Steve Ross
abdbb9d8c0
Enable CoolKey driver to handle 2048-bit keys.
...
For a problem description, see <https://github.com/OpenSC/OpenSC/issues/1524 >.
In a nutshell, for a card with the CoolKey applet and 2048-bit keys,
the command
pkcs11-tool --test --login
fails to complete all of its tests.
This commit consists of a patch from @dengert.
To avoid triggering an error when the data exceeds 255 bytes, this commit
limits the amount of the payload sent to the CoolKey applet on the card based
on the maximum amount of data that the card can receive, and overhead bytes
(namely, a header and nonce) that accompany the payload.
With this change, the command
pkcs11-tool --test --login
succeeds.
2018-11-19 12:42:17 +01:00
Frank Morgner
d4e6c0c0dd
travis: fixed installation of completion templates
2018-11-14 12:57:22 +01:00
Frank Morgner
ee3fdc6938
fixed missing function stub
2018-11-13 15:50:17 +01:00
Frank Morgner
2cb6f9c94f
fixed compilation without OpenSSL
...
closes https://github.com/OpenSC/OpenSC/pull/1518
2018-11-13 15:50:17 +01:00
Frank Morgner
f3a2962358
pkcs11: perform memory cleanup on dll unload
2018-11-13 15:50:17 +01:00
Frank Morgner
447335bc1f
md: clean OpenSSL memory when DLL is unloaded
2018-11-13 15:50:17 +01:00
Frank Morgner
027ccad439
allow specifying the size of OpenSSL secure memory
...
... and set it for builds where we're linking OpenSSL statically (i.e.
Windows and macOS)
fixes https://github.com/OpenSC/OpenSC/issues/1515
2018-11-13 15:50:17 +01:00
Andreas Kemnade
eddea6f3c2
fix logic of send/recv sizes in config files
...
- they are not set if
SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, ...
fails
- regarding max_send_size the logic is inverted
2018-11-09 08:56:53 +01:00
Frank Morgner
c032b2f15d
CID 320271 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
Frank Morgner
3c0a16dc39
CID 321790 ( #1 of 1): Resource leak (RESOURCE_LEAK)
2018-11-06 15:53:17 +01:00
Frank Morgner
1e7bb83659
CID 324485 ( #1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)
2018-11-06 15:53:17 +01:00
Frank Morgner
609095a4f4
CID 325860 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
Frank Morgner
54c9d65a48
CID 325861 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
Peter Marschall
c6d252611b
openpgp-tool: add missing length check in prettify_name()
2018-11-06 12:41:19 +01:00
Peter Marschall
4e5805dc5d
openpgp-tool: don't uppercase hex string
2018-11-06 12:41:19 +01:00
Peter Marschall
afda163dc6
openpgp-tool: fix typo
2018-11-06 12:41:19 +01:00
Peter Marschall
ec3830fe66
openpgp-tool: use more compatible strftime() format spec
...
Replace the Single UNIX specific shorthand %T for %H:%M:%S with the latter
to keep MingW happy.
2018-11-06 12:41:19 +01:00
Peter Marschall
85258f2951
openpgp-tool: use key type to indicate key to generate
...
Instead of only expecting a key length, and implicitly assuming RSA
as the key algorithm, introduce option --key-type to pass the key type
as a string.
When generating the key determine key algorithm and attributes based on
the key type passed.
If no key was given, default to "rsa2048".
2018-11-06 12:41:19 +01:00
Peter Marschall
c9f5e05aca
openpgp-tool: new option --key-info to display key info
2018-11-06 12:41:19 +01:00
Peter Marschall
1866c3e930
openpgp-tool: new option --card-info to display card info
2018-11-06 12:41:19 +01:00
Frank Morgner
263b945f62
md: added support for PSS
2018-11-06 12:38:57 +01:00
Frank Morgner
99a9029848
md: use constants for AlgId comparison
2018-11-06 12:38:47 +01:00
Frank Morgner
22c8204a2f
Merge remote-tracking branch 'upstream/pr/1393'
...
closes https://github.com/OpenSC/OpenSC/pull/1393
2018-11-06 10:51:24 +01:00
Frank Morgner
13c7574510
PIV: less debugging
...
