10

Fixes #459
 2015-05-13 10:01:29 +02:00
drew thomas
8b62221abc muscle: add ATR of Tyfone mSD card 
Add Tyfone Connected Smart Card ATR to list for MUSCLE support.

SC_CARD_TYPE_MUSCLE_JCOP242_NO_APDU_EXT

Fixes #463
 2015-05-13 09:50:21 +02:00
Doug Engert
c7af08c68a PIV - read just length of object to get size 
card-piv.c tries to read the first 8 bytes of an object to get object size
so it can allocate a buffer. It then reads the whole object. apdu.c has changed
over the years, and apdu.c will keep reading as long as the card returns
status of 61 XX  thus apdu.c will read the whole object while discarding
the extra data and returning to the caller only the first part of the data.
This in effect causes a double read of objects.

This patch sets SC_APDU_FLAGS_NO_GET_RESP to tell apdu to stop doing the
extra get-response commands thus avoiding most of the extra overhead.

This in not an optimal patch as it only works with T=1 cards/readers
but the patch is confined to just card-piv.c.
A better patch is in the works.

Fixes #462
 2015-05-13 09:24:46 +02:00
Viktor Tarasov
72b5d8fe9a md: use 'store-or-update' store certificate mode 2015-05-10 15:04:44 +02:00
vletoux
8ec000e80d minidriver: change the icon of the pinpad dialog 2015-05-10 15:04:44 +02:00
vletoux
ac82a96ccc minidriver: add my name in the author list 
setup: change the url to match the new one
 2015-05-10 15:04:44 +02:00
vletoux
aede9b164b minidriver: fix compilation warnings on x64 (size_t <> DWORD) 2015-05-10 15:04:44 +02:00
vletoux
33cf161941 minidriver: pinpad authentication is now working for smart card logon !!! (still needs 5 pinpad entries) 
minidriver: minor fixes
 2015-05-10 15:04:41 +02:00
vletoux
6127fe6b77 minidriver: change the UI (remplace a messagebox by a nice dialog) ; add a translation function for errors 2015-05-10 15:04:41 +02:00
vletoux
7d225e28f7 minidriver: add support for the special msroot file which contains the root certificates stored on the card. 2015-05-10 15:04:41 +02:00
vletoux
6b58b1db01 minidriver: merge CardUnblockPin and CardChangeAuthenticator into CardChangeAuthenticatorEx 2015-05-10 15:04:41 +02:00
vletoux
a671cf8fe2 CardAuthenticateEx: test for remaining attempts before ... 2015-05-10 15:04:41 +02:00
vletoux
659da4f538 minidriver: CardSignData - better parameter checking 2015-05-10 15:04:41 +02:00
vletoux
f3c9525137 fix attempt remaining regression if the card is blocked 2015-05-10 15:04:40 +02:00
vletoux
d96e53b102 minidriver: better error code if CARD_PIN_SILENT_CONTEXT is set 2015-05-10 15:04:40 +02:00
vletoux
ad47d4d043 minidriver: 
* factorize the code from CardAuthenticatePIN into CardAuthenticateEx
* allows authentication with the PINPAD without a UI

minidriver: fix some code analysis warnings
 2015-05-10 15:04:36 +02:00
vletoux
8062eac145 minidriver: fix CardQueryCapabilities and CardGetProperty fKeyGen flag. A read only card cannot generate keys 2015-05-10 15:04:36 +02:00
vletoux
f331b35c4e minidriver: make the parameter check be aware of pinpad capabilities 2015-05-10 15:04:36 +02:00
vletoux
a5593afc78 minidriver: better parameter checking with CardQueryKeySizes and CardGetContainerProperty 2015-05-10 15:04:36 +02:00
vletoux
1e78e16e65 fix memory leak in minidriver: the virtual filesystem is never freed and in some case when an error occurs 2015-05-10 15:04:35 +02:00
vletoux
8036388f29 minidriver PINPAD: fix a regression issue (the parameter - message - can be set to null) 
Improve the error code when the user cancel the operation ("The operation was canceled by the user" instead of "invalid parameter")

