Program received signal SIGSEGV, Segmentation fault.
0x00007f7d6f29fd55 in free () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f7d6f29fd55 in free () from /lib64/libc.so.6
#1 0x00007f7d703a4128 in sc_update_dir (card=0x17463a0, app=<value optimized out>) at dir.c:306
#2 0x00007f7d7040cb58 in sc_pkcs15init_add_app (card=<value optimized out>, profile=0x1754840,
args=<value optimized out>) at pkcs15-lib.c:2354
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4389 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
Fix
card-entersafe.c: In function ‘entersafe_cipher_apdu’:
card-entersafe.c:197: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
card-entersafe.c: In function ‘entersafe_mac_apdu’:
card-entersafe.c:270: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
card-entersafe.c:278: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
card-entersafe.c:286: warning: passing argument 3 of ‘EVP_EncryptUpdate’ from incompatible pointer type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4212 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
reader-pcsc.c: In function ‘pcsc_detect_readers’:
reader-pcsc.c:856: warning: initialization discards qualifiers from pointer target type
reader-pcsc.c:884: warning: initialization discards qualifiers from pointer target type
reader-pcsc.c:894: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4211 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
muscle.c: In function ‘msc_create_object’:
muscle.c:144: warning: declaration of ‘read’ shadows a global declaration
/usr/include/unistd.h:477: warning: shadowed declaration is here
muscle.c:144: warning: declaration of ‘write’ shadows a global declaration
/usr/include/unistd.h:513: warning: shadowed declaration is here
muscle.c: In function ‘msc_import_key’:
muscle.c:941: warning: declaration of ‘read’ shadows a global declaration
/usr/include/unistd.h:477: warning: shadowed declaration is here
muscle.c:942: warning: declaration of ‘write’ shadows a global declaration
/usr/include/unistd.h:513: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4210 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-wrap.c: In function ‘do_cipher’:
pkcs15-wrap.c:152: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-wrap.c:159: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4209 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-sec.c: In function ‘sc_pkcs15_decipher’:
pkcs15-sec.c:136: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4208 c6295689-39f2-0310-b995-f0e70906c6a9
asn1.c: In function ‘asn1_decode_entry’:
asn1.c:979: warning: dereferencing type-punned pointer will break strict-aliasing rules
asn1.c: In function ‘asn1_encode_entry’:
asn1.c:1263: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4207 c6295689-39f2-0310-b995-f0e70906c6a9
warning: initialization discards qualifiers from pointer target type
Also cast from now (const char *) to (void *) for free()
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4176 c6295689-39f2-0310-b995-f0e70906c6a9
warning: initialization discards qualifiers from pointer target type
Also cast from now (const char *) to (void *) for free()
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4175 c6295689-39f2-0310-b995-f0e70906c6a9
card-piv.c: In function ‘piv_get_data’:
card-piv.c:612: warning: assignment discards qualifiers from pointer target type
card-piv.c:615: warning: assignment discards qualifiers from pointer target type
card-piv.c:618: warning: assignment discards qualifiers from pointer target type
card-piv.c:621: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4162 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-pubkey.c:445: warning: no previous prototype for ‘sc_pkcs15_decode_pubkey_gostr3410’
pkcs15-pubkey.c:462: warning: no previous prototype for ‘sc_pkcs15_encode_pubkey_gostr3410’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4149 c6295689-39f2-0310-b995-f0e70906c6a9
Now the native Oberthur card format is supported for emulation of pkcs15 and pkcs15init.
It means that card personalized with OpenSC and the obejcts created with OpenSC
will be usable with the native Oberthur's middleware
and vice-versa.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4137 c6295689-39f2-0310-b995-f0e70906c6a9
; do not pad PIN in pkcs15init. It's already done in libopensc/pkcs15-pin;
; the 'do_verify_pin()', 'sc_pkcs15init_verify_key()' and 'do_get_and_verify_secret()' are replaced by unique 'sc_pkcs15init_verify_secret()'; edit debug messages;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4123 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
In previous version the card specific 'parse_df' handler was a part of 'sc_pkcs15_df'.
