--slot will take the actual CK_SLOT_ID
--slot-label will use the token label to find the correct slot
--slot-index will use the N-th slot from the list returned by C_GetSlotList
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4746 c6295689-39f2-0310-b995-f0e70906c6a9
Fix compiler warnings:
compat_getopt_main.c: In function ‘main’:
compat_getopt_main.c:145: warning: initialization discards qualifiers from pointer target type
compat_getopt_main.c:288: warning: assignment discards qualifiers from pointer target type
compat_getopt_main.c:336: warning: assignment discards qualifiers from pointer target type
compat_getopt_main.c:366: warning: passing argument 3 of ‘handle’ discards qualifiers from pointer target type
compat_getopt_main.c:76: note: expected ‘char *’ but argument is of type ‘const char *’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4743 c6295689-39f2-0310-b995-f0e70906c6a9
compat_getopt_main.c: In function ‘handle’:
compat_getopt_main.c:123: warning: format ‘%s’ expects type ‘char *’, but argument 3 has type ‘long unsigned int’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4742 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
Assuming the driver has correctly set max_tries to 1 then PKCS#11 is very clear about it:
"""
True if supplying an incorrect user PIN will it to become locked.
"""
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4687 c6295689-39f2-0310-b995-f0e70906c6a9
Support for importing cleartext keys is left untouched, but all transparent key generation by either opensc-pkcs11.so or pkcs15-init is removed, to make the operation with cleartext keys visible to the user and his explicit wish.
OpenSC is a PKCS#11 library for accessing keys protected by a smart card. Key material in software is not protected by smart cards and can leave a false sense of security to the user.
http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4646 c6295689-39f2-0310-b995-f0e70906c6a9
This version, additionally, skips this step entirely if there is no current_path; this is useful when starting with --mf "".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4638 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
--debug was not documented and not used by other tools; --help was not handled.
Thanks to Ludolf Holzheid for noticing this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4596 c6295689-39f2-0310-b995-f0e70906c6a9
westcos-tool.c: In function ‘main’:
westcos-tool.c:375: warning: unused variable ‘lecteur’
westcos-tool.c:373: warning: unused variable ‘card_presente’
westcos-tool.c:372: warning: unused variable ‘p’
westcos-tool.c:371: warning: unused variable ‘i’
westcos-tool.c: At top level:
westcos-tool.c:43: warning: ‘version’ defined but not used
westcos-tool.c:45: warning: ‘nom_card’ defined but not used
westcos-tool.c:103: warning: ‘no_lecteur’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4420 c6295689-39f2-0310-b995-f0e70906c6a9
Program received signal SIGSEGV, Segmentation fault.
0x00007f7d6f29fd55 in free () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f7d6f29fd55 in free () from /lib64/libc.so.6
#1 0x00007f7d703a4128 in sc_update_dir (card=0x17463a0, app=<value optimized out>) at dir.c:306
#2 0x00007f7d7040cb58 in sc_pkcs15init_add_app (card=<value optimized out>, profile=0x1754840,
args=<value optimized out>) at pkcs15-lib.c:2354
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4389 c6295689-39f2-0310-b995-f0e70906c6a9
==21111== 1,360 (120 direct, 1,240 indirect) bytes in 1 blocks are definitely lost in loss record 107 of 109
==21111== at 0x4C24F0D: realloc (vg_replace_malloc.c:476)
==21111== by 0x409D23: sc_pkcs11_register_mechanism (mechanism.c:44)
==21111== by 0x410595: pkcs15_bind (framework-pkcs15.c:3160)
==21111== by 0x4085DD: card_detect (slot.c:214)
==21111== by 0x408887: initialize_reader (slot.c:114)
==21111== by 0x404C50: C_Initialize (pkcs11-global.c:247)
==21111== by 0x4034C9: main
==21111==
==21111== LEAK SUMMARY:
==21111== definitely lost: 120 bytes in 1 blocks
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4388 c6295689-39f2-0310-b995-f0e70906c6a9
example:
int main()
{
C_Initialize(NULL);
C_Finalize(NULL);
return 0;
}
==4625== 592 (504 direct, 88 indirect) bytes in 1 blocks are definitely lost
in loss record 9 of 10
==4625== at 0x4C24137: calloc (vg_replace_malloc.c:418)
==4625== by 0x407FD9: create_slot (slot.c:80)
==4625== by 0x40452C: C_Initialize (pkcs11-global.c:243)
==4625== by 0x40342A: main
==4625==
==4625== 4,736 (4,032 direct, 704 indirect) bytes in 8 blocks are definitely
lost in loss record 10 of 10
==4625== at 0x4C24137: calloc (vg_replace_malloc.c:418)
==4625== by 0x407FD9: create_slot (slot.c:80)
==4625== by 0x408102: initialize_reader (slot.c:108)
==4625== by 0x4044E0: C_Initialize (pkcs11-global.c:247)
==4625== by 0x40342A: main
==4625==
==4625== LEAK SUMMARY:
==4625== definitely lost: 4,536 bytes in 9 blocks
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4386 c6295689-39f2-0310-b995-f0e70906c6a9
Without GNU C extention 'getline()' the same code of the local 'getpass' procedure is used for Mac OS and Linux.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4272 c6295689-39f2-0310-b995-f0e70906c6a9
Noted by Ludovic.
