4faf517af4
asn1: Handle more corner cases of OBJECT ID parsing
2020-01-07 14:50:47 +01:00
c449aa4430
asn1: Reject integers with bogus zero/non-zero bytes on left
2020-01-07 14:50:47 +01:00
d3e9b55223
asn1: Distinguish error codes for invalid objects from implementation limitation (integer size)
2020-01-07 14:50:47 +01:00
1271299955
ans1: Verify the padding in BIT STRING contains only zero bits
2020-01-07 14:50:47 +01:00
611d1cea4c
unittests: Verify BIT STRING parsing as integers
2020-01-07 14:50:47 +01:00
c1814571bd
asn1: Avoid invalid unused bits values
2020-01-07 14:50:47 +01:00
8d49e4a305
unittests: Test encoding of OIDs and integers
2020-01-07 14:50:47 +01:00
61af2c1d0a
asn1: Add support for encoding large values in OIDs
2020-01-07 14:50:47 +01:00
7971bfded3
unittests: Verify parsing of more OIDs
2020-01-07 14:50:47 +01:00
19501715d7
asn1: Correctly handle OIDs with second octet > 39
2020-01-07 14:50:47 +01:00
b6b9a886f9
unittests: Verify negative ASN1 integeres parsing
2020-01-07 14:50:47 +01:00
8e6d2e251d
unittests: Reproducer for undefined shift in ASN1 parser
2020-01-07 14:50:47 +01:00
8e8c3735bc
idprime: Reflect the OS version in the card name
2020-01-07 14:16:46 +01:00
bebb5be6e0
idprime: Simplify applet selection and limit file size to sensible values
2020-01-07 14:16:46 +01:00
3537cbbc78
Unbreak RSA-PSS padding
2020-01-07 14:16:46 +01:00
fe8f6297f0
idprime: Add support for longer PINs
2020-01-07 14:16:46 +01:00
5017768e5b
idprime: Detect the newer version of OS using CPLC data
2020-01-07 14:16:46 +01:00
2c9510af1e
Improve parsing of the root file and store also the object length
2020-01-07 14:16:46 +01:00
fdcc843e78
idprime: Implement a way of getting token label from special card structure
2020-01-07 14:16:46 +01:00
48e3239857
pkcs15-cac: Use constants rather than magic numbers
2020-01-07 14:16:46 +01:00
9db15089b8
p11test: Avoid memory leaks
2020-01-07 14:16:46 +01:00
f61d9b3b53
Implement new Gemalto IDPrime driver
...
The card is largely ISO 7816 compliant, but does not provide any
simple way of listing the content which is supported by current
PKCS#15 implementation therefore the PKCS#15 emulator had to be
used.
The certificates are compressed in a similar way as in DNIE
cards which complicates reading from the card and which I think
could be moved to the shared ISO (or some other file since I saw
that code already many times).
The card supports wide range of algorithms including
RSA-PSS and RSA-OAEP padding schemes in-card. On the other hand,
it does not allow raw RSA and SHA1 hashes on card anymore.
The card is manufactured by Gemalto so it has strict ATR which
can be used for detection.
2020-01-07 14:16:46 +01:00
3a3a465e6b
Add basic support for OEAP decryption in OpenSC internals
2020-01-07 13:30:28 +01:00
40c41cee0c
pkcs11-tool: Make the SHA256 default for OAEP decryption
...
It is already default in all the other functions and it really makes sense since
the SHA1 is being obsoleted
2020-01-07 13:29:53 +01:00
2882c93ec1
pkcs15: Expose the map_usage() function from CAC to other pkcs15 emulators
2020-01-07 13:29:53 +01:00
5e1bfe0acc
Drop the pkcs15.h from simpletlv.h
2020-01-07 13:29:53 +01:00
fe44567d2b
avoid redefinition of NDEBUG
...
