Commit Graph

6638 Commits

Author SHA1 Message Date
Jakub Jelen cc9020f56a pkcs15-sc-hsm: Avoid potential memory leaks 2019-08-28 11:01:50 +02:00
Jakub Jelen fb67ffdca6 pkcs15-sc-hsm: Avoid potential memory leaks 2019-08-28 11:01:50 +02:00
Jakub Jelen 14e1f3c4d3 pkcs15-tccardos: Make sure we do not overrun buffers in this wild parsing 2019-08-28 11:01:50 +02:00
Jakub Jelen 489886724f pkcs15-tccardos: Avoid negative indexing 2019-08-28 11:01:50 +02:00
Jakub Jelen cab5d3da17 iasecc-sdo: Avoid potential memory leak 2019-08-28 11:01:50 +02:00
Jakub Jelen 070a37cebd card-authentic: Avoid potential memory leaks 2019-08-28 11:01:50 +02:00
Jakub Jelen 1b32bfe4e5 card-coolkey: Avoid potential null dereference 2019-08-28 11:01:50 +02:00
Jakub Jelen 24eaa3eaa1 card-jcop: Avoid left-shift of negative values 2019-08-28 11:01:50 +02:00
Jakub Jelen 2f643948f1 ctx: Avoid potential memory leaks reported by clang 2019-08-28 11:01:50 +02:00
Frank Morgner bdca524aa8 Fixed memory leak
Credits to OSS-Fuzz
2019-08-27 15:59:46 +02:00
Frank Morgner 03ea3f719c fixed memory leak
Credits to OSS-Fuzz
2019-08-27 15:40:32 +02:00
Frank Morgner 9b4b080be7 fixed compiler warning 2019-08-27 15:27:15 +02:00
Frank Morgner a3fc7693f3 Fixed out of bounds access in ASN.1 Octet string
Credit to OSS-Fuzz
2019-08-27 15:21:46 +02:00
Frank Morgner 412a6142c2 fixed out of bounds access of ASN.1 Bitstring
Credit to OSS-Fuzz
2019-08-27 15:19:22 +02:00
Ludovic Rousseau 2bfd022180 pkcs11-spy: add support of CKM_*_PSS in C_VerifyInit()
In bdb1961dee the same code was added to
C_SignInit(). Now it is also used in C_VerifyInit().
2019-08-27 14:52:10 +02:00
Frank Morgner 2eab2bcd74 fixed out of bounds accessing array
Credit to OSS-Fuzz
2019-08-27 14:00:34 +02:00
Ludovic Rousseau 2240abcef1 spy: display -1 instead of 18446744073709551615
buf_len is a CK_ULONG (unsigned long). But if the attribute is sensitive
or is not extractable or is invalid for the object then the library set
the buffer length value to (CK_LONG)-1.

