When loaded as PKCS#11 module, OpenSC will reuse the application
identifier for each instance. We don't want to put any burdon on the
primary GApplication, so we use a non unique ID.
fixes https://github.com/OpenSC/OpenSC/issues/1332
Explicitly mention that this script builds the tokend and command
line tools (as it does not build the CryptoTokenKit app extension).
Add two missing packages in the list of build dependencies.
OpenSCToken (https://github.com/frankmorgner/OpenSCToken) is now a
standalone package that provides the CryptoTokenKit app extension.
It includes its own 'build-package' script, which handles building
the OpenSC library and statically linking against it.
The 'MacOSX/' directory in OpenSC itself is only used to build the
macOS tokend. Remove unused code for building a CryptoTokenKit app
extension from this directory (which no longer works). This should
help to avoid confusion when building OpenSC for macOS.
The PKCS#15 emulation layer for the CAC uses a single PIN. Set its
label to "PIN" (rather than the card type "CAC I" or "CAC II"), so
that the PIN label will be omitted from the token label, providing
more space for the card holder name instead.
This is intended to match the behavior used for PIV cards, which
was changed with commit 56c8f59b25.
During a pull request, it might not be possible for all components
(such as the PKCS#11 module, Windows minidriver, or macOS tokend)
to be tested by the same person using the same card; not everyone
has access to all of the platforms supported by OpenSC. When there
are no card-specific changes, each component might be tested by a
different person using a different type of card.
The pull request template contains a checklist with each component
that needs to be tested (which can be adapted as needed). However,
this checklist also includes an item for the type of card used for
testing. This should certainly be included in the message, but it
doesn't quite seem to belong in the checklist as a separate item,
particularly when considering the multiple-card testing situation
described above. It seems that the checklist is intended to track
specific tasks that still need to be completed.
This change slightly adjusts the template in order to handle this.
(It is still just a template, and it can be adapted for each pull
request as needed.)
* Handle errors as intended in sc_pkcs15emu_openpgp_add_data()
If a data object can be read, but it cannot be added to the PKCS#15
framework, return from this function with an error; do not continue
reading other data objects. Otherwise, do not return an error from
this function when a data object cannot be read or is empty.
Improve existing comments for clarity.
* Address other compiler warnings when using --disable-optimization
Certain variables that are not initialized when they are declared
prevent the build from completing, when --disable-optimization is
passed to ./configure.
1. In epass2003_set_security_env, remove unused code, add condition
check of ec and rsa
2. Line 1709 - add return check of hash_data
3. In epass2003_decipher API, the old sign using apdu.le = 256, now add
condition check of rsa
4. Line 2731-2734 - After login successful, need get session status,
adjust code, improve condition check of data->cmd.
Remove all the code related to the old GUI and PIN PAD.
This code was initially developed by Zetes and had the ability to
display a dialog to request the PIN to the user. It was also able to
manage some specific proprietary pin pads.
As the Belgian government/fedict has now its own implementation, all
these old crufts can be removed.
https://github.com/OpenSC/OpenSC/issues/1296
Some ActivIdentity CAC/PIV cards lose the login state when selecting
the PIV AID SC_CARD_TYPE_PIV_II_CAC and CI_PIV_AID_LOSE_STATE were added
so piv_card_reader_lock_obtained will try and do a SELECT PIV AID.
card->type is reset to its original value if piv_match_card_continued
fails to match a card as PIV.
pkcs15-piv.c now uses sc_card_ctl which checks card->ops->card_ctl for NULL.
closes https://github.com/OpenSC/OpenSC/pull/1307
fixes https://github.com/OpenSC/OpenSC/issues/1297
We can't check for `tag == SC_ASN1_TAG_EOC` directly, because this
would also be true for a tag of 0x80 (with `class ==
SC_ASN1_CLASS_CONSTRUCTED`). So what we do is we check for the output
buffer to be NULL!
fixes https://github.com/OpenSC/OpenSC/issues/1273
1. Buffer underrun in epass2003_decipher().
2. The parameter `data' in update_secret_key() must be constant.
(Discovered by Clang 4.0.0 on OpenBSD 6.2.)
Fixes#1286. The behaviour of pkcs11-tool will follow the standard -
send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will
write plain bytes.
Frank Morgner
David Ward
Peter Marschall
Jakub Jelen
Feitian Technologies
Laurent Bigonville
Doug Engert
Jakub Jelen
Mouse
sergioag
AnthonyA
Vadim Penzin