Frank Morgner
4de0d06a93
use single quotes for passing define
...
makes sure that the shell doesn't evaluate parts of the define
2018-07-17 14:49:27 +02:00
Frank Morgner
a0b6643fa7
Use hard coded default SM module (path)
...
- avoids the need to set this default in opensc.conf
- fixes loading of (unknown) local library
- removes some unused defines from config.h
2018-07-17 14:49:27 +02:00
Frank Morgner
e226ad265a
Removed unused option `hide_empty_tokens`
2018-07-17 14:49:27 +02:00
Frank Morgner
47ee3a3978
added manual page opensc.conf(5)
...
splits the HTML documentation into files.html and tools.html
2018-07-17 14:49:27 +02:00
Frank Morgner
16275c2683
fixed memory leak
2018-07-17 13:31:14 +02:00
Frank Morgner
3042a39705
removed unused variable
2018-07-17 13:16:06 +02:00
Doug Engert
fbc9ff84bc
Some cards may return short RSA signatures without leading zero bytes.
...
Add leading zeros to RSA signature so it is the size of modulus.
Return modulus length.
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2018-07-11 22:30:50 +02:00
Jakub Jelen
1eaae6526b
pkcs15-tool: Build with current gcc
...
The argument to strncpy is not the length of the target buffer,
but the source one (excluding the null byte, which will be
copied anyway).
2018-07-11 10:48:10 +02:00
Jakub Jelen
e9314adf4b
Testsuite also depends on openssl, use correct variables for linking
2018-07-11 10:48:10 +02:00
Jakub Jelen
7c8ed4dc03
Correct name in the automake
2018-07-11 10:48:10 +02:00
Jakub Jelen
3a7a1ba31f
Do not fail if we found unknown tag or the count does not match
...
* The HID tokens present such undocumented tags
2018-07-11 10:48:10 +02:00
Jakub Jelen
bf3382d4d9
Standardize logging and include also AID
2018-07-11 10:48:10 +02:00
Jakub Jelen
3480d9fc99
Log also information about unitialized slots with correct labels
2018-07-11 10:48:10 +02:00
Jakub Jelen
1c2a7f8dd2
HID Alt tokens have the other bunch of slots in other undocumented AID
2018-07-11 10:48:10 +02:00
Peter Marschall
1eb8391b4a
OpenPGP: slightly re-factor pgp_get_card_features()
...
* length checks where needed
* more & better comments
2018-07-11 10:47:39 +02:00
Peter Marschall
7332a37abb
OpenPGP: add serial number to card name
2018-07-11 10:47:39 +02:00
Peter Marschall
6d6efa2ded
OpenPGP: fix FIXME in pgp_new_blob()
...
Form a correct path instead ofmusising an array of 2 u8's.
Perform proper error checking.
2018-07-11 10:47:39 +02:00
Peter Marschall
215fcdad15
OpenPGP: include detailed version into card name
...
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
2018-07-11 10:47:39 +02:00
Peter Marschall
2e1b47a79a
OpenPGP: improve get_full_pgp_aid()'s parameter checking
2018-07-11 10:47:39 +02:00
Peter Marschall
2a7a6a62fa
OpenPGP: limit scope of variable
2018-07-11 10:47:39 +02:00
Peter Marschall
15125b03ab
OpenPGP: use LOG_FUNC_CALLED & LOG_FUNC_RETURN symmetrically
...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
2018-07-11 10:47:39 +02:00
Peter Marschall
fcecd1bdd2
OpenPGP: update comments on function use: ABI or internal
2018-07-11 10:47:39 +02:00
Peter Marschall
0d6be5db26
OpenPGP: define & set LCS (lifecycle support) as extended capability
...
Use it in pgp_erase_card() to slightly simplify the code.
2018-07-11 10:47:39 +02:00
Peter Marschall
3af54b2fe0
OpenPGP: harmonize some comments
2018-07-11 10:47:39 +02:00
Peter Marschall
3a59b0a182
OpenPGP: parse "extended length info" DO 7f66 on init
2018-07-11 10:47:39 +02:00
Peter Marschall
f73005791c
OpenPGP: improve parsing of extended capabilities
2018-07-11 10:47:39 +02:00
Peter Marschall
dea5fd9551
OpenPGP: add new DOs introduced with OpenPGP card spec v3.0 & v3.3
...