Now the placehold ('sc_pkcs15_operations') created for the all card emulator specific operations .
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4109 c6295689-39f2-0310-b995-f0e70906c6a9
Some non-pkcs15 cards protect the reading of the private objects attributes.
For the emulated pkcs15 cards, the 'init' emu-handler was the only place where pkcs15 objects could be loaded.
This handler is called before the card is binded, and so, for an application there was no 'normal' way to verify PIN and load the objects with protected attributes.
Actually it's possible to complete list of the pkcs15 objects after the emulated pkcs15 card has been binded.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4096 c6295689-39f2-0310-b995-f0e70906c6a9
; new, athena dedicated, PIN pkcs15 flag 'TRANSPORT_KEY':
in the Athena initialization procedure the 'trasport' SOPIN object is used. This object references to the pre-existing global SOPIN and is different from the final SOPIN of the card. This object should be ignored when fixing up the ACLs of the newly created file;
; the pkcs15 refereces of the new private keys are derived from the file-id;
; remove duplicated code;
; some log messages in pkcs15-lib.c;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4077 c6295689-39f2-0310-b995-f0e70906c6a9
; in 'sc_pkcs15_pin_info' structure add 'auth_method' member to keep the PIN authentication method: CHV, AUT or SM;
; in pkcs15init profile add function to search PIN template by auth method and reference;
; in 'sc_pkcs15_remove_object' return silently if object to delete is NULL;
; in 'sc_pkcs15_object' structure add 'usage_counter' member;
; new 'sc_pkcs15_find_pin_by_type_and_reference' procedure to search PIN pkcs15 object by auth method and reference;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4048 c6295689-39f2-0310-b995-f0e70906c6a9
update_binary() was not foreseen by the middleware creators of BELPIC
so I added it, which allows to write some data in the
MF/ID/EF(Preferences) of the card.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4010 c6295689-39f2-0310-b995-f0e70906c6a9
Replace not-used 'der' structure member by the 'content' one.
'Der' member was introduced to keep the ASN1 encoded object attributes. Actually it's not used.
'Content' is intended to keep the object value (AUTH object - pin cache value; CERT object - der value, ...)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4008 c6295689-39f2-0310-b995-f0e70906c6a9
1. Add --enable-cardmod to autoconf to enable feature explicitly.
2. Modify opensc-cardmod.dll to always have bitness suffix eg opensc-cardmod32.dll
3. Remove complex cardmod.h detection, could not find any reason for this.
4. Make cardmod.inf a template and inject opensc version into its version string.
5. More minor autoconf/automake cleanups.
6. Remove internal-winscard.h usage in cardmod.c as cardmod.h already includes winscard.h
7. DllMain is not exportable.
Notes:
1. I may caused other build not to work, will happy to work it out.
2. Cannot find reason why cardmod.inf cardmod-westcos.reg should reside in bin directory.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4003 c6295689-39f2-0310-b995-f0e70906c6a9
the PIV driver no longer need to set the card max_*_size parameters
to get around emulating read_binary and write_binary. It can
now handle partial reads and writes.
The assumptions for write_binary are that the first chuck will
have idx = 0, and the last chunk will write the last byte.
The flags parameter will contain the total length.
The only write_binary operations are done when initializing
a card, and this is only done from piv-tool.c which was modified
to pass in the length and other flags.
Piv-tool continues to be a primative test tool for inializing test
cards. But it has been expanded to be able to write other objects
on test cards.
The serial number of a PIV card is obtained from the CHUID object
if present which has a FASC-N which is an ID number created by the
issuer. Normally PIV cards are issued the U.S. Federal government
But there are ways to use the same cards with a non government CA.
This is then be referred to as PIV Compatible. In this case,
the FASC-N should start with an agency code = 9999 and an RFC 4122
GUID should be present in the CHUID. If this is the case, the GUID
is used as the serial number.