It is more friendly to see "-1" instead of "18446744073709551615" (on
64-bits CPU)
2019-08-26 10:53:09 +02:00
Ludovic Rousseau 43a8f870e5 pkcs11-spy: add support of CKA_OTP_* values 2019-08-26 10:18:04 +02:00
Ludovic Rousseau e35a7e7395 Add definition of CKA_OTP_* constants 2019-08-26 10:17:05 +02:00
Frank Morgner 9099d95c77 fixed interface change
fixes https://github.com/OpenSC/OpenSC/issues/1768
2019-08-20 14:21:44 +02:00
Peter Popovec d7a86d397f opensc-tool: do not connect card if not neccesary, fix util.c errors
opensc-tool: for options --version, --list-readers, -D, etc. we do not
need to connect card/reader. This removes unnecessary error messages
if card is not present in card reader or if reader is not available.
util.c: use symbolic error codes, pass error codes to caller without change.
2019-08-20 13:38:51 +02:00
Frank Morgner b6be87a348 make sc_format_apdu_ex agnostic to card properties 2019-08-20 13:38:20 +02:00
Frank Morgner 0c563df0c1 document sc_format_apdu_ex() 2019-08-20 13:38:20 +02:00
Frank Morgner 0e97ef2ce3 don't use sc_format_apdu_ex in default driver
fixes https://github.com/OpenSC/OpenSC/issues/1731
closes https://github.com/OpenSC/OpenSC/pull/1734
2019-08-20 13:38:20 +02:00
Frank Morgner 8dc67e6a61 use statement for noop 2019-08-20 13:38:20 +02:00
Raul Metsma fdf80761cf Remove duplicate code
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-08-20 13:38:00 +02:00
Jakub Jelen 9b47462a51 Fix portability warning from coverity
CID 344928 (#1 of 1): Sizeof not portable (SIZEOF_MISMATCH)
suspicious_sizeof: Passing argument object_handles of type CK_OBJECT_HANDLE_PTR and argument objects_length * 8UL /* sizeof (CK_OBJECT_HANDLE_PTR) */ to function realloc is suspicious. In this case, sizeof (CK_OBJECT_HANDLE_PTR) is equal to sizeof (CK_OBJECT_HANDLE), but this is not a portable assumption.
2019-08-20 13:28:54 +02:00
Jakub Jelen 1a0a8e637b p11test: Check return values
CID undefined (#1 of 1): Unchecked return value (CHECKED_RETURN)
10. check_return: Calling RSA_set0_key without checking return value (as is done elsewhere 7 out of 8 times).
2019-08-20 13:28:54 +02:00
Jakub Jelen 818aa5b69c p11test: Avoid possible issues reported by coverity
* The fail_msg() in cmocka has a way not to fail, which confuses coverity. Adding explicit retunr/exit should address this issue
 * Reformat some code in p11test
2019-08-20 13:28:54 +02:00
Jakub Jelen 2958b71c9a typo 2019-08-20 13:28:54 +02:00
Frank Morgner 7d8009e429 PC/SC: handle resets in SCardTransmit
fixes https://github.com/OpenSC/OpenSC/issues/1725
2019-08-20 13:25:06 +02:00
Frank Morgner 8f838bc1e0 fixed passing LIB_FUZZING_ENGINE 2019-08-19 16:44:54 +02:00
Peter Popovec 426772298a pkcs15-tool: inconsistent -r option fix
Option -r is used in other opensc tools to specify card reader.  pkcs15-tool
uses -r to specify cerfificate.  This fix intorduces warning message if -r
is used, and for future versions of pkcs15-tool -r is used to specify
reader.
2019-08-05 01:14:35 +02:00
Doug Engert 93bdc8c826 Support OpenSSL when deprecated defines have been removed Fixes 1755
sc-ossl-compat.h will check if OpenSSL has been built with or without some
deprecated defines. OpenSSL will provide defines for some of these if
built to still support depreacted routines but not if built with
"no-depracted". .

This commit will define some of the needed defines if ther are not
defined by OpenSSL. Thus if a distro builds OpenSSL with "no-depracted"
it can still be used.

 On branch fix-1755
 Changes to be committed:
	modified:   src/libopensc/sc-ossl-compat.h
2019-07-31 20:12:22 +02:00
Frank Morgner af8f965009 fixed memory leak 2019-07-26 15:23:02 +02:00
Frank Morgner bf8d449795 fixed memory leak 2019-07-26 15:23:02 +02:00
Frank Morgner 973b09f943 fixed exports 2019-07-26 15:23:02 +02:00
Frank Morgner 72f474f09f use consistent parameters
- in sc_pkcs15_wrap()
- and sc_pkcs15_derive()
2019-07-26 15:23:02 +02:00
Frank Morgner e28ada99fe added parameter checking 2019-07-26 15:23:02 +02:00
Frank Morgner b7f202221c fixed undefined reference 2019-07-26 15:23:02 +02:00
Frank Morgner 86c4d3384b removed undefined reference to sc_pkcs15_create 2019-07-26 15:23:02 +02:00
Frank Morgner 45dfc14573 fixed memory leak 2019-07-26 15:23:02 +02:00
Frank Morgner 755ac78a02 added fuzzing with libFuzzer and OSS-Fuzz
makes cmocka detection not required for building tests
2019-07-26 15:23:02 +02:00
Rosen Penev 7159400086 treewide: Fix compilation without deprecated OpenSSL APIs 2019-07-26 08:49:18 +02:00
programatix 91b9aea42a Update pkcs15-sec.c
When card supports SC_ALGORITHM_RSA_PAD_PKCS1 but not SC_ALGORITHM_RSA_HASH_NONE, then the DigestInfo need to be removed.

