* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-lib.c:727:4: warning: Value stored to 'pin_type' is never read
pin_type = SC_PKCS15INIT_USER_PIN;
^ ~~~~~~~~~~~~~~~~~~~~~~
pkcs15-lib.c:1011:3: warning: Value stored to 'pin_type' is never read
pin_type = SC_PKCS15INIT_SO_PIN;
^ ~~~~~~~~~~~~~~~~~~~~
pkcs15-lib.c:1009:3: warning: Value stored to 'pin_type' is never read
pin_type = SC_PKCS15INIT_USER_PUK;
^ ~~~~~~~~~~~~~~~~~~~~~~
pkcs15-lib.c:1505:2: warning: Value stored to 'usage' is never read
usage = SC_PKCS15_PRKEY_USAGE_SIGN;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15-lib.c:1507:3: warning: Value stored to 'usage' is never read
usage = sc_pkcs15init_map_usage(args->x509_usage, 0);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15-lib.c:2560:3: warning: Value stored to 'file' is never read
file = df->file;
^ ~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5141 c6295689-39f2-0310-b995-f0e70906c6a9
The initializations are already done a few lines below
pkcs15-lib.c:1938:11: warning: Value stored to 'ctx' during its initialization
is never read
BN_CTX *ctx = BN_CTX_new();
^ ~~~~~~~~~~~~
pkcs15-lib.c:1937:11: warning: Value stored to 'aux' during its initialization
is never read
BIGNUM *aux = BN_new();
^ ~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5140 c6295689-39f2-0310-b995-f0e70906c6a9
Each application of the multi-application PKCS#15 card has it's own associated pkcs15init profile file.
Profile of the multi-application card contains an association between the ID of the on-card application
and associated profile name.
When sc_profile_finish() is called
- sc_card is connected,
- information on the preset on-card applications is available;
- AID of the applicaition to be binded is known.
thus allowing to sc_profile_finish() to load the final part of the profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5096 c6295689-39f2-0310-b995-f0e70906c6a9
the first usage is to update the public key PKCS#15 object attributes
and to encode it's direct value.
(support of the Oberthur's AuthentIC V3.2 card)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5001 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
Noted by Ludovic.
In sc_pkcs15init_update_file() procedure the file selection errors other then SC_ERROR_FILE_NOT_FOUND were not treated.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4271 c6295689-39f2-0310-b995-f0e70906c6a9
Some cards do not include security attributes into the FCI returned by 'SELECT' command.
For such cards, when updating certificate, to authenticate 'UPDATE' operation use the
'sc_file' with default ACLs instantiated from the card profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4265 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-lib.c: In function ‘get_template_name_from_object’:
pkcs15-lib.c:2152: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2154: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2156: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2159: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2161: warning: return discards qualifiers from pointer target type
pkcs15-lib.c: In function ‘get_pin_ident_name’:
pkcs15-lib.c:2815: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2817: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2819: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2823: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2825: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2827: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2829: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2832: warning: return discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4196 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-lib.c:799: warning: no previous prototype for ‘sc_pkcs15init_store_puk’
pkcs15-lib.c:2814: warning: no previous prototype for ‘get_pin_ident_name’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4152 c6295689-39f2-0310-b995-f0e70906c6a9
Set 'TOKEN INITIALIZED' after an application has been added,
set 'USER PIN INITIALIZED' and 'LOGIN REQUIRED' after User PIN object has been created.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4130 c6295689-39f2-0310-b995-f0e70906c6a9
Four method are added to the 'sc_pkcs15init_operations':
emu_update_dir -- create or not the DIR file;
emu_update_any_df -- update the non-pkcs15 descriptors that are equivalents to pkcs15 xDF files;
emu_update_tokeninfo -- update analog of tokenInfo;
emu_write_info -- to not create OPENSC-INFO file;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4128 c6295689-39f2-0310-b995-f0e70906c6a9
; do not pad PIN in pkcs15init. It's already done in libopensc/pkcs15-pin;
; the 'do_verify_pin()', 'sc_pkcs15init_verify_key()' and 'do_get_and_verify_secret()' are replaced by unique 'sc_pkcs15init_verify_secret()'; edit debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4123 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
This bug concerned the card drivers for which the file ACLs cannot be obtained from the FCI of the selected file.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4114 c6295689-39f2-0310-b995-f0e70906c6a9
Some non-pkcs15 cards protect the reading of the private objects attributes.
