4de0d06a93
use single quotes for passing define
...
makes sure that the shell doesn't evaluate parts of the define
2018-07-17 14:49:27 +02:00
a0b6643fa7
Use hard coded default SM module (path)
...
- avoids the need to set this default in opensc.conf
- fixes loading of (unknown) local library
- removes some unused defines from config.h
2018-07-17 14:49:27 +02:00
e226ad265a
Removed unused option `hide_empty_tokens`
2018-07-17 14:49:27 +02:00
47ee3a3978
added manual page opensc.conf(5)
...
splits the HTML documentation into files.html and tools.html
2018-07-17 14:49:27 +02:00
16275c2683
fixed memory leak
2018-07-17 13:31:14 +02:00
3042a39705
removed unused variable
2018-07-17 13:16:06 +02:00
fbc9ff84bc
Some cards may return short RSA signatures without leading zero bytes.
...
Add leading zeros to RSA signature so it is the size of modulus.
Return modulus length.
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2018-07-11 22:30:50 +02:00
1eaae6526b
pkcs15-tool: Build with current gcc
...
The argument to strncpy is not the length of the target buffer,
but the source one (excluding the null byte, which will be
copied anyway).
2018-07-11 10:48:10 +02:00
e9314adf4b
Testsuite also depends on openssl, use correct variables for linking
2018-07-11 10:48:10 +02:00
7c8ed4dc03
Correct name in the automake
2018-07-11 10:48:10 +02:00
3a7a1ba31f
Do not fail if we found unknown tag or the count does not match
...
* The HID tokens present such undocumented tags
2018-07-11 10:48:10 +02:00
bf3382d4d9
Standardize logging and include also AID
2018-07-11 10:48:10 +02:00
3480d9fc99
Log also information about unitialized slots with correct labels
2018-07-11 10:48:10 +02:00
1c2a7f8dd2
HID Alt tokens have the other bunch of slots in other undocumented AID
2018-07-11 10:48:10 +02:00
1eb8391b4a
OpenPGP: slightly re-factor pgp_get_card_features()
...
* length checks where needed
* more & better comments
2018-07-11 10:47:39 +02:00
7332a37abb
OpenPGP: add serial number to card name
2018-07-11 10:47:39 +02:00
6d6efa2ded
OpenPGP: fix FIXME in pgp_new_blob()
...
Form a correct path instead ofmusising an array of 2 u8's.
Perform proper error checking.
2018-07-11 10:47:39 +02:00
215fcdad15
OpenPGP: include detailed version into card name
...
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
2018-07-11 10:47:39 +02:00
2e1b47a79a
OpenPGP: improve get_full_pgp_aid()'s parameter checking
2018-07-11 10:47:39 +02:00
2a7a6a62fa
OpenPGP: limit scope of variable
2018-07-11 10:47:39 +02:00
15125b03ab
OpenPGP: use LOG_FUNC_CALLED & LOG_FUNC_RETURN symmetrically
...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
2018-07-11 10:47:39 +02:00
fcecd1bdd2
OpenPGP: update comments on function use: ABI or internal
2018-07-11 10:47:39 +02:00
0d6be5db26
OpenPGP: define & set LCS (lifecycle support) as extended capability
...
Use it in pgp_erase_card() to slightly simplify the code.
2018-07-11 10:47:39 +02:00
3af54b2fe0
OpenPGP: harmonize some comments
2018-07-11 10:47:39 +02:00
3a59b0a182
OpenPGP: parse "extended length info" DO 7f66 on init
2018-07-11 10:47:39 +02:00
f73005791c
OpenPGP: improve parsing of extended capabilities
2018-07-11 10:47:39 +02:00
dea5fd9551
OpenPGP: add new DOs introduced with OpenPGP card spec v3.0 & v3.3
...
For some files spec states CONSTRUCTED, but we treat them as SIMPLE,
because we only need parts of their contents.
2018-07-11 10:47:39 +02:00
9dbdf42e9e
OpenPGP: update references to specifications
2018-07-11 10:47:39 +02:00
14cd6ee39e
OpenPGP: clarify meaning of padding byte in pgp_decipher()
2018-07-11 10:47:39 +02:00
4323a3d37c
OpenPGP: add new DO D5 introduced with OpenPGP card spec v2.1
...
... and make it accessible for v2.1+ cards
2018-07-11 10:47:39 +02:00
4ec37adea8
OpenPGP: extend manufacturer list in pkcs15-openpgp.c
2018-07-11 10:46:56 +02:00
332535c544
Workaround subject and issuer fields overflow
...
Structure `x509cert_info` fields `subject` and `issuer`
are doubled in size up to 512 bytes.
We have to use dynamic memory allocation
to completely overcome the issue.
Relates to OpenSC/OpenSC#1412 .
