- add macro PACKAGE_VERSION_REVISION dealt with in bootstrap.ci
- restrict to those macros only that are mangled by bootstrap.ci
- update comments on the file's purpose and the processes around it
Do not blindly override already defined variables or macros with
outdated values by including version.m4
This makes sure the definitions of variables or macros defined earlier
in configure.ac remain intact; e.g. it keeps the macro PRODUCT_BUGREPORT
set to the GitHub URL instead of pointing to a SourceForge mail address.
Using the forced-driver prevents parsing of additional constructions
in configuration files (for example flags based on ATRs). This
implementation replaces transparently the existing list defined in
card_drivers.
Resolves: #1266
The following errors occured during a compilation using gcc 8:
In function »gids_create_file.constprop«,
inserted by »gids_save_certificate.isra.8« beicard-gids.c:1548:7:
card-gids.c:465:2: Error: »strncpy« output may be truncated copying 8 bytes from a string of length 8 [-Werror=stringop-truncation]
strncpy(record->filename, filename, 8);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
pkcs15-oberthur.c: In function »sc_pkcs15emu_oberthur_add_prvkey«:
pkcs15-oberthur.c:741:5: Error: »strncpy« output may be truncated copying 254 bytes from a string of length 254 [-Werror=stringop-truncation]
strncpy(kobj.label, objs[ii]->label, sizeof(kobj.label) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
* reader-pcsc: Do not temporarily set SC_READER_REMOVED on all readers
Fixes#1324.
* reader-cryptotokenkit: Do not temporarily set SC_READER_REMOVED on all readers
See #1324.
It was used to make pkcs11-tool work with vendor defined PKCS#11
modules. If this behavior is still desired, pass the define
ZERO_CKAID_FOR_CA_CERTS during the build
Don't pretend that we're capable of performing memory locking. The
implementation of that, `sc_mem_alloc_secure()` (also removed), was
almost unused anyway.
Workaround to not detect the MUSCLE applet as whatever other card driver
selects an AID first. MUSCLE applet will always return 9000, which will
confuse other card drivers. Since this bug is not going to go away any
time soon, we simply detect the MUSCLE applet first and hope that other
applets don't have a similar bug.
* Initial version of pkcs11 testsuite
* Refactor test cases to several files, clean up awful and unused stuff
* Static mechanism list based on the actual token offer
* Get rid of magic numbers
* Documentation
* License update based on the original project
* Verbose readme
* Cleanup unused code, long lines and method order
* Typo; More verbose errors
* Use fallback mechanisms
* Refactor object allocation and certificate search
* PKCS11SPY mentioned, more TODO
* add SHA mechanisms
* Do not try to Finalize already finalized cryptoki
* Add more flags and mechanisms
* Do not list table for no results
* Logical order of the tests (regression last)
* read ALWAYS_AUTHENTICATE from correct place
* ALWAYS_AUTHENTICATE for decryption
* Test EC key length signature based on the actual key length
* Shorten CKM_ list output, add keygen types detection
* Skip decrypting on non-supported mechanisms
* Fail hard if the C_Login fails
* Reorganize local FLAGS_ constants
* Test RSA Digest mechanisms
* Correct mechanisms naming, typos
* Do not attempt to do signature using empty keys
* CKM_ECDSA_SHA1 support
* Correct type cast when getting attributes
* Report failures from all mechanisms
* Standardize return values, eliminate complete fails, documentation interface
* Wait for slot event test
* Add switch to allow interaction with a card (WaitForSlotEvent)
* At least try to verify using C_Verify, if it fails, fall back to openssl
* Get rid of function_pointers
* Get rid of additional newline
* Share always_authenticate() function between the test cases
* Refactor Encrypt&decrypt test to functions
* Do not overwrite bits if they are not provided by CKA, indentation
* Cleanup and Break to more functions Sign&Verify test
* CKM_RSA_X_509 sign and verify with openssl padding
* More TODO's
* Proper abstracted padding with RSA_X_509 mechanism
* Add ongoing tasks from different TODO list
* Update instructions. Another todo
* Variables naming
* Increase mechanism list size, use different static buffers for flags and mechanism names
* nonstandard mechanism CKM_SHA224_RSA_PKCS supported by some softotkens
* Get rid of loop initial declarations
* Loop initial declaration, typos, strict warnings
* Move the p11test to the new folder to avoid problems with dynamically linked opensc.so
* Update path in README
* Possibility to validate the testsuite agains software tokens
* Add possibility to select slot ID on command-line (when there are more cards present)
* Clean up readme to reflect current options and TODOs
* Do not attempt to use keys without advertised sign&verify bits to avoid false positives
* Get and present more object attributes in readonly test; refactor table
* New test checking if the set of attributes (usage flags) is reasonable
* Test multipart signatures. There is not reasonable mechanism supporting multipart encryption
* Use PKCS#11 encryption if possible (with openssl fallback)
* Identify few more mechanisms (PSS) in the lest
* Resize table to fit new mechanisms
* Remove initial loop declaration from multipart test
* Use pkcs11-tool instead of p11tool form most of the operations (master have most of the features)
* Preparation for machine readable results
* Refactor log variables out of the main context, try to export generic data
* Do not write to non-existing FD if not logging
* Export missing data into the log file in JSON
* Store database in json
* Sanity check
* Avoid uninitialized structure fields using in state structure
* Dump always_authenticate attribute too
* Manual selection of slots with possibility to use slots without tokens