fixes https://github.com/OpenSC/OpenSC/issues/1799
2020-01-07 11:27:57 +01:00
4d2b860c7f
OpenPGP: add ATR for Yubikey 5
2020-01-07 11:09:00 +01:00
31b8c7a404
OpenPGP: first steps at supporting OpenPGP card spec 3.4
2020-01-07 11:09:00 +01:00
3af3d0ecee
openpgp: add nistp256 and secp251k1 curves for gnuk devices
2020-01-07 11:08:25 +01:00
f14043aad6
opensc-explorer get: prevent sc_read_binary applied on record-based files
2020-01-07 10:35:39 +01:00
c1fb5b130e
opensc-tool print_file: fix addressing records
2020-01-07 10:24:10 +01:00
5dd9fcb25c
Fix asn1.c:print_tags_recursive
2020-01-07 10:18:46 +01:00
4ad55997e0
sc_pkcs15_decode_skdf_entry: break all looping on oid match: on average better performance
2020-01-07 10:17:39 +01:00
cfd5519b98
simplify PIV I/O
2020-01-07 10:06:23 +01:00
31169afb72
fixed fuzzing build
...
wrapping/unwrapping is hopefully correctly initialized
2020-01-06 22:34:16 +01:00
0b4b7fbaf0
openssl: Drop all compatibility checks for <=openssl-1.0.0
2020-01-06 15:47:07 +01:00
6b84407c3d
tcos: fix indentation and braces
...
Increase readability. No content-based changes.
2020-01-06 15:43:46 +01:00
45e29056cc
Release 0.20.0
2019-12-29 13:42:06 +01:00
05e3f7b667
Fix misleading code indentation
...
Fixes
error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if(cipher)
^
../../../git/src/libopensc/card-entersafe.c:369:2: note: previous statement is here
if(sbuf)
^
2019-12-28 18:18:06 +01:00
e9aa163fe5
pkcs11-tool: fix output of test_decrypt
...
Before the output looked like this, if a public key was not found:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
RSA-X-509: RSA-PKCS: testing key 3 (IDKey4)
couldn't find the corresponding pubkey for validation
couldn't find the corresponding pubkey for validation
```
Now:
```
testing key 1 (IDKey2)
RSA-X-509: OK
RSA-PKCS: OK
testing key 2 (IDKey3) -- can't find corresponding public key, skipping
testing key 3 (IDKey4) -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
81940e123b
pkcs11-tool: align output for test_signature
...
Before it was a bit confusing, e.g.:
```
testing key 1 (2048 bits, label=IDKey2) with 1 signature mechanism
RSA-X-509: OK
couldn't find the corresponding pubkey
testing key 2 (0 bits, label=IDKey3) with 1 signature mechanism -- can't be used to sign/verify, skipping: can't obtain modulus
```
The error message in line 3 is for IDKey3 and not for IDKey2.
With this patch the output is aligned with `test_verify`:
```
testing key 1 (IDKey2) with 1 mechanism
RSA-X-509: OK
testing key 2 (IDKey3) with 1 mechanism -- can't find corresponding public key, skipping
```
2019-12-28 18:15:55 +01:00
9eed40ea31
tcos: add encryption certificate for IDKey
...
Fixes https://github.com/frankmorgner/OpenSCToken/issues/21
2019-12-28 18:15:55 +01:00
1cc6087126
fix buffer length for printing DFs
2019-12-19 04:44:59 +01:00
b59456b6e4
Update card-gids.c to support 3072 & 4096 RSA key sizes
2019-12-19 04:33:14 +01:00
187d908feb
tcos: allow correct input length when signing
...
For 2048 bit keys the padded input is 256 bytes long.
Fixes https://github.com/frankmorgner/OpenSCToken/issues/20
2019-12-19 04:30:27 +01:00
55b7a6fefd
Revert "tcos: Do not advertize non-functional RSA RAW algorithms"
...
This reverts commit bee5c6d639https://github.com/frankmorgner/OpenSCToken/issues/20#issuecomment-566455157
2019-12-19 04:30:27 +01:00
333c41c5d5
pgp: don't write beyond oid object
...
fixes Stack-buffer-overflow
https://oss-fuzz.com/testcase-detail/6329203163398144
2019-12-18 14:55:46 +01:00
ee78b0b805
pkcs15-coolkey: Fix EC key type and fail on invalid key types
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19251
2019-12-11 09:19:45 +01:00
708cedbdad
dir: Correctly free allocated memory on error
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19265
2019-12-11 09:19:45 +01:00
17d9d8450c
Enabled extended APDU support for StarCOS 3x cards
2019-12-05 16:48:11 +01:00
a450b3427e
Fix path unifying of StarCOS 3.5 cards
2019-12-05 16:48:11 +01:00
9f2c112ecb
Add new ATR for StarCOS 3.5
2019-12-05 16:48:11 +01:00
c99d62c04a
Add PIN encoding detection for StarCOS 3x cards
2019-12-05 16:48:11 +01:00
5fa633075d
GIDS Decipher fix for TPM
...