Current check make requires the card to not support both SC_ALGORITHM_RSA_PAD_PKCS1 and SC_ALGORITHM_RSA_HASH_NONE to have the removal done.
2019-07-26 08:48:10 +02:00
Jó Ágila Bitsch a7766b3de3 allow chaining for pkcs15-init --store-private-key EC keys
when importing a private key onto a pkcs15 card, if the card does not support
extended APDUs, we need to use chaining to store keys longer than 255 bytes.

While for RSA keys, this check was included, it was missing for EC keys.
This patch adds the SC_APDU_FLAGS_CHAINING flag to apdu.flags if data length is
greater than 255 and the card caps does not include SC_CARD_CAP_APDU_EXT.

Fixes #1747
2019-07-24 01:25:49 +02:00
Raul Metsma d14cf97d7a Allow to create temporary objects with readonly sessions and readonly cards
Fixes #1719

Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-07-22 13:34:59 +02:00
Daniel Kouril 916434f3a2 Fix using environmental variables on WIN32. 2019-07-22 13:32:46 +02:00
carblue 709fa98bb5 opensc-tool: fix --list-algorithms for AES 2019-07-22 13:09:30 +02:00
Frank Morgner ba19a467e4
Rutoken Lite (#1728)
* card-rtecp: Add Rutoken Lite

* avoid seperate rutoken lite driver

* added rutoken lite to minidriver

closes #1722
2019-07-22 13:05:32 +02:00
programatix 130e9bb068 Update strings.c 2019-07-04 10:12:23 +02:00
programatix 6b97071bb3 Update strings.c
The check condition is obviously wrong. It should check for EQUAL. The original bitwise check caused any other language to turn into DE because as long as a bit is filtered, it will hit.
2019-07-04 10:12:23 +02:00
Dmitriy Fortinskiy 3c1624676d card-rtecp,card-rutoken: Set specific card types 2019-07-02 12:13:57 +02:00
Dmitriy Fortinskiy 60a2cf16c7 card-rtecp: Fix list_files on T0 cards
Rutoken ECP SC over T0 expects Get Response after SW1=61 which
is not called with zero le.
2019-07-02 12:13:57 +02:00
Frank Morgner 7fb72ccf7b pkcs11: fixed slotIDs when a new slot list is requested
fixes https://github.com/OpenSC/OpenSC/issues/1706

regression of 24b7507a69
2019-06-30 10:24:11 +02:00
Andreas Schwier e7a8c00566 sc-hsm: Use CHR in CSR based on device serial number 2019-06-21 15:08:14 +02:00
Peter Marschall 229dd32e3a opensc-explorer: fix APDU command
Do not ignore first parameter.
2019-06-21 14:34:38 +02:00
Timo Teräs 19711d0a13 myeid: fix EC key upload, and avoid data copying
Fixes regression from commit 3688dfe which did not consider that
the zero prefixing tests were too generic and matched EC keys too.

This simplifies the code even further and avoids data copying
when possible. Proper test is now included to do data value prefixing
only for the RSA keys it is needed.

Closes #1701.
2019-06-17 15:19:08 +02:00
Jakub Jelen 9197dfe5ae myeid: Detect also OsEID card in the MyEID driver and difference them with separate types 2019-06-17 12:49:11 +02:00
Jakub Jelen 07c0a47b37 card-openpgp: Fix typo in the EC Key size 2019-06-17 12:49:11 +02:00
Jakub Jelen b65275d6f8 p11test: Improve error reporting on unknown EC groups 2019-06-17 12:49:11 +02:00
Jakub Jelen 87770df65b p11test: Implement simple derive tests 2019-06-17 12:49:11 +02:00
Jakub Jelen 852f057ce3 p11test: Add MD5 mechanisms pretty-print 2019-06-17 12:49:11 +02:00
Jakub Jelen 86fd200462 sc-hsm: Check the operation first 2019-06-17 12:49:11 +02:00
Jakub Jelen df0bbc110e pkcs11-spy: Dump EC Derive parameters 2019-06-17 12:49:11 +02:00
Jakub Jelen 10abef9206 pkcs15-sec: Drop unused code (copied from RSA decipher) 2019-06-17 12:49:11 +02:00
Jakub Jelen 272e380898 Set correctly flags for ECDH derive operations 2019-06-17 12:49:11 +02:00
Jakub Jelen 6d751e8b22 opensc.h: Add missing raw ecdh algorithm 2019-06-17 12:49:11 +02:00
Jakub Jelen 293760c0d0 Fix derive operation detection in MyEID and sc-hsm drivers 2019-06-17 12:49:11 +02:00
Andreas Schwier 58fa53ac91 sc-hsm: Add missing secp384r1 curve parameter 2019-06-14 14:29:58 +02:00
Frank Morgner 94388f9538 fixed more clang-tidy warnings 2019-06-05 13:48:51 +02:00
Nuno Goncalves 0322401aae gemsafeV1: remove redundant match card call to allow for opensc.conf match
At the point when gemsafe_match_card is called, the card type is already known,
either because of a previous match at card.c, or because it is forced at opensc.conf.

