* distinguish between Internal and Working EFs
* add information optionally available in sc_file_t
- record_count
- record_length
- type_attr
* align all labelled values
Replace magic numbers, used as size of PIN-type buffers,
with the symbolic constant SC_MAX_PIN_SIZE, fixing
- readability / understandability
- too small sizes (e.g. for GnuPG cards)
* OpenPGP v3 increased the size for private DOs. Adapt to it.
* Use the symbolic constant from the refactored OpenPGP driver
instead of relying on magic numbers.
- remove command line option '--card-driver';
- instead force driver 'dnie' and fail if card is not a DNIe card
- overhaul option parsing
- remove unused variable 'long_optind'
- bail out with usage message on all unknown/unhandled args
- correctly terminate option parsing (no infinite loop)
- slight refactoring
- avoid magic constant '0x0f'
- make variable 'tries_left' more local
- move dependent code into if block
- remove command line option '--card-driver';
- instead force driver 'cardos' and fail if card is not a CardOS card
- overhaul option parsing
- remove unused variable 'long_optind'
- bail out with usage message on all unknown/unhandled args
- correctly terminate option parsing (no infinite loop)
- remove command line option '--card-driver';
- instead force driver 'PIV-II' and fail if card is not a PIV card
- overhaul option parsing
- remove unused variable 'long_optind'
- make work option '--reader' ( "r:" was missing in the optstring!!!)
- bail out with usage message on all unknown/unhandled args
- correctly terminate option parsing (no infinite loop)
Rename option '--driver' to '--card-driver' for increased consistency.
In addition, extend it the same way opensc-explorer was extended. I.e.
treat the question mark given as argument to option '--card-driver'
special: list all available drivers instead of stupidly bailing out.
In contrast to opensc-tool and opensc-explorer, which are card-agnostic,
I am not sure whether the option '--card-driver' makes sense on this
card-specific tool.
Extend cardos-tool the same way opensc-explorer was extended. I.e.
treat the question mark given as argument to option '--card-driver'
special: list all available drivers instead of stupidly bailing out.
In contrast to opensc-tool and opensc-explorer, which are card-agnostic,
I am not sure whether the option '--card-driver' makes sense on this
card-specific tool.
Extend piv-tool the same way opensc-explorer was extended. I.e.
treat the question mark given as argument to option '--card-driver'
special: list all available drivers instead of stupidly bailing out.
In contrast to opensc-tool and opensc-explorer, which are card-agnostic,
I am not sure whether the option '--card-driver' makes sense on this
card-specific tool.
Extend opensc-tool the same way opensc-explorer was extended. I.e.
treat the question mark given as argument to option '--card-driver'
special: list all available drivers instead of stupidly bailing out.
Make opensc-explorer a bit more user friendly by treating the question mark
given as argument to option '--card-driver' special: list all available
drivers instead of stupidly bailing out.
Fixes
error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if(cipher)
^
../../../git/src/libopensc/card-entersafe.c:369:2: note: previous statement is here
if(sbuf)
^
Before the output looked like this, if a public key was not found:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
RSA-X-509: RSA-PKCS: testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
```
Now:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3) -- can't find corresponding public key, skipping
testing key 3 (IDKey4) -- can't find corresponding public key, skipping
```
Before it was a bit confusing, e.g.:
```
testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
RSA-X-509: OK
couldn't find the corresponding pubkey
testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
```
The error message in line 3 is for IDKey3 and not for IDKey2.
With this patch the output is aligned with `test_verify`:
```
testing key 1 (IDKey2) with 1 mechanism
RSA-X-509: OK
testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
```
* pkcs11-register: Fixed detection of already registered OpenSC
Anny configuration of onepin-opensc-pkcs11.so and opensc-pkcs11.so
should be enough to skip registering the default module again.
* Use onepin module for generic NSS DB
fixes https://github.com/OpenSC/OpenSC/issues/1818
May have the disadvantage that some other programs that use NSS don't
see the signature keys. However, we currently only know for sure that
Chromium is using the generic NSS DB.
opensc-tool: for options --version, --list-readers, -D, etc. we do not
need to connect card/reader. This removes unnecessary error messages
if card is not present in card reader or if reader is not available.
util.c: use symbolic error codes, pass error codes to caller without change.
Option -r is used in other opensc tools to specify card reader. pkcs15-tool
uses -r to specify cerfificate. This fix intorduces warning message if -r
is used, and for future versions of pkcs15-tool -r is used to specify
reader.
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader. Before use of card driver,
do only card reader connect, then print ATR. Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.