emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
void sc_mem_clear(void *ptr, size_t len);
to clear a memory buffer. If OpenSSL is used this function
is a wrapper for OPENSSL_cleanse, otherwise memset is currenlty used.
Use this function to clear memory buffers with sensitive content.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2601 c6295689-39f2-0310-b995-f0e70906c6a9
building PC/SC, OpenCT or USBToken support,
use ifdef's directly in source.
- Because of above, add HAVE_PCSCLITE for winconfig.h
- Remove unnecessary includes for log.h, opensc.h and
errors.h in libopensc sources, they're already taken
care by internal.h.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1406 c6295689-39f2-0310-b995-f0e70906c6a9
Jochen Friedrich)
- Fixed one bug in sc_copy_asn1_entry(), one in
sc_pkcs15init_add_object() and one in pkcs15-crypt
(patches also by Jochen)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@609 c6295689-39f2-0310-b995-f0e70906c6a9
in struct sc_pkcs15_card; this way we can have 'floating'
objects that don't belong in any DF, for e.g. generating
public key objects from certificates
- Removed some unused function prototypes
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@572 c6295689-39f2-0310-b995-f0e70906c6a9
- Changed call convention for reader finish()
- CT-API driver now frees its resources correctly
- Added year 2002 to some of the copyright statements
- sc_pkcs15_decipher() and sc_pkcs15_compute_signature()
now select only the parent DF of the private key file
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@463 c6295689-39f2-0310-b995-f0e70906c6a9
- added delete and create file support for 'flex cards
- PKCS #15 DF's are now stored more flexibly; this makes
adding new types of DF's (such as PuKDF's) easier
- added 'get' and 'put' commands to opensc-explorer
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@160 c6295689-39f2-0310-b995-f0e70906c6a9
- modified ASN.1 decoding to make it easier to
port decoder structures to the encoder
- fixed a recently introduced bug in card driver handling
- opensc-explorer will now allow only DF's to be cd'd into
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@156 c6295689-39f2-0310-b995-f0e70906c6a9
- changed a few function prototypes
- implemented access control lists to files
- added sc_read_record() function
- updated the NEWS file
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@111 c6295689-39f2-0310-b995-f0e70906c6a9