For the emulated pkcs15 cards, the 'init' emu-handler was the only place where pkcs15 objects could be loaded.
This handler is called before the card is binded, and so, for an application there was no 'normal' way to verify PIN and load the objects with protected attributes.
Actually it's possible to complete list of the pkcs15 objects after the emulated pkcs15 card has been binded.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4096 c6295689-39f2-0310-b995-f0e70906c6a9
When binding profile and p15card (in sc_pkcs15init_set_p15card()), add to the profile EF list the named DF for the path of the all existing AUTH.
; variables name and coding style issues;
; debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4084 c6295689-39f2-0310-b995-f0e70906c6a9
; new, athena dedicated, PIN pkcs15 flag 'TRANSPORT_KEY':
in the Athena initialization procedure the 'trasport' SOPIN object is used. This object references to the pre-existing global SOPIN and is different from the final SOPIN of the card. This object should be ignored when fixing up the ACLs of the newly created file;
; the pkcs15 refereces of the new private keys are derived from the file-id;
; remove duplicated code;
; some log messages in pkcs15-lib.c;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4077 c6295689-39f2-0310-b995-f0e70906c6a9
This patch is not largely tested and it will be followed (hope in a few hours) with another one
that will replace the using of the static pincache
with the pincache as the content of the AUTH pkcs15 object.
In the intervention into the card specific part I tried to respect its creator's coding style.
Sorry, if it's not always the case.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4057 c6295689-39f2-0310-b995-f0e70906c6a9
Profile option 'protect-certifcates' was activated by default for all the cards,
was mentioned and commented out only in 'flex' profile,
and finaly is not working 'by design' of pkcs15-lib.c
So, no need to keep this option, untill the valid arguments to restore it back.
Anyway, the access to certificates is controlled by the file's ACLs defined in profile.
;in profile use the 'define' macros to define the pin encoding type;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4050 c6295689-39f2-0310-b995-f0e70906c6a9
;when putting SOPIN into the global cache, use the path from the object info;
;sc_pkcs15init_create_pin() can be called to create PUK object;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3964 c6295689-39f2-0310-b995-f0e70906c6a9
When creating PIN, if 'puk_id' is defined in 'struct sc_pkcs15init_pinargs',
the pkcs15 PinObject for PUK will be created.
For a moment, PinObject is not created for SO PUK.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3949 c6295689-39f2-0310-b995-f0e70906c6a9
- for 'global' PINs path in not encoded into the AODF;
- when selecting pin_reference, start from value defined in profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3946 c6295689-39f2-0310-b995-f0e70906c6a9
To use New API with the cards that do not have 'key-domain' in their profile,
when setting object data path,
the object template has to be also looked for outside the 'key-domain'.
;migrate Oberthur to the New API;
;use macros SC_CALLED, SC_TEST_.., SC_RETURN in pkcs15-lib.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3940 c6295689-39f2-0310-b995-f0e70906c6a9
at the profile level the difference between EF and BSO is:
- BSO path is always the path of the host DF and do not indexated when template is instanciated;
- EF path is always ending with file-id that is always indexated when template is instanciated.
New non-static 'sc_profile_get_file_instance' procedure to instanciate non-template entries.
In profile.c get_uint() accepts hexadecimals.
In CardOS profile (I venture to) increase the xDF sizes
and change ACL to permit the key re-importing.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3919 c6295689-39f2-0310-b995-f0e70906c6a9
;use macros SC_CALLED, SC_RETURN and SC_TEST_RET;
;change debug level in debug macros;
For a new pkcs15 object of a given type the file index is chosen as a first value in the range from 'file-id' to 'max-id',
excluding the values that are already assigned to the file indexes of the existing pkcs15 objects of the same type.
'file-id' is defined in the template ('key-domain') of the card profile ;
'max-id' is 'file-id' + hard coded value 0xFE .
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3916 c6295689-39f2-0310-b995-f0e70906c6a9
Working now with GOST R 34.10:
$ pkcs15-init --store-private-key key --key-usage sign,decrypt --auth-id 2 --id 1 --pin "12345678"
$ pkcs15-init --store-certificate my_cert --id 1 --pin "12345678"
But have problem: no CKA_GOSTR3410_PARAMS by retrieve pub_key from certificate, if pub_key object was removed (see parse_x509_cert, asn1_decode_gostr3410_params)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3859 c6295689-39f2-0310-b995-f0e70906c6a9