In sc_pkcs15init_update_file() procedure the file selection errors other then SC_ERROR_FILE_NOT_FOUND were not treated.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4271 c6295689-39f2-0310-b995-f0e70906c6a9
Some cards do not include security attributes into the FCI returned by 'SELECT' command.
For such cards, when updating certificate, to authenticate 'UPDATE' operation use the
'sc_file' with default ACLs instantiated from the card profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4265 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
Fix
card-entersafe.c: In function ‘entersafe_cipher_apdu’:
card-entersafe.c:197: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
card-entersafe.c: In function ‘entersafe_mac_apdu’:
card-entersafe.c:270: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
card-entersafe.c:278: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
card-entersafe.c:286: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4212 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
reader-pcsc.c: In function ‘pcsc_detect_readers’:
reader-pcsc.c:856: warning: initialization discards qualifiers from pointer target type
reader-pcsc.c:884: warning: initialization discards qualifiers from pointer target type
reader-pcsc.c:894: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4211 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
muscle.c: In function ‘msc_create_object’:
muscle.c:144: warning: declaration of ‘read’ shadows a global declaration
/usr/include/unistd.h:477: warning: shadowed declaration is here
muscle.c:144: warning: declaration of ‘write’ shadows a global declaration
/usr/include/unistd.h:513: warning: shadowed declaration is here
muscle.c: In function ‘msc_import_key’:
muscle.c:941: warning: declaration of ‘read’ shadows a global declaration
/usr/include/unistd.h:477: warning: shadowed declaration is here
muscle.c:942: warning: declaration of ‘write’ shadows a global declaration
/usr/include/unistd.h:513: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4210 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-wrap.c: In function ‘do_cipher’:
pkcs15-wrap.c:152: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-wrap.c:159: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4209 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-sec.c: In function ‘sc_pkcs15_decipher’:
pkcs15-sec.c:136: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4208 c6295689-39f2-0310-b995-f0e70906c6a9
asn1.c: In function ‘asn1_decode_entry’:
asn1.c:979: warning: dereferencing type-punned pointer will break strict-aliasing rules
asn1.c: In function ‘asn1_encode_entry’:
asn1.c:1263: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4207 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur-awp.c: In function ‘awp_encode_data_info’:
pkcs15-oberthur-awp.c:1211: warning: implicit declaration of function ‘sc_asn1_encode_object_id’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4205 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur-awp.c: In function ‘awp_new_container_entry’:
pkcs15-oberthur-awp.c:241: warning: declaration of ‘rand’ shadows a global declaration
/usr/include/stdlib.h:176: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4204 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur.c: In function ‘cosm_write_tokeninfo’:
pkcs15-oberthur.c💯 warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4203 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-myeid.c: In function ‘myeid_generate_key’:
pkcs15-myeid.c:687: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4202 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-myeid.c: In function ‘myeid_new_file’:
pkcs15-myeid.c:321: warning: assignment discards qualifiers from pointer target type
pkcs15-myeid.c:323: warning: assignment discards qualifiers from pointer target type
pkcs15-myeid.c:325: warning: assignment discards qualifiers from pointer target type
pkcs15-myeid.c:327: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4201 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-entersafe.c:200: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:201: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:202: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:203: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:204: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:205: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:206: warning: initialization discards qualifiers from pointer target type
pkcs15-entersafe.c:207: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4200 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-setcos.c: In function ‘setcos_new_file’:
pkcs15-setcos.c:263: warning: assignment discards qualifiers from pointer target type
pkcs15-setcos.c:265: warning: assignment discards qualifiers from pointer target type
pkcs15-setcos.c:267: warning: assignment discards qualifiers from pointer target type
