5c0a37c53d
pkcs15init: use aux-data to set MD container GUID
2016-04-08 11:02:53 +02:00
5bbc86eb39
md: replace card specific with pkcs15 'aux-data' facilities
2016-04-08 11:02:53 +02:00
9abf8ee04c
pkcs15 iasecc: parse-df handler to set MD guid
2016-04-08 10:48:58 +02:00
9ac4120594
pkcs15: 'aid' argument for emulator init
...
Allows to PKCS#15 emulator to bind more then one application
2016-04-08 10:48:58 +02:00
47eb21175c
p15: auxiliary data in prkey info data type
2016-04-08 10:48:58 +02:00
77898e6175
gids: fix invalid get-gids-driver
...
When compiled without zlib 'get-gids-driver' returns invalid pointer.
2016-04-08 10:48:58 +02:00
6de3f93e9b
gids: fix invalid get-gids-driver
...
When compiled without zlib 'get-gids-driver' returns invalid pointer.
2016-04-07 19:43:56 +02:00
07493c11d8
iasecc: select parent before fixing ACLs of a new file
...
With MD, after card rebinding, the context to fix ACLs for a
new certificate file can be changed.
2016-04-01 18:09:04 +02:00
56f2319fcc
pkcs11-tool: few named curves more
2016-04-01 18:08:00 +02:00
fe2312dd19
myeid: fixed a bug in setting card->name
...
Fixed a bug in setting card->name in myeid_init and myeid_get_info:
The buffer containing the card name fell out of scope.
2016-03-31 13:33:28 +02:00
7f732d49b6
pkcs15: log parsed TokenInfo.serial
2016-03-31 13:24:17 +02:00
4b51d70969
tools: print OpenSC package version
2016-03-28 20:41:19 +02:00
696e4119a5
pkcs15-crypt: allow decipher for key with 'unwrap' usage
2016-03-28 19:59:28 +02:00
81e91c70f3
Handle C and C++ "inline" and "restrict" keywords for various compilers
...
simclist.h is changed to either accept a predefined inline and/or
predefined restrict macro or tests for known compilers and sets
simclist_inline and simclist_restrict with the approprate keyword
for the compiler being used or defines them as blank.
The logic used is based on code in OpenSSL-1.1 e_os2.h
For example, "configure" could define inline and/or restrict.
But OpenSC is built on other platforms without a config.h and thus
changes to simclist.h are still needed.
simclist.c is changed by replacing inline with simclist_inline
and restrict with simclist_restrict.
The one and only use of inline in card-dnie.c is removed as there
is no need to have the function inline. This avoids any inline issues.
If inline is needed in other OpenSC code or in card-dnie.c,
simclist_inline could be used.
(Another option is to just remove all inline and restrict keywords
from OpenSC code.)
Changes to be committed:
modified: src/common/simclist.c
modified: src/common/simclist.h
modified: src/libopensc/card-dnie.c
2016-03-22 15:51:36 +01:00
6f667e0510
pkcs15: fix warning Wsign-compare
2016-03-21 07:55:02 +01:00
8b9ce2cf4a
coverity: INTEGER_OVERFLOW
2016-03-17 11:30:40 +01:00
bd84e18f45
coverity-scan: supplement to #710
2016-03-15 19:10:52 +01:00
1329597e33
pkcs15: use file cache for path with AID
...
also try to resolve TOCTOU coverity-scan issue
Fix #709
2016-03-15 18:11:03 +01:00
220d80fcec
pkcs15: fix length of 'last-update' read
2016-03-15 17:42:09 +01:00
260b7711b9
coverity-scan: OVERRUN in ctbs.c
...
Fix #710
2016-03-15 17:40:15 +01:00
9a22f146f8
pkcs15: fix argument for 'read-tag' call
2016-03-10 11:39:59 +01:00
205acbd573
coverify-scan: muscle: use return value
2016-03-10 11:23:39 +01:00
a5550f980b
Merge pull request #706 from frankmorgner/npa-generic
...
generic changes from #611
2016-03-10 11:04:12 +01:00
1fb741338a
pkcs11: remove hot-plug-anb-play
...
updated version of PR #687
Discussion and motivation in PR #687 and PR #704
Fix #687
Fix #704
2016-03-10 10:43:18 +01:00
0838520b62
rtecp: fix delete private key
...
when deleting private key, delete also it's internal public part
Fix #671
Fix #705
2016-03-10 10:33:42 +01:00
f98c8cd37c
asn1: tagnum size has not exceed 3 bytes
...
3 bytes is the size of SC_ASN1_TAG_MASK used when composing
the asn1 templates with 'struct sc_asn1_entry'.
With this limitation maximal supported ASN.1 tag number is 2^^14-1 .
Fixed 'dead-code' coverity-scan issue.
Close #707
2016-03-10 10:13:27 +01:00
196e476330
coverity: check returned value
2016-03-07 18:30:56 +01:00
5403899444
use SCardGetAttrib to initialize reader's metadata
2016-03-07 10:39:42 +01:00
415f15e3e2
use autoconf metadata for PKCS#11 library
2016-03-07 10:39:42 +01:00
c3527f4a5b
fixed dylib extensions
2016-03-07 10:39:42 +01:00
ef40021417
use sc_debug_hex for hexdump
2016-03-07 10:39:42 +01:00
2173450664
log: print file-id in 'create-file'
2016-03-06 19:28:59 +01:00
9985144d45
Merge pull request #702 from viktorTarasov/fix/issue700/invalid-parameter
...
pkcs11-tool: fix invalid parameter for 'find-mechanism'
2016-03-05 21:37:31 +01:00
34a69aeac8
Merge pull request #701 from CardContact/fix698
...
sc-hsm: Remove path for newly generated key pairs
2016-03-04 17:23:00 +01:00
91aad373be
Added a new ATR that will be used in some new MyEID cards
...
