- eac: allow CA without EF.CardSecurity
- sc-hsm: implemented CA based on document PKI
- sc-hsm: adds receive limit for SoC card
- introduces dedicated card type for SoC card
- md: integrate card's PIN pad capabilities
- installer: added SC-HSM SoC card to registry
- pkcs15-tool: Added support for PIN entry on card
- change/unblock PIN: add support for PIN entry on card
- added OpenPACE to macOS build
- travis-ci: install gengetopt/help2man via brew
- sc-hsm: Cache EF.C_DevAut
- sc-hsm: Prevent unnecessary applet selection and state resets
- sc-hsm: added support for session pin
- sc-hsm: avoid multiple AID selection
- sc-hsm: Use the information from match_card for all subsequent selections of the applet
- sc-hsm: cache optional files as empty files (Decoding the files will reveal that they were not existing prior caching. This avoids selecting the file though we have already tried to cache the file before.)
- use dedicated directory for CVC trust anchors
- appveyor: added OpenPACE to windows build
Since "Add GCC format checking attributes to log functions" commit GCC
warns us about problems with format strings and their arguments provided
to OpenSC message logging functions.
This commit fixes all cases where GCC warned about incorrect format on
64-bit Linux, 32-bit and 64-bit mingw builds (with SM and OpenSSL enabled).
Well, almost all since on mingw GCC does not recognize "ll" size specifier
(present at least since Visual Studio 2005, also in mingw own CRT) so these
(few) warnings about it remain.
In most cases format size specifier for size_t type was missing (usually
size was left at default int level, with is different on 64-bit x86).
Some formats had too few / too many arguments.
In some cases pointers were printed as integers.
Some long variables were missing "l" prefix (especially with regard to %x
format).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
_validate_pin was not being called at all during a PIN verification.
After this tools report correctly when the PIN length is invalid, even on pkcs11 layer.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
PIN cache is not updated when PIN is verified using the PIN value from cache.
That's the case of validating PIN in 'revalidate' context.
Few source format fixes included
closes#805
introduced paramter to signal back the login state
- used for the pin command SC_PIN_CMD_GET_INFO
- implemented in accordance to ISO 7816-4; all other implementations
are currently set to an unknown login state
implemented and exporeted sc_pkcs15_get_pin_info
use sc_pkcs15_get_pin_info in C_GetTokenInfo
C_GetSessionInfo: Check whether a logout was done
Closes https://github.com/OpenSC/OpenSC/pull/624
rebased by @viktorTarasov
In pkcs15-verify the value of PIN is not more validated for conformity with PIN policy,
value is only checked for maximal allowed length.
So that, no more need of 'ignore-pin-length' configuration option - now it's default behavior of common framework.
When OpenSC is used with a card that enforces user_consent
and the calling PKCS#11 application does not understand how
to handle the CKA_ALWAYS_AUTHENTICATE, signature operations
will fail.
OpenSC will not cache a PIN that protects a user_consent
object as one would expect.
This mods allows PINs to be cached even if protecting a
user_consent object by adding
pin_cache_ignore_user_consent = true;
option in opensc.conf.
Thunderbird is the prime example of this situation.
Mozilla has accepted mods (357025 and 613507) to support
CKA_ALWAYS_AUTHENTICATE that will appear in NSS-3.14 but
this may be some time before this version is in vendor
distribution.
* Print out warning when mlock fails, and continue.
* The warning required a ctx to be passed in, so that means
changing a few function signatures.
https://www.opensc-project.org/opensc/ticket/389
Such PIN codes were erroneously cached in memory, even though not used with revalidation..
User consent relates to private keys, not PIN codes.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5124 c6295689-39f2-0310-b995-f0e70906c6a9
If re-validation of a cached PIN fails, then free that cached PIN to ensure that it isn't used again for re-validation.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4924 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
; in 'sc_pkcs15_pin_info' structure add 'auth_method' member to keep the PIN authentication method: CHV, AUT or SM;
; in pkcs15init profile add function to search PIN template by auth method and reference;
; in 'sc_pkcs15_remove_object' return silently if object to delete is NULL;
; in 'sc_pkcs15_object' structure add 'usage_counter' member;
; new 'sc_pkcs15_find_pin_by_type_and_reference' procedure to search PIN pkcs15 object by auth method and reference;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4048 c6295689-39f2-0310-b995-f0e70906c6a9
- for 'global' PINs path in not encoded into the AODF;
- when selecting pin_reference, start from value defined in profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3946 c6295689-39f2-0310-b995-f0e70906c6a9
- Remove slot abstraction from internal API and all reader drivers. CT-API (from where it all comes from) readers with multiple slots (if still found) can be presented as separate readers, OpenCT should remove the slot abstraction, PC/SC never knew about it. None of the tools knew how to use slots.
- Add sc_cancel (translates to SCardCancel)
- Re-implement sc_wait_for_event; support a blocking call.
- Replace the "int reader" API with "* sc_reader_t" style; add "Get reader by name" functionality.
- Remove "action" parameter from sc_disconnect_card() (was not used)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3931 c6295689-39f2-0310-b995-f0e70906c6a9
If card was reset or reader reconnected, verify can restart
transaction, as upper level will not cache PIN in this case.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3508 c6295689-39f2-0310-b995-f0e70906c6a9