pkcs15-setcos.c:269: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4197 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-lib.c: In function ‘get_template_name_from_object’:
pkcs15-lib.c:2152: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2154: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2156: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2159: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2161: warning: return discards qualifiers from pointer target type
pkcs15-lib.c: In function ‘get_pin_ident_name’:
pkcs15-lib.c:2815: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2817: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2819: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2823: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2825: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2827: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2829: warning: return discards qualifiers from pointer target type
pkcs15-lib.c:2832: warning: return discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4196 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-crypt.c: In function ‘sign_ext’:
pkcs15-crypt.c:293: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-crypt.c:299: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4183 c6295689-39f2-0310-b995-f0e70906c6a9
Fix a compilation error for src/tools/pkcs11-tool:
/usr/bin/ld: ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function C_UnloadModule:libpkcs11.c:78: error: undefined reference to `lt_dlclose'
/usr/bin/ld: ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function C_LoadModule:libpkcs11.c:36: error: undefined reference to `lt_dlinit'
/usr/bin/ld: ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function C_LoadModule:libpkcs11.c:43: error: undefined reference to `lt_dlopen'
/usr/bin/ld: ../../src/pkcs11/.libs/libpkcs11.a(libpkcs11.o): in function C_LoadModule:libpkcs11.c:52: error: undefined reference to `lt_dlsym'
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4182 c6295689-39f2-0310-b995-f0e70906c6a9
for DES_ecb_encrypt() input and output parameters.
I have no idea how it could have worked.
Fix
cardos-tool.c: In function ‘cardos_sm4h’:
cardos-tool.c:421: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:421: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4181 c6295689-39f2-0310-b995-f0e70906c6a9
util.c:11: warning: declaration of ‘wait’ shadows a global declaration
/usr/include/sys/wait.h:255: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4180 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1606: warning: passing argument 3 of
‘util_connect_card’ discards qualifiers from pointer target type
rutoken-tool.c:492: warning: passing argument 3 of ‘util_connect_card’
discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4179 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c: In function ‘load_object’:
piv-tool.c:130: warning: implicit declaration of function ‘sc_asn1_find_tag’
piv-tool.c:130: warning: nested extern declaration of ‘sc_asn1_find_tag’
piv-tool.c:130: warning: cast from function call of type ‘int’ to non-matching type ‘u8 *’
piv-tool.c:130: warning: cast to pointer from integer of different size
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4178 c6295689-39f2-0310-b995-f0e70906c6a9
warning: initialization discards qualifiers from pointer target type
Also cast from now (const char *) to (void *) for free()
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4176 c6295689-39f2-0310-b995-f0e70906c6a9
warning: initialization discards qualifiers from pointer target type
Also cast from now (const char *) to (void *) for free()
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4175 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
Fix pkcs11-tool.c:2954: warning: dereferencing type-punned pointer will
break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4174 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
pkcs11-tool.c:1899: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1902: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1906: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1910: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1914: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1918: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1922: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4173 c6295689-39f2-0310-b995-f0e70906c6a9
card-piv.c: In function ‘piv_get_data’:
card-piv.c:612: warning: assignment discards qualifiers from pointer target type
card-piv.c:615: warning: assignment discards qualifiers from pointer target type
card-piv.c:618: warning: assignment discards qualifiers from pointer target type
card-piv.c:621: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4162 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur.c: In function ‘cosm_write_tokeninfo’:
pkcs15-oberthur.c:94: warning: format not a string literal and no format arguments
pkcs15-oberthur.c:96: warning: format not a string literal and no format arguments