Closes https://github.com/OpenSC/OpenSC/pull/696
2016-03-04 17:20:37 +01:00
cf04d01676
Removed define MYEID_ECC_SUPPORT as unnecessary.
...
ECC support is determined by checking MyEID applet version.
2016-03-04 17:20:29 +01:00
2de41f4a6d
Added support for 521 bit ECC keys
...
Includes ECC related bux fixes.
2016-03-04 17:20:20 +01:00
1c0ab2a2d2
Merge pull request #697 from viktorTarasov/feature/package-revision
...
tools: print package revision
2016-03-04 17:14:26 +01:00
36b945aa22
tools: print package revision
2016-03-04 14:16:06 +01:00
998a1e10c5
pkcs11-tool: fix invalid parameter for 'find-mechanism'
...
Fixes #700
2016-03-04 11:30:51 +01:00
ae67f16e9b
card-iasecc.c: fix 1 compiler warning
...
card-iasecc.c:3206:3: error: variable 'rv' is used uninitialized whenever 'if'
condition is false [-Werror,-Wsometimes-uninitialized]
...LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_HASH_SHA1 or RSA_HASH_SHA256 algorithm");
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../src/libopensc/log.h:90:36: note: expanded from macro 'LOG_TEST_RET'
...r, text) SC_TEST_RET((ctx), SC_LOG_DEBUG_NORMAL, (r), (text))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../src/libopensc/log.h:84:6: note: expanded from macro 'SC_TEST_RET'
if (_ret < 0) { \
^~~~~~~~
card-iasecc.c:3207:20: note: uninitialized use occurs here
LOG_TEST_RET(ctx, rv, "Cannot get QSign data");
^~
../../src/libopensc/log.h:90:77: note: expanded from macro 'LOG_TEST_RET'
...r, text) SC_TEST_RET((ctx), SC_LOG_DEBUG_NORMAL, (r), (text))
^
../../src/libopensc/log.h:83:14: note: expanded from macro 'SC_TEST_RET'
int _ret = (r); \
^
card-iasecc.c:3206:3: note: remove the 'if' if its condition is always true
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_...
^
../../src/libopensc/log.h:90:36: note: expanded from macro 'LOG_TEST_RET'
^
../../src/libopensc/log.h:84:2: note: expanded from macro 'SC_TEST_RET'
if (_ret < 0) { \
^
card-iasecc.c:3185:8: note: initialize the variable 'rv' to silence this warning
int rv;
^
= 0
2016-03-02 15:01:19 +01:00
d86ada1c64
card-iasecc.c: fix 1 compiler warning
...
card-iasecc.c:2322:58: error: address of 'data->pin2.data' will always evaluate
to 'true' [-Werror,-Wpointer-bool-conversion]
...if (!data->pin1.data && !data->pin1.len && &data->pin2.data && !data->pi...
~~ ~~~~~~~~~~~^~~~
2016-03-02 14:59:27 +01:00
ad11c9937c
card-authentic.c: fix 1 compiler warning
...
card-authentic.c:1452:57: error: address of 'data->pin2.data' will always
evaluate to 'true' [-Werror,-Wpointer-bool-conversion]
if (!data->pin1.data && !data->pin1.len && &data->pin2.data && !...
~~ ~~~~~~~~~~~^~~~
2016-03-02 14:57:42 +01:00
d45ae3ba80
sm-card-iasecc.c: fix compiler warning
...
sm-card-iasecc.c: In function ‘sm_iasecc_get_apdu_delete_file’:
sm-card-iasecc.c:188:25: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
unsigned int file_id = (unsigned int)sm_info->cmd_data;
^
2016-03-02 14:50:57 +01:00
69eaa66e83
sc-hsm: Fix #698
2016-03-02 14:20:51 +01:00
89ec66fbe8
framework-pkcs15.c: fix compiler warning
...
framework-pkcs15.c:706:1: warning: unused function
'__pkcs15_create_secret_key_object' [-Wunused-function]
__pkcs15_create_secret_key_object(struct pkcs15_fw_data *fw_data,
^
2016-02-29 20:19:42 +01:00
7a7fb19a7d
iasecc-sm.c: fix compiler warning
...
iasecc-sm.c:697:22: warning: cast to 'void *' from smaller integer type
'unsigned int' [-Wint-to-void-pointer-cast]
sm_info->cmd_data = (void *)file_id;
^
2016-02-29 20:19:42 +01:00
ed30d4ebb7
pkcs15-isoApplet.c: fix compiler warning
...
pkcs15-isoApplet.c:268:38: warning: address of 'df->path' will always evaluate
to 'true' [-Wpointer-bool-conversion]
if(!pin || !pin_len || !df || !&df->path)
~ ~~~~^~~~
2016-02-29 20:19:42 +01:00
a8c741002d
reader-pcsc.c: fix compiler warning
...
der-pcsc.c:1101:11: warning: comparison of integers of different signs:
'LONG' (aka 'int') and 'unsigned int' [-Wsign-compare]
if (rv == SCARD_E_NO_SERVICE) {
~~ ^ ~~~~~~~~~~~~~~~~~~
2016-02-29 20:19:42 +01:00
80a313fb2a
pkcs11-spy.c: fix 1 warning
...
pkcs11-spy.c:259:49: warning: format specifies type 'long' but the argument has
type 'int' [-Wformat]
fprintf(spy_output, "%s.%03ld\n", time_string, tv.tv_usec / 1000);
~~~~~ ^~~~~~~~~~~~~~~~~
%03d
2016-02-29 20:19:42 +01:00
cd42fbbc65
openpgp-tool.c: fix compiler warning
...