For some files spec states CONSTRUCTED, but we treat them as SIMPLE,
because we only need parts of their contents.
2018-07-11 10:47:39 +02:00
Peter Marschall
9dbdf42e9e
OpenPGP: update references to specifications
2018-07-11 10:47:39 +02:00
Peter Marschall
14cd6ee39e
OpenPGP: clarify meaning of padding byte in pgp_decipher()
2018-07-11 10:47:39 +02:00
Peter Marschall
4323a3d37c
OpenPGP: add new DO D5 introduced with OpenPGP card spec v2.1
...
... and make it accessible for v2.1+ cards
2018-07-11 10:47:39 +02:00
Peter Marschall
4ec37adea8
OpenPGP: extend manufacturer list in pkcs15-openpgp.c
2018-07-11 10:46:56 +02:00
Eugene Bright
332535c544
Workaround subject and issuer fields overflow
...
Structure `x509cert_info` fields `subject` and `issuer`
are doubled in size up to 512 bytes.
We have to use dynamic memory allocation
to completely overcome the issue.
Relates to OpenSC/OpenSC#1412 .
2018-07-11 10:13:14 +02:00
Frank Morgner
2c0d1b9ab0
reset sc_card_t during card detection
...
fixes https://github.com/OpenSC/OpenSC/issues/1417
2018-07-11 10:12:42 +02:00
asc
6f8bfc399b
Fix usage indicator for PSS
2018-07-11 10:07:28 +02:00
asc
6e0689638c
Add checking for supported CKM_RSA_PKCS_PSS combinations
2018-07-11 10:07:28 +02:00
Leif Erik Wagner
e2f0e367b1
Implement RSA PSS for GoID / SmartCard-HSM
2018-07-11 10:07:28 +02:00
Peter Marschall
99fa4f4a57
pkcs15-tool: harmonize non-short output for -C, -D,
...
Make sure to have an empty line between information printed for individual
objects, but not in short mode.
This makes output of -D and -C more consistent.
2018-07-11 10:05:30 +02:00
Gianfranco Costamagna
a6b4605b86
card-piv.c: initialize variable to fix a ppc64el build failure
...
This fixes a build failure with optimized ppc64el and new gcc builds
card-piv.c: In function ‘piv_validate_general_authentication.isra.3’:
card-piv.c:2390:9: error: ‘rbuflen’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-07-11 09:54:51 +02:00
Frank Morgner
88de66bb13
fixed `make distcheck`
2018-07-04 18:12:58 +02:00
Stanislav Brabec
4db9db7403
Add GenericName to the desktop file
...
Add optional GenericName to org.opensc.notify.desktop. GenericName is
recently widely used for menu rendering in desktop environments.
2018-07-04 09:50:07 +02:00
Jakub Jelen
155ecc11f3
Adjust the p11test readme after merge
...
Resolves : #1415
2018-07-04 09:46:43 +02:00
Frank Morgner
452e1d3b96
fixed used of uninitialized return value
2018-06-30 01:17:57 +02:00
Frank Morgner
b3e3ab61c0
avoid integer underflow
2018-06-29 17:14:55 +02:00
Frank Morgner
971dac2f78
unignore result
2018-06-29 17:14:55 +02:00
Frank Morgner
6184c1fbab
avoid out of bounds read
2018-06-29 17:14:55 +02:00
Frank Morgner
03c5280626
avoid NULL dereference
2018-06-29 17:14:55 +02:00
Frank Morgner
ed0d829eab
removed unused check
2018-06-29 17:14:55 +02:00
Frank Morgner
259b7ec41c
check return value
2018-06-29 17:14:55 +02:00
Frank Morgner
c026f37677
warn about error in sc_enumerate_apps
2018-06-29 17:14:55 +02:00
Frank Morgner
6819759946
fixed memory leak
2018-06-29 17:14:55 +02:00
Frank Morgner
5f39d7ab74
use correct length of binary ATR
2018-06-29 17:14:55 +02:00
Frank Morgner
0e9565754c
avoid uninitialized output after sc_file_dup
2018-06-29 17:14:55 +02:00
Alon Bar-Lev
31cbf83738
build: support >=libressl-2.7
2018-06-28 08:58:07 +02:00
Peter Marschall
0603c3b7fc
iso7816: fix typo in previous commit
2018-06-24 10:34:49 +03:00
Peter Marschall
2818e0f703
iso7816: update & extend error codes
...