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4160 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-oberthur.c:61: warning: redundant redeclaration of ‘cosm_delete_file’
pkcs15-oberthur.h:93: warning: previous declaration of ‘cosm_delete_file’ was here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4159 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-westcos.c:41: warning: redundant redeclaration of ‘sc_check_sw’
../../src/libopensc/opensc.h:674: warning: previous declaration of
‘sc_check_sw’ was here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4158 c6295689-39f2-0310-b995-f0e70906c6a9
simclist.c: In function ‘list_meter_int8_t’:
simclist.c:1337: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_int16_t’:
simclist.c:1338: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_int32_t’:
simclist.c:1339: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_int64_t’:
simclist.c:1340: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_uint8_t’:
simclist.c:1342: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_uint16_t’:
simclist.c:1343: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_uint32_t’:
simclist.c:1344: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_uint64_t’:
simclist.c:1345: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_float’:
simclist.c:1347: warning: unused parameter ‘el’
simclist.c: In function ‘list_meter_double’:
simclist.c:1348: warning: unused parameter ‘el’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4153 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-lib.c:799: warning: no previous prototype for ‘sc_pkcs15init_store_puk’
pkcs15-lib.c:2814: warning: no previous prototype for ‘get_pin_ident_name’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4152 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-pubkey.c:445: warning: no previous prototype for ‘sc_pkcs15_decode_pubkey_gostr3410’
pkcs15-pubkey.c:462: warning: no previous prototype for ‘sc_pkcs15_encode_pubkey_gostr3410’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4149 c6295689-39f2-0310-b995-f0e70906c6a9
Now the native Oberthur card format is supported for emulation of pkcs15 and pkcs15init.
It means that card personalized with OpenSC and the obejcts created with OpenSC
will be usable with the native Oberthur's middleware
and vice-versa.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4137 c6295689-39f2-0310-b995-f0e70906c6a9
Set 'TOKEN INITIALIZED' after an application has been added,
set 'USER PIN INITIALIZED' and 'LOGIN REQUIRED' after User PIN object has been created.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4130 c6295689-39f2-0310-b995-f0e70906c6a9
Four method are added to the 'sc_pkcs15init_operations':
emu_update_dir -- create or not the DIR file;
emu_update_any_df -- update the non-pkcs15 descriptors that are equivalents to pkcs15 xDF files;
emu_update_tokeninfo -- update analog of tokenInfo;
emu_write_info -- to not create OPENSC-INFO file;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4128 c6295689-39f2-0310-b995-f0e70906c6a9
It's implemented for the card with emulated pkcs#15 and protected private object attributes.
Update to man pages is comming soon.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4126 c6295689-39f2-0310-b995-f0e70906c6a9
; do not pad PIN in pkcs15init. It's already done in libopensc/pkcs15-pin;
; the 'do_verify_pin()', 'sc_pkcs15init_verify_key()' and 'do_get_and_verify_secret()' are replaced by unique 'sc_pkcs15init_verify_secret()'; edit debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4123 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
(with "Unsupported card"). This needs to be improved.
This patch changes the "initialization" to "binding", so we at least
can tell people: you need to initialized an empty card first.
Needs to be improved of course.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4117 c6295689-39f2-0310-b995-f0e70906c6a9
This bug concerned the card drivers for which the file ACLs cannot be obtained from the FCI of the selected file.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4114 c6295689-39f2-0310-b995-f0e70906c6a9
In previous version the card specific 'parse_df' handler was a part of 'sc_pkcs15_df'.
Now the placehold ('sc_pkcs15_operations') created for the all card emulator specific operations .
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4109 c6295689-39f2-0310-b995-f0e70906c6a9
Some non-pkcs15 cards protect the reading of the private objects attributes.
For the emulated pkcs15 cards, the 'init' emu-handler was the only place where pkcs15 objects could be loaded.
This handler is called before the card is binded, and so, for an application there was no 'normal' way to verify PIN and load the objects with protected attributes.
Actually it's possible to complete list of the pkcs15 objects after the emulated pkcs15 card has been binded.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4096 c6295689-39f2-0310-b995-f0e70906c6a9
In fact, the middleware of the manufacturer of the gemalto (axalto, gemplus) cards
reports the CKA_ID of CA certificates as '0'.