With this redundant match it's not possible to force selection on opensc.conf.

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-06-05 13:43:52 +02:00
Raul Metsma 3a192e2c87 pkcs11-tool: Add extractable option to key import
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
Doug Engert a2dd500624 Fix pkcs11-tool encryption error Fix #1694
Make sure data being encrypted is less then the modulus.

 On branch pkcs11-tool-encryption
 Changes to be committed:
	modified:   ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
Frank Morgner 3a665f6479 allow single character strings with sc_hex_to_bin
fixes https://github.com/OpenSC/OpenSC/issues/1684
fixes https://github.com/OpenSC/OpenSC/issues/1669
2019-05-31 14:15:37 +02:00
Nuno Goncalves e3ff3be4fe pteid: add new ATRs
One ATR have been confirmed on my personal card and also added to the official middleware:

https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf

There is another ATR I am adding blind from the official middleware:

https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf

Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-05-31 14:12:12 +02:00
Ludovic Rousseau cc189585c8 pkcs11-spy: display CK_GCM_PARAMS.ulIvBits field 2019-05-29 15:17:15 +02:00
Ludovic Rousseau 0fbd2663e6 Add missing ulIvBits to CK_GCM_PARAMS
The PKCS#11 specification text does not document the ulIvBits field.
But the header file defining CK_GCM_PARAMS uses it.
Since the header file is the normative version we need to add it.

See also https://github.com/Pkcs11Interop/Pkcs11Interop/issues/126o
and https://lists.oasis-open.org/archives/pkcs11-comment/201602/msg00001.html
and https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11
2019-05-29 15:17:15 +02:00
Frank Morgner b7b501d0a5 fixed issues reported by clang-analyzer 2019-05-21 19:34:46 +02:00
Frank Morgner 3c83a80b57 fixed printing non primitive tag
fixes undefined bitshift
2019-05-21 19:34:46 +02:00
Frank Morgner 1423c6bb90 CI: integrate clang-tidy (disabled)
files that have warnings are currently excluded
2019-05-21 19:34:46 +02:00
Raul Metsma 1e59643caa Remove process_arr unused file argument and fix clang-tidy warnings
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-21 19:34:46 +02:00
Jakub Jelen e501c5ae81 Unbreak build without OpenSSL 2019-05-21 18:44:06 +02:00
Frank Morgner 65d607af66 fixed 325860 Dereference before null check 2019-05-14 14:50:17 +02:00
Frank Morgner 630bcbedd4 fixed 337490 Unchecked return value 2019-05-14 14:50:17 +02:00
Frank Morgner e275b34269 fixed 339157 Unused value 2019-05-14 14:50:17 +02:00
Martin Paljak 2829c5870f Address review comments
Change-Id: I9aa97c8a9878dddd3e6f1a2baa877d188b9d7fe5
2019-05-02 11:51:02 +03:00
Martin Paljak 5f5d40521e Avoid 6282 reply for a successful operation
Change-Id: I5d4d3103692fc6db51f13fc5338360289c26af9a
2019-05-02 11:51:02 +03:00
Martin Paljak fc8e9bf3f3 Address review comments and further reduce LOC
and make sure the card is always handled emulated card first

Change-Id: I60174c2793bb882fb73716f62a652d84e028382c
2019-05-02 11:51:02 +03:00
Martin Paljak b3d4a0d69a EstEID 2018+ driver
This adds support for a minimalistic, small and fast card profile based on IAS-ECC.