penpgp-tool.c:367:9: warning: comparison of integers of different signs: 'int'
and 'unsigned int' [-Wsign-compare]
if (r != count) {
~ ^ ~~~~~
Remove 3 casts
Add 1 cast
Fix a format problem
2016-02-29 20:19:42 +01:00
e7cbc3ba82
opensc-explorer.c: fix compiler warning
...
opensc-explorer.c:1727:8: warning: comparison of integers of different signs:
'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare]
if(r > len) {
~ ^ ~~~
2016-02-29 20:19:42 +01:00
d929532b63
pkcs11-tool.c: fix 2 compiler warnings
...
pkcs11-tool.c:2650:25: warning: unused variable 'ecdh_parms' [-Wunused-variable]
CK_ECDH1_DERIVE_PARAMS ecdh_parms;
^
pkcs11-tool.c:2021:7: warning: unused variable 'is_private' [-Wunused-variable]
int is_private = opt_object_class == CKO_PRIVATE_KEY;
^
2016-02-29 20:19:42 +01:00
08529c91ee
log.c: fix compiler warning
...
log.c:94:87: warning: format specifies type 'long' but the argument has type
'int' [-Wformat]
...%03ld ", (unsigned long)pthread_self(), time_string, tv.tv_usec / 1000);
~~~~~ ^~~~~~~~~~~~~~~~~
%03d
2016-02-29 20:19:42 +01:00
f29f2e62b3
pkcs15init: fix bug introduced in 50f03bc
2016-02-29 18:52:45 +01:00
50f03bca3f
fixed memory leak
2016-02-29 13:08:34 +01:00
1862970212
fixed typo
2016-02-29 13:08:34 +01:00
fa71448d1c
added fall through comment
2016-02-29 10:52:48 +01:00
1dd501a705
DNIe. Removing all memory leaks and using SM wrapping and unwrapping.
2016-02-28 08:13:45 +01:00
ceb913a7bb
Merge pull request #679 from l1k/master
...
GemSAFE ATR + format string fixes
2016-02-25 16:35:53 +01:00
b8c3722bf5
pkcs11/framework: no more 'for-applications' mode for slot creation
...
Simplify create tokens rules, no need to manipulate applications in
'pkcs11' configuration part,
applications can be enabled/disabled on the 'pkcs15' one.
Fix the possibility to expose only 'sign' PIN
2016-02-24 13:39:27 +01:00
ae359ba180
Merge pull request #678 from CardContact/fix-bcd-sopin
...
sc-hsm: Fix BCD encoding bug with SO-PIN
Fixes https://github.com/OpenSC/OpenSC/issues/674
2016-02-23 22:33:36 +01:00
c8fbcdd076
card-gemsafeV1: Add ATR for European Patent Office smart card
...
The EPO hands this card out to attorneys and inventors to authenticate
with their online services. The applet on the card seems to be identical
to the one on Swedish eID cards.
Ludovic Rousseau's list identifies the card as Gemalto IDClassic 340.
Gemalto Classic Client identifies the card as GemSAFE V3.
Previously the EPO was using a GemSAFE V1 card, its ATR was added with
81bbddfc24
2016-02-20 14:27:27 +01:00
a020e1f7d4
pkcs11: Fix signedness issues in debug messages
...
Use the appropriate printf conversion for data->buffer_len which is
an unsigned int.
2016-02-20 14:27:27 +01:00
dbca85636f
pkcs11-tool: use keygen mech. from cmd arguments
...
There are can be more then one keygen mechanism for a given
key type.
(ex. CKM_RSA_PKCS_KEY_PAIR_GEN and CKM_RSA_X9_31_KEY_PAIR_GEN)
2016-02-19 16:05:55 +01:00
8a2a274393
gids: no more DF selection
...
Theoritically, SELECT FILE with DF is not specified so avoid it.
2016-02-19 00:12:16 +01:00
6a243449a0
First support for GIDS card
...
- minidriver included by default in Windows
- GIDS Applet is available here https://github.com/vletoux/GidsApplet
- some informative technical information is available here
http://www.mysmartlogon.com/knowledge-base/generic-identity-device-specification-gids-kb/
closes https://github.com/OpenSC/OpenSC/pull/651
2016-02-19 00:12:16 +01:00
b9cf74361c
sc-hsm: Fix BCD encoding bug with SO-PIN
2016-02-18 18:25:34 +01:00
1ca22a22d1
Merge pull request #665 from sfff/pkcs11tool-pubkey-2016
...
pkcs11-tool: support write of GOST Public Key object
2016-02-16 23:27:56 +01:00
754eaf3c14
config: allow disabling of PKCS15 application
2016-02-16 16:54:14 +01:00
0519de6c81
pkcs15-dnie: removed obsolete dll entry points
2016-02-16 07:49:19 +01:00
83d5ac5fee
remove compat_strnlen.obj from windows build
...
windows already implements this function
2016-02-16 07:15:36 +01:00
500e358ea7
fixed syntax error
2016-02-16 07:11:57 +01:00
b2c7803373
sc-hsm: Fix share calculation if prime number is less than secret
2016-02-12 15:36:42 +01:00
e2c21d7c25
Add new Feitian PKI Card ATR into OpenSC
...
Add new PKI Card ATR into OpenSC support, all of these ATR using same
PKI Applet. and the ATR/JAVA CARD is provided by Feitian.
More information, please check www.javacardos.com
Fixes a memory leak in `entersafe_select_fid`
Closes https://github.com/OpenSC/OpenSC/pull/625
2016-02-04 12:23:46 +01:00
3084b3aa32
pkcs11-tool: fix mask for detect PEM format
...
Make universal mask for choose input format from PEM or DER.