Signed-off-by: vletoux <vincent.letoux@gmail.com>
 2015-05-10 15:04:35 +02:00
vletoux
cb38657d47 CardSignData: add support for missing hash algorithm 2015-05-10 15:04:35 +02:00
vletoux
c5efcae029 CardRSADecrypt: better parameter checking 
CardRSADecrypt & CardSignData: better OpenSC -> minidriver error code translation
 2015-05-10 15:04:28 +02:00
vletoux
9544844d83 CardSignData: better error message if the card do not support the signing operation with the algorithm 
(replace the return code from internal error to unsupported)
 2015-05-10 14:35:42 +02:00
vletoux
54f462368b Fix CardSignData "invalid signature" bug when called from CryptSignHash(CRYPT_NOHASHOID) 2015-05-10 14:35:42 +02:00
vletoux
6aaf9d462c fix a problem: CardDeauthenticate(ex) do nothing, but the base CSP think that the user is deauthenticate from the card. 
The user is still authenticated !
 2015-05-10 14:35:41 +02:00
vletoux
b7f000d6b8 add parameter checking for CardSignData 2015-05-10 14:35:41 +02:00
vletoux
2667394f22 better parameter checks for CardGetProperty and CardSetProperty 
Added value for secure key injection (to reject it properly because it is not implemented)
 2015-05-10 14:35:41 +02:00
vletoux
6a2e9aa3b6 Merge branch 'upstream/master' 
Conflicts:
	src/libopensc/card-openpgp.c
	src/libopensc/pkcs15-gemsafeV1.c
	src/pkcs11/mechanism.c
 2015-05-10 14:35:41 +02:00
Viktor Tarasov
e0aec3764a pkcs15init: 'store-or-update' certificate option 2015-05-10 14:35:41 +02:00
Viktor Tarasov
3cf56d8fb7 pkcs15init: fix non-unique-ID control 2015-05-10 14:35:41 +02:00
vletoux
f154cdcaa4 pkcs15-pin: sc_pkcs15_unblock_pin: avoid to ask the PUK twice 2015-05-08 22:37:04 +02:00
Viktor Tarasov
3e0356b170 register CKM_ECDSA and CKM_ECDSA_SHA1 depending on card capabilities 
fix #429
 2015-05-08 20:45:56 +02:00
Philip Wendland
254320e34c myeid: seperate ECC from RSA flags 
Should keep the existing behavior, but improve readability.
 2015-05-08 20:45:37 +02:00
Philip Wendland
4142456c74 PIV, sc-hsm, myeid: register ECDH card capabilites 
Prior to 066132327c71300188aa66180fde2fb3d90c5140, CKM_ECDH1_DERIVE and
CKM_ECDH1_COFACTOR_DERIVE were always registered for cards that support
SC_ALGORITHM_ECDSA_RAW.
The mentioned commit changed this behavior, so that the ECDH mechanisms
are only registered for cards that set the SC_ALGORITHM_ECDH_CDH_RAW
capability flag.
To keep the existing behavior for the cards, they need to set this flag
in the card driver.
 2015-05-08 20:45:37 +02:00
Philip Wendland
78e434da93 register EC mechanisms with flags independent of RSA flags 
Prior to this commit, all hashes registered for RSA or other key types were
registered for ECDSA as well.

register ECDH mechanism only when supported by card

ECDH should only be registered if the card driver sets the
SC_ALGORITHM_ECDH_CDH_RAW flag.

register software PKCS#1 (1.5) padding only when RAW RSA is supported by card

If OpenSC supports PSS/OAEP padding or other padding mechanisms in
future, and there would be a card that enforces hardware PSS/OAEP
padding, the PKCS#1 v1.5 padding mechanism should not be registered.
 2015-05-08 20:45:27 +02:00
Philip Wendland
37b6f0bbdf IsoApplet: fix EC mechanism ext_flag 2015-05-08 20:19:36 +02:00
Hector Sanjuan
fd3d07a884 Issue #451: Newer DNIe not working with OpenSC. 
This patch fixes 3 issues which consecutively have shown up when debugging the original problem:

1 - Newer DNIe report a byte count for public certificates which is the compressed size,
while older DNIe report the uncompressed size. This resulted in short-reading the x509 certificates,
and in an error parsing. Therefore, during initialization we proceed to set path->count for
public certificates to -1. This ensures that the lenght of the certificates for reading
will be set to file-> length, which has the correct size.

