Fix various spelling errors, mostly in comments but also in texts displayed.
Errors found & interactively fixed using 'codespell', with additional manual
checks after the fixes.
MyEID starting version 4.5 supports 4K RSA keys. The card also
now supports proper APDU chainging (for sending large APDUs) and
receiving large responses via GET_RESPONSE splitting.
This updates the following:
* detection code properly announces 3K and 4K RSA support
when available
* APDU chaining is used when possible
* use ISO GET_RESPONSE handling for large responses
* max_recv_size is set to 256 which it always was supposed to be
as the old cards respond with that large responses too
* use the 2K signing kludge only on cards that need it
* unwrap and decipher code paths unified to the extent possible
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
pkcs15: added function to get a specific supported algorithm, checking also OID.
This is needed because for AES there are different OIDs for each key length.
We can't check for `tag == SC_ASN1_TAG_EOC` directly, because this
would also be true for a tag of 0x80 (with `class ==
SC_ASN1_CLASS_CONSTRUCTED`). So what we do is we check for the output
buffer to be NULL!
fixes https://github.com/OpenSC/OpenSC/issues/1273
card-cac.c
* CLANG_WARNING: The left operand of '<' is a garbage value
card-coolkey.c
* CLANG_WARNING: overwriting variable
* CPPCHECK_WARNING: memory leak / overwrite variable
* CLANG_WARNING: null pointer dereference
* UNUSED_VALUE: unused return value
card-gids.c
* CLANG_WARNING: Branch condition evaluates to a garbage value
* SIZEOF_MISMATCH: suspicious_sizeof
card-myeid.c
* RESOURCE_LEAK: Variable "buf" going out of scope leaks the storage it points to.
* CLANG_WARNING: overwriting variable
* (rewrite not to confuse coverity)
pkcs15-cac.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-coolkey.c
* UNUSED_VALUE: unused return value
pkcs15-piv.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-sc-hsm.c
* DEADCODE
pkcs11/framework-pkcs15.c
* RESOURCE_LEAK: Variable "p15_cert" going out of scope leaks the storage it points to.
pkcs15init/pkcs15-lib.c
* CLANG_WARNING: Assigned value is garbage or undefined
pkcs15init/pkcs15-myeid.c
* UNREACHABLE: Probably wrong placement of code block
tests/p15dump.c
* IDENTICAL_BRANCHES
pkcs15-init.c
* CLANG_WARNING: Potential leak of memory pointed to by 'args.der_encoded.value'
pkcs15-tool.c
* RESOURCE_LEAK: Variable "cert" going out of scope leaks the storage it points to.
* MISSING_BREAK: The above case falls through to this one.
sc-hsm-tool.c
* CLANG_WARNING: Potential leak of memory pointed to by 'sp'
westcos-tool.c
* FORWARD_NULL: Passing null pointer "pin" to "unlock_pin", which dereferences it.
* (rewrite not to confuse coverity)
card-cac.c
* Avoid malloc with 0 argument
gids-tool.c
* FORWARD_NULL -- copy&paste error
scconf.c
* CLANG_WARNING: Call to 'malloc' has an allocation size of 0 bytes
closes#982
Since "Add GCC format checking attributes to log functions" commit GCC
warns us about problems with format strings and their arguments provided
to OpenSC message logging functions.
This commit fixes all cases where GCC warned about incorrect format on
64-bit Linux, 32-bit and 64-bit mingw builds (with SM and OpenSSL enabled).
Well, almost all since on mingw GCC does not recognize "ll" size specifier
(present at least since Visual Studio 2005, also in mingw own CRT) so these
(few) warnings about it remain.
In most cases format size specifier for size_t type was missing (usually
size was left at default int level, with is different on 64-bit x86).
Some formats had too few / too many arguments.
In some cases pointers were printed as integers.
Some long variables were missing "l" prefix (especially with regard to %x
format).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
b94c163 - invalid, non-tested
11881a6 -- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7 -- src/pkcs11/slot.c -- SEGFAULT issue #3733a92bf7 -- src/tools/piv-tool.c -- confirmed by author
6759c04 -- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
The original ECC code in OpenSC stored the ecpointQ as a DER encoded OCTET STRING.