Input file at PEM may be contain at start:
"-----BEGIN RSA PRIVATE KEY-----"
or
"-----BEGIN PRIVATE KEY-----"
2016-01-24 02:31:19 +03:00
0d6ecd750e
pkcs11-tool: support write of GOST Public Key object
2016-01-24 02:23:18 +03:00
6b2fcf825f
Rutoken ECP: additional Miller-Rabin tests aren't needed
...
Make universal properties at RSF-files. Additional Miller-Rabin tests
aren't needed for 'Rutoken ECP' and for 'Rutoken ECP 2.0'
fixes https://github.com/OpenSC/OpenSC/issues/648 :
'Incorrect parameters in APDU' at 'Rutoken ECP 2.0' when 'pkcs15-init -G
rsa/1024 ...'
2016-01-24 01:34:05 +03:00
e1a3bf8805
Rutoken ECP: set more universally 'Attempts' for RFS-files
2016-01-24 01:14:21 +03:00
4f4b6c962a
Merge pull request #661 from frankmorgner/strnlen
...
implemented strnlen
2016-01-22 14:36:42 +01:00
b09d2777d1
Merge pull request #663 from digitallumens/pkcs15-crypt/stdin
...
pkcs15-crypt: Allow the use of stdin if no input file is specified.
2016-01-22 14:36:02 +01:00
c56378b8ba
pkcs15-crypt: Document defaults of stdin/stdout.
2016-01-21 11:30:26 -05:00
92e02b50dc
pkcs15-crypt: Allow the use of stdin if no input file is specified.
2016-01-20 15:35:44 -05:00
89f9d9e85d
add compatibility implementation for strnlen
...
fixes https://github.com/OpenSC/OpenSC/issues/660
2016-01-20 10:47:27 +01:00
f01a8ad22e
pkcs11-tool: Switched some printfs to fprintfs to allow pipes to work.
2016-01-19 14:54:02 -05:00
a0c0087446
Merge pull request #637 from germanblanco/sm_get_response_loop_fix
...
Stop reading a file when an error happened *or* all data requested was read.
Fixes https://github.com/OpenSC/OpenSC/issues/632 , but may need adjustments when used with SM
2016-01-15 10:32:46 +01:00
75c14ce815
Fixed possible NULL dereference
...
fixes https://github.com/OpenSC/OpenSC/issues/656
2016-01-14 05:02:28 +01:00
d7559f1546
card-gemsafeV1: Support signing SHA256
...
GemSAFE V1 cards support signing 36 bytes of free form data.
When signing a hash, the hash must be prepended by the DigestInfo
header. The PKCS#1 padding is done on the card. The 36 bytes limit
is sufficient for MD5 (16 + 18 bytes for the header), SHA1 and
RIPEMD160 (both use 20 + 15 bytes for the header) and MD5_SHA1
(16 + 20 bytes, no header). The algorithm reference ("cryptographic
mechanism reference" in ISO 7816 parlance) for signing free form data
is 0x12.
GemSAFE V3 cards changed the algorithm reference for signing free
form data to 0x02. In addition, they gained the ability to sign SHA256.
Since SHA256 exceeds the 36 bytes limit (32 + 19 bytes for the header),
it must be sent to the card *without* DigestInfo header. The header
will be prepended by the card and it is instructed to do so by sending
algorithm reference 0x42.
This scheme is also supported for SHA1, the algorithm reference is
0x12 in this case. However using this is not necessary as SHA1 fits
within the 36 bytes limit, including the header.
Supporting SHA256 is straightforward, we just add it to the flags
before adding the RSA algorithms. When sc_pkcs15_compute_signature()
calls sc_get_encoding_flags(), the input will be "iFlags 0x202, card
capabilities 0x8000021A" and the output will be "pad flags 0x0, secure
algorithm flags 0x202". I.e. the hash is neither prepended by the
DigestInfo header nor PKCS#1 padded and the hash algorithm is passed
to gemsafe_set_security_env() which can send the appropriate algorithm
reference 0x42 to the card.
However there's a catch: Once we add SHA256 to the flags, PKCS#11
applications will be unable to use the other hashes like SHA1 or
RIPEMD160. That's because register_mechanisms() checks if the card
supports no hashes, and if so, adds all of them:
if (!(rsa_flags & SC_ALGORITHM_RSA_HASHES)) {
rsa_flags |= SC_ALGORITHM_RSA_HASHES;
}
We cannot add these missing hashes to the flags like we did with SHA256
because like SHA256, they would be sent to the card *without* DigestInfo
header. What we want is to send all hashes *with* DigestInfo header,
*except* for SHA256.
We can achieve that by registering a fake RSA algorithm which includes
the missing hashes in its flags. This fake algorithm is never used
because sc_card_find_rsa_alg() searches the algorithm list in-order
and we register the fake algorithm *after* the real algorithms.
The fake algorithm persuades register_mechanisms() to register the
missing hashes because it ORs the flags of all RSA algorithms together:
num = card->algorithm_count;
while (num--) {
switch (alg_info->algorithm) {
case SC_ALGORITHM_RSA:
rsa_flags |= alg_info->flags;
break;
}
}
So when signing e.g. a RIPEMD160 hash and sc_pkcs15_compute_signature()
calls sc_get_encoding_flags(), the input will be "iFlags 0x102, card
capabilities 0x8000021A" and the output will be "pad flags 0x100, secure
algorithm flags 0x2". This will result in the hash being prepended by
the DigestInfo header, which is what we want.
