Jakub Jelen
485b6cff44
p11test: Add support for EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
32ec1f92b9
openpgp: Set reasonable usage for (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
e7d390f9dd
openpgp: Unbreak EC algorithms for GNUK
...
Since 09a594d
bringing ECC support to openPGP card, it did not count
with GNUK. This adds exception for GNUK to unbreak ECC signatures
as GNUK presents BCD version < 3.
2021-03-01 15:42:29 +01:00
Jakub Jelen
a965829f52
openpgp: Use only Derive mechanism for curve25519 keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
5d5c391793
opensc-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
5178e74e1b
pkcs11-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
2fb688683e
pkcs15-tool: Support for new (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
b351bf5ea4
openpgp: Initial support for (X)EdDSA keys
2021-03-01 15:42:29 +01:00
Jakub Jelen
caae75758c
Add internal support for (X)EdDSA keys
2021-03-01 15:42:26 +01:00
Jakub Jelen
80f80317d1
pkcs11: Add new SHA3 identifiers
2021-03-01 14:35:51 +01:00
Jakub Jelen
095c28e372
pkcs11: Add new (X)EDDSA identifiers
2021-03-01 14:35:51 +01:00
Jakub Jelen
0455a5665e
winscard: Add missing constant define
2021-03-01 14:35:51 +01:00
Jakub Jelen
c78fa164c9
openpgp-tool: Fix typos OpenGPG -> OpenPGP
2021-03-01 14:35:51 +01:00
Jakub Jelen
a30bf95eed
openpgp: Fix typo in the card name
2021-03-01 14:35:51 +01:00
Jakub Jelen
a5a6757d10
pkcs11-tool: Add CKA_KEY_TYPE attribute for keygen as recommeneded in specification
2021-03-01 14:35:50 +01:00
Jakub Jelen
e82f875047
pkcs11-spy: Systematize output of C_GetMechanismInfo
2021-03-01 14:35:50 +01:00
Jakub Jelen
86e01d7c47
pkcs11: Prefer CKA_EC_PARAMS over deprecated CKA_ECDSA_PARAMS by listing it first in the list
2021-03-01 14:35:50 +01:00
Jakub Jelen
f726d4f201
Improve logging mostly in opengpg
2021-03-01 14:35:50 +01:00
Frank Morgner
5b42a62ec0
use macos' ${Caches} by default
2021-03-01 11:49:14 +01:00
Frank Morgner
fe6864c5f3
fixed 354852 Invalid type in argument to printf format specifier
2021-02-25 23:34:57 +01:00
Frank Morgner
c2670b0787
fixed 13755 Resource leak
...
... as reported by coverity scan.
p11cards are freed by emptying the virtual slots. virtual slots are
creatd with the framework's create_tokens. Hence, we need to free
p11card if no tokens were created.
2021-02-25 23:34:57 +01:00
Frank Morgner
881dca94ef
avoid memory leak when creating pkcs#15 files
2021-02-25 23:34:57 +01:00
Frank Morgner
d353a46d04
tcos: fixed memcpy with 0 or less bytes
2021-02-25 23:34:57 +01:00
Peter Popovec
6738d456ac
ECDSA verify
...
Added support for raw ECDSA verify.
2021-02-25 18:37:18 +01:00
Frank Morgner
999874fb1c
fixed potential memory issue
...
closes https://github.com/OpenSC/OpenSC/pull/2230
2021-02-25 18:36:39 +01:00
Luka Logar
c80375eb4c
Minidriver RSA-PSS signing not working
...
I am using a somewhat modified version of IsoApplet. Up till now it worked fine. However recently I stumbled upon a web site that
forces a client cert auth with RSA-PSS. And (at least on windows, using minidriver) it didn't work. It looks to me, that it's a bug
in the PSS support code in minidriver, as I cannot find any place where a MGF1 padding scheme is specified. And since none is specified
signing fails. This patch fixes this. It assumes, that the same hash is used for hashing and padding.
2021-02-25 18:35:57 +01:00
Jakub Jelen
5f7c91e54f
pkcs15-isoApplet: Avoid uninitialized reads
...
Thanks coverity
CID 365817
2021-02-25 09:08:52 +01:00
Jakub Jelen
46cfe89b3c
pkcs15-iasecc: Avoid memory leak
...