But it's not true for the others middlewares (Oberthur), NSS (afais) and PKCS#11 standard.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4095 c6295689-39f2-0310-b995-f0e70906c6a9
Implemented to have the possibility to verify PIN after binding of the pkcs15 card and before any 'substantial' operation.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4093 c6295689-39f2-0310-b995-f0e70906c6a9
In the 'flex' card profile the ACLs of the public objects are set to 'NONE'.
As the pkcs15init core currently implemented, the AuthID attribute is not used for the public objects.
Without AuthID the destination 'pin-domain' DF cannot be determined in a simple and sure manner.
That's why 'pin-domain' works only for private key, private data
and the public objects are placed into the application DF.
; take 'flex' CHV files settings from the card profile;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4085 c6295689-39f2-0310-b995-f0e70906c6a9
When binding profile and p15card (in sc_pkcs15init_set_p15card()), add to the profile EF list the named DF for the path of the all existing AUTH.
; variables name and coding style issues;
; debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4084 c6295689-39f2-0310-b995-f0e70906c6a9
; new, athena dedicated, PIN pkcs15 flag 'TRANSPORT_KEY':
in the Athena initialization procedure the 'trasport' SOPIN object is used. This object references to the pre-existing global SOPIN and is different from the final SOPIN of the card. This object should be ignored when fixing up the ACLs of the newly created file;
; the pkcs15 refereces of the new private keys are derived from the file-id;
; remove duplicated code;
; some log messages in pkcs15-lib.c;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4077 c6295689-39f2-0310-b995-f0e70906c6a9
as they removed the opensc code in favor or new pkcs#11 code.
This new code works out of the box with opensc-pkcs11.so,
so we don't need the patch any more.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4066 c6295689-39f2-0310-b995-f0e70906c6a9
This patch is not largely tested and it will be followed (hope in a few hours) with another one
that will replace the using of the static pincache
with the pincache as the content of the AUTH pkcs15 object.
In the intervention into the card specific part I tried to respect its creator's coding style.
Sorry, if it's not always the case.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4057 c6295689-39f2-0310-b995-f0e70906c6a9
Profile option 'protect-certifcates' was activated by default for all the cards,
was mentioned and commented out only in 'flex' profile,
and finaly is not working 'by design' of pkcs15-lib.c
So, no need to keep this option, untill the valid arguments to restore it back.
Anyway, the access to certificates is controlled by the file's ACLs defined in profile.
;in profile use the 'define' macros to define the pin encoding type;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4050 c6295689-39f2-0310-b995-f0e70906c6a9
; in 'sc_pkcs15_pin_info' structure add 'auth_method' member to keep the PIN authentication method: CHV, AUT or SM;
; in pkcs15init profile add function to search PIN template by auth method and reference;
; in 'sc_pkcs15_remove_object' return silently if object to delete is NULL;
; in 'sc_pkcs15_object' structure add 'usage_counter' member;
; new 'sc_pkcs15_find_pin_by_type_and_reference' procedure to search PIN pkcs15 object by auth method and reference;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4048 c6295689-39f2-0310-b995-f0e70906c6a9
*** glibc detected *** invalid pointer: 0x00007fff9e9f7670 ***
Program received signal SIGABRT, Aborted.
0x00007f971d0a8ea5 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f971d0a8ea5 in raise () from /lib64/libc.so.6
#1 0x00007f971d0aaab3 in abort () from /lib64/libc.so.6
#2 0x00007f971d0e7d58 in __libc_message () from /lib64/libc.so.6
#3 0x00007f971d0ed7e8 in malloc_printerr () from /lib64/libc.so.6
#4 0x00007f971d0efda6 in free () from /lib64/libc.so.6
#5 0x0000000000410f5c in pkcs15_gen_keypair (p11card=0x72aec0, slot=<value optimized out>,
pMechanism=<value optimized out>, pPubTpl=<value optimized out>, ulPubCnt=<value optimized out>,
pPrivTpl=<value optimized out>, ulPrivCnt=6, phPubKey=0x7fff9e9f7e50, phPrivKey=0x7fff9e9f7e58)
at framework-pkcs15.c:1763 /* see opensc-0.11.13 */
#6 0x0000000000409a6e in C_GenerateKeyPair
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4032 c6295689-39f2-0310-b995-f0e70906c6a9
update_binary() was not foreseen by the middleware creators of BELPIC
so I added it, which allows to write some data in the
MF/ID/EF(Preferences) of the card.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4010 c6295689-39f2-0310-b995-f0e70906c6a9
Replace not-used 'der' structure member by the 'content' one.