GIDS decipher APDU fails with status '65 00' or '67 00' if
"Padding Indication" byte is present. Debug logs of Microsoft
certutil -v -scinfo using Microsoft drivers show that for a
decipher, the "Padding Indication" is not present. It maybe
needed if Secure Messaging is added later.
Extended APDU is turned off as this may not be supported on
some cards. Chaining is used used instead, it works on all cards.
RAW RSA is turned off, it is supported.
Tested with pkcs11-tool on Windows 10 with a TPM 2.0 module.
On branch gids-decipher
Changes to be committed:
modified: src/libopensc/card-gids.c
Date: Tue Dec 3 18:08:32 2019 -0600
interactive rebase in progress; onto 01678e87
2019-12-05 16:33:27 +01:00
e91853bda8
Simplify code and card detection
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-12-05 10:51:55 +01:00
366adbd546
Fixing invalid signature with 3072 RSA bits in GemsafeV1
2019-12-05 10:46:21 +01:00
dbe932152d
Fixing invalid signature with 3072 RSA bits in GemsafeV1
2019-12-05 10:46:21 +01:00
642a3ee734
cardos: Use more appropriate RSA flags for CardOS 5
...
Fixes #1864
2019-12-05 10:45:34 +01:00
afe255c5b2
Remove never set constants and their handling in cardos driver
2019-12-05 10:45:34 +01:00
2bab09ac03
tcos: Use unique IDs for certificates
2019-12-05 10:43:17 +01:00
88e3c44f22
tcos: Drop undocumented tags from security environment data
2019-12-05 10:43:17 +01:00
bee5c6d639
tcos: Do not advertize non-functional RSA RAW algorithms
2019-12-05 10:43:17 +01:00
424eca8bef
tcos: Remove duplicate lines
2019-12-05 10:43:17 +01:00
4c67bbf383
coolkey: Avoid addressing behind allocated buffers
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19222
2019-12-04 21:47:47 +01:00
c246f6f69a
coolkey: Make sure the object ID is unique when filling list
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
2019-12-04 21:47:47 +01:00
32b49894c5
sc-hsm: Add ATR for faster token variant
2019-12-04 21:43:47 +01:00
7858f3cd06
sc-hsm: Add support for SmartCard-HSM MicroSD card
2019-12-04 21:43:47 +01:00
39c1400fac
opensc-notify: fixed name in plist
2019-12-04 14:55:23 +01:00
8ab39bdec7
pkcs11-session: Explicitly reset login_user and release lock
2019-12-04 12:00:07 +01:00
118929df93
macos: use generic location for NotificationProxy
...
to be installed with OpenSC core and to be used from
the tools, tokend and CTK
2019-12-02 08:22:34 +01:00
ef61a95b31
coolkey: Make sure the matching objects have same lengths
...
This ensures that we do not go behind the allocated buffer if
we get wrong data.
Thanks to oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19031
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19032
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19038
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19039
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19040
2019-11-29 22:48:00 +01:00
aa6d3e1d36
coolkey: Fix the comparator return value
2019-11-29 22:48:00 +01:00
249e928176
gp: Correctly check for the CPLC data length
2019-11-29 22:47:26 +01:00
4f3d87d03c
coolkey: Split the CPLC related structures and function to the generic GP file
2019-11-29 22:47:26 +01:00
326955a147
reader-pcsc: Preserve the CARD_PRESENT flag to make sure the card is detected after reader reinsertion
2019-11-28 11:18:25 +01:00
4bd8cda966
pkcs11-session: When we notice logout in lower layers, while pkcs11 thinks we are logged in, invalidate all sessions in given slot
2019-11-28 11:18:25 +01:00
e0e1f10bd3
pkcs11/slot: Fix indentation
2019-11-28 11:18:25 +01:00
79a51e0d18
pkcs11: Support for RSA PSS padding in verify
...
* Explicitly copies the mechanism parameters during a PKCS#11 `C_VerifyInit`
and `C_DecryptInit` operation.
* Resolves issues where the calling application deallocates the `pParameter`
pointer in the `CK_MECHANISM` struct between calls to `C_VerifyInit` and
`C_Verify`, or between `C_DecryptInit` and `C_Decrypt`.