* Do not free before finalizing
* Proper cleanup of message in all cases
* Proper allocation and deallocation of messages
* Sanitize missing cases (memory leaks)
* Suppressions for testing under valgrind
* Better handling message_lengt during sign&verify (avoid invalid access)
* Suppress another PCSC error
* Do not use default PIN. Fail if none specified
* Sanitize initialization. Skip incomplete key pairs
* Add missing newline in errors
* Fix condition for certificate search
* Avoid several calls for attributes of zero length
* Handle if the private key is not present on the card
* Improve memory handling, silent GCC warning of 'unused' variable
* Fail early with missing private key, cleanup the messages
* Use correct padding for encryption
* Cache if the card supports Verify/Encrypt and avoid trying over and over again
* Loosen the condition for the Usage flags
* OpenSSL 1.1.0 compatibility
* Add missing mechanisms
* Do not require certificates on the card and pass valid data for RSA_PKCS mechanisms
* Add missing PIN argument in runtest.sh
* Add OpenSSL < 1.1 comatible bits
* Add SHA2 ECDSA mechanisms handling
* Use public key from PKCS#11 if the certificate is missing (or compare it with certificate)
* Avoid long definitions in OpenSSL compat layer
* In older OpenSSL, the header file is ecdsa.h
* Add missing config.h to apply compat OpenSSL layer
* ASN1_STRING_get0_data() is also new in 1.1.0
* Return back RSA_X_509 mechanism
* Drop bogus CKM_* in the definitions
* Drop CKM_SHA224_RSA_PKCS as it is already in pkcs11.h
* Update documentation
* Use NDEBUG as intended
* typos, cleanup
* Typos, cleanup, update copyright
* Additional check for OpenCryptoki, generate more key types on soft tokens
* Prepare for RSA-PSS and RSA-OAEP
* Use usage&result flags for the tests, gracefully ignore PSS&OAEP
* pkcs11.h: Add missing definitions for PSS
* PSS and OAEP tests
readonly: Typos, reformat
* Working version, memory leak
* Tweak message lengths for OAEP and PSS
* Skip tests that are not aplicable for tokens
* configure.ac: New switch --enable-tests
Do not attempt to build tests if cmocka is not available or
--enable-tests is provided. It makes also more lightweight release
builds out of the box (or with --disable-tests).
* travis: Install cmocka if not available
* Do not build tests on Windows and make dist pass
* Try to install cmocka from apt and from brew
* Do not require sudo (cmocka from apt and brew works)
When loaded as PKCS#11 module, OpenSC will reuse the application
identifier for each instance. We don't want to put any burdon on the
primary GApplication, so we use a non unique ID.
fixes https://github.com/OpenSC/OpenSC/issues/1332
Explicitly mention that this script builds the tokend and command
line tools (as it does not build the CryptoTokenKit app extension).
Add two missing packages in the list of build dependencies.
OpenSCToken (https://github.com/frankmorgner/OpenSCToken) is now a
standalone package that provides the CryptoTokenKit app extension.
It includes its own 'build-package' script, which handles building
the OpenSC library and statically linking against it.
The 'MacOSX/' directory in OpenSC itself is only used to build the
macOS tokend. Remove unused code for building a CryptoTokenKit app
extension from this directory (which no longer works). This should
help to avoid confusion when building OpenSC for macOS.
The PKCS#15 emulation layer for the CAC uses a single PIN. Set its
label to "PIN" (rather than the card type "CAC I" or "CAC II"), so
that the PIN label will be omitted from the token label, providing
more space for the card holder name instead.
This is intended to match the behavior used for PIV cards, which
was changed with commit 56c8f59b25.
During a pull request, it might not be possible for all components
(such as the PKCS#11 module, Windows minidriver, or macOS tokend)
to be tested by the same person using the same card; not everyone
has access to all of the platforms supported by OpenSC. When there
are no card-specific changes, each component might be tested by a
different person using a different type of card.
The pull request template contains a checklist with each component
that needs to be tested (which can be adapted as needed). However,
this checklist also includes an item for the type of card used for
testing. This should certainly be included in the message, but it
doesn't quite seem to belong in the checklist as a separate item,
particularly when considering the multiple-card testing situation
described above. It seems that the checklist is intended to track
specific tasks that still need to be completed.
This change slightly adjusts the template in order to handle this.
(It is still just a template, and it can be adapted for each pull
request as needed.)
* Handle errors as intended in sc_pkcs15emu_openpgp_add_data()
If a data object can be read, but it cannot be added to the PKCS#15
framework, return from this function with an error; do not continue
reading other data objects. Otherwise, do not return an error from
this function when a data object cannot be read or is empty.
Improve existing comments for clarity.
* Address other compiler warnings when using --disable-optimization
Certain variables that are not initialized when they are declared
prevent the build from completing, when --disable-optimization is
passed to ./configure.
1. In epass2003_set_security_env, remove unused code, add condition
check of ec and rsa
2. Line 1709 - add return check of hash_data
3. In epass2003_decipher API, the old sign using apdu.le = 256, now add
condition check of rsa
4. Line 2731-2734 - After login successful, need get session status,
adjust code, improve condition check of data->cmd.
Peter Marschall
Jakub Jelen
Jakub Jelen
Frank Morgner
Alon Bar-Lev
Florian Bezdeka
David Ward
Feitian Technologies