- debugging pointers is useless in static log file
- removed double debugging of APDUs
2018-11-06 01:42:41 +01:00
Jakub Jelen
eaed345a76
Add missing header file to the tarball
2018-11-05 09:15:20 +01:00
Jakub Jelen
9342f8ad0a
padding: Fix error checking in RSA-PSS
2018-11-05 09:15:20 +01:00
Jakub Jelen
0f5d73d816
framework-pkcs15.c: Add SHA224 mechanism for PKCS#1.5
2018-11-05 09:15:20 +01:00
Jakub Jelen
8ccc39352a
p11test: Do not report incomplete key pairs
2018-11-05 09:15:20 +01:00
Jakub Jelen
d2671ee05b
framework-pkcs15.c: Add PKCS#1 mechanisms also if SC_ALGORITHM_RSA_HASH_NONE is defined
2018-11-05 09:15:20 +01:00
Jakub Jelen
7e0ef7c16c
framework-pkcs15.c: Reformat
...
* Reasonable line lengths
* Correct indentation
* Add missing SHA224 mechanism
2018-11-05 09:15:20 +01:00
Jakub Jelen
7cced08a88
coolkey: Check return values from list initialization (coverity)
...
>>> CID 324484: Error handling issues (CHECKED_RETURN)
>>> Calling "list_init" without checking return value (as is done elsewhere 8 out of 9 times).
2018-11-05 09:15:20 +01:00
Jakub Jelen
f276f7f8f4
coverity: Add allocation check
...
*** CID 323588: Uninitialized variables (UNINIT)
/src/libopensc/sc.c: 873 in sc_mem_secure_alloc()
2018-11-05 09:15:20 +01:00
Hannu Honkanen
351e0d2bd6
Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts
2018-11-02 13:42:41 +02:00
Hannu Honkanen
b35fb19ec4
Resolved conflict in pkcs15_create_secret_key
2018-11-02 13:28:51 +02:00
Peter Marschall
26025b2f5d
pkcs15-tool: list & dump cleanups
...
* when listing public keys, do not cut object labels in compact mode
* when listing private keys in compact mode, left align labels
* make hex codes at least 2 chars wide by changing "0x%X" to "0x%02X"
2018-11-01 12:25:04 +01:00
Frank Morgner
c70888f9ab
allow compilation with --disable-shared
2018-11-01 00:17:22 +01:00
Frank Morgner
54cb1099a0
fixed warnings about precision loss
2018-11-01 00:17:22 +01:00
Frank Morgner
5c7b7bb0b1
fixed minor XCode documentation warnings
2018-11-01 00:17:22 +01:00
Hannu Honkanen
f88419bc63
Removed pointless curly brackets
2018-10-31 10:36:50 +02:00
Hannu Honkanen
7bb53423a1
Code cleanup and minor corrections according to review. pkcs15-lib: Extractable keys are now marked as native. Check return value of check_key_compatibility in more explicit way to avoid misunderstandings.
2018-10-31 10:36:41 +02:00
Hannu Honkanen
90ec7123ba
Corrections and code cleanup as requested in review. Changed value to void* in sc_sec_env_param_t, because param_type defines type of the value. Fixed handling of secret key length in framework-pkcs15 and pkcs15-lib: CKA_VALUE_LEN from PKCS#11 is in bytes, PKCS#15 objects need key length in bits. Rebased on top of upstream/master and resolved merge conflicts.
2018-10-31 10:27:03 +02:00
Lars Silvén
84317f4e9d
Fixing missing call to sc_unlock.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
8ebb43d440
Removed #ifdef USE_PKCS15_INIT around __pkcs15_create_secret_key_object. This function is now used also when reading and parsing a card, not only when creating new objects.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
ec297b618f
sc_pkcs15_wrap: Fixed checking target key type. (checked partly from wrapping key)
2018-10-31 10:27:03 +02:00
Hannu Honkanen
e636b64377
Fixed: Return OK by PKCS#11 convention if NULL out buffer is provided, when caller wants to query required buffer size.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
f2c041d290
card-myeid: Removed NULL out buffer assertion to allow caller to query required buffer size.
...
mechanism.c: Bug fix to sc_pkcs11_wrap. Wrong operation was stopped in end of the function.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
287a63c704
Fixes to key wrapping and unwrapping code: Set IV correctly in symmetric unwrap. Correctly distinguish symmetric and asymmetric operation when building APDUs. Check CKA_TOKEN from the pkcs15 object in framework_pkcs15. Updated some comments.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
861d8b308b
Fixed myeid_unwrap with symmetric keys: set correct p2 and no padding indicator byte.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
4ce7e5289b
Fixed setting secret key length. CKA_VALUE_LEN comes as number of bytes, so multiply it by 8 to set correct bit length to the key file.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
eba75ead20
framework-pkcs15: set CKA_EXTRACTABLE into pkcs#15 secret key object's access flags when set. pkcs15-sec: Return needed buffer size correctly when an insufficient buffer is provided.
2018-10-31 10:27:03 +02:00