2 - pkcs11-tool -t was broken for DNIe (old and new)as it tried to strip pcks11 padding
from the data to sign and OpenSC tried signatures with non-padded data
(as the card had SC_ALGORITHM_RSA_RAW).
The new algoflags (SC_ALGORITHM_RSA_HASH_NONE | SC_ALGORITHM_RSA_PAD_PKCS1) and the
removal of the strip-padding call fix the issue.

3 - The new cards won't allow setting the LE bytes when calculating the TLV, when LE equals
256. This caused an wrong SM object error response (0x69 0x88). Therefore,
we don't send the LE bytes anymore in this case.

The patch has been tested to work on the new problematic card and on another old one.

close #451
 2015-05-08 09:17:01 +02:00
Frank Morgner
ef4edb74ba fixed invalid free 
We duplicate mechanisms based on OpenSSL so that they can be freed along
all the card's algorithms created via sc_pkcs11_new_fw_mechanism. Fixes
regression from eaf548aa3dab80a9bbf51da8291e7db978e3a2ad
 2015-05-08 09:11:55 +02:00
Frank Morgner
e338b7c1ab framework-pkcs15: fixed memory leak when encoding pubkey 2015-05-08 09:11:55 +02:00
Frank Morgner
e84951a5bf fix resource leaks in while registering PKCS#11 mechanisms 
introduces a free_mech_data for sc_pkcs11_mechanism_type_t to clear the
mechanisms private memory
 2015-05-08 09:11:55 +02:00
Frank Morgner
2c32575e89 pkcs11-tool: fixed resource leak 2015-05-08 09:11:55 +02:00
Frank Morgner
ecc9b9dac9 openssl: fixed resource leak 2015-05-08 09:11:55 +02:00
Frank Morgner
8838388ceb pkcs15-infocamere: fixed resource leak 2015-05-08 09:11:55 +02:00
Frank Morgner
bbb803ff2e sc-hsm-tool: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
d96f25c147 pkcs15-tool: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
1f16f24052 pkcs15-init: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
a83da8a947 pkcs15-crypt: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
c65caed7f4 openpgp-tool: fixed resource leak 
VTA: slightly touched, original commit f0ddbf4
 2015-05-08 09:11:54 +02:00
Frank Morgner
b0a708b0bb pintest: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
efbd4068af sm-cwa14890: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
01e573b987 profile: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
6cb99be821 pkcs15-setcos: fixed resource leak 2015-05-08 09:11:54 +02:00
Frank Morgner
44253c63d0 pkcs15-rtecp: fixed resource leak 2015-05-08 09:11:54 +02:00
Viktor Tarasov
d636338eaf pkcs15-oberthur: fix memory leakage 2015-05-08 09:11:54 +02:00
Viktor Tarasov
ac84d282b1 myeid: fixed resource leak 
pkcs15-myeid: fix memory leakage
myeid: fix memory leakage
 2015-05-08 09:11:40 +02:00
Viktor Tarasov
475ce71453 iasecc: fixed resource leak 
pkcs15-iasecc: fix memory leakage
iasecc: fix memory leakage
 2015-05-08 09:11:20 +02:00
Frank Morgner
68becc8fc4 pkcs15-gpk: fixed resource leak 2015-05-08 09:11:19 +02:00
Frank Morgner
d4fd135e20 pkcs15-cflex: fixed resource leak 2015-05-08 09:11:19 +02:00
Frank Morgner
4af4308d19 authentic: fixed resource leak 
pkcs15-authentic: fixed resource leak
card-authentic: fixed resource leak
 2015-05-08 09:10:48 +02:00
Frank Morgner
e215b7b4fb sm-common: fixed resource leak 2015-05-08 09:10:48 +02:00
Frank Morgner
3cfb44d704 pkcs15-syn: fixed resource leak 2015-05-08 09:10:48 +02:00
Frank Morgner
841d89dda6 pkcs15-pubkey: fixed resource leak 2015-05-08 09:10:47 +02:00
Viktor Tarasov
18e962942b pkcs15-data: fix memory leakage 2015-05-08 09:10:47 +02:00
Frank Morgner
3a6c4a0e1d pkcs15-cache: fixed resource leak 2015-05-08 09:10:47 +02:00
Frank Morgner
9263da49aa pkcs15: fixed resource leak 2015-05-08 09:10:47 +02:00
Frank Morgner
c7afbb4ca2 pkcs15-algo: fixed resource leak 2015-05-08 09:10:47 +02:00
Frank Morgner
1f69a0d687 fixed indenting 2015-05-08 09:08:24 +02:00
Frank Morgner
6523f3fcb9 added LOG_TEST_GOTO_ERR and SC_TEST_GOTO_ERR 
Don't forget to set the error label!
 2015-05-08 09:08:24 +02:00
vletoux
689ece205a card-masktech.c: code improvements 
fixes #457
 2015-05-08 09:07:40 +02:00
vletoux
976db5cb04 card-masktech: initial commit 
card-masktech.c: fix building issues on the integration platform