2018-07-11 10:13:14 +02:00
2c0d1b9ab0
reset sc_card_t during card detection
...
fixes https://github.com/OpenSC/OpenSC/issues/1417
2018-07-11 10:12:42 +02:00
6f8bfc399b
Fix usage indicator for PSS
2018-07-11 10:07:28 +02:00
6e0689638c
Add checking for supported CKM_RSA_PKCS_PSS combinations
2018-07-11 10:07:28 +02:00
e2f0e367b1
Implement RSA PSS for GoID / SmartCard-HSM
2018-07-11 10:07:28 +02:00
99fa4f4a57
pkcs15-tool: harmonize non-short output for -C, -D,
...
Make sure to have an empty line between information printed for individual
objects, but not in short mode.
This makes output of -D and -C more consistent.
2018-07-11 10:05:30 +02:00
a6b4605b86
card-piv.c: initialize variable to fix a ppc64el build failure
...
This fixes a build failure with optimized ppc64el and new gcc builds
card-piv.c: In function ‘piv_validate_general_authentication.isra.3’:
card-piv.c:2390:9: error: ‘rbuflen’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-07-11 09:54:51 +02:00
88de66bb13
fixed `make distcheck`
2018-07-04 18:12:58 +02:00
4db9db7403
Add GenericName to the desktop file
...
Add optional GenericName to org.opensc.notify.desktop. GenericName is
recently widely used for menu rendering in desktop environments.
2018-07-04 09:50:07 +02:00
155ecc11f3
Adjust the p11test readme after merge
...
Resolves : #1415
2018-07-04 09:46:43 +02:00
452e1d3b96
fixed used of uninitialized return value
2018-06-30 01:17:57 +02:00
b3e3ab61c0
avoid integer underflow
2018-06-29 17:14:55 +02:00
971dac2f78
unignore result
2018-06-29 17:14:55 +02:00
6184c1fbab
avoid out of bounds read
2018-06-29 17:14:55 +02:00
03c5280626
avoid NULL dereference
2018-06-29 17:14:55 +02:00
ed0d829eab
removed unused check
2018-06-29 17:14:55 +02:00
259b7ec41c
check return value
2018-06-29 17:14:55 +02:00
c026f37677
warn about error in sc_enumerate_apps
2018-06-29 17:14:55 +02:00
6819759946
fixed memory leak
2018-06-29 17:14:55 +02:00
5f39d7ab74
use correct length of binary ATR
2018-06-29 17:14:55 +02:00
0e9565754c
avoid uninitialized output after sc_file_dup
2018-06-29 17:14:55 +02:00
31cbf83738
build: support >=libressl-2.7
2018-06-28 08:58:07 +02:00
0603c3b7fc
iso7816: fix typo in previous commit
2018-06-24 10:34:49 +03:00
2818e0f703
iso7816: update & extend error codes
...
While at it, do some space policing.
2018-06-24 10:34:49 +03:00
1ca1a024df
card-npa: fixed memory leak
...
fixes https://github.com/OpenSC/OpenSC/issues/1396
2018-06-22 09:23:00 +02:00
d831076974
opensc-notify: use generic icon
...
fixes https://github.com/OpenSC/OpenSC/issues/1402
2018-06-22 08:52:49 +02:00
5dcea4440e
pkcs15-tool: added support for reading NIST ssh keys
...
'pkcs15-tool --read-ssh-key' is now able to read NIST ECC keys from card.
Only 256, 384 and 521 field lengths are supported (same as allowed in
ssh-keygen -t ecdsa). Issue #803 is partialy fixed by this patch.
Openssh PKCS11 interface patches for ECC are now available, please check
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
2018-06-21 15:26:15 +02:00
1f352d4c6d
muscle: Properly clean up the applet memory footprint
2018-06-21 12:48:57 +02:00
5b3da5d462
cac: Missing memory cleanup
2018-06-21 12:48:57 +02:00
2682741293
cac: Avoid segfaults from get_challenge()
2018-06-21 12:48:57 +02:00
f392d7426f
Utilize autoconf variables for cmocka usage
2018-06-21 12:48:57 +02:00
9c2afad417
fixed copy/paste error
2018-06-20 00:56:01 +02:00
8b3f5b7d97
epass2003: fixed logical error
2018-06-19 23:24:36 +02:00
9150d92447
fixed out of bounds access
2018-06-19 23:22:00 +02:00
d8cdf66d3d
fixed memory leak
2018-06-19 23:15:29 +02:00
63ed8d7368
gids: file selection via gids_select_file
2018-06-19 08:00:01 +02:00
46c0bbd803
gids: use file id instead of path in gids_delete_key_file
2018-06-19 08:00:01 +02:00
ab16228e26
gids: fix gids_delete_cert
2018-06-14 14:05:45 +02:00
31941bc3d9
sc-hsm: Ensure that applet returns version information ( Fix #1377 )
2018-06-11 22:51:45 +02:00
7c99adaaa6
PIV: limit scope of some variables
2018-06-11 22:37:42 +02:00
f2ba0ad9be
PIV: refactor to use sc_compacttlv_find_tag()
2018-06-11 22:37:42 +02:00
40b02b2582
Namespace the function name, update comment
2018-06-11 22:31:44 +02:00
50b5eb3b69
Allow using up to 16 certificates
2018-06-11 22:31:44 +02:00
9dda83e48e
cac: Verbose logging, avoid OOB reads
2018-06-11 22:31:44 +02:00
930d457304
Log bad length buffers
2018-06-11 22:31:44 +02:00
298afb072e
Properly check length also of the applet entry
2018-06-11 22:31:44 +02:00
f27ee858c2
Carefully check the length of the buffers before accessing them.