Windows 7 comes with a PIV card card driver, but to get it use one of
these card the CHUID is required. (piv-tool can now write one.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3998 c6295689-39f2-0310-b995-f0e70906c6a9
On OS X, when you insert a card, securityd sequentially starts all found Tokend-s to see if a card can be handled with one.
If a non-tokend application waits for a card insertion with sc_wait_for_event and tries to connect to the card right after the system sees it, it will fail with "The reader is in use by another application" 95% of the time.
With this hack connecting to the card succeeds 95% of the time with the probable penalty of an extra second on initialization for non-tokend clients.
This should only affect applications that wait for card insertion events.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3991 c6295689-39f2-0310-b995-f0e70906c6a9
The implementation was based on the previous MSC build, each tool had its own
description in version resource.
This change sets a single version resource to all files, and produces much
simpler build.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3980 c6295689-39f2-0310-b995-f0e70906c6a9
Migrated without testing, but normally should work -- the pkcs15init part of MyEID and SetCOS are sufficiently close.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3976 c6295689-39f2-0310-b995-f0e70906c6a9
Migrated without testing, but normally should work -- the pkcs15init part of MyEID and SetCOS are sufficiently close.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3975 c6295689-39f2-0310-b995-f0e70906c6a9
no more 'init_app'.
- Oberthur unblock style is the only one (local SOPIN is used as PUK);
- user PIN and PUK should be everywhere defined as local;
- SOPIN is always global.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3950 c6295689-39f2-0310-b995-f0e70906c6a9
- for 'global' PINs path in not encoded into the AODF;
- when selecting pin_reference, start from value defined in profile.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3946 c6295689-39f2-0310-b995-f0e70906c6a9
reader-openct.c: In function 'openct_reader_connect':
reader-openct.c:204: error: 'reder' undeclared (first use in this function)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3941 c6295689-39f2-0310-b995-f0e70906c6a9
- Remove slot abstraction from internal API and all reader drivers. CT-API (from where it all comes from) readers with multiple slots (if still found) can be presented as separate readers, OpenCT should remove the slot abstraction, PC/SC never knew about it. None of the tools knew how to use slots.
- Add sc_cancel (translates to SCardCancel)
- Re-implement sc_wait_for_event; support a blocking call.
- Replace the "int reader" API with "* sc_reader_t" style; add "Get reader by name" functionality.
- Remove "action" parameter from sc_disconnect_card() (was not used)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3931 c6295689-39f2-0310-b995-f0e70906c6a9
When trying to import a too large keyfile as a data object, TrueCrypt received a CKR_GENERAL_ERROR before this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3926 c6295689-39f2-0310-b995-f0e70906c6a9
at the profile level the difference between EF and BSO is:
- BSO path is always the path of the host DF and do not indexated when template is instanciated;
- EF path is always ending with file-id that is always indexated when template is instanciated.
New non-static 'sc_profile_get_file_instance' procedure to instanciate non-template entries.
In profile.c get_uint() accepts hexadecimals.
In CardOS profile (I venture to) increase the xDF sizes
and change ACL to permit the key re-importing.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3919 c6295689-39f2-0310-b995-f0e70906c6a9
Working now with GOST R 34.10:
$ pkcs15-init --store-private-key key --key-usage sign,decrypt --auth-id 2 --id 1 --pin "12345678"
$ pkcs15-init --store-certificate my_cert --id 1 --pin "12345678"
But have problem: no CKA_GOSTR3410_PARAMS by retrieve pub_key from certificate, if pub_key object was removed (see parse_x509_cert, asn1_decode_gostr3410_params)
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3859 c6295689-39f2-0310-b995-f0e70906c6a9
- time stamp in the log messages: for Windows 1msec resolution, otherwise 1sec;
- one more dump hex function, to be easily inserted into the formatted message.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3856 c6295689-39f2-0310-b995-f0e70906c6a9
* Make opensc-tool -l display pinpad capabilities, if available
* Detect reader capabilities when a reader is found, not when a connection to a card is opened
* Fix unpadded PIN block parameters to not be rejected by the latest free CCID driver
* When locking the card and it has been reset by some other application (or re-attached), clear cache and lock again
* Enable pinpad detection by default
git-svn-id: https://www.opensc-project.org/svnp/opensc/branches/martin/0.12@3730 c6295689-39f2-0310-b995-f0e70906c6a9
The major issue is with getting the length of an object or the cert
contained in an object. The PIV card does not have a directory on the card,
So the previous version tried to put off as long as possible the reading
of objects for performance so as to avoid having to read objects that would
not be used. The first standard, NIST 800-73, set maximum sizes for objects.
