384626533e
PIV Security Changes
...
Add return code if "out" is smaller then received data.
Remove extra blanks.
2018-08-14 16:13:22 +02:00
3e5a9a42c3
Remove in PIV driver need for aid_file
...
Remove aid_file and aidfile variables in card-piv.c. These are not needed
as piv_select_aid parses the returned data from a SELECT AID command.
In response to e-mail from X41 group on 6/11/2018.
On branch x41-piv-2
Changes to be committed:
modified: card-piv.c
2018-08-14 16:13:22 +02:00
d5d15105dd
cac: Ignore end of content errors ( #7 )
...
The CAC buffers are split to separate TL and V buffers so we need to ignore this error
2018-08-14 15:50:13 +02:00
83f45cda2a
Added bounds checking to sc_simpletlv_read_tag()
...
- Logic is identical to sc_asn1_read_tag()
- Fixes out of bounds access e.g. in cac_parse_CCC
2018-08-14 15:50:13 +02:00
ffe38fd87f
sc_asn1_read_tag: fixed tracking of consumed bytes
...
fixes return buffers that are outside the allocated memory space
2018-08-14 15:50:13 +02:00
360e95d45a
fixed out of bounds writes
...
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problems.
2018-08-14 15:50:13 +02:00
8fe377e93b
fixed out of bounds reads
...
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting and suggesting security fixes.
2018-08-14 15:50:13 +02:00
f66ceab4bb
fixed typo
...
fixes https://github.com/OpenSC/OpenSC/issues/1443
2018-08-09 15:50:51 +02:00
849c9785e3
added missing rule for opensc.conf.5.xml
2018-08-09 15:46:53 +02:00
80d44a5b99
use proper prefix in documentation
2018-08-05 12:28:50 +02:00
9294058d5c
fixed requesting DWORD with sc_ctx_win32_get_config_value
...
the length of the value is not determined by strlen()
2018-08-05 11:35:12 +02:00
cd557df54d
md: change semantics of cancelling the PIN pad prompt
...
md_pinpad_dlg_allow_cancel now defines whether or not the user is asked
before verifying the PIN on the PIN pad. This can be denied without
interaction with the PIN pad. A checkbox in the dialog allows the user
to change this setting, which is saved in the registry by the path of
the process.
This change fixes the progress bar to match the actual configured
timout. The progressbar now fills instead of running empty, which seemed
less frightening for most users.
This change also fixes some copy/paste errors in the documentation of
opensc.conf(5).
2018-08-05 11:35:12 +02:00
da40c61d13
npa/sc-hsm: don't call EAC_cleanup()
...
In Minidriver, when the DLL is called in multiple threads, this can
lead to a deinitialization of OpenSSL's OIDs in one thread making them
unavailable from other threads of the same process. As result, CVCs
cannot be veriefied anymore during chip authentication.
2018-08-05 11:35:12 +02:00
0f9c7d126a
win32 installer: automatically start SCardSvr
2018-08-05 11:35:12 +02:00
79fb808adf
opensc-notify: localize exit menu entry
2018-08-05 11:35:12 +02:00
0f1fdb7872
opensc-notify: add Exit button to tray icon
2018-08-05 11:35:12 +02:00
4a3a3e5df2
opensc-notify: implement win32 message dispatching
2018-08-05 11:35:12 +02:00
11aaf15776
removed outdated solaris files
2018-08-05 11:33:21 +02:00
2190bb927c
Drop support for CAC 1
...
This removes code related to the old CAC 1 specification, while
preserving the CAC 2 functionality including CAC Alt token detection
for the tokens without CCC or ACA.
The detection based on SELECT APPLET APDU is improved to require also
the READ BUFFER APDU working, which should fail on misbehaving Java cards.
2018-08-03 01:51:44 +02:00
f097d88b3a
coolkey: Drop bogus ;
2018-08-03 01:50:05 +02:00
8e8193f8f5
coolkey: Unbreak get_challenge with correct instruction code
2018-08-03 01:50:05 +02:00
dfe932d00d
OMNIKEY 3x21 and 6121 Smart Card Reader are not pinpad readers
...
macOS 10.13 ships with ccid driver 1.4.27 (fixed in 1.4.29) and this version identifies these readers wrongly as pinpad readers.