* These mech parameters are used in RSASSA-PSS and RSAES-OAEP, for example.
* This commit copies the same fix that was applied to `sc_pkcs11_sign_init` in
commit e5707b545e
2019-11-28 11:17:12 +01:00
ce71b171e2
Add support for 4K RSA keys in GemsafeV1
2019-11-23 22:13:28 +01:00
6d98f8c8d8
card-myeid.c: issue #1219
2019-11-23 21:38:14 +01:00
d4823541b7
pkcs15-init: Fix issue #1219
2019-11-23 21:38:14 +01:00
2d02de4233
coolkey: Do not return uninitialized data if card does not return CPLP data
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18990
2019-11-18 14:02:07 +01:00
bec794fbee
fixed memory leak
...
https://crbug.com/oss-fuzz/18953
2019-11-18 14:01:50 +01:00
c4dcac5de7
pkcs15-prkey: Free allocated data on all error exit paths
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18790
2019-11-14 19:36:01 +01:00
6d6d158f13
pkcs15-cert: Free data on all error exit paths
...
https://oss-fuzz.com/testcase-detail/5645063405436928
2019-11-14 19:36:01 +01:00
5645fe2d16
muscle: Check length first before calling memcmp()
2019-11-14 19:36:01 +01:00
1594b1167d
muscle: Initialize variables and check return codes
2019-11-14 19:36:01 +01:00
7360c4bf0c
muscle: Avoid access uninitialized memory
2019-11-14 19:36:01 +01:00
2c68c0662c
coolkey: Avoid success from init if there are no reasonable data raturned
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18918
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18915
2019-11-14 19:36:01 +01:00
75847f4e93
Make ef_dir variable local
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18821
2019-11-13 15:48:40 +01:00
f11c286bc6
coolkey: Refactor the object listing to avoid invalid memory access
...
Probably resolves some bad memory access from oss-fuzz such as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18907
2019-11-13 15:48:33 +01:00
07d3d8e0df
compression: Free allocated data and return error if nothing was uncompressed
...
Also harmonizes the return codes from decompress*() functions
Fixes oss-fuzz issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18771
2019-11-13 15:48:25 +01:00
5557f34f5e
Revert "pkcs15-pubkey: Avoid memory leaks"
...
This reverts commit 0977b5496a
2019-11-12 11:57:43 +01:00
b79db82ae7
openpgp: Workaround non-compliant Yubikey 5 OpenPGP applets
...
Fixes #1850
2019-11-12 03:38:09 +01:00
0977b5496a
pkcs15-pubkey: Avoid memory leaks
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:53 +01:00
cc917b541f
asn1: Avoid calling malloc with 0 argument
...
Caused problems reported by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:41 +01:00
cd51430ba7
asn1: Avoid malloc(0) also from BIT STRING and GENERALIZED TIME structures
2019-11-11 22:02:30 +01:00
e50bc29bd9
card-setcos.c: Avoid unsigned integer underflow
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18798
2019-11-11 22:02:18 +01:00
c173563ad2
coolkey: Accept only SW=90 00 as success to prevent interpretting invalid values
2019-11-11 22:02:08 +01:00
ef3e223917
coolkey: Do not interpret empty answers as success
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18868
2019-11-11 22:01:56 +01:00
e6a24b71ab
MyEID: fix max_recv_size
...
MyEID 3.3.3 is not working with hardcoded max_recv_size=256 in
card-myeid.c. Use max_recv_size=255 if card major version < 40
Fixes #1852
2019-11-11 21:01:51 +01:00
a8de0070fd
fixed Null-dereference READ
...
https://oss-fuzz.com/testcase-detail/5644373382922240
Thanks to OSS-Fuzz
2019-11-06 23:38:37 +01:00
1a069ca71e
fixed Global-buffer-overflow READ 1
...