2016-01-14 04:55:23 +01:00
e8d8f9f2bb
Merge pull request #650 from vletoux/pkcs11-crash-when-read-public-key-fails
...
fix a pkcs11 crash when the public key reading fails
fixes #649
2016-01-06 07:30:15 +01:00
611e5200b1
Merge pull request #647 from vletoux/visual-studio-warning
...
remove visual studio compilation error
2016-01-06 07:28:56 +01:00
6e5ae841eb
fix a pkcs11 crash when the public key reading fails
2016-01-02 09:31:36 +01:00
56275c6993
remove visual studio compilation error
...
quote:
avoid error C4703: potentially uninitialized local pointer variable 'obj' used line 1414
2015-12-31 18:09:45 +01:00
e96d3ccf66
Merge pull request #642 from mouse07410/master
...
Fix public key access and attributes
2015-12-28 00:48:40 +01:00
47835f719f
Merge pull request #643 from dengert/piv-pubkey-auth_id
...
PIV pubkey auth_id fix
2015-12-23 21:06:44 +01:00
76ed06981b
Made sure attribute CKA_TOKEN is set to TRUE.
2015-12-22 13:31:42 -05:00
aa4b089a41
PIV pubkey auth_id fix
...
pkcs15-piv.c was setting the auth_id of the public keys
which would cause some appications to require a login to access
a public key. The public keys are obtained from the certificates
which do not require the PIN to read.
Very early drafts of NIST 800-73 did require the PIN to access the
certificates, and the auth_id was removed in the opensc code for
certificates many years ago, but not from the public keys.
2015-12-22 09:41:39 -06:00
2b6b0ee05a
According to PKCS#11 standard, public key should not have the
...
attribute CKA_SENSITIVE set to TRUE. This attribute is for
private and secret keys only.
2015-12-21 12:11:48 -05:00
25dae28ab5
Access to public key should not be PIN-authenticated. Especially
...
since access to certificate (from which one can get public key)
is not currently PIN-authenticated.
2015-12-21 12:10:46 -05:00
2fd32fdd73
Merge pull request #638 from ibpl/master-IB#1047758
...
Fix smartcard certificate removal and update
2015-12-16 08:21:03 +01:00
de42deaae1
Fix smartcard certificate removal and update
...
This patch fixes bug found in opensc 0.14.0-2 (Debian 8) that blocks
certificate update and removal on Athena ASEPCOS smartcard with error
Failed to update certificate: Security status not satisfied
OpenSC tries to get the parent's 'DELETE' access before cert removal
and leaves path variable pointing to dir not file to be removed.
Author-Change-Id: IB#1047758
2015-12-15 20:09:03 +01:00
e9f94d7818
Align end of the loop with comment in previous line (exit when 90 00 or length completed).
2015-12-15 10:43:48 +01:00
200b09b89f
Merge pull request #622 from germanblanco/dnie_memory_leaks_2
...
Removing memory leaks in DNIe
Refactoring pending. Continued from #606
2015-12-14 20:50:45 +01:00
06f296b978
sc-hsm: implement logout function
...
- re-selection of the applet resets the applet's state
- removes path in key object and fixes #631
2015-12-12 02:28:23 +01:00
57e05d3359
minidriver: use sc_logout for CardDeauthenticate
2015-12-12 02:28:01 +01:00
5129c5a060
Fixed memory leaks
2015-12-09 08:22:45 +01:00
36ceb890ab
Avoid duplicated code of handling security environment
2015-12-06 10:44:08 +01:00
ee65ab85ce
Avoid duplicated code by unifying key usage
2015-12-06 10:43:30 +01:00
5ed3df9024
extend PIN-revalidation to key preparation
2015-12-06 10:42:45 +01:00
3384113616
reset `login_user` with `reset_login_state`
2015-12-06 10:42:45 +01:00
b43ea19320
reset login_user on CKR_USER_NOT_LOGGED_IN
2015-12-06 10:42:45 +01:00
43a844c949
cardos 4.3+: enable logout command
2015-12-06 10:42:45 +01:00
83ef753799
Implemented atomic PKCS#11 transactions
2015-12-06 10:42:45 +01:00
5de1ec4518
Allow ASN.1 decoding if the file seems incomplete
...
Some cards (e.g., BELPIC) have a hardcoded file length that does not
match the actual file length (e.g., 65535 bytes), and simply return the
data that is actually on the card when asked.
It is useful to still be able to do an ASN.1 decode in that case.
Signed-off-by: Wouter Verhelst <w@uter.be>
2015-12-01 16:20:17 +01:00
56d52afb17
Merge pull request #617 from mtrojnar/os_locking
...
Enable OS locking
2015-12-01 11:21:35 +01:00
fa9da7ad01
configurable OS thread locking
2015-12-01 09:19:03 +01:00
b6856e8dbf
don't use unicode ticks
2015-11-30 01:33:11 +01:00
b9adbae5f0
Avoiding conditional directives that split up parts of statements.
2015-11-28 11:33:38 -03:00
d1a1830115
Removing all memory leaks in DNIe but one. Refactoring pending.
2015-11-27 11:32:33 +01:00
f9e614890d
Fix a buffer overflow in thread mutex create
2015-11-26 12:32:47 +01:00
a454dd7fc9
Merge pull request #605 from germanblanco/dnie_ui_depends_on_ssl_2
...
DNIe UI moved into card-dnie.c
closes #362
2015-11-21 19:22:07 +01:00
d9fc49daa5
reader-pcsc: get tlv properties only when supported
2015-11-17 00:52:49 +01:00
641a71a2f4
Merge pull request #601 from frankmorgner/coverity
...
Some more fixes for problems reported by Coverity scan
2015-11-16 12:29:57 +01:00
1596ca4244
DNIe user interface moved into card-dnie.c.