card-masktech.c: fix linux compilation errors

honour HAVE_CONFIG_H

card-masktech.c: take in account Frank's remark about extended APDU in masktech_decipher

remove trailing spaces
 2015-05-05 10:13:26 +02:00
vletoux
1586f240f4 iso7816.c: fix SC_PIN_CMD_IMPLICIT_CHANGE with pinpad 
When a pinpad is used, the old pin is asked whatever, even if a previous authentication happenened or if the card doesn't support it.
 2015-05-05 09:56:39 +02:00
Andreas Schwier
ed588d2443 pkcs11: fixed broken C_Decrypt 
Fixed broken C_Decrypt from 643080baf9

fix #449
 2015-04-30 15:57:44 +02:00
Viktor Tarasov
f0189e8378 pkcs11-tool: option to 'decrypt some data' 2015-04-30 15:57:44 +02:00
Andreas Schwier
0dba2d453f sc-hsm: fix signed char for ARM platforms 
char is unsigned by default on ARM

fix #450
 2015-04-30 12:03:01 +02:00
viktorTarasov
c754e3f197 Merge pull request #444 from frankmorgner/pkcs11-error-handling 
Improved error handling for PKCS#11 module
 2015-04-25 13:04:07 +02:00
Thomas Calderon
0a754b694e pkcs11-tool: pass key usage flags to created objs 
* Command-line parameters were introduced to specify key usage
  (--usage-{sign,decrypt,derive}). However, those are not used when importing
  external objects using C_CreateObject function.

fix #445
 2015-04-25 12:28:48 +02:00
Doug Engert
ee23d28654 EC field_length changes for non-multiple of 8 bits curves 
In OpenSC the EC field_length is the number of bits in the field.
Most curves have a field_length which is a multiple of 8 bits
but there are many that are not.

The X and Y points and privateD are stored in octetstrings
so there may need to be an extra byte in the octetstring.

An OpenSSL BIGNUM will drop leading zero bytes, so its size can not be used
to determine the field_length.

fix #440
fix #433
 2015-04-25 12:21:39 +02:00
Shaun Schutte
665807d6de Rename minidriver-italian-cns to minidriver-italian-cns.reg 2015-04-24 09:45:20 +02:00
Shaun Schutte
e456074fd9 Create minidriver-italian-cns 
These are the required registry values to get the Italian CNS card working under Windows 7 32 bit and 64 bit.
 2015-04-23 16:54:11 +02:00
Frank Morgner
bcb5fc15e5 honour HAVE_CONFIG_H 2015-04-22 23:55:33 +02:00
Frank Morgner
9f318b829f remove slots of removed readers 2015-04-21 02:00:06 +02:00
Frank Morgner
02f3997632 added error handling to print_ssh_key 2015-04-21 01:32:37 +02:00
Frank Morgner
e359b2a310 handle unexpected meltdown of PC/SC service 2015-04-21 01:09:21 +02:00
Frank Morgner
cbc43eeb88 fixed compiler warning 2015-04-21 01:04:18 +02:00
Frank Morgner
c8a7c8bc7a fixed typo 2015-04-21 01:04:18 +02:00
Frank Morgner
54f285d57a correctly handle readers that have been removed 2015-04-21 01:04:18 +02:00
Frank Morgner
c45c90a337 sc_pkcs11_close_all_sessions: close all sessions even if closing one fails 2015-04-20 16:18:11 +02:00
Thomas Calderon
23ca1f101d pkcs11-tool: Add support for creating EC privkey 
* This patch allows to create EC private keys. The feature re-use the GOST
  parsing function as instanciating an ECDSA key is the same as a GOST key.
 2015-04-15 08:58:05 +02:00
Frank Morgner
a7a903fd81 check ATRs even for forced card driver 
some card drivers depend on a card type which is initialized by matching the card's ATR
 2015-04-15 08:56:22 +02:00
Viktor Tarasov
96556dea7b fix #433: EC privateD octetstring may need leading zeros 2015-04-12 13:35:27 +02:00
German Blanco
6caa85f238 Issue 395. Avoiding a couple of memory leaks. 2015-04-12 11:35:09 +02:00
Frank Morgner
6e84ee0ba7 pkcs11-tool: honour unsupported signature mechs 2015-04-12 11:28:25 +02:00
Frank Morgner
643080baf9 honour key capabilities for decryption/verification 
fixes #419
 2015-04-12 11:28:25 +02:00
Frank Morgner
d7ab0df51d export sc_pkcs15_bind_internal 
allows bootstrapping an external pkcs15 driver
 2015-04-12 11:28:25 +02:00
Viktor Tarasov
3e2d51e0ba iasecc: use PIN PAD with variable PIN length 2015-04-11 16:47:13 +02:00
Viktor Tarasov
5757d82cc9 libopensc: stored-length member in PIN CMD data 2015-04-11 16:45:17 +02:00
Viktor Tarasov
49598b6016 libopensc: invalid OID comparison for EC keys 
Thanks to Peter Popovec <popovec.peter@gmail.com>
 2015-04-09 11:49:05 +02:00
vletoux
ce962c14f4 fix #425: guid computation issue 
Compilation without OpenSSL - guid computation issue
This case is triggered when:
- built without OpenSSL
- called from a minidriver where id.len = 1
- card number is less than 15 bytes