https://oss-fuzz.com/testcase-detail/5685978287308800
Thanks to OSS-Fuzz
2019-11-06 23:08:43 +01:00
8fea658fe9
fixed 121888 Time of check time of use
2019-11-05 21:49:30 +01:00
3a5a90450e
fixed 333715 Dereference after null check
2019-11-05 21:49:30 +01:00
7007b4a889
fixed 127766 Out-of-bounds read
2019-11-05 21:49:30 +01:00
8d7092c0cb
13598 Unchecked return value
2019-11-05 21:49:30 +01:00
192994fa13
fixed 13608 Unchecked return value
2019-11-05 21:49:30 +01:00
804cb68057
removed 339153 Logically dead code
2019-11-05 21:49:30 +01:00
8d3dfb2f6d
ignore for 339158 Dereference before null check
2019-11-05 21:49:30 +01:00
07cff0e168
fixed 341844 Incorrect deallocator used
2019-11-05 21:49:30 +01:00
8b6ba40a8e
fixed 341853 Resource leak
2019-11-05 21:49:30 +01:00
fa35be5859
fixed 347857 Resource leak
2019-11-05 21:49:30 +01:00
2a2662fb3d
fixed 348981 Resource leak
2019-11-05 21:49:30 +01:00
7a1e42e135
fixed compiler warning
...
fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18701
2019-11-05 10:58:32 +01:00
c3f23b836e
fixed UNKNOWN READ
...
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5681169970757632
2019-11-03 04:45:28 +01:00
6263afbe43
fixed memory leak
...
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5697134632632320
2019-11-03 04:38:09 +01:00
d3f60a657f
pkcs15*: Fail if there is no fallback file_app
2019-11-01 15:53:40 +01:00
b75c002cfb
cac1: Correctly handle the buffer limits
...
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
and others
2019-11-01 15:53:40 +01:00
bfa8415ea3
Fix build on ARM, PPC
...
Those architectures use unsigned char by default, and command variable is later compared to -1.
2019-11-01 15:51:06 +01:00
fb15a7dd86
reader-pcsc: Handle yubikey reinsertion
...
When the application (NSS) does not use WaitForSlotEvent and just
opportunistically tries to detect card and reader removals with
C_GetSlotInfo() and C_GetSessionInfo(), we might get errors in
various plcaes, in the sc_lock() function, when we try to transfer
other messages or when we ask for the reader status.
This is generally too late to call any disconnect functions because no
PC/SC handles are valid anymore. The reader state from PCSC
is searched by name so we can be pretty sure it is very similar
reader (with same name as the old one) and I hope we can reuse the
reader structure and just call the pcsc_connect() on that as we do
with invalid handles.
Otherwise we detect this issue in the refresh_attributes() (called
from C_GetSlotInfo()), where we can report the slot change in the
expected manner.
Fixes #1822
2019-11-01 15:50:34 +01:00
0ea11523a3
Improve logging of exit codes
2019-11-01 15:50:34 +01:00
3c87ffaa02
fuzzing: correctly consume fuzzing data
2019-11-01 15:49:10 +01:00
424ebf8ed1
pkcs15: Avoid insane allocations
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18592
2019-10-31 02:18:36 +01:00
51363d3392
cac: Make sure we do not leak memory
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18564
2019-10-31 02:18:20 +01:00
829a73c941
card-npa: Remove dead code
2019-10-31 02:18:04 +01:00
6c7b4bed37
pkcs15*: Avoid null dereference from fuzzers
...
Thanks oss-fuzz.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18591
2019-10-31 02:17:44 +01:00
49f59d9fc9
clean up already enumerated apps
2019-10-29 17:54:40 +01:00
3ac47fbea9
replace SC_FUNC_CALLED(...,1) with SC_FUNC_CALLED(..., SC_LOG_DEBUG_NORMAL) ( close #1698 )
...
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
60581ecc82
remove trailing whitespace
...
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
026b6ab43d
fuzzing: validate PIN only if it's a PIN
...
https://oss-fuzz.com/testcase-detail/5693809152753664
2019-10-26 23:56:19 +02:00
3c286b3cb1
fixed Null-dereference READ
...
https://oss-fuzz.com/testcase-detail/5734505646391296
Thanks to OSS-Fuzz
2019-10-26 23:50:11 +02:00
61cd7fcdb2
card-mcrd: Free the allocated structures on cleanup
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18416
2019-10-25 20:25:06 +02:00
6522df7587
pkcs15: Avoid null dereference in fuzzers
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16617
2019-10-25 20:22:40 +02:00
532b06d07e
pkcs15: Avoid insane allocations
...
and use single max constant accross the code
https://oss-fuzz.com/testcase-detail/6314983763214336
2019-10-25 20:22:40 +02:00
6810eb6cf1
fuzz_pkcs15_reader: Unbreak strict builds
...