2015-11-10 12:10:56 +01:00
f13da8abfa
removed unsupported opensc_pkcs11_install.js
2015-11-02 23:51:28 +01:00
622b71970f
add compat_report_rangecheckfailure.c to libcompat
2015-11-01 21:02:34 +01:00
d6cea60500
Merge pull request #600 from vletoux/patch_openSSL
...
win32: link OpenSSL statically again
2015-11-01 20:59:49 +01:00
613d698d3d
fixed potential NULL dereference
2015-11-01 17:13:24 +01:00
8a47f238de
win32: link OpenSSL statically again
2015-11-01 13:35:05 +01:00
681e8aef98
Fixed accessing Application label
...
regression of 78018a2b49
2015-11-01 13:22:26 +01:00
218a9eb52c
make casting explicit
2015-11-01 13:18:39 +01:00
98d7578113
ctbcs.c: fixed out of bounds write
2015-11-01 11:33:40 +01:00
a649d66b02
card-westcos.c: fixed dead code
2015-11-01 10:49:19 +01:00
a34d1f7dcd
sc-hsm-tool.c: fixed potential resource leak
2015-11-01 10:44:24 +01:00
4ca7daf31c
pkcs15-tool.c: fixed potential resource leak
2015-11-01 10:44:24 +01:00
5399c264fb
cryptoflex-tool.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
c2ff4f090a
pkcs15-pubkey.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
0f9645587a
cwa14890.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
21a8e7e5f9
Merge pull request #591 from vletoux/isoApplet
...
isoApplet: fix card not recognized by minidriver
2015-10-31 02:28:21 +01:00
451386886d
Merge pull request #573 from frankmorgner/coverity
...
Fix some more memory leaks reported by Coverity
2015-10-31 02:24:51 +01:00
8e7049c2fa
removed unused variables
2015-10-30 18:21:40 +01:00
fa9ffb7b90
fixed uninitialized variable
...
regression of baab26d871
2015-10-30 18:21:40 +01:00
9f0087d968
fixed missing includes
2015-10-30 18:21:40 +01:00
ad5d16927c
fixed cflags for onepin module
2015-10-30 16:45:22 +01:00
00ea7a68be
Removes unused variables
2015-10-30 12:18:04 +01:00
7e29fcd26c
pkcs15-authentic.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
f9a73c0b20
pkcs15-sc-hsm.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
0853ecd887
pkcs15-pubkey.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
98b9b37e12
card-openpgp.c: fixed potential resource leak
2015-10-30 12:18:04 +01:00
9e1a5447d4
profile.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
fd904fbcb8
pkcs15-oberthur-awp.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
e7316b60e3
pkcs15-myeid.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
baab26d871
pkcs15-lib.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
4f4c4aa5ec
pkcs15-iasecc.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
34b6d95ec6
card-westcos.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
ecf147099a
card-epass2003.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
2963588887
card-authentic.c: fixed potential resource leak
2015-10-30 12:15:06 +01:00
b96ba14aae
added fall through comment
2015-10-30 12:15:06 +01:00
0caf0d1dd6
sc-hsm: Add missing include introduced by #580
2015-10-29 14:09:01 +01:00
decd5ab987
Merge pull request #580 from frankmorgner/select
...
Fix issues related to selecting a file
2015-10-29 13:30:37 +01:00
c50a951337
Merge pull request #566 from vletoux/ecc_minidriver
...
First ECC support for the minidriver
2015-10-24 23:32:42 +02:00
206eb7124a
isoApplet: fix card not recognized by minidriver
2015-10-23 23:03:25 +02:00
52b6505909
export all C_* symbols
...
Header files distributed with PKCS#11 v2.30 define all functions as
extern and some applications (like BIND 9.10) do not work without all
functions.
2015-10-22 18:07:26 +02:00
249f258ff2
Merge pull request #584 from marschap/card-openpgp-cleanup2
...
OpenPGP card cleanup
2015-10-17 17:36:40 +02:00
4ddf2cc042
Merge pull request #579 from dengert/piv-cac
...
Do not expose access to PIV emulated files from utilities
2015-10-17 17:34:39 +02:00
0ca46910f7
use tabs only for indenting
2015-10-16 09:58:01 +02:00
35175a814c
minidriver: fix according to frank's comments
2015-10-15 22:40:36 +02:00
6109a8792d
OpenPGP: add additional manufacturers
2015-10-15 16:43:10 +02:00
a0ca6b2ef0
OpenPGP: set card's version in pgp_init()
2015-10-15 16:43:10 +02:00
7078fbd505
OpenPGP: cleanup pgp_init()
...
- use LOG_FUNC_RETURN instead of return for symmetry with LOG_FUNC_CALLED
2015-10-15 16:43:10 +02:00
e1db96b73b
OpenPGP: extend pgp_match_card()
...
- explicitly check for supported versions
- log successful matches by AID with their type
- log detection of unsupported OpenPGP-type cards
2015-10-15 16:43:09 +02:00
7c2adb1fc8
OpenPGP: 1st preparations for newer versions
...
- add references to new specs
- add new enum _version constants
2015-10-15 16:43:09 +02:00
69b482dce6
OpenPGP: cleanup pgp_get_card_features()
...
- bug fix: re-initialize index to start searching at the right place
- get rid of unnecessary variable
- add some line breaks & comemnts for easier understanding
2015-10-15 16:42:58 +02:00
2a269c5267
OpenPGP: cleanup pgp_build_tlv()
...
- get rid of intermediate variable
- clarify check in while() loop
- line breaks for easier reading
2015-10-15 16:17:22 +02:00
3d492ae376
OpenPGP: cleanup pgp_erase_card()
...