Thanks coverity
CID 365818
2021-02-25 09:08:52 +01:00
Jakub Jelen
a567ab9dca
p11test: Fix possible resource leak
...
Thanks coverity
CID 365819
2021-02-25 09:08:52 +01:00
Jakub Jelen
cee431a3ce
pkcs15-iasecc: Check return value as in other cases
...
Thanks coverity
CID 365820
2021-02-25 09:08:52 +01:00
Jakub Jelen
ffed34663d
sm-global-platform: Fix possible memory leak
...
Thanks coverity
CID 365821
2021-02-25 09:08:52 +01:00
Jakub Jelen
3b556ef618
sm-cwa14890: Fix resource leak
...
CID 365822
Thanks oss-fuzz
2021-02-25 09:08:52 +01:00
Jakub Jelen
1dbe4b5a5b
isoApplet: Prevent reading uninitialized values
...
CID 365823
Thanks coverity
2021-02-25 09:08:52 +01:00
Jakub Jelen
2f232f217b
pkcs11-tool: Avoid double free and check allocation
...
366349 Double free
Thanks coverity
2021-02-25 09:08:52 +01:00
Jakub Jelen
ae1cf0be90
iasecc: Prevent stack buffer overflow when empty ACL is returned
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800
2021-02-25 09:08:52 +01:00
Jakub Jelen
1252aca9f1
cardos: Correctly calculate the left bytes to avoid buffer overrun
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
2021-02-25 09:08:52 +01:00
Jakub Jelen
17d8980cde
oberthur: Avoid two buffer overflows
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112
2021-02-25 09:08:52 +01:00
Jakub Jelen
9c91a4327e
oberthur: Free another read data on failure paths
2021-02-25 09:08:52 +01:00
Jakub Jelen
7ba89daae6
apdu: Do not insert delay while fuzzing
...
This was timeout after 60 seconds. After skipping this call, we
get down to 1 s for the same input
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27423
2021-02-25 09:08:52 +01:00
Jakub Jelen
251c4f6b76
oberthur: Avoid memory leaks
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29998
2021-02-25 09:08:52 +01:00
alt3r 3go
3044557299
openpgp: fix DO deletion
...
This fixes a problem reported in Nitrokey forum at
https://support.nitrokey.com/t/veracrypt-encryption-with-nitrokey-error/2872
as inability to save the VeraCrypt's keyfile onto the token
after deleting an existing one, unless the PKCS11 is reinitialized.
Reason: commit cbc53b9
"OpenPGP: Support write certificate for Gnuk"
introduced a condition on getting the blob handle, which is surplus
(the pgp_find_blob() function actually does that) and prevents
the blob refresh upon deletion, breaking the logic introduced
earlier in commit 9e04ae4
and causing the higher-level effect reported.
While at it, corrected comments to actually reflect the flow logic.
Tested on Fedora 33 using the repro steps from the forum and Nitrokey Pro.
Signed-off-by: alt3r 3go <alt3r.3go@protonmail.com>
2021-02-16 13:07:19 +01:00
ihsinme
6372adeb20
Update card-oberthur.c
2021-02-11 12:32:19 +01:00
ihsinme
0a3d7a28a7
Update card-epass2003.c
2021-02-11 12:32:19 +01:00
Zhang Xiaohui
49788678fe
Small memory leak fix
2021-02-10 09:26:37 +01:00
Zhang Xiaohui
1c4a01d766
Small memory leak fix
2021-02-10 09:26:11 +01:00
Vincent JARDIN
66e5600b27
IASECC: log AID selection
...
Record the selection of the AID for better debugging
2021-02-05 12:09:20 +01:00
Jakub Jelen
8a6026abf5
Avoid memory leak from profile objects
2021-02-05 00:22:43 +01:00
Jakub Jelen
da247384e7
pkcs11: Do not advertize VERIFY flag on the EC derive mechanisms
...
Amends 285db1ef
2021-02-05 00:22:43 +01:00
Jakub Jelen
176b20f339
pkcs11-tool: Display additional EC mechanism flags
2021-02-05 00:22:43 +01:00
Jakub Jelen
cb074c5fa0
pkcs11: Add new mechanism flags from EC curves from current PKCS #11 3.0
2021-02-05 00:22:43 +01:00