Frank Morgner
0abe9d11c7
pkcs11: (de-) initialize notifications on load
...
fixes https://github.com/OpenSC/OpenSC/issues/1507
fixes https://github.com/OpenSC/pkcs11-helper/issues/16
2019-04-04 11:04:50 +02:00
Raul Metsma
9ba8f56037
Change u8 *data to const because sc_apdu unsigned char *data is const
...
Name sc_format_apdu parameters for IDE help hints
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-03 22:15:54 +02:00
Raul Metsma
4ba086bfd4
Use strdup and fix all casts
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-01 12:53:33 +02:00
Martin Paljak
ea74308512
iso7816_read_binary: do not assume that 6282 is returned with data
...
Instead of a double check_sw call in case there is no data, assume
that a SW is properly sent by the card and do not expose
SC_ERROR_FILE_END_REACHED outside of the function
(like sc_pkcs15_read_file)
This is to facilitate Estonian eID 2018+ that instead of properly returning
6282 with trunkated data, 9000 is returned and next READ BINARY returns
6b00 (invalid p1/p2). The change should be generally harmless for well-behaving
cards.
Change-Id: I7511ab4841d3bcdf8d6f4a37a9315ea4ac569b10
2019-04-01 12:51:00 +02:00
Peter Popovec
f070c99b65
opensc-tool: do not use card driver to read ATR
...
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader. Before use of card driver,
do only card reader connect, then print ATR. Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
2019-03-25 14:34:26 +01:00
Frank Morgner
b389b19ca5
Merge pull request #1633 from metsma/esteid
...
Only EstEID 3.5 has EC 384 keys
2019-03-25 14:31:02 +01:00
Frank Morgner
2f4df1b93e
tools: unified handling of gengetopt
2019-03-25 14:30:09 +01:00
Frank Morgner
fc9277b778
use compat_getopt_long if getopt_long is not available
...
uses the autoconf way for replacing getopt.h
fixes https://github.com/OpenSC/OpenSC/issues/1527
2019-03-25 14:30:09 +01:00
Raul Metsma
7ae54f490d
Remove dead code ( #1638 )
2019-03-25 14:28:53 +01:00
Frank Morgner
8dea0a9028
fix overlapping memcpy
...
Fixes https://github.com/OpenSC/OpenSC/issues/1631
2019-03-18 23:33:24 +01:00
Frank Morgner
6aa5410e73
goid-tool: live with short length APDUs
2019-03-18 13:59:11 +01:00
Raul Metsma
4d2254a092
Only EstEID 3.5 has EC 384 keys
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 23:01:07 +02:00
Frank Morgner
2e87e4cfed
fixed issues from review
2019-03-13 21:22:19 +01:00
Frank Morgner
b7ec7f95b1
pkcs11: fixed token label
2019-03-13 21:22:19 +01:00
Frank Morgner
0079d836f3
pkcs11: truncate oversized labels with '...'
2019-03-13 21:22:19 +01:00
Raul Metsma
1e6d3df201
Remove un-lincenced header file
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 21:19:26 +01:00
Frank Morgner
71b85d15e4
opensc.conf: Configure handling of private_certificate
...
possible choices: ignore, protect, declassify
fixes https://github.com/OpenSC/OpenSC/issues/1430
2019-03-13 21:18:57 +01:00
Frank Morgner
1e0743b29f
removed untested use of SC_SEC_OPERATION_AUTHENTICATE
...
fixes https://github.com/OpenSC/OpenSC/issues/1271
2019-03-13 21:17:54 +01:00
Frank Morgner
106b3a28b1
acos5: removed incomplete driver
...
fixes https://github.com/OpenSC/OpenSC/issues/1204
2019-03-13 21:17:54 +01:00
Frank Morgner
9fa1722f73
sc_bin_to_hex returns a Nul terminated string
2019-03-13 21:17:00 +01:00
Frank Morgner
eb8f28db20
fixed error handling
2019-03-13 21:17:00 +01:00
Frank Morgner
d4f1decd15
Make sure card's strings are Nul terminated
...