- get rid of unnecessary variable
- use easily understandable hex representation of APDUs
- auto-calculate APDU length based on hex representation
- restrict scope of some variables
- use sc_log() instead of directly writing to console
- line breaks & comments for easier reading/understanding
- fix typo in log message
2015-10-15 16:17:22 +02:00
3d4fbd776d
OpenPGP: harmonize coding style
...
- 2 line breaks between functions for easier reading
- function type on separate line
- mark each function as 'ABI' or 'Internal'
- slightly doxygen-ize comments introducing functions
- fix typos in comments
- break over-long comment lines
- break comment lines at sensible places
- consistent calling style for DRVDATA()
- no code change
2015-10-15 16:17:22 +02:00
7ba47fd5a9
OpenPGP: consistently use card->ctx in pgp_put_data_plain()
...
- get rid of unnecessary variable
- harmonize coding style: adapt to prevailing use of card->ctx
2015-10-15 16:17:22 +02:00
1a05f968bd
OpenPGP: simplify gnuk_write_certificate()
...
- get rid of unnecessary variables
- use for-loop to initialize/check/increase run variable in one place
- restrict variables to the necessary scope
- use ternary operator inside a statement instead of if...else...
2015-10-15 16:17:22 +02:00
d2b1c8228f
OpenPGP: set apdu_case on declaration
...
- use ternary operator to set apdu_case immediately on declaration
for the GNUK and non-GNUK case
2015-10-15 16:17:22 +02:00
3341c5bb8f
OpenPGP: make logical structure clearer
...
- one line per sub-term in the condition of the conditional statement
2015-10-15 16:17:11 +02:00
e316bf3140
Merge pull request #582 from marschap/openpgp-tool-fixes
...
Openpgp tool fixes
2015-10-15 13:13:18 +02:00
6498721076
piv: fix typos in usage & man page
2015-10-15 12:51:19 +02:00
7de373b3b9
OpenPGP: mark do_erase as an action in openpgp-tool
...
- avoid the unintended output of user info when only erasing was requested
2015-10-15 12:51:10 +02:00
524ad56146
OpenPGP: remove unnecessary semicolons in openpgp-tool
...
- this is C, not a shell script
2015-10-15 12:51:10 +02:00
392bc08d86
OpenPGP: fix pretty name for gender code 39 in openpgp-tool
...
- use the same term that GnuPG uses
2015-10-15 12:51:10 +02:00
e79f1f4b01
OpenPGP: accept -E as option in openpgp-tool
...
- make behaviour match the usage message by accepting '-E' as
alternative short form of '--erase'
2015-10-15 12:51:10 +02:00
e1073c09ea
handle checking of file output in sc_select_file
...
fixes https://github.com/OpenSC/OpenSC/issues/576
2015-10-14 23:25:13 +02:00
bcf9b2bc84
added error checking
2015-10-14 23:14:47 +02:00
e634169a92
added error checking
2015-10-14 23:14:47 +02:00
c371c3b5ec
removed unused variable
2015-10-14 23:08:39 +02:00
f9011b7dc0
fixed indenting
2015-10-14 22:57:10 +02:00
4f13fde7f1
use size_t for a length instead of int
2015-10-14 22:56:53 +02:00
4275dac495
fixed indenting
2015-10-14 22:51:55 +02:00
0bf1f3755c
removed unused variable
2015-10-14 22:48:45 +02:00
fed64b0636
minidriver: fixes according to Frank's comments
2015-10-14 22:48:41 +02:00
949d8614d2
removed unused variable
2015-10-14 22:46:55 +02:00
0258c91f30
removed unused variable
2015-10-14 22:43:12 +02:00
0a96616034
remove unused variable
2015-10-14 22:38:10 +02:00
6573a93d4b
fixed memory leak
2015-10-14 22:37:56 +02:00
a5685b537e
fixed memory leak
2015-10-14 22:34:44 +02:00
15f204c5d6
fixed indenting
2015-10-14 22:32:51 +02:00
895005f4df
added error checking
2015-10-14 22:28:49 +02:00
65bc754b8b
Do not expose access to PIV emulated files from utilities
...
PIV cards uses get/put data not select file and read_binary.
To allow access via pkcs15 emulation card-piv.c emulates
select_file and read_binary but only when used with the path as
created by the piv emulation.
There are no MF.DIR or ED.DIR files.
opensc-tool and opensc-explorer will not work with this emulation.
Patch removes code that caused problems with opensc-tooland opensc-explorer.
2015-10-14 15:27:58 -05:00
00daa3f535
added error checking
2015-10-14 22:27:32 +02:00
9a82ddea8a
fixed memory leak
2015-10-14 22:26:53 +02:00
75d76f5ce4
Merge branch 'master' of https://github.com/OpenSC/OpenSC into OpenSC-master
...
Conflicts:
src/minidriver/minidriver.c
2015-10-14 22:22:19 +02:00
5558b9d368
removed unused parameters
2015-10-14 22:17:33 +02:00
2ed4c8ae6c
Adds error checking
2015-10-14 22:16:44 +02:00
94772c870a
Adds error checking
2015-10-14 22:15:17 +02:00
c9420046c5
Removed unused parameter
2015-10-14 22:08:14 +02:00
77b5138860
Removed unused parameter
2015-10-14 22:02:35 +02:00
851e0a24ff
Merge pull request #571 from frankmorgner/label
...
Fixes accessing fixed size arrays
2015-10-14 18:56:29 +02:00
ee5915700c
Merge pull request #516 from frankmorgner/lock
...
Only re-lock for Windows and Apple
2015-10-13 14:11:29 +02:00
0b268f789a
Allow PIV driver to use cards where default application in not PIV
...
card-piv.c was not selecting the PIV AID correctly from piv_find_aid.
This cause a CAC card that also has the PIV application to fail a VERIFY command
of the pin would use a VERIFY APDU P2 where P2 for PIV is 80, but for CAC was 00.
