Removed cmap_record in sc_pkcs15_prkey_info (not used by any driver nor code)
Remove cardcf specific code (cardcf neutralized by CP_CACHE_MODE_NO_CACHE and it maintened by the Base CSP/KSP, not the minidriver)
Add conversion code for Windows GUID / OpenSC self computed GUID
Compilation without OpenSSL - guid computation issue
This case is triggered when:
- built without OpenSSL
- called from a minidriver where id.len = 1
- card number is less than 15 bytes
(VTA: codding style slightly touched)
sc_pkcs15_get_object_guid() should prefer the serial number from
EF(TokenInfo) over card->serialnr because the user may override the
card's serial number with "pkcs15-init -C --serial". The card->serialnr
should be used before calling card CTL with SC_CARDCTL_GET_SERIALNR
because it might contain a cached value.
This change *should* allow cards to be used with the minidriver even if
SC_CARDCTL_GET_SERIALNR is not implemented. For example, a driver might
set card->serialnr at initialization or the user might initialize a
PKCS#15 card with its own "--serial".
See also the discussion at the mailing list:
[Opensc-devel] AT_SIGNATURE and AT_EXCHANGE Problem
b94c163 - invalid, non-tested
11881a6 -- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7 -- src/pkcs11/slot.c -- SEGFAULT issue #3733a92bf7 -- src/tools/piv-tool.c -- confirmed by author
6759c04 -- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
if no valid PKCS#15 file system found
'internal' bind procedure returns 'non-supported-card' error
the same as 'syntetic' bind procedure.
this return code is used by pkcs11 framework to accept non-binded cards
some codding style issues
New data are used to support the card specific minidriver on-card files.
Beeing included into internal pkcs15 data type,
these new data are accessible at the all frameworks: emulation of pkcs15 and pkcs15init, minidriver.
existing 'guid' obejct's data replaced by the one in private-key info
New CMAP record data used by pkcs15init emulator for the cards that have
the MD specific on-card data
When OpenSC is used with a card that enforces user_consent
and the calling PKCS#11 application does not understand how
to handle the CKA_ALWAYS_AUTHENTICATE, signature operations
will fail.
OpenSC will not cache a PIN that protects a user_consent
object as one would expect.
This mods allows PINs to be cached even if protecting a
user_consent object by adding
pin_cache_ignore_user_consent = true;
option in opensc.conf.
Thunderbird is the prime example of this situation.
Mozilla has accepted mods (357025 and 613507) to support
CKA_ALWAYS_AUTHENTICATE that will appear in NSS-3.14 but
this may be some time before this version is in vendor
distribution.
At the moment symbolic names for the on-card applications are 'generic', 'protected'.
This distinction used by pkcs11 and minidriver module to select the
'master' application in the cases when only reduced number of slots (one)
can be exposed by module (minidriver) or particular configuration (pkcs11).
* Print out warning when mlock fails, and continue.
* The warning required a ctx to be passed in, so that means
changing a few function signatures.
https://www.opensc-project.org/opensc/ticket/389
If 'serialNumber' attribute is absent in the 'TokenInfo' data,
in the parsed data, this attribute will be set to the value of the card's serial.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5547 c6295689-39f2-0310-b995-f0e70906c6a9
There is no need to carry around that attribute, because it's easy to look up the 'file' as needed. This is done by issuing a single sc_select_file command in sc_pkcs15init_update_any_df (pkcs15-lib.c).
The parameter 'file' of sc_pkcs15_add_df (pkcs15.c) became useless too and was removed in turn.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5316 c6295689-39f2-0310-b995-f0e70906c6a9
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15.c:1033:3: warning: Value stored to 'r' is never read
r = sc_pkcs15_parse_df(p15card, df);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15.c:1677:3: warning: Value stored to 'obj_len' is never read
obj_len = p - oldp;
^ ~~~~~~~~
pkcs15.c:1948:4: warning: Value stored to 'r' is never read
r = len;
^ ~~~
pkcs15.c:1942:6: warning: Value stored to 'record_len' is never read
record_len = head[2] * 256 + head[3];
^ ~~~~~~~~~~~~~~~~~~~~~~~
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5158 c6295689-39f2-0310-b995-f0e70906c6a9
- do nothing if child has 'aid';
- child inherit the parents's 'aid' if this one exists;
- child inherit parents's path of type 'DF NAME' as 'aid';
- return if child path is zero length;
- finaly concatenate parent and child paths.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5108 c6295689-39f2-0310-b995-f0e70906c6a9
This extension is used by multi-applications cards when EF.ODF with EF.tokenInfo
and xDF with (secure) data objects are placed in a different applications.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5082 c6295689-39f2-0310-b995-f0e70906c6a9
; 'known' pkcs#15 applications are moved to the head of the card applications array;
; card specific 'bind finalization' code moved to the dedicated procedures;
; remove unused sc_application member, procedures;
; remove commented code;
; add debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5045 c6295689-39f2-0310-b995-f0e70906c6a9
That patch prevents the repeated attachment of objects to obj_list, because it marks an EF as enumerated as soon the first object was successfully appended.
Left over from #266.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4983 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15.c: object search continues with normal processing, even if enumeration of some files failed
pkcs15.h: obsolete prototype removed
pkcs15-syn.c: now obsolete function sc_pkcs15emu_postponed_load removed
fixes: #266
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4877 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
In previous version the card specific 'parse_df' handler was a part of 'sc_pkcs15_df'.
Now the placehold ('sc_pkcs15_operations') created for the all card emulator specific operations .
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4109 c6295689-39f2-0310-b995-f0e70906c6a9
Some non-pkcs15 cards protect the reading of the private objects attributes.
For the emulated pkcs15 cards, the 'init' emu-handler was the only place where pkcs15 objects could be loaded.
This handler is called before the card is binded, and so, for an application there was no 'normal' way to verify PIN and load the objects with protected attributes.
Actually it's possible to complete list of the pkcs15 objects after the emulated pkcs15 card has been binded.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4096 c6295689-39f2-0310-b995-f0e70906c6a9