...
The lengths are static and based on the GCS-IS 2.1 specification
2018-06-11 22:31:44 +02:00
a73b3d549b
Address review comments:
...
* Refactor cac_properties_t structure to make its creation more readable
* Avoid manual allocation in cac_get_acr() and clean up bogus pointers
* Avoid bogus comments
* Properly check lengths of retrieved values
2018-06-11 22:31:44 +02:00
aacac57230
Another note/todo about PINs on uninitialized cards
2018-06-11 22:31:44 +02:00
d24c23ac0c
Use applet properties to recognize buffer formats
...
Previously, the code handled all the data objects as SimpleTLV,
which caused invalid encoding when we tried to merge TL + V buffers
into single PKCS#15 buffers.
This change is using GET PROPERTIES APDU after applet selection
to explore objects, figure out encoding and check the status of
PKI objects initialization to avoid reading them.
2018-06-11 22:31:44 +02:00
450cff470a
Inspect the Alt tokens through the ACA applet
...
The previous solution was just guessing AIDs of the PKI objects
and trying if they answer.
This solution is inspecting card based on the Service Applet Table
(listing all the applets on the card) and using GET PROPERTIES APDU
listing all the available OIDs of the applet.
This was successfully tested with standard CAC card
(with different ACA AID) and uninitialized HID Alt tokens with empty
certificates slots.
2018-06-11 22:31:44 +02:00
ee7b6f4035
cac: Log unknown tags
2018-06-11 22:31:44 +02:00
cde06a499c
Use correct AID and Object ID
2018-06-11 22:31:44 +02:00
2138d5fe32
One more todo based on the testing with a new libcacard
2018-06-11 22:31:44 +02:00
426914674c
Unbreak encoding last tag in the data objects
2018-06-11 22:31:44 +02:00
5b420318d4
Allocate private data outside and avoid memory leaks
2018-06-11 22:31:44 +02:00
92df907681
Typo, clean up comments, dump more useful information from CCC
2018-06-11 22:31:44 +02:00
52451ac438
card-cac.c: Dump also the MSCUID
2018-06-11 22:31:44 +02:00
335c242ce0
Filter certificates other than CKC_X_509
2018-06-08 08:28:37 +02:00
89a8e0cb64
Avoid memory leaks from the failed card detections
2018-06-08 08:26:49 +02:00
23706635a8
cardos: create pin in mf
...
If cardos cards are initialized by other software and there is a pinref
without the msb set, also the pin verify works without that bit set.
This patch changes pin initialisation so that the pin is created in mf
which has the effect that pin verify works without | 0x80 to the
pin ref.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
2018-06-08 08:23:37 +02:00
694822554e
dnie: Consider that everything not APPLE or WIN32 is "linux"
...
This should fix the FTBFS on architectures like kfreebsd
Fixes : #1366
2018-06-08 08:22:58 +02:00
e6ad737430
OpenPGP: add cast forgotten in previous commit
2018-06-08 08:21:11 +02:00
ba9eebceaf
OpenPGP: refactor do_dump_do()
...
- limit length of data to write even in raw mode to the real length
- cluster variuable definitions
- restrict scope of variables
- introduce a variable length to make the purpose more obious
- start preprocessor directives at column one
- add comments where needed
- harmonize coding style: space after "if" and casts
2018-06-08 08:21:11 +02:00
4a1bf9fb21
OpenPGP: limit output of -d in non-raw mode to real length
2018-06-08 08:21:11 +02:00
85f4ba6c5f
OpenPGP: allow calling -d multiple times
...
Put the arguments passed to option -d into an array instead of only
storing the latest value.
During output, iterate over the values passed in via the option.
2018-06-08 08:21:11 +02:00
1da7da5e99
OpenPGP: make parsing of option -d more robust
...
* accept flexible option arguguments: 1-4, 101-104, 0101-0104, ...
2018-06-08 08:21:11 +02:00
41d89b52fc
OpenPGP: treat option --del-key as an action
2018-06-08 08:21:11 +02:00
da6e30b38b
OpenPGP: clarify usage text
2018-06-08 08:21:11 +02:00
Frank Morgner
Doug Engert
Jakub Jelen
Peter Marschall
Eugene Bright
asc
Leif Erik Wagner
Gianfranco Costamagna
Stanislav Brabec
Jakub Jelen
Alon Bar-Lev
Peter Popovec
ytoku
Andreas Kemnade
Laurent Bigonville