This is name change only fix.
The variable name "card" was being used to refer to a struct sc_card or a struct sc_pkcs11_card
in some files including sc_pkcs11.h. In other files the variable name "p11card" is used for struct sc_pkcs11_card.
This creates hard to read code, such as: slot->card->card.
All definitations of sc_pkcs11_card *card now use p11card as the variable name.
Fix#471
Prior to this commit, all hashes registered for RSA or other key types were
registered for ECDSA as well.
register ECDH mechanism only when supported by card
ECDH should only be registered if the card driver sets the
SC_ALGORITHM_ECDH_CDH_RAW flag.
register software PKCS#1 (1.5) padding only when RAW RSA is supported by card
If OpenSC supports PSS/OAEP padding or other padding mechanisms in
future, and there would be a card that enforces hardware PSS/OAEP
padding, the PKCS#1 v1.5 padding mechanism should not be registered.
We duplicate mechanisms based on OpenSSL so that they can be freed along
all the card's algorithms created via sc_pkcs11_new_fw_mechanism. Fixes
regression from eaf548aa3dab80a9bbf51da8291e7db978e3a2ad
Basically checks that the memory allocation succeed.
The ctbcs.c change improve the readability
because count = 0 and len > 254 does not add any value.
VTA: added few coding style changes
For internal use allocate and copy the EC params data from the caller's template,
rather then use them directly as a pointer in internal public key data.
needed to store information about EC curve supported by card.
Primary usage is when importing/generating key to get know if particular curve is supported by card.
* Key usage required when calling C_CreateObject for public key are not used.
This adds the logic to convert from PKCS#11 attributes to PKCS#15 in the
structure that is sent to underlying _store_pubkey functions.
Pkcs15init data, used to import/generate key objects, includes twice the same EC parameters data:
- explicit 'params' data
- part of sc_pkcs15_pubkey/sc_pkcs15_prkey
Explicit 'ec-params' data is removed.
b94c163 - invalid, non-tested
11881a6 -- src/libopensc/card-iasecc.c -- return from select has to be ignored,
3a92bf7 -- src/pkcs11/slot.c -- SEGFAULT issue #3733a92bf7 -- src/tools/piv-tool.c -- confirmed by author
6759c04 -- src/pkcs15init/pkcs15-lib.c -- file instantiation error has to be ignored
C_Digest will now query for the buffer size using sc_pkcs15_md_final
before calling sc_pkcs15_md_update. This avoids doing a double update
when the user passes in a buffer to small, then gets the buffer and calls
C_Digest again.
Code to test for an auth_id for certs and pubkeys was removed.
See: PKCS#15 section 4.1.3 Access methods
This is conseritive change and all objects could be treaded the same.
The framework-pkcs15.c did not add hashes correctly if the card did not support RSA RAW.
This change fixes that and only adds hashes if the card did not specify a list of hashes.
It also will not add hashes done in software if ENABLE_OPENSSL is not specified.
Some error conditions are also tested for EC mechanisms.
See bug report #241 for more information.
framework-pkcs15: Duplicate public key related to private key rather than referencing the framework object
Referencing the related public key is required to return PKCS#11 attributes for a private key only available
in the public key object (i.e. CKA_MODULUS). This patch adds a copy of the public key to the private key object rather than
referencing the public key object in the framework. This prevents SEGV when the public key framework object
is deleted with C_DestroyObject, but the reference from the public key remains intact.
The bug leads to all kind of stability problems when keys are created and deleted in the same session.
The patch is in particular important if OpenSC is used with EJBCA or any other application using the
SUN PKCS#11 provider: When generating key pairs, then the public key object is eventually garbage collected
which removes the related object in the PKCS#11 module. Because there is no fixed time for this operation,
corruption occurs at random.
In a next step, the remaining related_xxx fields in sc_pkcs11_object should be revised and possibly removed.
framework: Added more error checking
card-asepcos: removed dead code
card-authentic: removed dead code
card-belpic: removed dead code
card-epass2003: removed dead code
card-flex: removed dead code
card-gpk: removed dead code
card-oberthur: removed dead code
card-piv: removed dead code
card-setcos: removed dead code
ctbcs: removed dead code
cwa14890: removed dead code
muscle: removed dead code
pkcs15-atrust-acos: removed dead code
pkcs15-gemsafeV1: removed dead code
pkcs15-skey: removed dead code
reader-ctapi: removed dead code
framework-pkcs15: removed dead code
pkcs11-object: removed dead code
pkcs15-asepcos: removed dead code
pkcs15-cardos: removed dead code
pkcs15-jcop: removed dead code
pkcs15-lib: removed dead code
pkcs15-oberthur: removed dead code
parse: removed dead code
sclex: removed dead code
sm-card-authentic: removed dead code
sm-card-iasecc: removed dead code
sm-cwa14890: removed dead code
sm-global-platform: removed dead code
sc-test: removed dead code
pkcs11-tool: removed dead code
pkcs15-tool: removed dead code
Frank Morgner
Martin Paljak
Doug Engert
Philip Wendland
Andreas Schwier
vletoux
Viktor Tarasov
Thomas Calderon
Mathias Brossard
Emanuele Pucciarelli
Raul Metsma