Frank Morgner
b3e3ab61c0
avoid integer underflow
2018-06-29 17:14:55 +02:00
Frank Morgner
971dac2f78
unignore result
2018-06-29 17:14:55 +02:00
Frank Morgner
6184c1fbab
avoid out of bounds read
2018-06-29 17:14:55 +02:00
Frank Morgner
03c5280626
avoid NULL dereference
2018-06-29 17:14:55 +02:00
Frank Morgner
ed0d829eab
removed unused check
2018-06-29 17:14:55 +02:00
Frank Morgner
259b7ec41c
check return value
2018-06-29 17:14:55 +02:00
Frank Morgner
c026f37677
warn about error in sc_enumerate_apps
2018-06-29 17:14:55 +02:00
Frank Morgner
6819759946
fixed memory leak
2018-06-29 17:14:55 +02:00
Frank Morgner
5f39d7ab74
use correct length of binary ATR
2018-06-29 17:14:55 +02:00
Frank Morgner
0e9565754c
avoid uninitialized output after sc_file_dup
2018-06-29 17:14:55 +02:00
Alon Bar-Lev
31cbf83738
build: support >=libressl-2.7
2018-06-28 08:58:07 +02:00
Peter Marschall
0603c3b7fc
iso7816: fix typo in previous commit
2018-06-24 10:34:49 +03:00
Peter Marschall
2818e0f703
iso7816: update & extend error codes
...
While at it, do some space policing.
2018-06-24 10:34:49 +03:00
Frank Morgner
1ca1a024df
card-npa: fixed memory leak
...
fixes https://github.com/OpenSC/OpenSC/issues/1396
2018-06-22 09:23:00 +02:00
Frank Morgner
d831076974
opensc-notify: use generic icon
...
fixes https://github.com/OpenSC/OpenSC/issues/1402
2018-06-22 08:52:49 +02:00
Peter Popovec
5dcea4440e
pkcs15-tool: added support for reading NIST ssh keys
...
'pkcs15-tool --read-ssh-key' is now able to read NIST ECC keys from card.
Only 256, 384 and 521 field lengths are supported (same as allowed in
ssh-keygen -t ecdsa). Issue #803 is partialy fixed by this patch.
Openssh PKCS11 interface patches for ECC are now available, please check
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
2018-06-21 15:26:15 +02:00
Jakub Jelen
1f352d4c6d
muscle: Properly clean up the applet memory footprint
2018-06-21 12:48:57 +02:00
Jakub Jelen
5b3da5d462
cac: Missing memory cleanup
2018-06-21 12:48:57 +02:00
Jakub Jelen
2682741293
cac: Avoid segfaults from get_challenge()
2018-06-21 12:48:57 +02:00
Jakub Jelen
f392d7426f
Utilize autoconf variables for cmocka usage
2018-06-21 12:48:57 +02:00
Jakub Jelen
f9f3bc3ae0
configure: Check for cmocka header file
2018-06-21 12:48:57 +02:00
Jakub Jelen
3998fffbdc
configure: Use correct variables for testsuite
2018-06-21 12:48:57 +02:00
Jakub Jelen
0789961320
Add a badge about card status
2018-06-21 12:48:57 +02:00
Frank Morgner
9c2afad417
fixed copy/paste error
2018-06-20 00:56:01 +02:00
Frank Morgner
8b3f5b7d97
epass2003: fixed logical error
2018-06-19 23:24:36 +02:00
Frank Morgner
9150d92447
fixed out of bounds access
2018-06-19 23:22:00 +02:00
Frank Morgner
d8cdf66d3d
fixed memory leak
2018-06-19 23:15:29 +02:00
ytoku
63ed8d7368
gids: file selection via gids_select_file
2018-06-19 08:00:01 +02:00
ytoku
46c0bbd803
gids: use file id instead of path in gids_delete_key_file
2018-06-19 08:00:01 +02:00
ytoku
ab16228e26
gids: fix gids_delete_cert
2018-06-14 14:05:45 +02:00
asc
31941bc3d9
sc-hsm: Ensure that applet returns version information ( Fix #1377 )
2018-06-11 22:51:45 +02:00
Peter Marschall
7c99adaaa6
PIV: limit scope of some variables
2018-06-11 22:37:42 +02:00
Peter Marschall
f2ba0ad9be
PIV: refactor to use sc_compacttlv_find_tag()
2018-06-11 22:37:42 +02:00
Jakub Jelen
40b02b2582
Namespace the function name, update comment
2018-06-11 22:31:44 +02:00
Jakub Jelen
50b5eb3b69
Allow using up to 16 certificates
2018-06-11 22:31:44 +02:00
Jakub Jelen
9dda83e48e
cac: Verbose logging, avoid OOB reads
2018-06-11 22:31:44 +02:00
Jakub Jelen
930d457304
Log bad length buffers
2018-06-11 22:31:44 +02:00
Jakub Jelen
298afb072e
Properly check length also of the applet entry
2018-06-11 22:31:44 +02:00
Jakub Jelen
f27ee858c2
Carefully check the length of the buffers before accessing them.
...
The lengths are static and based on the GCS-IS 2.1 specification
2018-06-11 22:31:44 +02:00
Jakub Jelen
a73b3d549b
Address review comments:
...
* Refactor cac_properties_t structure to make its creation more readable
* Avoid manual allocation in cac_get_acr() and clean up bogus pointers
* Avoid bogus comments
* Properly check lengths of retrieved values
2018-06-11 22:31:44 +02:00
Jakub Jelen
aacac57230
Another note/todo about PINs on uninitialized cards
2018-06-11 22:31:44 +02:00
Jakub Jelen
d24c23ac0c
Use applet properties to recognize buffer formats
...
Previously, the code handled all the data objects as SimpleTLV,
which caused invalid encoding when we tried to merge TL + V buffers
into single PKCS#15 buffers.
This change is using GET PROPERTIES APDU after applet selection
to explore objects, figure out encoding and check the status of
PKI objects initialization to avoid reading them.
2018-06-11 22:31:44 +02:00
Jakub Jelen
450cff470a
Inspect the Alt tokens through the ACA applet
...
The previous solution was just guessing AIDs of the PKI objects
and trying if they answer.
This solution is inspecting card based on the Service Applet Table
(listing all the applets on the card) and using GET PROPERTIES APDU
listing all the available OIDs of the applet.
This was successfully tested with standard CAC card
(with different ACA AID) and uninitialized HID Alt tokens with empty
certificates slots.
2018-06-11 22:31:44 +02:00
Jakub Jelen
ee7b6f4035
cac: Log unknown tags
2018-06-11 22:31:44 +02:00
Jakub Jelen
cde06a499c
Use correct AID and Object ID
2018-06-11 22:31:44 +02:00
Jakub Jelen
2138d5fe32
One more todo based on the testing with a new libcacard
2018-06-11 22:31:44 +02:00
Jakub Jelen
426914674c
Unbreak encoding last tag in the data objects
2018-06-11 22:31:44 +02:00
Jakub Jelen
5b420318d4
Allocate private data outside and avoid memory leaks
2018-06-11 22:31:44 +02:00
Jakub Jelen
92df907681
Typo, clean up comments, dump more useful information from CCC
2018-06-11 22:31:44 +02:00
Jakub Jelen
52451ac438
card-cac.c: Dump also the MSCUID
2018-06-11 22:31:44 +02:00