(VTA: codding style slightly touched)
 2015-04-08 18:41:51 +02:00
Dirk-Willem van Gulik
4000e6d5b0 Add missed option debug info 
Fix misspelled key in --help output (thanks Philip Wendland).
 2015-04-08 18:03:46 +02:00
vletoux
8ea328ff7f Minor code quality improvements. 
Basically checks that the memory allocation succeed.

The ctbcs.c change improve the readability
because count = 0 and len > 254 does not add any value.

VTA: added few coding style changes
 2015-04-05 13:15:57 +02:00
Frank Morgner
db860c0d2a export sc_sm_stop 2015-04-04 22:09:22 +02:00
Philip Wendland
fa045d44ec pkcs11-tool: Let the user choose the ECDSA signature format 
Instead of hard-coding the format depending on whether OpenSC was compiled with
OpenSSL or not, the user should be able to choose the format himself.
The default format now is the normal concatenation of R,S both for CKM_ECDSA
and CKM_ECDSA_SHA1.
 2015-04-04 22:01:22 +02:00
Philip Wendland
f93835add9 Allow log functions to be called with ctx==NULL 
This change allows functions to be used from places where there is no
sc_context (ctx) available.
 2015-04-04 22:01:22 +02:00
Viktor Tarasov
95ad11a253 iasecc: special case for 'Gemalto GemPC Pinpad' 
issue 424
VTA: this pinpad, the only available, do not accept different values
for min and max PIN lengths in P10 block.
 2015-04-04 21:41:28 +02:00
Frank Morgner
c0fac2a4f6 stop SM in case of SM errors 2015-04-02 09:54:41 +02:00
Frank Morgner
e07c4bcfbb added sc_sm_stop 
implementation taken from the ISO SM driver of
https://github.com/frankmorgner/vsmartcard/tree/master/npa
 2015-04-02 09:54:41 +02:00
Frank Morgner
30b24e79c0 fixed memory corruption in encode_file_structure 
as suggested by Peter Popovec
 2015-04-01 09:42:21 +02:00
Dirk-Willem van Gulik
88ec461bc5 tool: RFC4716 compliant key output 
Add a comment field to the ssh key output if a label is set on the key. Add RFC4716 compliant key output for the new breed of modern (mobile) SSH clients.

VTA: use short form of log call in iso7816
 2015-03-31 19:09:25 +02:00
Frank Morgner
0790969b97 recognize short EF identifier 2015-03-31 18:48:57 +02:00
Thomas Calderon
4a4d750e73 iasecc: Fix log output is always displayed 
* iasecc_read_public_key function uses SC_SUCCESS instead of log level
  value, hence the log output is always displayed. This uses
  SC_LOG_DEBUG_NORMAL instead.

