viktorTarasov
a5550f980b
Merge pull request #706 from frankmorgner/npa-generic
...
generic changes from #611
2016-03-10 11:04:12 +01:00
Andreas Schwier
3b330c6e98
Add minidriver options documentation
2016-03-10 10:37:18 +01:00
Andreas Schwier
29ccc2960d
sc-hsm: Enable minidriver read/write support
2016-03-10 10:37:11 +01:00
Frank Morgner
2e92ba8b70
use a conditional lib prefix for dll/so
2016-03-07 10:39:42 +01:00
Frank Morgner
c3527f4a5b
fixed dylib extensions
2016-03-07 10:39:42 +01:00
Viktor Tarasov
b8c3722bf5
pkcs11/framework: no more 'for-applications' mode for slot creation
...
Simplify create tokens rules, no need to manipulate applications in
'pkcs11' configuration part,
applications can be enabled/disabled on the 'pkcs15' one.
Fix the possibility to expose only 'sign' PIN
2016-02-24 13:39:27 +01:00
Viktor Tarasov
754eaf3c14
config: allow disabling of PKCS15 application
2016-02-16 16:54:14 +01:00
Frank Morgner
83ef753799
Implemented atomic PKCS#11 transactions
2015-12-06 10:42:45 +01:00
German Blanco
d45c96106a
Adding configuration of pinentry application for DNIe.
2015-11-10 09:37:39 +01:00
Frank Morgner
1480a4ef4a
use one configuration file for all systems
2015-10-01 12:44:41 +02:00
Frank Morgner
a4ca19019e
Documented whitelisting drivers with opensc.conf
...
closes https://github.com/OpenSC/OpenSC/issues/358
2015-10-01 12:44:41 +02:00
Frank Morgner
7b677837a0
Always uses tabs instead of spaces in opensc.conf
2015-10-01 12:44:41 +02:00
Frank Morgner
f252277fab
Add configuration for sloppy PKCS#11 initialization
2015-10-01 12:44:41 +02:00
Andreas Kemnade
c9efb2f643
make file cache dir configurable
...
in cases where you use pam_pkcs11, HOME might not be set
so paths based on $HOME are not usable, so that the combination
of home and caching does not work. Having the paths configurable
(together with a good setting of access rights)
resolves that problem.
2015-09-02 10:34:35 +02:00
Frank Morgner
6d21903c90
documented pkcs11_enable_InitToken flag
2015-07-27 19:10:34 +02:00
Frank Morgner
de5c224201
silence some shell commands in Makefile
2015-04-23 00:12:37 +02:00
Thomas Calderon
435291f216
iasecc: initial support for Morpho IAS Agent Card
...
* This commit adds initial support for Morpho French Agent card which is an
IAS card. Signature operations are working. Since my test card was
read-only, I was unable to test object management functions.
* Add missing copy of AID in structure
2015-03-29 12:10:55 +02:00
Raul Metsma
55bb8e9ff8
New generation card-s don't have issues with T1 and 3.5 card with same ATR has issues with T0 (recursive GET BINARY/GET DATA)
2014-06-09 15:46:13 +02:00
Raul Metsma
8e13acf51e
Restore pkcs11 onepin module for Firefox usage
2014-05-31 21:15:19 +02:00
Viktor Tarasov
7b1e2e5dd3
build: uninstall-hook for opensc.conf
2014-05-11 17:44:34 +02:00
Nikos Mavrogiannopoulos
7796d2c95c
Mention that create_slots_for_pins can be used to get opensc-onepin behavior.
2014-04-21 13:40:26 +02:00
Viktor Tarasov
3f023d3342
pkcs15: PIN value not validated in pkcs15-verify
...
In pkcs15-verify the value of PIN is not more validated for conformity with PIN policy,
value is only checked for maximal allowed length.
So that, no more need of 'ignore-pin-length' configuration option - now it's default behavior of common framework.
2014-01-19 19:19:17 +01:00
Viktor Tarasov
15f694f85d
pkcs11: introduce 'ignore-pin-length' config option
...
