* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
md_pinpad_dlg_allow_cancel now defines whether or not the user is asked
before verifying the PIN on the PIN pad. This can be denied without
interaction with the PIN pad. A checkbox in the dialog allows the user
to change this setting, which is saved in the registry by the path of
the process.
This change fixes the progress bar to match the actual configured
timout. The progressbar now fills instead of running empty, which seemed
less frightening for most users.
This change also fixes some copy/paste errors in the documentation of
opensc.conf(5).
* Previously, it was dependent on ATR blocks, but it did
not allow enrolling various types of cards without knowning
their ATR in advance.
* Improved documnetation for this option in configuration files
Resolves: #1265
It was used to make pkcs11-tool work with vendor defined PKCS#11
modules. If this behavior is still desired, pass the define
ZERO_CKAID_FOR_CA_CERTS during the build
Don't pretend that we're capable of performing memory locking. The
implementation of that, `sc_mem_alloc_secure()` (also removed), was
almost unused anyway.
Windows/macOS (minidriver/tokend) handle the authentication status and
perform an explicit logout on shutdown. PKCS#11 standard requires a
session for logging into the card; when closing the session we perform
an explicit logout. Hence, the authentication status should be reset
even if not performing a reset on disconnect.
- use UI framework
- timeout progressbar is running backwards
- cancelling is disabled by default
- removes card specific UI strings, use opensc.conf for that instead
- icon can be loaded by file
- eac: allow CA without EF.CardSecurity
- sc-hsm: implemented CA based on document PKI
- sc-hsm: adds receive limit for SoC card
- introduces dedicated card type for SoC card
- md: integrate card's PIN pad capabilities
- installer: added SC-HSM SoC card to registry
- pkcs15-tool: Added support for PIN entry on card
- change/unblock PIN: add support for PIN entry on card
- added OpenPACE to macOS build
- travis-ci: install gengetopt/help2man via brew
- sc-hsm: Cache EF.C_DevAut
- sc-hsm: Prevent unnecessary applet selection and state resets
- sc-hsm: added support for session pin
- sc-hsm: avoid multiple AID selection
- sc-hsm: Use the information from match_card for all subsequent selections of the applet
- sc-hsm: cache optional files as empty files (Decoding the files will reveal that they were not existing prior caching. This avoids selecting the file though we have already tried to cache the file before.)
- use dedicated directory for CVC trust anchors
- appveyor: added OpenPACE to windows build
- pcsc driver takes over all the functionality
- no dedicated reader driver config values for cardmod, use application
specific blocks to define a different behavior for the pcsc reader if
needed
- removes legacy code; requiring at least libpcsclite 1.6.5
Fixes https://github.com/OpenSC/OpenSC/issues/892
As defined in BSI TR-03119 to issue SCardTransmit (with Uses
Pseudo-APDU) instead of SCardControl (with FEATURE_VERIFY_PIN_DIRECT).
It allows using a very basic PC/SC reader driver without special support
for PIN verification or modification (such as the default CCID driver on
Windows).
Also gets IFD vendor information via escape commands.
PC/SC's Get Uid command is now only triggered if enable_escape = true;
was set by the user to allow disabling wrapped commands on broken
readers (see https://github.com/OpenSC/OpenSC/issues/810)
(Imported libcardnpa from https://github.com/frankmorgner/vsmartcard)
- Added generic SM implementation of ISO/IEC 7816-8
- Added implementation of extended access control as defined by
- BSI TR-03110
- ICAO Doc 9303
- ISO/IEC 7501
- Added tool for German ID card (and other EAC tokens)
- renamed folder libsm to sm
Issue #824
In Windows, file handles (including 'stderr', 'stdout') can not be shared
between DLL-s, and so, the log handle (File *), defined in one module, cannot
be reused in another.
That is the situation when, for example, the SM is processed
in external, dynamically loadable module as it currently implemented for
IAS/ECC card.
That's for the configuration option 're-open of log file on each message' was
introduced.
This 're-open' logic has not been tested in the particular case of opensc-*
tools used with verbose log into 'stderr' -- in dynamically loaded module the
'stderr' handle, defined in the 'main' module, was not recognized as 'stderr'
and there was an attempt to close it.
closes#910
default values of reader's max send/receive sizes correspond to only short APDU supported;
these values can be overwritten by reader itself with the proper value of dwMaxAPDUDataSize from TLV properties,
or with the corresponding options in OpenSC configuration.
resolves issue #735
Simplify create tokens rules, no need to manipulate applications in
'pkcs11' configuration part,
applications can be enabled/disabled on the 'pkcs15' one.
Fix the possibility to expose only 'sign' PIN