Based on information from https://installer.id.ee/media/id2019/TD-ID1-Chip-App.pdf
and proprietary driver snoops.

Thanks to @metsma and @frankmorgner.

Change-Id: I2e4b4914d8a3b991d9a639728695abf4a2362ca0
2019-05-02 11:47:31 +03:00
Andreas Kemnade c3a9458fa8 egk-tool: fix missed initialisation of card pointer
If util_connect_card_ex() fails, sc_disconnect_card() will use a
random pointer leading to segmentation faults.
2019-05-02 10:09:08 +02:00
Andreas Kemnade 209be72979 eGK: fix path for vd/gvd
path was wrong, the same as for pd
2019-05-02 10:09:08 +02:00
Andreas Kemnade 9ca836975a Starcos: added another ATR for 2nd gen. eGK (TK) 2019-05-02 10:09:08 +02:00
Raul Metsma 63fd71c245 Remove unused sc_pkcs15emu_opt_t structure
Only usage was removed SC_PKCS15EMU_FLAGS_NO_CHECK flag

Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-02 10:08:46 +02:00
Frank Morgner f0a6a568f4 fixed Local variable hides global variable 2019-05-02 10:08:28 +02:00
Frank Morgner 0bc95cb6a1 added include guards 2019-05-02 10:08:28 +02:00
Frank Morgner 86ba3ea489 fixed Wrong type of arguments to formatting function 2019-05-02 10:08:28 +02:00
Raul Metsma 5123531e62 Fix EstEID 3.4 signing
opensc master requires now SC_ALGORITHM_RSA_HASH_NONE

Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-02 10:06:19 +02:00
Frank Morgner 7449b00768 pkcs11: avoid double initialization of notify 2019-04-26 23:51:37 +02:00
Frank Morgner c671083ee3 fixed missing file 2019-04-25 16:46:07 +02:00
Frank Morgner 7df789ec5d fixed 337490 Unchecked return value 2019-04-25 15:44:11 +02:00
Frank Morgner 8382f243b2 fixed 337891 Out-of-bounds write 2019-04-25 15:44:11 +02:00
Raul Metsma bbec50bfdb Remove unused SC_PKCS15EMU_FLAGS_NO_CHECK flag
Fixes #1634

Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-25 14:53:25 +02:00
Timo Teräs 3688dfe238 MyEID: simplify key component loading
Encode the component ID to be key type and component ID. This allows
each combination to be unique and direct mapping to card component
ID type in the code by just taking the low byte. This simplifies
the code, and reduces confusion as there is now only one #define
for each component.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
Timo Teräs 3f832ca6da MyEID: implement support for 4K RSA keys (MyEID 4.5+)
MyEID starting version 4.5 supports 4K RSA keys. The card also
now supports proper APDU chainging (for sending large APDUs) and
receiving large responses via GET_RESPONSE splitting.

This updates the following:
* detection code properly announces 3K and 4K RSA support
  when available
* APDU chaining is used when possible
* use ISO GET_RESPONSE handling for large responses
* max_recv_size is set to 256 which it always was supposed to be
  as the old cards respond with that large responses too
* use the 2K signing kludge only on cards that need it
* unwrap and decipher code paths unified to the extent possible

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
Timo Teräs 0e25c1d2a6 MyEID: detect card from ATR historical data instead of full ATR
This will simplify the matching code, and match prototype cards.

Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
Ludovic Rousseau ffaaf1c0d3 pkcs11-spy: parse CKM_AES_GCM for C_EncryptInit() 2019-04-25 14:52:20 +02:00
Ludovic Rousseau 69727c79ad pkcs11.h: add CK_GCM_PARAMS structure 2019-04-25 14:52:20 +02:00
Ludovic Rousseau 98ec27e768 pkcs11-spy: log pParameter buffer for C_EncryptInit & C_DecryptInit 2019-04-25 14:52:20 +02:00
Frank Morgner bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11 2019-04-25 14:51:54 +02:00
alegon01 e21cb5712c Fix in encrypt_decrypt(), initialize the mgf 2019-04-24 14:03:35 +02:00
Jakub Jelen 13429baed0 cac: Avoid signed/unsigned casting reported by coverity
src/libopensc/card-cac.c:1707: negative_returns: "val_len" is passed to a parameter that cannot be negative.
2019-04-23 14:49:45 +02:00
Dmitriy Fortinskiy 8cf1e6f769 pkcs11-tool: List supported GOST mechanisms 2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy a5382d32fd pkcs11-tool: Show GOSTR3410-2012 keys 2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy 0e12b1dc71 pkcs11-tool: Generate GOSTR3410-2012 keys 2019-04-17 16:42:12 +02:00
Dmitriy Fortinskiy 4614beb87e pkcs11-tool: Add keys access flags 2019-04-17 16:40:41 +02:00
Dmitriy Fortinskiy aff2059ec1 card-rtecp: Fix SELECT FILE 2019-04-17 16:38:49 +02:00
Dmitriy Fortinskiy fe4dae4d31 card-rtecp: Add Rutoken ECP SC ATR 2019-04-17 16:38:49 +02:00
Raul Metsma 91a1dd9af4 Option to delete object by index
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
Raul Metsma 3935d501bf Implement Secret Key write object
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
Frank Morgner 066c30bb4e opensc-notify: add to autostart 2019-04-08 11:16:13 +02:00
Frank Morgner 159821497c egk-tool: fixed verbose logging 2019-04-08 11:16:13 +02:00
Frank Morgner fe95520e3e explicitly import libpkcs11.h 2019-04-08 11:16:13 +02:00
Frank Morgner 6f9b58af72 added pkcs11-register 2019-04-08 11:16:13 +02:00
Jakub Jelen fc4d600634 pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
alegon01 f631b5f733 Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data) 2019-04-05 10:39:52 +02:00
alegon01 4913feadb8 Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data) 2019-04-05 10:38:12 +02:00
Frank Morgner fd20ffe608
optimize bin/hex low parsing level functions (#1646)
* optimize sc_hex_to_bin

* optimize sc_bin_to_hex

* added documentation

closes https://github.com/OpenSC/OpenSC/pull/1643

thanks to carblue <ka6613-496@online.de>
2019-04-04 12:52:08 +02:00
Frank Morgner 0abe9d11c7 pkcs11: (de-) initialize notifications on load
fixes https://github.com/OpenSC/OpenSC/issues/1507
fixes https://github.com/OpenSC/pkcs11-helper/issues/16
2019-04-04 11:04:50 +02:00
Raul Metsma 9ba8f56037 Change u8 *data to const because sc_apdu unsigned char *data is const
Name sc_format_apdu parameters for IDE help hints

Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-03 22:15:54 +02:00
Raul Metsma 4ba086bfd4 Use strdup and fix all casts
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-01 12:53:33 +02:00
Martin Paljak ea74308512 iso7816_read_binary: do not assume that 6282 is returned with data
Instead of a double check_sw call in case there is no data, assume
that a SW is properly sent by the card and do not expose
SC_ERROR_FILE_END_REACHED outside of the function
(like sc_pkcs15_read_file)

This is to facilitate Estonian eID 2018+ that instead of properly returning
6282 with trunkated data, 9000 is returned and next READ BINARY returns
6b00 (invalid p1/p2). The change should be generally harmless for well-behaving
cards.

Change-Id: I7511ab4841d3bcdf8d6f4a37a9315ea4ac569b10
2019-04-01 12:51:00 +02:00
Peter Popovec f070c99b65 opensc-tool: do not use card driver to read ATR
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader.  Before use of card driver,
do only card reader connect, then print ATR.  Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
2019-03-25 14:34:26 +01:00
Frank Morgner b389b19ca5
Merge pull request #1633 from metsma/esteid
Only EstEID 3.5 has EC 384 keys
2019-03-25 14:31:02 +01:00
Frank Morgner 2f4df1b93e tools: unified handling of gengetopt 2019-03-25 14:30:09 +01:00
Frank Morgner fc9277b778 use compat_getopt_long if getopt_long is not available
uses the autoconf way for replacing getopt.h