A CAC card could work if the caller requested the serial number of the card
which did call piv_select_aid. All the OpenSC tools, minidriver and
PKCS#11 do this, but Tokend does not.
This is a partial fix for https://github.com/OpenSC/OpenSC/issues/570 .
Tokend in later MacOS versions still has other issues.
A more complete solution is needed for cards with multiple applications.
I do not have a CAC card or MAC to do any testing.
Thanks to https://github.com/mouse07410 who has a CAC card, and a Mac,
and has tested this fix.
2015-10-11 19:14:02 -05:00
747678c83d
minidriver: remove unnecessary logs on console (certutil -scinfo)
2015-10-11 18:51:36 +02:00
b968fcfb1f
minidriver: Windows x509 enrollment works
...
Removed cmap_record in sc_pkcs15_prkey_info (not used by any driver nor code)
Remove cardcf specific code (cardcf neutralized by CP_CACHE_MODE_NO_CACHE and it maintened by the Base CSP/KSP, not the minidriver)
Add conversion code for Windows GUID / OpenSC self computed GUID
2015-10-11 15:20:04 +02:00
bee1a450c9
minidriver: modified configuration functions
2015-10-11 10:39:02 +02:00
7551baafbd
minidriver: add crt secure functions (*_s)
2015-10-10 22:07:49 +02:00
ebfb76d311
minidriver: fix library import for guid & one compilation warning
2015-10-10 19:01:14 +02:00
8f4420cb78
minidriver: factorize container naming code
2015-10-10 15:39:27 +02:00
227f48d7b0
minidriver: replace one sprintf by sprintf_s
2015-10-10 14:15:23 +02:00
da1d4cc78a
Fix locking issue on OS X
...
Works around Apple shipping PCSC-Lite headers without PCSC-Lite. Let's
say they do it for "backward compatibility"...
2015-10-08 08:24:40 +02:00
a6b36507a3
removed unused parent in md directory/file
2015-10-06 22:49:32 +02:00
d18ddcb446
fixed accessing fixed size md file/directory name
2015-10-06 22:49:16 +02:00
6c61bf6815
fixed accessing fixed size guid
2015-10-06 22:49:16 +02:00
f42a1c2563
Replace outdated address okir@lst.de -> okir@suse.de
...
Signed-off-by: Olaf Kirch <okir@suse.de>
2015-10-05 14:07:28 +02:00
137afb10b7
Check for NUL in label to test its presence
2015-10-05 08:30:47 +02:00
5b0332528f
fixed accessing app_label in sc_pkcs15_data_info_t
2015-10-05 08:23:02 +02:00
811a86e72a
fix: set the container name as the id if md_guid_as_label is set
2015-10-04 19:49:31 +02:00
f9cd1fc476
fixed accessing fixed size cvc members
2015-10-04 17:53:51 +02:00
161e84f066
pkcs15-tool.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
35f028a57c
pkcs15-init.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
d709347c2b
pkcs15-crypt.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
191af692c8
print.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
e171789dad
pintest.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
7c1feb1b8a
pkcs15-oberthur.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
fa3f4d632c
pkcs15-lib.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
1046d951ba
framework-pkcs15.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
c56fe19b31
minidriver.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
64417c271e
fixed out of bounds access
2015-10-04 13:19:29 +02:00
78018a2b49
fixed string operation on fixed size array
2015-10-04 13:07:39 +02:00
d33517a58b
fixed missing comma
2015-10-04 12:55:25 +02:00
9e500e0b9a
fixed bad typecast
2015-10-04 12:52:49 +02:00
50e81d1de0
added missing break
2015-10-04 12:45:25 +02:00
3edf32ca9c
fix: when exporting immediatly an ECC key when the ECC key just has been created
...
This test case is triggered when requesting a ECC certificate from ADCS:
NCryptCreatePersistedKey followed by NCryptExportKey
2015-10-03 19:41:34 +02:00
c3f2cb142f
fix "use guid as label"
...
Allow to use as pkcs15 label the windows container name (max: 39 characters)
2015-10-03 18:59:52 +02:00
b667645797
fix compilation warning
2015-10-03 18:56:19 +02:00
ac65af0669
Fixes unreleased locks with pcsc-lite
...
This is a bug in PCSC-Lite propably won't be fixed, see
https://alioth.debian.org/tracker/index.php?func=detail&aid=315083&group_id=30105&atid=410088
Fixes https://github.com/OpenSC/OpenSC/issues/480
Closes https://github.com/OpenSC/OpenSC/pull/487
2015-10-03 12:55:15 +02:00
5e242c5fb2
Merge pull request #560 from CardContact/fix_sc_pkcs15init_finalize_profile
...
Removed error check to support card with PKCS#15 emulation but no mat…
2015-10-02 15:18:14 +02:00
a15363198c
Merge pull request #569 from mdealencar/patch-2
...
fix: change SC_TERMINATE (undefined) to SC_CTX_FLAG_TERMINATE
2015-10-02 15:16:42 +02:00
4f4643ee3e
Merge pull request #452 from frankmorgner/memory-leaks
...
Fix some memory leaks
2015-10-02 15:13:34 +02:00
Viktor Tarasov
Hannu Honkanen
Doug Engert
Frank Morgner
Frank Morgner
Ludovic Rousseau
Andreas Schwier
Ludovic Rousseau
German Blanco
Lukas Wunner
vletoux
LE TOUX Vincent
Frank Thater
Feitian Technologies
Aleksey Samsonov
Chris Elledge
Uri Blumenthal
Pawel Boguslawski
Wouter Verhelst
Michał Trojnara
Flavio Medeiros
Petr Spacek
Peter Marschall
Olaf Kirch