* Handle errors as intended in sc_pkcs15emu_openpgp_add_data()
If a data object can be read, but it cannot be added to the PKCS#15
framework, return from this function with an error; do not continue
reading other data objects. Otherwise, do not return an error from
this function when a data object cannot be read or is empty.
Improve existing comments for clarity.
* Address other compiler warnings when using --disable-optimization
Certain variables that are not initialized when they are declared
prevent the build from completing, when --disable-optimization is
passed to ./configure.
1. In epass2003_set_security_env, remove unused code, add condition
check of ec and rsa
2. Line 1709 - add return check of hash_data
3. In epass2003_decipher API, the old sign using apdu.le = 256, now add
condition check of rsa
4. Line 2731-2734 - After login successful, need get session status,
adjust code, improve condition check of data->cmd.
Remove all the code related to the old GUI and PIN PAD.
This code was initially developed by Zetes and had the ability to
display a dialog to request the PIN to the user. It was also able to
manage some specific proprietary pin pads.
As the Belgian government/fedict has now its own implementation, all
these old crufts can be removed.
https://github.com/OpenSC/OpenSC/issues/1296
Some ActivIdentity CAC/PIV cards lose the login state when selecting
the PIV AID SC_CARD_TYPE_PIV_II_CAC and CI_PIV_AID_LOSE_STATE were added
so piv_card_reader_lock_obtained will try and do a SELECT PIV AID.
card->type is reset to its original value if piv_match_card_continued
fails to match a card as PIV.
pkcs15-piv.c now uses sc_card_ctl which checks card->ops->card_ctl for NULL.
closes https://github.com/OpenSC/OpenSC/pull/1307
fixes https://github.com/OpenSC/OpenSC/issues/1297
We can't check for `tag == SC_ASN1_TAG_EOC` directly, because this
would also be true for a tag of 0x80 (with `class ==
SC_ASN1_CLASS_CONSTRUCTED`). So what we do is we check for the output
buffer to be NULL!
fixes https://github.com/OpenSC/OpenSC/issues/1273
1. Buffer underrun in epass2003_decipher().
2. The parameter `data' in update_secret_key() must be constant.
(Discovered by Clang 4.0.0 on OpenBSD 6.2.)
Fixes#1286. The behaviour of pkcs11-tool will follow the standard -
send DER. If EC_POINT_NO_ASN1_OCTET_STRING is defined then it will
write plain bytes.
ATR and differences between 3.4/3.5 are based on
https://github.com/CardContact/sc-hsm-embedded
Actually, 3.5 is untested, but 3.4 is almost identical, so we hope that
for 3.5 everything is fine.
In order to satisfy some concerns over the use of <card>_match_card
and <card>_init, this modification will do that at the cost of additional
overhead of repeating some card commands.
Hopefully this commit will not be needed.
On branch piv-aid-discovery
Changes to be committed:
modified: card-piv.c
As requested and as the alternative solution see:
https://github.com/OpenSC/OpenSC/pull/1256#issuecomment-365319444
In order to not pass a card lock and the card->drv_data from piv_match_card
piv_match_card is split in 2 parts.
the piv_match_card_continued is called from piv_init. piv_init may
now return with SC_ERROR_INVALID_CARD to single to sc_connect_card to look
for additional drivers.
Cosmetic change to indicate neo_version is really a Yubico version.
Change wording on the comments when setting card_issues.
On branch piv-aid-discovery
Changes to be committed:
modified: src/libopensc/card-piv.c
Some CAC card return '6A80` Incorrect parameters in APDU when trying to
read the Discovery object. If it fails other then not found, then we can
not use the Discovery object to test for the active AID.
The test is done in piv_match_card just after doing a SELECT AID for the PIV.
and set CI_DISCOVERY_USELESS if needed. piv_card_reader_lock_obtained will
then not use the Discovery object.
Some older PIV cards, prior to the introduction of the PIV
Discovery and History objects, may get errors trying to read them.
Ignore these errors too.
Remove comment and remove code to check verify Lc=0 as requested in:
https://github.com/OpenSC/OpenSC/pull/1256#pullrequestreview-96124443
They can easily be added back in.
On branch piv-aid-discovery
Changes to be committed:
modified: src/libopensc/card-piv.c