fixes https://github.com/OpenSC/OpenSC/issues/1527
2019-03-25 14:30:09 +01:00
Raul Metsma 7ae54f490d Remove dead code (#1638) 2019-03-25 14:28:53 +01:00
Frank Morgner 8dea0a9028 fix overlapping memcpy
Fixes https://github.com/OpenSC/OpenSC/issues/1631
2019-03-18 23:33:24 +01:00
Frank Morgner 6aa5410e73 goid-tool: live with short length APDUs 2019-03-18 13:59:11 +01:00
Raul Metsma 4d2254a092 Only EstEID 3.5 has EC 384 keys
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 23:01:07 +02:00
Frank Morgner 2e87e4cfed fixed issues from review 2019-03-13 21:22:19 +01:00
Frank Morgner b7ec7f95b1 pkcs11: fixed token label 2019-03-13 21:22:19 +01:00
Frank Morgner 0079d836f3 pkcs11: truncate oversized labels with '...' 2019-03-13 21:22:19 +01:00
Raul Metsma 1e6d3df201 Remove un-lincenced header file
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 21:19:26 +01:00
Frank Morgner 71b85d15e4 opensc.conf: Configure handling of private_certificate
possible choices: ignore, protect, declassify

fixes https://github.com/OpenSC/OpenSC/issues/1430
2019-03-13 21:18:57 +01:00
Frank Morgner 1e0743b29f removed untested use of SC_SEC_OPERATION_AUTHENTICATE
fixes https://github.com/OpenSC/OpenSC/issues/1271
2019-03-13 21:17:54 +01:00
Frank Morgner 106b3a28b1 acos5: removed incomplete driver
fixes https://github.com/OpenSC/OpenSC/issues/1204
2019-03-13 21:17:54 +01:00
Frank Morgner 9fa1722f73 sc_bin_to_hex returns a Nul terminated string 2019-03-13 21:17:00 +01:00
Frank Morgner eb8f28db20 fixed error handling 2019-03-13 21:17:00 +01:00
Frank Morgner d4f1decd15 Make sure card's strings are Nul terminated
Avoids out of bounds reads when using internal operations with the given string
2019-03-13 21:17:00 +01:00
Frank Morgner d953998aa3 npa-tool: force default card driver 2019-03-13 12:01:09 +01:00
alegon01 31831c300b Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits. 2019-03-12 08:52:06 +01:00
Frank Morgner 6472027848 tools: release context when card connection fails 2019-03-07 22:18:54 +02:00
Pierre Ossman bc4eeda573 Remove readers when smart card service stops
The code already removes all active cards when the service goes
away, but it doesn't remove the reader. This can be a bit confusing
since they will still be polled and listed.
2019-03-07 21:51:02 +02:00
Pierre Ossman 9ed5f63c17 Fix smart card removal handling for older PC/SC
Older PC/SC doesn't have the code SCARD_E_NO_READERS_AVAILABLE, so fix
the code to handle such systems as well.
2019-03-07 21:51:02 +02:00
Pierre Ossman 9e9bdac2f1 Handle reader going missing
It might just be this specific reader going missing, and not all
of them.
2019-03-07 21:51:02 +02:00
Raul Metsma b227fb8b9f Cleanup EstEID 1.0/1.1 lefovers
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-07 21:31:08 +02:00
Scott Gayou 0d79675497 Small memory leak fix (CVE-2019-6502 in #1586)
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.
2019-03-06 19:51:43 +01:00
alegon01 728d099a53 FIX typo OpenSSL vs OpenSsl. 2019-03-06 11:35:11 +01:00
alegon01 b327b76134 FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt(). 2019-03-06 10:26:05 +01:00
Frank Morgner 19c5ab315d fixed uninitialized use of variable 2019-03-06 08:53:47 +01:00
Frank Morgner 070370895f fixed 333707 Dereference before null check 2019-03-06 00:42:38 +01:00
Frank Morgner 8fbd0b3ee1 fixed 333708 Dereference after null check 2019-03-06 00:42:38 +01:00
Frank Morgner ba185954c5 fixed 333709 Unchecked return value 2019-03-06 00:42:38 +01:00