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-07-28 13:42:20 +02:00
4de0d06a93
use single quotes for passing define
...
makes sure that the shell doesn't evaluate parts of the define
2018-07-17 14:49:27 +02:00
a0b6643fa7
Use hard coded default SM module (path)
...
- avoids the need to set this default in opensc.conf
- fixes loading of (unknown) local library
- removes some unused defines from config.h
2018-07-17 14:49:27 +02:00
c003f3825e
Distribute a minimal opensc.conf
...
closes https://github.com/OpenSC/OpenSC/issues/1102
2018-07-17 14:49:27 +02:00
e226ad265a
Removed unused option `hide_empty_tokens`
2018-07-17 14:49:27 +02:00
47ee3a3978
added manual page opensc.conf(5)
...
splits the HTML documentation into files.html and tools.html
2018-07-17 14:49:27 +02:00
16275c2683
fixed memory leak
2018-07-17 13:31:14 +02:00
3042a39705
removed unused variable
2018-07-17 13:16:06 +02:00
fbc9ff84bc
Some cards may return short RSA signatures without leading zero bytes.
...
Add leading zeros to RSA signature so it is the size of modulus.
Return modulus length.
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2018-07-11 22:30:50 +02:00
376de5bd4c
make bash completion directory configurable
2018-07-11 21:55:05 +02:00
1eaae6526b
pkcs15-tool: Build with current gcc
...
The argument to strncpy is not the length of the target buffer,
but the source one (excluding the null byte, which will be
copied anyway).
2018-07-11 10:48:10 +02:00
e9314adf4b
Testsuite also depends on openssl, use correct variables for linking
2018-07-11 10:48:10 +02:00
7c8ed4dc03
Correct name in the automake
2018-07-11 10:48:10 +02:00
3a7a1ba31f
Do not fail if we found unknown tag or the count does not match
...
* The HID tokens present such undocumented tags
2018-07-11 10:48:10 +02:00
bf3382d4d9
Standardize logging and include also AID
2018-07-11 10:48:10 +02:00
3480d9fc99
Log also information about unitialized slots with correct labels
2018-07-11 10:48:10 +02:00
1c2a7f8dd2
HID Alt tokens have the other bunch of slots in other undocumented AID
2018-07-11 10:48:10 +02:00
1eb8391b4a
OpenPGP: slightly re-factor pgp_get_card_features()
...
* length checks where needed
* more & better comments
2018-07-11 10:47:39 +02:00
7332a37abb
OpenPGP: add serial number to card name
2018-07-11 10:47:39 +02:00
6d6efa2ded
OpenPGP: fix FIXME in pgp_new_blob()
...
Form a correct path instead ofmusising an array of 2 u8's.
Perform proper error checking.
2018-07-11 10:47:39 +02:00
215fcdad15
OpenPGP: include detailed version into card name
...
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
2018-07-11 10:47:39 +02:00
2e1b47a79a
OpenPGP: improve get_full_pgp_aid()'s parameter checking
2018-07-11 10:47:39 +02:00
2a7a6a62fa
OpenPGP: limit scope of variable
2018-07-11 10:47:39 +02:00
15125b03ab
OpenPGP: use LOG_FUNC_CALLED & LOG_FUNC_RETURN symmetrically
...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
2018-07-11 10:47:39 +02:00
fcecd1bdd2
OpenPGP: update comments on function use: ABI or internal
2018-07-11 10:47:39 +02:00
0d6be5db26
OpenPGP: define & set LCS (lifecycle support) as extended capability
...
Use it in pgp_erase_card() to slightly simplify the code.
2018-07-11 10:47:39 +02:00
3af54b2fe0
OpenPGP: harmonize some comments
2018-07-11 10:47:39 +02:00
3a59b0a182
OpenPGP: parse "extended length info" DO 7f66 on init
2018-07-11 10:47:39 +02:00
f73005791c
OpenPGP: improve parsing of extended capabilities
2018-07-11 10:47:39 +02:00
Doug Engert
Jakub Jelen
Frank Morgner
Jakub Jelen
Raul Metsma
Peter Marschall