giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
7,435 Commits 1 Branch 30 Tags 20 MiB
Commit Graph

7435 Commits

Author SHA1 Message Date
Frank Morgner d4f039cb50 speed up checking out nightly branch 2018-11-20 13:02:29 +01:00
Frank Morgner ad83c2c5a9 use proper debug level for card matching 2018-11-20 12:48:58 +01:00
Doug Engert 764c61446e pkcs15-crypt - Handle keys with user_consent - Fixes #1292 
This fixes problem as stated in:
https://github.com/OpenSC/OpenSC/issues/1292#issuecomment-431879472

pkcs15-crypt.c will treat keys with user_consent like PKCS#11 would.
SC_AC_CONTEXT_SPECIFIC is set when doing a verify so a card driver can
take action if needed.

card-piv.c is currently the only driver doing so.
It uses this to hold the card lock so both the VERIFY and following crypto
operations are in the same transaction. The card enforces this restriction.
Without this additional APDUs may be sent before every transaction to test
that the expected applet is selected.

Unlike the circumvention of using ignore_user_consent=true and pin caching
this modification allows a pin pad reader to be used for keys requiring user_consent.

 On branch pkcs15-context-specific
 Changes to be committed:
	modified:   pkcs15-crypt.c
 2018-11-20 11:53:57 +01:00
Hannu Honkanen aa8f666f46 Removed unnecessary spaces from framework-pkc15.c as requested. 
pkcs15: added explicit comparison when checking return value of sc_compare_oid() to make the logic more obvious.
 2018-11-20 11:52:54 +01:00
Hannu Honkanen 7f91b6e07f MyEID: add AES algorithms to tokenInfo as supported during init. It is better to do it already in init, because adding them in C_UnwrapKey operations would require SO-PIN which is inconvenient. 
pkcs15: added function to get a specific supported algorithm, checking also OID.
This is needed because for AES there are different OIDs for each key length.
 2018-11-20 11:52:54 +01:00
Hannu Honkanen c051ef64dd Convert sequences of four spaces to tabs to fix indentation problems. 2018-11-20 11:52:54 +01:00
Hannu Honkanen 3ec39919c3 pkcs15-lib: Must use keyargs->value_len instead of keyargs->key.data_len * 8 when calling check_key_compatibility(), to get correct result in key unwrap operations. In this case data_len is 0, but value_len contains the key length in bits. 2018-11-20 11:52:54 +01:00
Steve Ross abdbb9d8c0 Enable CoolKey driver to handle 2048-bit keys. 
For a problem description, see <https://github.com/OpenSC/OpenSC/issues/1524>.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
	pkcs11-tool --test --login
fails to complete all of its tests.

This commit consists of a patch from @dengert.

To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.

With this change, the command
	pkcs11-tool --test --login
succeeds.
 2018-11-19 12:42:17 +01:00
Frank Morgner d4e6c0c0dd travis: fixed installation of completion templates 2018-11-14 12:57:22 +01:00
Frank Morgner ee3fdc6938 fixed missing function stub 2018-11-13 15:50:17 +01:00
Frank Morgner 2cb6f9c94f fixed compilation without OpenSSL 
closes https://github.com/OpenSC/OpenSC/pull/1518
 2018-11-13 15:50:17 +01:00
Frank Morgner f3a2962358 pkcs11: perform memory cleanup on dll unload 2018-11-13 15:50:17 +01:00
Frank Morgner 447335bc1f md: clean OpenSSL memory when DLL is unloaded 2018-11-13 15:50:17 +01:00
Frank Morgner 027ccad439 allow specifying the size of OpenSSL secure memory 
... and set it for builds where we're linking OpenSSL statically (i.e.
Windows and macOS)

fixes https://github.com/OpenSC/OpenSC/issues/1515
 2018-11-13 15:50:17 +01:00
Andreas Kemnade eddea6f3c2 fix logic of send/recv sizes in config files 
- they are not set if
  SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, ...
  fails
- regarding max_send_size the logic is inverted
 2018-11-09 08:56:53 +01:00
Frank Morgner c032b2f15d CID 320271 (#1 of 1): Dereference before null check (REVERSE_INULL) 2018-11-06 15:53:17 +01:00
Frank Morgner 3c0a16dc39 CID 321790 (#1 of 1): Resource leak (RESOURCE_LEAK) 2018-11-06 15:53:17 +01:00
Frank Morgner 1e7bb83659 CID 324485 (#1 of 2): Integer overflowed argument (INTEGER_OVERFLOW) 2018-11-06 15:53:17 +01:00
Frank Morgner 609095a4f4 CID 325860 (#1 of 1): Dereference before null check (REVERSE_INULL) 2018-11-06 15:53:17 +01:00
Frank Morgner 54c9d65a48 CID 325861 (#1 of 1): Dereference before null check (REVERSE_INULL) 2018-11-06 15:53:17 +01:00
Peter Marschall c6d252611b openpgp-tool: add missing length check in prettify_name() 2018-11-06 12:41:19 +01:00
Peter Marschall 4e5805dc5d openpgp-tool: don't uppercase hex string 2018-11-06 12:41:19 +01:00
Peter Marschall afda163dc6 openpgp-tool: fix typo 2018-11-06 12:41:19 +01:00
Peter Marschall ec3830fe66 openpgp-tool: use more compatible strftime() format spec 
Replace the Single UNIX specific shorthand %T for %H:%M:%S with the latter
to keep MingW happy.
 2018-11-06 12:41:19 +01:00
Peter Marschall 85258f2951 openpgp-tool: use key type to indicate key to generate 
Instead of only expecting a key length, and implicitly assuming RSA
as the key algorithm, introduce option --key-type to pass the key type
as a string.

