8382f243b2
fixed 337891 Out-of-bounds write
2019-04-25 15:44:11 +02:00
bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11
2019-04-25 14:51:54 +02:00
e21cb5712c
Fix in encrypt_decrypt(), initialize the mgf
2019-04-24 14:03:35 +02:00
8cf1e6f769
pkcs11-tool: List supported GOST mechanisms
2019-04-17 16:42:12 +02:00
a5382d32fd
pkcs11-tool: Show GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
0e12b1dc71
pkcs11-tool: Generate GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
4614beb87e
pkcs11-tool: Add keys access flags
2019-04-17 16:40:41 +02:00
91a1dd9af4
Option to delete object by index
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
3935d501bf
Implement Secret Key write object
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
fe95520e3e
explicitly import libpkcs11.h
2019-04-08 11:16:13 +02:00
fc4d600634
pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
...
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
f631b5f733
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:39:52 +02:00
4913feadb8
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:38:12 +02:00
31831c300b
Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits.
2019-03-12 08:52:06 +01:00
728d099a53
FIX typo OpenSSL vs OpenSsl.
2019-03-06 11:35:11 +01:00
b327b76134
FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt().
2019-03-06 10:26:05 +01:00
ba185954c5
fixed 333709 Unchecked return value
2019-03-06 00:42:38 +01:00
7271fe610b
Add support for the OpenSsl signature format for the signature verification.
2019-02-18 16:03:41 +01:00
9ae507c5f8
Fix indentation.
2019-02-12 14:09:26 +01:00
b63a868e68
Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined.
2019-02-12 10:42:39 +01:00
973625773b
Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a.
2019-02-07 10:42:48 +01:00
084624f340
Fix CKM_RSA_PKCS in encrypt_decrypt().
2019-02-05 12:03:51 +01:00
9aa413bd7e
Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported.
2019-02-05 11:35:42 +01:00
d25fbe3cec
Remove 2 useless comments in encrypt_decrypt().
2019-02-05 11:24:33 +01:00
3d09823df0
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. Fix formatting.
2019-02-04 14:26:02 +01:00
f030aa2c25
Add support for CKM_RSA_X_509 in encrypt_decrypt() and decrypt_data().
2019-02-04 14:23:13 +01:00
9b7605ff3c
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). Only set the OAEP params for CKM_RSA_PKCS_OAEP, I had an issue with a variable not initialized.
2019-02-01 15:27:55 +01:00
cf617da4bd
Before calling encrypt_decrypt() make sure that the mechanism is for RSA and supports decryption, otherwise skip it.
2019-02-01 11:37:47 +01:00
2be799f739
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting.
2019-02-01 11:35:25 +01:00
16ca73ae40
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal().
2019-02-01 11:19:33 +01:00
968bfa8444
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt().
2019-02-01 09:16:59 +01:00
ff3448fb18
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined.
2019-02-01 09:13:21 +01:00
f412995811
Bug fix in verify_signature() when the buffer to verify is larger than 1025 bytes. In this case, the signature length given to C_VerifyFinal() was incorrect.
2019-02-01 09:10:02 +01:00
84f0a88edb
Remove postecert and infocamere support because no longer issued ( #1584 )
...
* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
2019-01-30 22:01:24 +01:00
993f6f5cc6
Use opensc-pkcs11.so for static build of pkcs11-tool
...
Statically link opensc-pkcs11 into pkcs11-tool with --disable-shared
2019-01-30 21:57:59 +01:00
4b30858092
pkcs11-tool: fixed argument type
...
reported by lgtm
2019-01-20 23:02:21 +01:00
c3a9837b10
Add mechanisms used by SoftHSM2
...
/Library/OpenSC/bin/pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -M
will not show any more numeric mechanisms.
Source: https://www.cryptsoft.com/pkcs11doc/STANDARD/include/v240e01/pkcs11t.h
2019-01-15 13:07:58 +02:00
e19fe680c4
Add object type "secrkey" to help of --type switch in pkcs11-tool ( #1575 )
...
* Add object type "secrkey" to help of --type switch in pkcs11-tool
Reading an object with pkcs11-tool requires the `--type` switch. The help for that switch is currently incomplete as it is missing the (not very friendly named" *secrkey* option used to read out a secret key object.
I have added this information to the help description.
* Update man page
Describe secrkey option of pkcs11-tool's --type switch in man page
2019-01-15 07:32:41 +01:00
9e5a324903
Edited according to PR review: CKA_ALWAYS_AUTHENTICATE only associated with private keys. Defined a custom attribute to achieve same functionality with secret keys. Updated man pages.
2018-12-05 12:10:42 +01:00
ee8c80af4f
Implemented handling of CKA_ALWAYS_AUTHENTICATE attribute when importing and generating keys, mapping it to pkcs#15 userConsent field. Added command line options to pkcs11-tool and pkcs15-init tool to use the feature.
2018-12-05 12:10:42 +01:00
f1f98f829c
pkcs11-tool: Unbreak signature and verification in pkcs11-tool
2018-11-25 22:07:33 +01:00
b9e33a3c64
Coverity warnings
...
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it
2018-10-01 23:07:34 +02:00
9a853176b8
pkcs11-tool: Support for signature verification
...
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-30 21:23:27 +02:00
1f06a76b1a
openssl: Bump openssl requirement to 0.9.8
2018-09-14 08:21:40 +02:00
2b60a0db0f
Add support for SmartCard-HSM 4K (V3.0)
2018-08-31 13:42:44 +02:00
332535c544
Workaround subject and issuer fields overflow
...
Structure `x509cert_info` fields `subject` and `issuer`
are doubled in size up to 512 bytes.
We have to use dynamic memory allocation
to completely overcome the issue.
Relates to OpenSC/OpenSC#1412 .
2018-07-11 10:13:14 +02:00
b3e3ab61c0
avoid integer underflow
2018-06-29 17:14:55 +02:00
2c167a9982
Address compiler warnings when using --disable-optimization ( #1325 )
...
* Handle errors as intended in sc_pkcs15emu_openpgp_add_data()
If a data object can be read, but it cannot be added to the PKCS#15
framework, return from this function with an error; do not continue
reading other data objects. Otherwise, do not return an error from
this function when a data object cannot be read or is empty.
Improve existing comments for clarity.
* Address other compiler warnings when using --disable-optimization
Certain variables that are not initialized when they are declared
prevent the build from completing, when --disable-optimization is
passed to ./configure.
2018-04-15 09:37:43 +02:00
5abe99d228
fix typos
...
Mass-typo fixing, almost exclusively in comments and text strings.
While at it also fixed a few (very few) grammar errors.
2018-04-15 09:34:45 +02:00
eb646dd370
Do not create getSUBJECT without OpenSSL
2018-04-04 21:43:01 +02:00
Frank Morgner
alegon01
Dmitriy Fortinskiy
Raul Metsma
Jakub Jelen
opensignature
Martin Paljak
Mat
Hannu Honkanen
Priit Laes
asc
Eugene Bright
David Ward
Peter Marschall