578128e464
Fix build on travis and with CryptoTokenKit enabled
2021-03-16 11:49:02 +01:00
1325d5c333
travis: use newer version of xcode for pushed binaries
2021-03-16 11:49:02 +01:00
85c5610d39
Build arm64 on macOS with Xcode 12.2
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2021-03-16 11:49:02 +01:00
63e6683384
mac: use dedicated entitlements for binaries and scripts
...
fixes the codesigning issue with the unknown blobs in the entitlements
(missing "/" to complete blob)
2021-03-16 11:49:02 +01:00
f46b617397
Skip authentication if card access control mechanism is not active.
...
Depending on the "lifecycle" of the file, we may omit the authentication
operation. Typically if the card is in initialization or creation state,
the access control mechanism is inactive. If authentification can be
skiped, the card driver is responsible for setting the "acl_inactive"
variable in sc_file structure.
2021-03-16 10:57:05 +01:00
8e614bfe6e
Nightly: unencrypt only if encrypted key is in available
2021-03-15 14:16:12 +01:00
8d61d0d20d
Use more portable switch for uniq to unbreak osx build
2021-03-15 09:33:55 +01:00
1ef79e99f7
reader-pcsc: Avoid strict aliasing issues
2021-03-09 23:59:58 +01:00
60632100a0
pkcs11: Avoid redefinition of ck_interface ( #2243 )
2021-03-09 23:59:58 +01:00
63031b2193
pkcs11-tool: Avoid strict-aliasing issues on 32b architectures
2021-03-09 23:59:58 +01:00
544dcc6827
configure: Warn about strict alliasing issues in strict builds
2021-03-09 23:59:58 +01:00
2fa6700599
Remove more issues with strict aliasing
...
These would demonstrate with gcc11 and can be detected with gcc
flag -Wstrict-aliasing=2 (also with older gcc)
2021-03-09 23:59:58 +01:00
45e262f537
westcos: Avoid strict aliasing violations
2021-03-09 23:59:58 +01:00
b5f26051bb
Fix build on gcc11
...
This made most of the applications crashing in Fedora 34 when
smart card was plugged in.
The suggested patch makes the code path more obvious for gcc to
handle.
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
2021-03-09 23:59:58 +01:00
5b42a62ec0
use macos' ${Caches} by default
2021-03-01 11:49:14 +01:00
fe6864c5f3
fixed 354852 Invalid type in argument to printf format specifier
2021-02-25 23:34:57 +01:00
c2670b0787
fixed 13755 Resource leak
...
... as reported by coverity scan.
p11cards are freed by emptying the virtual slots. virtual slots are
creatd with the framework's create_tokens. Hence, we need to free
p11card if no tokens were created.
2021-02-25 23:34:57 +01:00
881dca94ef
avoid memory leak when creating pkcs#15 files
2021-02-25 23:34:57 +01:00
d353a46d04
tcos: fixed memcpy with 0 or less bytes
2021-02-25 23:34:57 +01:00
6738d456ac
ECDSA verify
...
Added support for raw ECDSA verify.
2021-02-25 18:37:18 +01:00
999874fb1c
fixed potential memory issue
...
closes https://github.com/OpenSC/OpenSC/pull/2230
2021-02-25 18:36:39 +01:00
c80375eb4c
Minidriver RSA-PSS signing not working
...
I am using a somewhat modified version of IsoApplet. Up till now it worked fine. However recently I stumbled upon a web site that
forces a client cert auth with RSA-PSS. And (at least on windows, using minidriver) it didn't work. It looks to me, that it's a bug
in the PSS support code in minidriver, as I cannot find any place where a MGF1 padding scheme is specified. And since none is specified
signing fails. This patch fixes this. It assumes, that the same hash is used for hashing and padding.
2021-02-25 18:35:57 +01:00
a322c95d35
mac: disable binary verification
...
fixes https://github.com/OpenSC/OpenSC/issues/2194
2021-02-25 18:35:10 +01:00
5f7c91e54f
pkcs15-isoApplet: Avoid uninitialized reads
...
Thanks coverity
CID 365817
2021-02-25 09:08:52 +01:00
46cfe89b3c
pkcs15-iasecc: Avoid memory leak
...
