Raul Metsma
578128e464
Fix build on travis and with CryptoTokenKit enabled
2021-03-16 11:49:02 +01:00
Frank Morgner
1325d5c333
travis: use newer version of xcode for pushed binaries
2021-03-16 11:49:02 +01:00
Raul Metsma
85c5610d39
Build arm64 on macOS with Xcode 12.2
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2021-03-16 11:49:02 +01:00
Frank Morgner
63e6683384
mac: use dedicated entitlements for binaries and scripts
...
fixes the codesigning issue with the unknown blobs in the entitlements
(missing "/" to complete blob)
2021-03-16 11:49:02 +01:00
Peter Popovec
f46b617397
Skip authentication if card access control mechanism is not active.
...
Depending on the "lifecycle" of the file, we may omit the authentication
operation. Typically if the card is in initialization or creation state,
the access control mechanism is inactive. If authentification can be
skiped, the card driver is responsible for setting the "acl_inactive"
variable in sc_file structure.
2021-03-16 10:57:05 +01:00
Frank Morgner
8e614bfe6e
Nightly: unencrypt only if encrypted key is in available
2021-03-15 14:16:12 +01:00
Jakub Jelen
8d61d0d20d
Use more portable switch for uniq to unbreak osx build
2021-03-15 09:33:55 +01:00
Jakub Jelen
1ef79e99f7
reader-pcsc: Avoid strict aliasing issues
2021-03-09 23:59:58 +01:00
Jakub Jelen
60632100a0
pkcs11: Avoid redefinition of ck_interface ( #2243 )
2021-03-09 23:59:58 +01:00
Jakub Jelen
63031b2193
pkcs11-tool: Avoid strict-aliasing issues on 32b architectures
2021-03-09 23:59:58 +01:00
Jakub Jelen
544dcc6827
configure: Warn about strict alliasing issues in strict builds
2021-03-09 23:59:58 +01:00
Jakub Jelen
2fa6700599
Remove more issues with strict aliasing
...
These would demonstrate with gcc11 and can be detected with gcc
flag -Wstrict-aliasing=2 (also with older gcc)
2021-03-09 23:59:58 +01:00
Jakub Jelen
45e262f537
westcos: Avoid strict aliasing violations
2021-03-09 23:59:58 +01:00
Jakub Jelen
b5f26051bb
Fix build on gcc11
...
This made most of the applications crashing in Fedora 34 when
smart card was plugged in.
The suggested patch makes the code path more obvious for gcc to
handle.
https://bugzilla.redhat.com/show_bug.cgi?id=1930652
2021-03-09 23:59:58 +01:00
Frank Morgner
5b42a62ec0
use macos' ${Caches} by default
2021-03-01 11:49:14 +01:00
Frank Morgner
fe6864c5f3
fixed 354852 Invalid type in argument to printf format specifier
2021-02-25 23:34:57 +01:00
Frank Morgner
c2670b0787
fixed 13755 Resource leak
...
... as reported by coverity scan.
p11cards are freed by emptying the virtual slots. virtual slots are
creatd with the framework's create_tokens. Hence, we need to free
p11card if no tokens were created.
2021-02-25 23:34:57 +01:00
Frank Morgner
881dca94ef
avoid memory leak when creating pkcs#15 files
2021-02-25 23:34:57 +01:00
Frank Morgner
d353a46d04
tcos: fixed memcpy with 0 or less bytes
2021-02-25 23:34:57 +01:00
Peter Popovec
6738d456ac
ECDSA verify
...
Added support for raw ECDSA verify.
2021-02-25 18:37:18 +01:00
Frank Morgner
999874fb1c
fixed potential memory issue
...
closes https://github.com/OpenSC/OpenSC/pull/2230
2021-02-25 18:36:39 +01:00
Luka Logar
c80375eb4c
Minidriver RSA-PSS signing not working
...
I am using a somewhat modified version of IsoApplet. Up till now it worked fine. However recently I stumbled upon a web site that
forces a client cert auth with RSA-PSS. And (at least on windows, using minidriver) it didn't work. It looks to me, that it's a bug
in the PSS support code in minidriver, as I cannot find any place where a MGF1 padding scheme is specified. And since none is specified
signing fails. This patch fixes this. It assumes, that the same hash is used for hashing and padding.
2021-02-25 18:35:57 +01:00
Frank Morgner
a322c95d35
mac: disable binary verification
...
fixes https://github.com/OpenSC/OpenSC/issues/2194
2021-02-25 18:35:10 +01:00
Jakub Jelen
5f7c91e54f
pkcs15-isoApplet: Avoid uninitialized reads
...
Thanks coverity
CID 365817
2021-02-25 09:08:52 +01:00
Jakub Jelen
46cfe89b3c
pkcs15-iasecc: Avoid memory leak
...