While at it, do some space policing.
2018-06-24 10:34:49 +03:00
Frank Morgner
1ca1a024df
card-npa: fixed memory leak
...
fixes https://github.com/OpenSC/OpenSC/issues/1396
2018-06-22 09:23:00 +02:00
Frank Morgner
d831076974
opensc-notify: use generic icon
...
fixes https://github.com/OpenSC/OpenSC/issues/1402
2018-06-22 08:52:49 +02:00
Peter Popovec
5dcea4440e
pkcs15-tool: added support for reading NIST ssh keys
...
'pkcs15-tool --read-ssh-key' is now able to read NIST ECC keys from card.
Only 256, 384 and 521 field lengths are supported (same as allowed in
ssh-keygen -t ecdsa). Issue #803 is partialy fixed by this patch.
Openssh PKCS11 interface patches for ECC are now available, please check
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
2018-06-21 15:26:15 +02:00
Jakub Jelen
1f352d4c6d
muscle: Properly clean up the applet memory footprint
2018-06-21 12:48:57 +02:00
Jakub Jelen
5b3da5d462
cac: Missing memory cleanup
2018-06-21 12:48:57 +02:00
Jakub Jelen
2682741293
cac: Avoid segfaults from get_challenge()
2018-06-21 12:48:57 +02:00
Jakub Jelen
f392d7426f
Utilize autoconf variables for cmocka usage
2018-06-21 12:48:57 +02:00
Frank Morgner
9c2afad417
fixed copy/paste error
2018-06-20 00:56:01 +02:00
Frank Morgner
8b3f5b7d97
epass2003: fixed logical error
2018-06-19 23:24:36 +02:00
Frank Morgner
9150d92447
fixed out of bounds access
2018-06-19 23:22:00 +02:00
Frank Morgner
d8cdf66d3d
fixed memory leak
2018-06-19 23:15:29 +02:00
ytoku
63ed8d7368
gids: file selection via gids_select_file
2018-06-19 08:00:01 +02:00
ytoku
46c0bbd803
gids: use file id instead of path in gids_delete_key_file
2018-06-19 08:00:01 +02:00
ytoku
ab16228e26
gids: fix gids_delete_cert
2018-06-14 14:05:45 +02:00
asc
31941bc3d9
sc-hsm: Ensure that applet returns version information ( Fix #1377 )
2018-06-11 22:51:45 +02:00
Peter Marschall
7c99adaaa6
PIV: limit scope of some variables
2018-06-11 22:37:42 +02:00
Peter Marschall
f2ba0ad9be
PIV: refactor to use sc_compacttlv_find_tag()
2018-06-11 22:37:42 +02:00
Jakub Jelen
40b02b2582
Namespace the function name, update comment
2018-06-11 22:31:44 +02:00
Jakub Jelen
50b5eb3b69
Allow using up to 16 certificates
2018-06-11 22:31:44 +02:00
Jakub Jelen
9dda83e48e
cac: Verbose logging, avoid OOB reads
2018-06-11 22:31:44 +02:00
Jakub Jelen
930d457304
Log bad length buffers
2018-06-11 22:31:44 +02:00
Jakub Jelen
298afb072e
Properly check length also of the applet entry
2018-06-11 22:31:44 +02:00
Jakub Jelen
f27ee858c2
Carefully check the length of the buffers before accessing them.
...
The lengths are static and based on the GCS-IS 2.1 specification
2018-06-11 22:31:44 +02:00
Jakub Jelen
a73b3d549b
Address review comments:
...
* Refactor cac_properties_t structure to make its creation more readable
* Avoid manual allocation in cac_get_acr() and clean up bogus pointers
* Avoid bogus comments
* Properly check lengths of retrieved values
2018-06-11 22:31:44 +02:00
Jakub Jelen
aacac57230
Another note/todo about PINs on uninitialized cards
2018-06-11 22:31:44 +02:00
Jakub Jelen
d24c23ac0c
Use applet properties to recognize buffer formats
...