'Der' member was introduced to keep the ASN1 encoded object attributes. Actually it's not used.
'Content' is intended to keep the object value (AUTH object - pin cache value; CERT object - der value, ...)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4008 c6295689-39f2-0310-b995-f0e70906c6a9
1. Add --enable-cardmod to autoconf to enable feature explicitly.
2. Modify opensc-cardmod.dll to always have bitness suffix eg opensc-cardmod32.dll
3. Remove complex cardmod.h detection, could not find any reason for this.
4. Make cardmod.inf a template and inject opensc version into its version string.
5. More minor autoconf/automake cleanups.
6. Remove internal-winscard.h usage in cardmod.c as cardmod.h already includes winscard.h
7. DllMain is not exportable.
Notes:
1. I may caused other build not to work, will happy to work it out.
2. Cannot find reason why cardmod.inf cardmod-westcos.reg should reside in bin directory.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4003 c6295689-39f2-0310-b995-f0e70906c6a9
the PIV driver no longer need to set the card max_*_size parameters
to get around emulating read_binary and write_binary. It can
now handle partial reads and writes.
The assumptions for write_binary are that the first chuck will
have idx = 0, and the last chunk will write the last byte.
The flags parameter will contain the total length.
The only write_binary operations are done when initializing
a card, and this is only done from piv-tool.c which was modified
to pass in the length and other flags.
Piv-tool continues to be a primative test tool for inializing test
cards. But it has been expanded to be able to write other objects
on test cards.
The serial number of a PIV card is obtained from the CHUID object
if present which has a FASC-N which is an ID number created by the
issuer. Normally PIV cards are issued the U.S. Federal government
But there are ways to use the same cards with a non government CA.
This is then be referred to as PIV Compatible. In this case,
the FASC-N should start with an agency code = 9999 and an RFC 4122
GUID should be present in the CHUID. If this is the case, the GUID
is used as the serial number.
Windows 7 comes with a PIV card card driver, but to get it use one of
these card the CHUID is required. (piv-tool can now write one.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3998 c6295689-39f2-0310-b995-f0e70906c6a9
On OS X, when you insert a card, securityd sequentially starts all found Tokend-s to see if a card can be handled with one.
If a non-tokend application waits for a card insertion with sc_wait_for_event and tries to connect to the card right after the system sees it, it will fail with "The reader is in use by another application" 95% of the time.
With this hack connecting to the card succeeds 95% of the time with the probable penalty of an extra second on initialization for non-tokend clients.
This should only affect applications that wait for card insertion events.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3991 c6295689-39f2-0310-b995-f0e70906c6a9
The implementation was based on the previous MSC build, each tool had its own
description in version resource.
This change sets a single version resource to all files, and produces much
simpler build.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3980 c6295689-39f2-0310-b995-f0e70906c6a9
Migrated without testing, but normally should work -- the pkcs15init part of MyEID and SetCOS are sufficiently close.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3976 c6295689-39f2-0310-b995-f0e70906c6a9
Migrated without testing, but normally should work -- the pkcs15init part of MyEID and SetCOS are sufficiently close.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3975 c6295689-39f2-0310-b995-f0e70906c6a9
When creating application DF ('PKCS15-AppDF'), User PIN is not yet created, and AC type 'SC_AC_SYMBOLIC' cannot be resolved.
So, in the card profile, the macro '$PIN' cannot be used to define the ACLs of the application DF.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3967 c6295689-39f2-0310-b995-f0e70906c6a9
thus we don't need to worry about if the pin/so-pin was passed
for the old structures (before erase) or the new ones (if used
with create).