Frank Morgner e8f8f0bfbb fixed 333714 Uninitialized scalar variable 2019-03-06 00:42:38 +01:00
Frank Morgner 9abe44f03c fixed 333715 Dereference after null check 2019-03-06 00:42:38 +01:00
Frank Morgner e876cf62eb fixed 333711 Dereference before null check 2019-03-06 00:42:38 +01:00
Frank Morgner b1a58c7925 removed dead code 2019-03-06 00:42:38 +01:00
Frank Morgner 27526de021 implemented sc_format_apdu_ex 2019-03-05 13:54:13 +01:00
Frank Morgner 155b197932 sc-hsm: require T=1 connection 2019-03-05 13:47:45 +01:00
alegon01 7271fe610b Add support for the OpenSsl signature format for the signature verification. 2019-02-18 16:03:41 +01:00
Frank Morgner 20daced605 fixed special case of deletion in gnuk_write_certificate 2019-02-14 09:22:23 +01:00
Frank Morgner 1a61ae849f fixed Null pointer argument in call to memcpy 2019-02-14 09:22:23 +01:00
Frank Morgner b6fadb469f fixed sc_decompress_zlib_alloc return code 2019-02-14 09:22:23 +01:00
Frank Morgner 6e48de83c7 avoid allocation of 0 bytes 2019-02-14 09:22:23 +01:00
Frank Morgner f4fccfd94e fixed undefined bitshift 2019-02-14 09:22:23 +01:00
Frank Morgner c858d4b3d1 fixed argument checking 2019-02-14 09:22:23 +01:00
Frank Morgner 6fdb29a470 fixed use of uninitialized values 2019-02-14 09:22:23 +01:00
Frank Morgner 01d515a026 fixed use of garbage value 2019-02-14 09:22:23 +01:00
Frank Morgner 8ea77a83e0 fixed misuse of realloc 2019-02-14 09:22:23 +01:00
Frank Morgner 32e1995300 fixed dead assignment 2019-02-14 09:22:23 +01:00
Frank Morgner e4a01643a6 fixed possible NULL pointer dereference 2019-02-14 09:22:23 +01:00
Frank Morgner 53954e9ff1 fixed OpenSSL handling in PKCS#11 mapping
prevents NULL pointer dereference
2019-02-14 09:22:23 +01:00
Frank Morgner b708cab0a3 fixed assignment of garbage value 2019-02-14 09:22:23 +01:00
Frank Morgner 85485eb9b0 fixed unused assignments 2019-02-14 09:22:23 +01:00
Frank Morgner fdb0e6d581 Fixed Potential leak of memory 2019-02-14 09:22:23 +01:00
alegon01 9ae507c5f8 Fix indentation. 2019-02-12 14:09:26 +01:00
alegon01 b63a868e68 Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined. 2019-02-12 10:42:39 +01:00
Raul Metsma c2cc83754e select_esteid_df is only used in card-mcrd.c
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-02-12 08:56:20 +01:00
Raul Metsma f37a8a5c52 is_esteid_card is only used card-mcrd.c
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-02-12 08:56:20 +01:00
Peter Marschall 4757466f27 OpenPGP: space police
remove trailing spaces & tabs
2019-02-12 08:55:59 +01:00
Alex Karabanov 04ef9dbf3b Fix build on cygwin in strict mode (#1605) 2019-02-11 20:50:12 +01:00
Frank Morgner be33e82b75 goid-tool: fixed possible memory leak
internally created context needs to be freed if TA/CA is done without
an existing SM context from PACE
2019-02-11 15:41:32 +01:00
Frank Morgner 72cdc9d82e goid-tool: fixed confusion about always/never acl 2019-02-08 15:08:03 +01:00
Frank Morgner aca9d79f6d fixed parsing SoCManager info 2019-02-07 16:56:33 +01:00
alegon01 973625773b Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a. 2019-02-07 10:42:48 +01:00
alegon01 084624f340 Fix CKM_RSA_PKCS in encrypt_decrypt(). 2019-02-05 12:03:51 +01:00
alegon01 9aa413bd7e Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported. 2019-02-05 11:35:42 +01:00
alegon01 d25fbe3cec Remove 2 useless comments in encrypt_decrypt(). 2019-02-05 11:24:33 +01:00
Frank Morgner 928fbf2f03 goid-tool: implented PIN/FP verification for PAccess 2019-02-04 16:01:56 +01:00