VTA: updated to use short form of LOG macro
 2015-03-31 18:47:11 +02:00
Thomas Calderon
117f3a74be iasecc: Fix key usage when provisioning card 
* Avoids overriding key_usage when creating objects on the card.
 2015-03-31 18:25:54 +02:00
Robert Quattlebaum
548c2780d3 Add support for ACOS5-64 cards. 
The ACOS5-64 cards have a different ATR than the original
ACOS5-32 cards. This change simply adds this ATR so that it
will be recognized properly.
 2015-03-29 14:09:35 +02:00
vletoux
5007e9fc9f md: fix build without OPENSSL_VERSION_NUMBER 
Fix the WCHAR / CHAR conversion problem in CardAuthenticateEx in case of PinPAD (vs->wzPinContext is UNICODE)
Fix UNICODE compilation problem( MessageBoxA instead of MessageBox)
 2015-03-29 13:59:21 +02:00
vletoux
3b873adad2 win32: allows UNICODE built. 
UNICODE is set by default by Visual Studio (but can be deactived)
The trick is to force ANSI version by appending a A to the function calls.
 2015-03-29 13:54:51 +02:00
Philip Wendland
c8d206ece1 IsoApplet: Increase indicated version to 00.06 
Backward compatiblity with 00.05 is kept.
 2015-03-29 13:34:58 +02:00
Philip Wendland
9078856675 IsoApplet: register ECC mechanisms only when ECC is supported by card 
There are few Java Cards that do not support ECDSA at all.
Starting with IsoApplet version 00.06, the applet returns whether the card
supports ECDSA or not. This commit uses this information to decider whether to
register ECDSA mechanisms or not.
 2015-03-29 13:34:58 +02:00
Philip Wendland
76facf0d73 IsoApplet: add support for GET CHALLENGE 2015-03-29 13:34:58 +02:00
Philip Wendland
e258cec13e IsoApplet: Add nistp224, secp192k1 and secp256k1 curves 
secp*k1 curves are only supported applet version >= 0.6.0 because of an issue
with encoding ECC public keys with small parameters.
 2015-03-29 13:34:58 +02:00
Philip Wendland
ab5ca331b2 IsoApplet: Obtain applet version and card capabilities *after* match_card() 2015-03-29 13:34:58 +02:00
Philip Wendland
bba6e17aa9 isoApplet: Fix indentation of isoApplet.profile 2015-03-29 13:34:58 +02:00
Viktor Tarasov
090aed2fc2 ec: fix length of allocated mem for EC signature 
discussion in PR #398
 2015-03-29 13:08:01 +02:00
Philip Wendland
4b51b99748 pkcs11-tool: harmonize supported ECC curves 
pkcs15-pubkey.c holds a struct containing supported ECC curves. The contents of
this struct are being harmonized with pkcs11-tool supported curves.
 2015-03-29 12:55:54 +02:00
Frank Morgner
f3573ede0d fixed requesting PACE features 2015-03-29 12:42:13 +02:00
Andreas Schwier
b1bdfae200 sc-hsm: revert broken a4c8d671 
sc-hsm: Fixed minimum value for number of password shares
 2015-03-29 12:40:44 +02:00
Wouter Verhelst
5149dd3e62 belpic: Support 2K cards 
Recent BELPIC cards (issued since March 2014) have a validity of 10
years (rather than 5 as before), and therefore also increased the key
size from 1024 bits to 2048 bits.

Key size can be detected by checking the applet version, for which we
have to issue a "GetCardData" command. If the applet is version 0x17 or
higher, keys are 2048 bits.

Use #defines rather than magic numbers

Keeps the code slightly more readable.

While we're at it, refactor slightly so that the code which issues the
GET CARD DATA command doesn't just keep the applet version, but also
makes other things available.

This latter in preparation of setting the serial number.
 2015-03-29 12:11:44 +02:00
Frank Morgner
c019a62309 pkcs11: parameter checking for 'get_mechanism_list' 
fixes #409
 2015-03-29 12:11:08 +02:00
Thomas Calderon
435291f216 iasecc: initial support for Morpho IAS Agent Card 
* This commit adds initial support for Morpho French Agent card which is an
    IAS card. Signature operations are working. Since my test card was
    read-only, I was unable to test object management functions.

  * Add missing copy of AID in structure
 2015-03-29 12:10:55 +02:00