When doing C_Login default behavior is to ignore the applied PINs with lengths less
then value of PKCS#15 PIN attribure 'min-length'. Such a PINs are not
really verified by card.
With 'ignore-pin-length' option in 'true' all applied PINs are verified by card.
2013-12-29 22:00:28 +01:00
Viktor Tarasov
1a972920f0
By default 'default' card driver is disabled ...
...
'Default' card driver is explicitely enabled for 'opensc-explorer' and 'opensc-tool' tools.
https://github.com/OpenSC/OpenSC/pull/175
2013-08-02 22:01:51 +02:00
Viktor Tarasov
961059a052
build: include to 'dist' the files used by Windows build
2012-09-12 10:50:51 +02:00
Viktor Tarasov
ed18b789d7
win32: add windows version of opensc.conf.in
...
it do not contains macros that have to be resolved by 'configure'.
2012-09-01 19:51:43 +02:00
Doug Engert
a3b516a1e1
Add pin_cache_ignore_user_consent parameter to opensc.conf
...
When OpenSC is used with a card that enforces user_consent
and the calling PKCS#11 application does not understand how
to handle the CKA_ALWAYS_AUTHENTICATE, signature operations
will fail.
OpenSC will not cache a PIN that protects a user_consent
object as one would expect.
This mods allows PINs to be cached even if protecting a
user_consent object by adding
pin_cache_ignore_user_consent = true;
option in opensc.conf.
Thunderbird is the prime example of this situation.
Mozilla has accepted mods (357025 and 613507) to support
CKA_ALWAYS_AUTHENTICATE that will appear in NSS-3.14 but
this may be some time before this version is in vendor
distribution.
2012-08-12 00:11:03 +02:00
Diego Elio Pettenò
1d6fae2241
build: use autoconf's MKDIR_P not automake's (deprecated) mkdir_p.
2012-07-01 17:03:27 +02:00
Viktor Tarasov
0410a0c9e8
build: 'auto-config' parameters
...
In configuration file replace the 'auto-config' parameters with the windows specific values.
2012-06-08 20:17:36 +02:00
Viktor Tarasov
78fe16654e
pkcs15init: iasecc: create objects for minidriver support
...
- Create/delete the PKCS#15 'DATA' objects destinated to supply support of minidriver. For a while only 'Gemalto' style of such support is implemented.
- Declare epass2003 pkcs15init operations.
- include into OpenSC configuration the SM related sections
2012-06-08 20:17:36 +02:00
Viktor Tarasov
cfd5aaba7d
SM: initial implementation of secure messaging framework
2012-06-08 20:17:35 +02:00
Viktor Tarasov
d1cf65754b
pkcs11: no more 'hacked' mode and 'onepin' module version
...
'OnePIN' version of opensc-pkcs11 module is not installed.
Instead, in the 'pkcs11' section of OpenSC configuration,
there is a possibility to define in a different manner
how to create slots for the present PINs and applications.
2012-05-21 19:19:38 +02:00
Diego Elio Pettenò
3c324b8b73
build: fix parallel install by creating directory in the rule
...
Relying on the rule that creates the directory is a bad idea to be
parallel safe.
2012-05-16 17:18:38 +02:00
Stef Walter
00e02359a3
libopensc: Add 'paranoid-memory' setting for behavior when mlock() fails
...
* Setting paranoid-memory to true, and mlock() fails, then
allocations which require non-pageable memory will return NULL
2012-02-17 10:02:55 +01:00
martin
44cf3d06ae
MiniDriver: rename cardmod to minidriver in source.
...
Also change some grammar, whitespace (reported by git) and wording (Opensc->OpenSC) issues.
Add some comments here and there.
See http://www.opensc-project.org/pipermail/opensc-devel/2011-April/016261.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5329 c6295689-39f2-0310-b995-f0e70906c6a9
2011-04-12 07:40:12 +00:00
andre
69c846f904
libopensc: Re-defines SC_CARD_FLAG_ONBOARD_KEY_GEN to be local to the file card-flex.c, because that flag is used nowhere else. In principle, this patch only reverts some changes made by r2192.