Previously, the code handled all the data objects as SimpleTLV,
which caused invalid encoding when we tried to merge TL + V buffers
into single PKCS#15 buffers.
This change is using GET PROPERTIES APDU after applet selection
to explore objects, figure out encoding and check the status of
PKI objects initialization to avoid reading them.
2018-06-11 22:31:44 +02:00
Jakub Jelen
450cff470a
Inspect the Alt tokens through the ACA applet
...
The previous solution was just guessing AIDs of the PKI objects
and trying if they answer.
This solution is inspecting card based on the Service Applet Table
(listing all the applets on the card) and using GET PROPERTIES APDU
listing all the available OIDs of the applet.
This was successfully tested with standard CAC card
(with different ACA AID) and uninitialized HID Alt tokens with empty
certificates slots.
2018-06-11 22:31:44 +02:00
Jakub Jelen
ee7b6f4035
cac: Log unknown tags
2018-06-11 22:31:44 +02:00
Jakub Jelen
cde06a499c
Use correct AID and Object ID
2018-06-11 22:31:44 +02:00
Jakub Jelen
2138d5fe32
One more todo based on the testing with a new libcacard
2018-06-11 22:31:44 +02:00
Jakub Jelen
426914674c
Unbreak encoding last tag in the data objects
2018-06-11 22:31:44 +02:00
Jakub Jelen
5b420318d4
Allocate private data outside and avoid memory leaks
2018-06-11 22:31:44 +02:00
Jakub Jelen
92df907681
Typo, clean up comments, dump more useful information from CCC
2018-06-11 22:31:44 +02:00
Jakub Jelen
52451ac438
card-cac.c: Dump also the MSCUID
2018-06-11 22:31:44 +02:00
asc
335c242ce0
Filter certificates other than CKC_X_509
2018-06-08 08:28:37 +02:00
Jakub Jelen
89a8e0cb64
Avoid memory leaks from the failed card detections
2018-06-08 08:26:49 +02:00
Andreas Kemnade
23706635a8
cardos: create pin in mf
...
If cardos cards are initialized by other software and there is a pinref
without the msb set, also the pin verify works without that bit set.
This patch changes pin initialisation so that the pin is created in mf
which has the effect that pin verify works without | 0x80 to the
pin ref.
Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
2018-06-08 08:23:37 +02:00
Laurent Bigonville
694822554e
dnie: Consider that everything not APPLE or WIN32 is "linux"
...
This should fix the FTBFS on architectures like kfreebsd
Fixes : #1366
2018-06-08 08:22:58 +02:00
Peter Marschall
e6ad737430
OpenPGP: add cast forgotten in previous commit
2018-06-08 08:21:11 +02:00
Peter Marschall
ba9eebceaf
OpenPGP: refactor do_dump_do()
...
- limit length of data to write even in raw mode to the real length
- cluster variuable definitions
- restrict scope of variables
- introduce a variable length to make the purpose more obious
- start preprocessor directives at column one
- add comments where needed
- harmonize coding style: space after "if" and casts
2018-06-08 08:21:11 +02:00
Peter Marschall
4a1bf9fb21
OpenPGP: limit output of -d in non-raw mode to real length
2018-06-08 08:21:11 +02:00
Peter Marschall
85f4ba6c5f
OpenPGP: allow calling -d multiple times
...
Put the arguments passed to option -d into an array instead of only
storing the latest value.
During output, iterate over the values passed in via the option.
2018-06-08 08:21:11 +02:00
Peter Marschall
1da7da5e99
OpenPGP: make parsing of option -d more robust
...
* accept flexible option arguguments: 1-4, 101-104, 0101-0104, ...
2018-06-08 08:21:11 +02:00
Peter Marschall
41d89b52fc
OpenPGP: treat option --del-key as an action
2018-06-08 08:21:11 +02:00
Peter Marschall
da6e30b38b
OpenPGP: clarify usage text
2018-06-08 08:21:11 +02:00