Thanks coverity
CID 365818
2021-02-25 09:08:52 +01:00
Jakub Jelen
a567ab9dca
p11test: Fix possible resource leak
...
Thanks coverity
CID 365819
2021-02-25 09:08:52 +01:00
Jakub Jelen
cee431a3ce
pkcs15-iasecc: Check return value as in other cases
...
Thanks coverity
CID 365820
2021-02-25 09:08:52 +01:00
Jakub Jelen
ffed34663d
sm-global-platform: Fix possible memory leak
...
Thanks coverity
CID 365821
2021-02-25 09:08:52 +01:00
Jakub Jelen
3b556ef618
sm-cwa14890: Fix resource leak
...
CID 365822
Thanks oss-fuzz
2021-02-25 09:08:52 +01:00
Jakub Jelen
1dbe4b5a5b
isoApplet: Prevent reading uninitialized values
...
CID 365823
Thanks coverity
2021-02-25 09:08:52 +01:00
Jakub Jelen
2f232f217b
pkcs11-tool: Avoid double free and check allocation
...
366349 Double free
Thanks coverity
2021-02-25 09:08:52 +01:00
Jakub Jelen
ae1cf0be90
iasecc: Prevent stack buffer overflow when empty ACL is returned
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800
2021-02-25 09:08:52 +01:00
Jakub Jelen
1252aca9f1
cardos: Correctly calculate the left bytes to avoid buffer overrun
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912
2021-02-25 09:08:52 +01:00
Jakub Jelen
17d8980cde
oberthur: Avoid two buffer overflows
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112
2021-02-25 09:08:52 +01:00
Jakub Jelen
9c91a4327e
oberthur: Free another read data on failure paths
2021-02-25 09:08:52 +01:00
Jakub Jelen
7ba89daae6
apdu: Do not insert delay while fuzzing
...
This was timeout after 60 seconds. After skipping this call, we
get down to 1 s for the same input
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27423
2021-02-25 09:08:52 +01:00
Jakub Jelen
251c4f6b76
oberthur: Avoid memory leaks
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29998
2021-02-25 09:08:52 +01:00
alt3r 3go
3044557299
openpgp: fix DO deletion
...
This fixes a problem reported in Nitrokey forum at
https://support.nitrokey.com/t/veracrypt-encryption-with-nitrokey-error/2872
as inability to save the VeraCrypt's keyfile onto the token
after deleting an existing one, unless the PKCS11 is reinitialized.
Reason: commit cbc53b9
"OpenPGP: Support write certificate for Gnuk"
introduced a condition on getting the blob handle, which is surplus
(the pgp_find_blob() function actually does that) and prevents
the blob refresh upon deletion, breaking the logic introduced
earlier in commit 9e04ae4
and causing the higher-level effect reported.
While at it, corrected comments to actually reflect the flow logic.
Tested on Fedora 33 using the repro steps from the forum and Nitrokey Pro.
Signed-off-by: alt3r 3go <alt3r.3go@protonmail.com>
2021-02-16 13:07:19 +01:00
ihsinme
6372adeb20
Update card-oberthur.c
2021-02-11 12:32:19 +01:00
ihsinme
0a3d7a28a7
Update card-epass2003.c
2021-02-11 12:32:19 +01:00
Zhang Xiaohui
49788678fe
Small memory leak fix
2021-02-10 09:26:37 +01:00
Zhang Xiaohui
1c4a01d766
Small memory leak fix
2021-02-10 09:26:11 +01:00
Vincent JARDIN
66e5600b27
IASECC: log AID selection
...
Record the selection of the AID for better debugging
2021-02-05 12:09:20 +01:00
Jakub Jelen
8a6026abf5
Avoid memory leak from profile objects
2021-02-05 00:22:43 +01:00
Jakub Jelen
da247384e7
pkcs11: Do not advertize VERIFY flag on the EC derive mechanisms
...
Amends 285db1ef
2021-02-05 00:22:43 +01:00
Jakub Jelen
176b20f339
pkcs11-tool: Display additional EC mechanism flags
2021-02-05 00:22:43 +01:00
Jakub Jelen
cb074c5fa0
pkcs11: Add new mechanism flags from EC curves from current PKCS #11 3.0
2021-02-05 00:22:43 +01:00
Jakub Jelen
5633129bd8
p11test: Add CKM_ECDSA_SHA224
2021-02-05 00:22:43 +01:00
Jakub Jelen
0d693f63cb
pkcs11-spy: Fix behavior of PKCS#11 3.0 applications when proxying PKCS#11 2.x module
...
Fixes #2204
2021-01-26 13:52:23 +01:00
Doug Engert
b5ddaf6e02
Add tests of pkcs11-tool --test-threads
...
These should run when a PR is submitted.
Changes to be committed:
modified: tests/Makefile.am
new file: tests/test-pkcs11-tool-test-threads.sh
2021-01-26 12:50:39 +01:00