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3966 c6295689-39f2-0310-b995-f0e70906c6a9
;when putting SOPIN into the global cache, use the path from the object info;
;sc_pkcs15init_create_pin() can be called to create PUK object;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3964 c6295689-39f2-0310-b995-f0e70906c6a9
no more 'init_app'.
- Oberthur unblock style is the only one (local SOPIN is used as PUK);
- user PIN and PUK should be everywhere defined as local;
- SOPIN is always global.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3950 c6295689-39f2-0310-b995-f0e70906c6a9
When creating PIN, if 'puk_id' is defined in 'struct sc_pkcs15init_pinargs',
the pkcs15 PinObject for PUK will be created.
For a moment, PinObject is not created for SO PUK.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3949 c6295689-39f2-0310-b995-f0e70906c6a9
- for 'global' PINs path in not encoded into the AODF;
- when selecting pin_reference, start from value defined in profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3946 c6295689-39f2-0310-b995-f0e70906c6a9
(In function 'pkcs15_add_object': warning: unused parameter 'pHandle')
Example (C_CreateObject):
Breakpoint 3, C_CreateObject (hSession=134587040, pTemplate=0x8049160, ulCount=5, phObject=0xbff55560)
at pkcs11-object.c:57
57 rv = sc_pkcs11_lock();
(gdb) x/x phObject
0xbff55560: 0xffffffff
(gdb) finish
0xb7f5c6c0 17:15:09.969 [opensc-pkcs11] framework-pkcs15.c:657:pkcs15_add_object: Setting object handle of 0x0 to 0x805ab80
Run till exit from #0 C_CreateObject (hSession=134587040, pTemplate=0x8049160, ulCount=5,
phObject=0xbff55560) at pkcs11-object.c:57
0x080487a4 in main ()
Value returned is $1 = 0
(gdb) x/x 0xbff55560
0xbff55560: 0xffffffff
(gdb) c
Continuing.
Breakpoint 4, C_DestroyObject (hSession=134587040, hObject=4294967295) at pkcs11-object.c:106
106 rv = sc_pkcs11_lock();
(gdb) p/x hObject
$2 = 0xffffffff
(gdb) finish
Run till exit from #0 C_DestroyObject (hSession=134587040, hObject=4294967295) at pkcs11-object.c:106
0xb7f5c6c0 17:15:56.581 [opensc-pkcs11] pkcs11-object.c:110:C_DestroyObject: C_DestroyObject(hSession=0x805a2a0, hObject=0xffffffff)
0x080487cb in main ()
Value returned is $3 = 130
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3944 c6295689-39f2-0310-b995-f0e70906c6a9
reader-openct.c: In function 'openct_reader_connect':
reader-openct.c:204: error: 'reder' undeclared (first use in this function)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3941 c6295689-39f2-0310-b995-f0e70906c6a9
To use New API with the cards that do not have 'key-domain' in their profile,
when setting object data path,
the object template has to be also looked for outside the 'key-domain'.
;migrate Oberthur to the New API;
;use macros SC_CALLED, SC_TEST_.., SC_RETURN in pkcs15-lib.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3940 c6295689-39f2-0310-b995-f0e70906c6a9
- slots, sessions and objects are kept as lists.
- change the way slots, cards and readers are managed.
- re-implement C_WaitForSlotEvent(/C_Finalize) as written in PCKS#11 v2.20, canceling pending blocking calls.
- implement a "virtual hotplug slot" with a floating slot id to keep NSS working with C_WaitForSlotEvent with a new reader.
NSS does not call C_GetSlotList(NULL) to re-fetch the list of available slots if C_WaitForSlotEvent returns an event in an already known slot ID.
By changing the ID of a slot whenever a reader attached NSS/Firefox can be tricked into recognizing new readers when waiting for events with C_WaitForSlotEvent.
- change (possibly break something) sc_to_cryptoki_error() to not have side-effects
- Implement CKU_CONTEXT_SPECIFIC in C_Login to implement CKA_ALWAYS_AUTHENTICATE (keys with user consent)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3935 c6295689-39f2-0310-b995-f0e70906c6a9
- Remove slot abstraction from internal API and all reader drivers. CT-API (from where it all comes from) readers with multiple slots (if still found) can be presented as separate readers, OpenCT should remove the slot abstraction, PC/SC never knew about it. None of the tools knew how to use slots.