The error was
fuzz_pkcs15_reader.c: In function ‘fuzz_get_chunk’:
fuzz_pkcs15_reader.c:66:19: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
66 | *chunk_size = (uint16_t) data->Data;
| ^
cc1: all warnings being treated as errors
2019-10-25 20:22:40 +02:00
cc466eea94
asn1: Avoid undefined shifts by adding explicit cast
...
The error was:
asn1.c:681:23: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
#0 0x5e9b11 in decode_bit_field opensc/src/libopensc/asn1.c:681:23
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18487
2019-10-25 20:19:50 +02:00
0d091c8e0c
asn1: Avoid integer overflow
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18475
2019-10-23 13:50:52 +02:00
6ce6152284
pkcs15-prkey: Simplify cleaning memory after failure
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
2019-10-23 13:50:52 +02:00
19f4c7e428
card-mcrd.c: Avoid null dereference
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18477
2019-10-23 13:50:52 +02:00
1be013d08e
asn1: Fix undefined shift in OID parser
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16618
2019-10-22 09:42:18 +02:00
630d6adf32
pkcs15-prkey: Avoid memory leak
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16625
2019-10-22 09:41:14 +02:00
62049ea18c
Avoid memory leaks from file selection
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17106
2019-10-22 09:38:30 +02:00
6ef0ac6e67
asn1: Correctly parse negative integers
...
The negative integers were parsed uterly wrong, resulting in undefined
shift overflows as reported by oss-fuzz.
The current implementation takes negated values (properly masked) and
calculates two's complement in the end, which results in correct values
and correct data handling.
https://oss-fuzz.com/testcase-detail/5125815506829312
2019-10-22 09:33:46 +02:00
ff893d2224
pkcs15: Remove unused code
2019-10-22 09:22:59 +02:00
5e9e5b232c
card-piv: Fix indentation
2019-10-22 09:17:24 +02:00
459e4ecc37
piv: Avoid insane allocations in fuzzer
2019-10-22 09:17:12 +02:00
544d576b00
asn1: Do not pass null argument to memcpy
...
Reported by clang analyzer:
src/libopensc/asn1.c:1080:2: note: Null pointer passed as an argument to a 'nonnull' parameter
memcpy(p, data, datalen);
2019-10-22 09:15:49 +02:00
889d598bcd
asn1: Initialize values to avoid comparison with garbage
...
Reported by clang analyzer:
src/libopensc/asn1.c:2115:14: warning: The right operand of '<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
if (halflen < r_len || halflen < s_len) {
2019-10-22 09:15:36 +02:00
f4ac617c19
Remove unused card type
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-10-16 13:16:56 +02:00
3a1bd36e20
Use onepin-opensc-pkcs11.so for Chromium ( #1828 )
...
* pkcs11-register: Fixed detection of already registered OpenSC
Anny configuration of onepin-opensc-pkcs11.so and opensc-pkcs11.so
should be enough to skip registering the default module again.
* Use onepin module for generic NSS DB
fixes https://github.com/OpenSC/OpenSC/issues/1818
May have the disadvantage that some other programs that use NSS don't
see the signature keys. However, we currently only know for sure that
Chromium is using the generic NSS DB.
2019-10-16 13:16:22 +02:00
c695a4e35f
Add support for pubkey import if announced in algorithm attributes
2019-10-09 17:18:21 +02:00
606fae5a8e
Use ecpointQ for better code readability
2019-10-09 15:02:36 +02:00
ca5b3977d8
Fix ecc oid handling while storing existing keys
2019-10-08 17:11:00 +02:00
8eb5673058
Check keyformat for RSA only inside if RSA key is to be imported
2019-10-08 15:43:40 +02:00
eac516fd41
dir: Avoid insane allocations
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17449
2019-10-03 13:57:09 +02:00
5490d73f31
card: Avoid integer overflows
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17007
2019-10-03 13:57:09 +02:00
34bd879400
openpgp: Properly free the allocated file structure
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16879
2019-10-03 13:57:09 +02:00
79cb753921
cac: Free the certificate data on failure
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16819
2019-10-03 13:57:09 +02:00
d6435b0af4
pkcs15-din-66291: Fix indentation
2019-10-03 13:57:09 +02:00
53ff7182fb
pkcs11-tool: disable wrap/unwrap test ( #1808 )
...