...
Relates to #296 .
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5312 c6295689-39f2-0310-b995-f0e70906c6a9
2011-04-08 13:30:32 +00:00
vtarasov
33f44f8dc1
pkcs15: pin references are always positive integers ...
...
In the OpenSC versions previous to 0.11.5 the references greater then
127 were erroneously encoded by one byte (negative value ecording to the
ASN.1 rules).
Actually some other proprietary PKCS#15 cards have also this infirmity.
Actual commit makes general the application of the hack used for 'starcos' card.
http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016062.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5220 c6295689-39f2-0310-b995-f0e70906c6a9
2011-03-06 12:35:35 +00:00
martin
d59197748c
EstonianEid: Force T=0 for the newest ATR as well.
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5216 c6295689-39f2-0310-b995-f0e70906c6a9
2011-03-01 11:19:45 +00:00
vtarasov
16ca4b05f8
opensc.conf: by default comment out all IAS/ECC specific configuration lines ...
...
http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016013.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5205 c6295689-39f2-0310-b995-f0e70906c6a9
2011-02-17 09:36:36 +00:00
vtarasov
e02becc6e2
IAS/ECC: for the IAS/ECC cards include into the OpenSC configuration the 'card_atr' sections
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5199 c6295689-39f2-0310-b995-f0e70906c6a9
2011-02-16 11:01:46 +00:00
andre
5405d74d19
opensc.conf.in: clean up white spaces
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5105 c6295689-39f2-0310-b995-f0e70906c6a9
2011-01-18 04:43:32 +00:00
andre
83f393ff0d
opensc.conf: Better wording of comments on max_x_size.
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4950 c6295689-39f2-0310-b995-f0e70906c6a9
2010-12-14 03:16:37 +00:00
andre
eeee3f926f
opensc.conf: Lower the level of emphasise on the max_x_size options. Users with USB devices really shouldn't care about them.
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4947 c6295689-39f2-0310-b995-f0e70906c6a9
2010-12-14 01:30:03 +00:00
vtarasov
c8c291ea07
win32: build of MSI on checkouted trunk ...
...
is possible after 'bootstrap' and 'configure'
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4942 c6295689-39f2-0310-b995-f0e70906c6a9
2010-12-12 13:17:17 +00:00
martin
113dfda494
EstEID: add support for v 3.0 cards with 2048b keys
...
* Detect different cards based on ATR-s and on card objects
* Set the card name from the ATR table
* Conditionally add support for 2048b keys
* Add workarounds for broken MULTOS and JavaCard cards.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4893 c6295689-39f2-0310-b995-f0e70906c6a9
2010-11-29 14:22:01 +00:00
martin
c1c3aa1d55
PC/SC: make (dis)connect actions configurable, SCardDisconnect, SCardEndTransaction and SCardReconnect
...
actions can now be configured via opensc.conf in better detail.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4891 c6295689-39f2-0310-b995-f0e70906c6a9
2010-11-29 13:56:19 +00:00
martin
6fc7e62f20
conf: correct comments about OpenSC.tokend score meaning and default value.
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4889 c6295689-39f2-0310-b995-f0e70906c6a9
2010-11-29 13:34:54 +00:00
martin
df639efd89
EstonianEid: revert to old behavior and have the T=0 forcing.
...
Some cards have incorrect ATR-s and can cause troubles if pcsc-lite by default tries to set T=1 by default.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4834 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-28 13:11:13 +00:00
martin
31b0a05aaf
EstonianEid: document more ATR-s in opensc.conf
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4832 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-28 05:30:09 +00:00
martin
6648255cb0
EstonianEid: add a broken EstEID ATR to the Micardo driver. Don't force a protocol for EstEID cards
...
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4825 c6295689-39f2-0310-b995-f0e70906c6a9
2010-10-22 15:48:04 +00:00