Shortly before 0.13.0, code changes where made to store the ecpointQ as raw data
without the DER encoding.
Only some of the code was changed to support this but not all, and the comments
that said the ecpointQ was in DER where not changed either.
Some card drivers continued to work, using the original code in all place,
while some cards failed, as they where using a mixture of original code and
0.13.0 code.
This commit fixes these problems.
The ecpointQ is stored in raw format
A new structure type sc_pkcs15_u8 is defined.
The ecpointQ are changed to use the struct sc_pkcs15_u8. This was done to avoid
the confusion of using struct sc_pkcs15_der to hold non-DER encoded data.
(There may be other uses for this too...)
Comments are change is many places.
sc_pkcs15_decode_pubkey_ec was fixed to store the raw ecpointQ correctly.
sc_pkcs15_pubkey_from_spki was change to get the sc_ec_params from the alg_id
and fix up u.ec.params. Unfortunately the OpenSC code has two places EC parameters
are stored. They can get out of sync, or there may still be code
that looks in the wrng oplace. o(TODO get it to only only place.)
The u.ec.params.field_length is now set in a number of places, as this is need
in many of the PKCS#11 routines.
framework-pkcs15.c will now correctly return the DER encode ecpointQ,
for the CKA_EC_POINT attribute using pubkey->data which has the DER encoding
for the ecpointQ.
framework-pkcs15.c will look for the EC parameters in either the u.ec.params.der,
or in the alg_id->params. (TODO get it to only only place.)
pkcs15-myeid.c has some comments, as it looks like the code is storing a TLV
rather then a DER encoding of the ecpointQ. With the wrong encoding PKCS#11 will
return the wrong attribute for CKA_ECDSA_PARAMS.
pkcs15-piv.c is changed so emulation of a pubkey taken from a certificate will
work correctly.
According to ch.4.2 of MyEID reference manual v1.7.6 the only possible value of P2 of 'SELECT' APDU is '00'.
For this reason, when caller do not request to return 'sc_file' data,
use the non-null dummy 'sc_file' pointer in the call of iso->select_file,
and thus avoid the P2 different from '00'.
Also log calls are replaced by its short forms,
and resolved the 'trailing spaces' issues.
pkcs15-myeid.c:251:4: warning: Value stored to 'type' is never read
type = SC_PKCS15INIT_USER_PIN;
^ ~~~~~~~~~~~~~~~~~~~~~~
pkcs15-myeid.c:244:4: warning: Value stored to 'type' is never read
type = SC_PKCS15INIT_SO_PIN;
^ ~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5148 c6295689-39f2-0310-b995-f0e70906c6a9
the first usage is to update the public key PKCS#15 object attributes
and to encode it's direct value.
(support of the Oberthur's AuthentIC V3.2 card)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5001 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-myeid.c: In function ‘myeid_generate_key’:
pkcs15-myeid.c:687: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4202 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-myeid.c: In function ‘myeid_new_file’:
pkcs15-myeid.c:321: warning: assignment discards qualifiers from pointer target type
pkcs15-myeid.c:323: warning: assignment discards qualifiers from pointer target type
pkcs15-myeid.c:325: warning: assignment discards qualifiers from pointer target type
pkcs15-myeid.c:327: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4201 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
This patch is not largely tested and it will be followed (hope in a few hours) with another one
that will replace the using of the static pincache
with the pincache as the content of the AUTH pkcs15 object.
In the intervention into the card specific part I tried to respect its creator's coding style.
Sorry, if it's not always the case.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4057 c6295689-39f2-0310-b995-f0e70906c6a9
Peter Marschall
Timo Teräs
Frank Morgner
Hannu Honkanen
Jakub Jelen
Maciej S. Szmigiero
Michał Trojnara
Frank Morgner
Viktor Tarasov
Doug Engert
sjoblomt
vtarasov
ludovic.rousseau
andre
viktor.tarasov
aj