Avoids out of bounds reads when using internal operations with the given string
2019-03-13 21:17:00 +01:00
Frank Morgner
d953998aa3
npa-tool: force default card driver
2019-03-13 12:01:09 +01:00
alegon01
31831c300b
Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits.
2019-03-12 08:52:06 +01:00
Frank Morgner
6472027848
tools: release context when card connection fails
2019-03-07 22:18:54 +02:00
Pierre Ossman
bc4eeda573
Remove readers when smart card service stops
...
The code already removes all active cards when the service goes
away, but it doesn't remove the reader. This can be a bit confusing
since they will still be polled and listed.
2019-03-07 21:51:02 +02:00
Pierre Ossman
9ed5f63c17
Fix smart card removal handling for older PC/SC
...
Older PC/SC doesn't have the code SCARD_E_NO_READERS_AVAILABLE, so fix
the code to handle such systems as well.
2019-03-07 21:51:02 +02:00
Pierre Ossman
9e9bdac2f1
Handle reader going missing
...
It might just be this specific reader going missing, and not all
of them.
2019-03-07 21:51:02 +02:00
Raul Metsma
b227fb8b9f
Cleanup EstEID 1.0/1.1 lefovers
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-07 21:31:08 +02:00
Scott Gayou
0d79675497
Small memory leak fix (CVE-2019-6502 in #1586 )
...
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.
2019-03-06 19:51:43 +01:00
alegon01
728d099a53
FIX typo OpenSSL vs OpenSsl.
2019-03-06 11:35:11 +01:00
alegon01
b327b76134
FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt().
2019-03-06 10:26:05 +01:00
Frank Morgner
19c5ab315d
fixed uninitialized use of variable
2019-03-06 08:53:47 +01:00
Frank Morgner
070370895f
fixed 333707 Dereference before null check
2019-03-06 00:42:38 +01:00
Frank Morgner
8fbd0b3ee1
fixed 333708 Dereference after null check
2019-03-06 00:42:38 +01:00
Frank Morgner
ba185954c5
fixed 333709 Unchecked return value
2019-03-06 00:42:38 +01:00
Frank Morgner
e8f8f0bfbb
fixed 333714 Uninitialized scalar variable
2019-03-06 00:42:38 +01:00
Frank Morgner
9abe44f03c
fixed 333715 Dereference after null check
2019-03-06 00:42:38 +01:00
Frank Morgner
e876cf62eb
fixed 333711 Dereference before null check
2019-03-06 00:42:38 +01:00
Frank Morgner
b1a58c7925
removed dead code
2019-03-06 00:42:38 +01:00
Frank Morgner
27526de021
implemented sc_format_apdu_ex
2019-03-05 13:54:13 +01:00
Frank Morgner
155b197932
sc-hsm: require T=1 connection
2019-03-05 13:47:45 +01:00
alegon01
7271fe610b
Add support for the OpenSsl signature format for the signature verification.
2019-02-18 16:03:41 +01:00
Frank Morgner
20daced605
fixed special case of deletion in gnuk_write_certificate
2019-02-14 09:22:23 +01:00
Frank Morgner
1a61ae849f
fixed Null pointer argument in call to memcpy
2019-02-14 09:22:23 +01:00
Frank Morgner
b6fadb469f
fixed sc_decompress_zlib_alloc return code
2019-02-14 09:22:23 +01:00
Frank Morgner
6e48de83c7
avoid allocation of 0 bytes
2019-02-14 09:22:23 +01:00
Frank Morgner
f4fccfd94e
fixed undefined bitshift
2019-02-14 09:22:23 +01:00
Frank Morgner
c858d4b3d1
fixed argument checking
2019-02-14 09:22:23 +01:00
Frank Morgner
6fdb29a470
fixed use of uninitialized values
2019-02-14 09:22:23 +01:00
Frank Morgner
01d515a026
fixed use of garbage value
2019-02-14 09:22:23 +01:00
Frank Morgner
8ea77a83e0
fixed misuse of realloc
2019-02-14 09:22:23 +01:00
Frank Morgner
32e1995300
fixed dead assignment
2019-02-14 09:22:23 +01:00
Frank Morgner
e4a01643a6
fixed possible NULL pointer dereference
2019-02-14 09:22:23 +01:00
Frank Morgner
53954e9ff1
fixed OpenSSL handling in PKCS#11 mapping
...
prevents NULL pointer dereference
2019-02-14 09:22:23 +01:00
Frank Morgner
b708cab0a3
fixed assignment of garbage value
2019-02-14 09:22:23 +01:00
Frank Morgner
85485eb9b0
fixed unused assignments
2019-02-14 09:22:23 +01:00
Frank Morgner
fdb0e6d581
Fixed Potential leak of memory
2019-02-14 09:22:23 +01:00
alegon01
9ae507c5f8
Fix indentation.