- Add sc_cancel (translates to SCardCancel)
- Re-implement sc_wait_for_event; support a blocking call.
- Replace the "int reader" API with "* sc_reader_t" style; add "Get reader by name" functionality.
- Remove "action" parameter from sc_disconnect_card() (was not used)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3931 c6295689-39f2-0310-b995-f0e70906c6a9
When trying to import a too large keyfile as a data object, TrueCrypt received a CKR_GENERAL_ERROR before this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3926 c6295689-39f2-0310-b995-f0e70906c6a9
at the profile level the difference between EF and BSO is:
- BSO path is always the path of the host DF and do not indexated when template is instanciated;
- EF path is always ending with file-id that is always indexated when template is instanciated.
New non-static 'sc_profile_get_file_instance' procedure to instanciate non-template entries.
In profile.c get_uint() accepts hexadecimals.
In CardOS profile (I venture to) increase the xDF sizes
and change ACL to permit the key re-importing.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3919 c6295689-39f2-0310-b995-f0e70906c6a9
;use macros SC_CALLED, SC_RETURN and SC_TEST_RET;
;change debug level in debug macros;
For a new pkcs15 object of a given type the file index is chosen as a first value in the range from 'file-id' to 'max-id',
excluding the values that are already assigned to the file indexes of the existing pkcs15 objects of the same type.
'file-id' is defined in the template ('key-domain') of the card profile ;
'max-id' is 'file-id' + hard coded value 0xFE .
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3916 c6295689-39f2-0310-b995-f0e70906c6a9
One of the three unblock methods can be activated from the 'opensc-pkcs11' section of opensc.conf:
- C_SetPin() in the unlogged sesssion;
- C_SetPin() in the CKU_SPECIFIC_CONTEXT session;
- C_InitPin() in CKU_SO session (inspired by Pierre Ossman).
-- This last one works, for a while, only for the pkcs15 cards without SOPIN auth object.
For the pkcs15 cards with SOPIN, this method will be useful for the cards
that do not have then modes '00' and '01' of ISO command 'RESET RETRY COUNTER'.
Test commands:
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --unlock-pin -l --login-type context-specific --puk "123456" --new-pin "9999"
# pkcs11-tool --module ./opensc-pkcs11.so --slot 0 --init-pin -l --new-pin "9999"
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3901 c6295689-39f2-0310-b995-f0e70906c6a9
Splitted key is stored as the two private keys with the same ID.
(It's not conform to PKCS#15, but tolerated by OpenSC.)
Previously used 'sc_pkcs15_find_prkey_by_id()' is not appropriated to the case of splitted key.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3900 c6295689-39f2-0310-b995-f0e70906c6a9
PKCS#11:
"To log into a token with a protected authentication path, the pPin parameter to C_Login should be NULL_PTR."
"To initialize the normal user?s PIN on a token with such a protected authentication path, the pPin parameter to C_InitPIN should be NULL_PTR."
"To modify the current user?s PIN on a token with such a protected authentication path, the pOldPin and pNewPin parameters to C_SetPIN should be NULL_PTR."
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3890 c6295689-39f2-0310-b995-f0e70906c6a9
C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue,
C_GenerateKey, C_GenerateKeyPair, C_UnwrapKey, C_DeriveKey if session is
read-only.
PKCS#11:
"C_InitPIN can only be called in the 'R/W SO Functions' state."
"C_SetPIN can only be called in the 'R/W Public Session' state, 'R/W SO
Functions' state, or 'R/W User Functions' state. An attempt to call it
from a session in any other state fails with error CKR_SESSION_READ_ONLY."
"Only session objects can be created/destroyed/modified
(C_CreateObject/C_DestroyObject/C_SetAttributeValue) during a read-only
session."
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3886 c6295689-39f2-0310-b995-f0e70906c6a9
a minor mistake in my patch for opensc_info(). For the Sun Studio 12.1
compiler (__SUNPRO_C == 0x5100) and later versions also, it must be
(__SUNPRO_C >> 4) & 0xFF to split the micro and mask the major version
number.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3881 c6295689-39f2-0310-b995-f0e70906c6a9