Thanks coverity
CID 365818
2021-02-25 09:08:52 +01:00
a567ab9dca
p11test: Fix possible resource leak
...
Thanks coverity
CID 365819
2021-02-25 09:08:52 +01:00
cee431a3ce
pkcs15-iasecc: Check return value as in other cases
...
Thanks coverity
CID 365820
2021-02-25 09:08:52 +01:00
ffed34663d
sm-global-platform: Fix possible memory leak
...
Thanks coverity
CID 365821
2021-02-25 09:08:52 +01:00
3b556ef618
sm-cwa14890: Fix resource leak
...
CID 365822
Thanks oss-fuzz
2021-02-25 09:08:52 +01:00
1dbe4b5a5b
isoApplet: Prevent reading uninitialized values
...
CID 365823
Thanks coverity
2021-02-25 09:08:52 +01:00
2f232f217b
pkcs11-tool: Avoid double free and check allocation
...
366349 Double free
Thanks coverity
2021-02-25 09:08:52 +01:00
ae1cf0be90
iasecc: Prevent stack buffer overflow when empty ACL is returned
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800
2021-02-25 09:08:52 +01:00
1252aca9f1
cardos: Correctly calculate the left bytes to avoid buffer overrun
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
2021-02-25 09:08:52 +01:00
17d8980cde
oberthur: Avoid two buffer overflows
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112
2021-02-25 09:08:52 +01:00
9c91a4327e
oberthur: Free another read data on failure paths
2021-02-25 09:08:52 +01:00
7ba89daae6
apdu: Do not insert delay while fuzzing
...
This was timeout after 60 seconds. After skipping this call, we
get down to 1 s for the same input
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27423
2021-02-25 09:08:52 +01:00
251c4f6b76
oberthur: Avoid memory leaks
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29998
2021-02-25 09:08:52 +01:00
3044557299
openpgp: fix DO deletion
...
This fixes a problem reported in Nitrokey forum at
https://support.nitrokey.com/t/veracrypt-encryption-with-nitrokey-error/2872
as inability to save the VeraCrypt's keyfile onto the token
after deleting an existing one, unless the PKCS11 is reinitialized.
Reason: commit cbc53b99e04ae4
2021-02-16 13:07:19 +01:00
6372adeb20
Update card-oberthur.c
2021-02-11 12:32:19 +01:00
0a3d7a28a7
Update card-epass2003.c
2021-02-11 12:32:19 +01:00
49788678fe
Small memory leak fix
2021-02-10 09:26:37 +01:00
1c4a01d766
Small memory leak fix
2021-02-10 09:26:11 +01:00
66e5600b27
IASECC: log AID selection
...
Record the selection of the AID for better debugging
2021-02-05 12:09:20 +01:00
8a6026abf5
Avoid memory leak from profile objects
2021-02-05 00:22:43 +01:00
da247384e7
pkcs11: Do not advertize VERIFY flag on the EC derive mechanisms
...
Amends 285db1ef
2021-02-05 00:22:43 +01:00
176b20f339
pkcs11-tool: Display additional EC mechanism flags
2021-02-05 00:22:43 +01:00
cb074c5fa0
pkcs11: Add new mechanism flags from EC curves from current PKCS #11 3.0
2021-02-05 00:22:43 +01:00
5633129bd8
p11test: Add CKM_ECDSA_SHA224
2021-02-05 00:22:43 +01:00
0d693f63cb
pkcs11-spy: Fix behavior of PKCS#11 3.0 applications when proxying PKCS#11 2.x module
...
Fixes #2204
2021-01-26 13:52:23 +01:00
b5ddaf6e02
Add tests of pkcs11-tool --test-threads
...
These should run when a PR is submitted.
Changes to be committed:
modified: tests/Makefile.am
new file: tests/test-pkcs11-tool-test-threads.sh
2021-01-26 12:50:39 +01:00
Raul Metsma
Frank Morgner
Peter Popovec
Jakub Jelen
Luka Logar
alt3r 3go
ihsinme
Zhang Xiaohui
Vincent JARDIN
Doug Engert