When generating the key determine key algorithm and attributes based on
the key type passed.

If no key was given, default to "rsa2048".
 2018-11-06 12:41:19 +01:00
Peter Marschall c9f5e05aca openpgp-tool: new option --key-info to display key info 2018-11-06 12:41:19 +01:00
Peter Marschall 1866c3e930 openpgp-tool: new option --card-info to display card info 2018-11-06 12:41:19 +01:00
Frank Morgner 263b945f62 md: added support for PSS 2018-11-06 12:38:57 +01:00
Frank Morgner 99a9029848 md: use constants for AlgId comparison 2018-11-06 12:38:47 +01:00
Frank Morgner 22c8204a2f Merge remote-tracking branch 'upstream/pr/1393' 
closes https://github.com/OpenSC/OpenSC/pull/1393
 2018-11-06 10:51:24 +01:00
Frank Morgner 13c7574510 PIV: less debugging 
- debugging pointers is useless in static log file
- removed double debugging of APDUs
 2018-11-06 01:42:41 +01:00
Jakub Jelen eaed345a76 Add missing header file to the tarball 2018-11-05 09:15:20 +01:00
Jakub Jelen 9342f8ad0a padding: Fix error checking in RSA-PSS 2018-11-05 09:15:20 +01:00
Jakub Jelen 0f5d73d816 framework-pkcs15.c: Add SHA224 mechanism for PKCS#1.5 2018-11-05 09:15:20 +01:00
Jakub Jelen 8ccc39352a p11test: Do not report incomplete key pairs 2018-11-05 09:15:20 +01:00
Jakub Jelen d2671ee05b framework-pkcs15.c: Add PKCS#1 mechanisms also if SC_ALGORITHM_RSA_HASH_NONE is defined 2018-11-05 09:15:20 +01:00
Jakub Jelen 7e0ef7c16c framework-pkcs15.c: Reformat 
* Reasonable line lengths
 * Correct indentation
 * Add missing SHA224 mechanism
 2018-11-05 09:15:20 +01:00
Jakub Jelen 7cced08a88 coolkey: Check return values from list initialization (coverity) 
>>>     CID 324484:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "list_init" without checking return value (as is done elsewhere 8 out of 9 times).
 2018-11-05 09:15:20 +01:00
Jakub Jelen f276f7f8f4 coverity: Add allocation check 
*** CID 323588:  Uninitialized variables  (UNINIT)
/src/libopensc/sc.c: 873 in sc_mem_secure_alloc()
 2018-11-05 09:15:20 +01:00
Hannu Honkanen 351e0d2bd6 Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts 2018-11-02 13:42:41 +02:00
Hannu Honkanen b35fb19ec4 Resolved conflict in pkcs15_create_secret_key 2018-11-02 13:28:51 +02:00
Peter Marschall 26025b2f5d pkcs15-tool: list & dump cleanups 
* when listing public keys, do not cut object labels in compact mode
* when listing private keys in compact mode, left align labels
* make hex codes at least 2 chars wide by changing "0x%X" to "0x%02X"
 2018-11-01 12:25:04 +01:00
Frank Morgner c70888f9ab allow compilation with --disable-shared 2018-11-01 00:17:22 +01:00
Frank Morgner 54cb1099a0 fixed warnings about precision loss 2018-11-01 00:17:22 +01:00
Frank Morgner 5c7b7bb0b1 fixed minor XCode documentation warnings 2018-11-01 00:17:22 +01:00
Hannu Honkanen f88419bc63 Removed pointless curly brackets 2018-10-31 10:36:50 +02:00
Hannu Honkanen 7bb53423a1 Code cleanup and minor corrections according to review. pkcs15-lib: Extractable keys are now marked as native. Check return value of check_key_compatibility in more explicit way to avoid misunderstandings. 2018-10-31 10:36:41 +02:00
Hannu Honkanen 90ec7123ba Corrections and code cleanup as requested in review. Changed value to void* in sc_sec_env_param_t, because param_type defines type of the value. Fixed handling of secret key length in framework-pkcs15 and pkcs15-lib: CKA_VALUE_LEN from PKCS#11 is in bytes, PKCS#15 objects need key length in bits. Rebased on top of upstream/master and resolved merge conflicts. 2018-10-31 10:27:03 +02:00
Lars Silvén 84317f4e9d Fixing missing call to sc_unlock. 2018-10-31 10:27:03 +02:00
Hannu Honkanen 8ebb43d440 Removed #ifdef USE_PKCS15_INIT around __pkcs15_create_secret_key_object. This function is now used also when reading and parsing a card, not only when creating new objects. 2018-10-31 10:27:03 +02:00