2019-02-12 14:09:26 +01:00
alegon01
b63a868e68
Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined.
2019-02-12 10:42:39 +01:00
Raul Metsma
c2cc83754e
select_esteid_df is only used in card-mcrd.c
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-02-12 08:56:20 +01:00
Raul Metsma
f37a8a5c52
is_esteid_card is only used card-mcrd.c
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-02-12 08:56:20 +01:00
Peter Marschall
4757466f27
OpenPGP: space police
...
remove trailing spaces & tabs
2019-02-12 08:55:59 +01:00
Alex Karabanov
04ef9dbf3b
Fix build on cygwin in strict mode ( #1605 )
2019-02-11 20:50:12 +01:00
Frank Morgner
be33e82b75
goid-tool: fixed possible memory leak
...
internally created context needs to be freed if TA/CA is done without
an existing SM context from PACE
2019-02-11 15:41:32 +01:00
Frank Morgner
72cdc9d82e
goid-tool: fixed confusion about always/never acl
2019-02-08 15:08:03 +01:00
Frank Morgner
aca9d79f6d
fixed parsing SoCManager info
2019-02-07 16:56:33 +01:00
alegon01
973625773b
Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a.
2019-02-07 10:42:48 +01:00
alegon01
084624f340
Fix CKM_RSA_PKCS in encrypt_decrypt().
2019-02-05 12:03:51 +01:00
alegon01
9aa413bd7e
Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported.
2019-02-05 11:35:42 +01:00
alegon01
d25fbe3cec
Remove 2 useless comments in encrypt_decrypt().
2019-02-05 11:24:33 +01:00
Frank Morgner
928fbf2f03
goid-tool: implented PIN/FP verification for PAccess
2019-02-04 16:01:56 +01:00
alegon01
3d09823df0
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. Fix formatting.
2019-02-04 14:26:02 +01:00
alegon01
f030aa2c25
Add support for CKM_RSA_X_509 in encrypt_decrypt() and decrypt_data().
2019-02-04 14:23:13 +01:00
alegon01
9b7605ff3c
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). Only set the OAEP params for CKM_RSA_PKCS_OAEP, I had an issue with a variable not initialized.
2019-02-01 15:27:55 +01:00
alegon01
cf617da4bd
Before calling encrypt_decrypt() make sure that the mechanism is for RSA and supports decryption, otherwise skip it.
2019-02-01 11:37:47 +01:00
alegon01
2be799f739
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting.
2019-02-01 11:35:25 +01:00
alegon01
16ca73ae40
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal().
2019-02-01 11:19:33 +01:00
alegon01
968bfa8444
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt().
2019-02-01 09:16:59 +01:00
alegon01
ff3448fb18
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined.
2019-02-01 09:13:21 +01:00
alegon01
f412995811
Bug fix in verify_signature() when the buffer to verify is larger than 1025 bytes. In this case, the signature length given to C_VerifyFinal() was incorrect.
2019-02-01 09:10:02 +01:00
Raul Metsma
36c5461c99
Make function more readable
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-01-30 22:02:14 +01:00
Hannu Honkanen
ec176443e2
Fixes an issue that appeared in 6bf9685 (PR #1540 ). In case use_pinpad==0 && pinsize == 0, uninitialized pinbuf was passed to sc_pkcs15_verify_pin causing problems.
2019-01-30 22:01:52 +01:00
opensignature
84f0a88edb
Remove postecert and infocamere support because no longer issued ( #1584 )
...
* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
2019-01-30 22:01:24 +01:00
Alexander Paetzelt
09a594d0f0
OpenPGP Card v3 ECC support ( #1506 )
...