800-73-2 removed this for certificates.
A certificate object can contain a certificate which might be compressed.
The only way to get the length of the compressed certificate is to decompress
it. Thus the decompressed certificate could be larger then the container object,
so even if the PIV card had a directory, one would still need to decompress
the certificate to find its length.
OpenSC sc_read_binary will use the length obtained by using
sc_select_file(...,&file_out), and thus the lengths must be determined
in sc_select_file.
Change are to card-piv.c and pkcs15-piv.c and include:
* The old cache code which was not working was removed.
* New cache code was added which caches all object read from the card
* If an object has a cert, the cert is decompressed and also cached.
* As part of reading an object the first 8 bytes are read
and this is then used to allocate a large buffer to read in the
object.
* If pkcs15 or pkcs11 asks about a certificate, the cert object
will be read, and the cert decompressed, to get the actual length.
* If piv_select_file is called with the file_out != NULL the object
will be read to get the length If called with NULL it will not be read.
* The enumeration of the objects now starts with 0.
* sc_ctx_suppress_errors_on and off are used to avoid file not found
messages which are are a by product of not having a directory.
* "Unsigned Card Holder Unique Identifier" object in card-piv and pkcs15-piv.c
had conflicting paths, as NIST 800-72-1 had two tables with different
paths. The enumtag for it in card-piv.c was also wrong.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3710 c6295689-39f2-0310-b995-f0e70906c6a9
* Only set messages if the reader has display capabilities.
* Detect rejected pinpad commands
* Whitespace fixes
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3679 c6295689-39f2-0310-b995-f0e70906c6a9
multipart encryption when, for example, the data is too big to fit in
one APDU. It basically calls the Cipher.update() method until all data
has been processed. However, the Java Card API documentation advises
against using update():
"This method requires temporary storage of intermediate results. In
addition, if the input data length is not block aligned (multiple of
block size) then additional internal storage may be allocated at this
time to store a partial input data block. This may result in additional
resource consumption and/or slow performance. This method should only
be used if all the input data required for the cipher is not available
in one byte array. If all the input data required for the cipher is
located in a single byte array, use of the doFinal() method to process
all of the input data is recommended."
As the card's JVM was returning an internal exception when using
OP_PROCESS, it was decided to implement an msc_crypt_final_object()
function in OpenSC that uses the msc_object_*() functions to read/write
all the data from the card. This way, it is possible to transmit/receive
"arbitrarily" large data chunks to/from the card and use doFinal(). This
is the fallback method when, for example, using 2048 bit keys and the
card doesn't support extended APDUs.
Thanks to Joao Poupino for the patch
http://www.opensc-project.org/pipermail/opensc-devel/2009-March/011978.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3673 c6295689-39f2-0310-b995-f0e70906c6a9
* Update IOCTL definitions to PC/SC part 10 v2.02.05
* Return SC_SUCCESS instead of 0 if returning SC_ codes.
* Detect the presence of a display with FEATURE_IFD_PIN_PROPERTIES
Tested with patched CCID driver on OS X, with SPR532 (no display) and OK3821 (with display)
Known CCID reader with a display:
ATMEL_AT91SO.txt: wLcdLayout: 0x0210
CardMan3821.txt: wLcdLayout: 0x0210
Kobil_EMV_CAP.txt: wLcdLayout: 0x0210
Xiring_XI-SIGN.txt: wLcdLayout: 0x020C
Xiring_XI-SIGN_6000.txt: wLcdLayout: 0x020C
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3666 c6295689-39f2-0310-b995-f0e70906c6a9