* pgp: initialize ecc keys for OPC3
* Add supported ECC algorithms by card version
* Add tasks identified so far
* pgp: Recognize ECC set on card
* pgp: get_pubkey_pem read ECC pubkey from card
* pgp: minor code changes for ECC compatibility
* pgp: expand sc_cardctl_openpgp_keygen_info to hold ec info
* Fix segfault problem in pkcs15-pubkey.c
* pgp: enable key generation with pkcs15-init and ECC
* pgp: adapt calculate_and_store_fingerprint to accept ECC
* pgp: adapt rest of pgp_gen_key and subfunctions to accept ECC
* pgp: add kdf parameters for ECDH fingerprint calculation
* pgp: enable key import with pkcs15-init and ECC
* pkcs15-pubkey: fix_ec_parameters onlz accpets explicit data or named_curve
* Fix some mistakes during merge
* More clean up for PR
* Fix some ugly alignments
* Improve code readability
* Prevent unitialized variable by using FUNC_RETURN
* OpenPGP: add length check
* pgp: save exponent length in bits for sc_cardctl_openpgp_keystore_info_t
* pgp: length checks and reallocations
* pgp: oid init added
* OpenPGP: slightly re-factor pgp_update_new_algo_attr()
* replace loop copy with memcpy()
* use ushort2bebytes() to set RSA modulus & exponent
* use symbolic name SC_OPENPGP_KEYFORMAT_RSA_STD for the key import format
* OpenPGP: slighly re-factor pgp_parse_and_set_pubkey_output()
* check for RSA modulus & exponent lengths not being a multiple of 8
* make sure RSA modulus & exponent lengths are always set
* remove a left-over RSA setting from the EC code
* pgp: adding BYTES4BITS
* pgp: initialization of values in pgp_build_extended_header_list based on key type
* pgp: add BYTES4BITS and remove unnecessary tests
* Fix broken pgp_update_new_algo_attr
* pgp: fix the ecpoint_len variable
2019-01-30 22:00:36 +01:00
Frank Morgner
7a7ff50422
fixed memory leaks during card initialization
2019-01-30 21:57:59 +01:00
Frank Morgner
f486486413
removed unused defines
2019-01-30 21:57:59 +01:00
Frank Morgner
97a58cb441
fixed https://github.com/OpenSC/OpenSC/issues/1581
2019-01-30 21:57:59 +01:00
Frank Morgner
aed95b2f2b
pkcs11: check inputs
...
prevents NULL pointer dereference
2019-01-30 21:57:59 +01:00
Frank Morgner
993f6f5cc6
Use opensc-pkcs11.so for static build of pkcs11-tool
...
Statically link opensc-pkcs11 into pkcs11-tool with --disable-shared
2019-01-30 21:57:59 +01:00
Frank Morgner
7f7bcbff52
fixed misuse of realloc
...
calling it with size 0 leads to a free, which eventually may lead to a
double free corruption.
2019-01-30 21:57:59 +01:00
Frank Morgner
2ad7453718
use const qualifier for sc_simpletlv_read/put_tag
2019-01-30 21:57:59 +01:00
Frank Morgner
893be0d9c0
fixed memory leaks
2019-01-30 21:57:59 +01:00
Frank Morgner
83c4ebe9d6
goid-tool: reset authentication status
2019-01-30 13:00:14 +01:00
Frank Morgner
fc08d89247
goid-tool: differ PAccess and SoCManager usage
2019-01-30 09:35:16 +01:00
Frank Morgner
a8c84d490a
handle multiple verifications when changing secret
2019-01-30 09:35:11 +01:00
Raul Metsma
70d690ace7
r value is already checked on line 113 ( #1582 )
2019-01-24 13:15:13 +01:00
Frank Morgner
4916d07ff2
fixed unused check
2019-01-20 23:02:21 +01:00
Frank Morgner
79d019fc5f
fixed typo
...
closes https://github.com/OpenSC/OpenSC/issues/1576
2019-01-20 23:02:21 +01:00
Frank Morgner
745b8cf420
added include guards to compatibility headers
2019-01-20 23:02:21 +01:00