... until https://github.com/OpenSC/OpenSC/issues/1796 is resolved
2019-10-01 11:52:33 +02:00
e2491a7d7f
pkcs11-tool: fixed displaying secret key attributes ( #1807 )
...
fixes https://github.com/OpenSC/OpenSC/issues/1805
2019-10-01 11:51:55 +02:00
d965156fe6
fuzz_pkcs15_decode: fixed use after free
2019-09-30 20:02:12 +02:00
aae529547c
sc-hsm: Fix maximum APDU size to 4K version ( Fixes #1794 )
2019-09-20 20:35:54 +02:00
b9810e62d6
cardos5: fix reading of serial number
...
The corresponding GET DATA command only returns the serial,
nothing else.
Tested with CardOS 5.0 and 5.3 cards. The serial number
is the same as shown with other tools
2019-09-16 13:09:16 +02:00
25bc8fc167
fix https://github.com/OpenSC/OpenSC/issues/1786
...
Thanks to Alexandre Gonzalo
2019-09-16 13:06:38 +02:00
3b632e64a1
Fix #1731 sc_format_apdu_cse_lc_le fails to set Le correctly
...
Changed four places where "<" should be "<=" so Le will be set correctly
Previous for 65K (extended) or 256 (short) Le is left set to 0.
This then caused Le to be to be not added to APDU as Le==0
Code later converts actual Le in APDU to be set to 0 to mean 256 or 65K.
SC_APDU_CASE_*_EXT are changed to SC_APDU_CASE_* so sc_detect_apdu_cse
to set the cse based on card capabilities as well as data chaining.
This commit is not well tested and neds review.
On branch fix-1731
Changes to be committed:
modified: src/libopensc/card.c
2019-09-09 12:49:56 +02:00
28a93fdf55
fixed memory leak
2019-09-09 09:37:33 +02:00
2eaf422cb2
refactor DIN 66291 profile to avoid memory confusion
2019-09-09 09:34:37 +02:00
64d3d81036
fixed invalid free
2019-09-05 08:51:13 +02:00
769db0297b
fixed memory leak
...
Credits to OSS-Fuzz
2019-09-02 09:43:50 +02:00
5b8095ca2c
string null-termination fix
...
strncpy does not generate null-terminated string, fixed by memcpy.
2019-09-02 09:32:12 +02:00
f621305140
fixed undefined behavior when parsing negative ASN.1 Integer
2019-08-30 23:45:40 +02:00
3e110995bc
fixed undefined behavior
...
Credits to OSS-Fuzz
2019-08-30 23:45:40 +02:00
e971ffb48e
fixed memory leak
...
Credits to OSS-Fuzz
2019-08-30 23:45:40 +02:00
849de1d9e3
fixed memory leak when parsing malformed PKCS#15 data
...
Credits to OSS-Fuzz
2019-08-30 23:45:40 +02:00
f5bea72637
Add support for 4K RSA keys in CardOS 5 ( #1776 )
...
fixes https://github.com/OpenSC/OpenSC/issues/1764
2019-08-29 09:43:37 +02:00
a1d3e76999
openpgp: handle cards with static algorithms
...
fixes https://github.com/OpenSC/OpenSC/issues/1659
2019-08-28 11:06:55 +02:00
cc9020f56a
pkcs15-sc-hsm: Avoid potential memory leaks
2019-08-28 11:01:50 +02:00
fb67ffdca6
pkcs15-sc-hsm: Avoid potential memory leaks
2019-08-28 11:01:50 +02:00
14e1f3c4d3
pkcs15-tccardos: Make sure we do not overrun buffers in this wild parsing
2019-08-28 11:01:50 +02:00
489886724f
pkcs15-tccardos: Avoid negative indexing
2019-08-28 11:01:50 +02:00
cab5d3da17
iasecc-sdo: Avoid potential memory leak
2019-08-28 11:01:50 +02:00
070a37cebd
card-authentic: Avoid potential memory leaks
2019-08-28 11:01:50 +02:00
1b32bfe4e5
card-coolkey: Avoid potential null dereference
2019-08-28 11:01:50 +02:00
24eaa3eaa1
card-jcop: Avoid left-shift of negative values
2019-08-28 11:01:50 +02:00
2f643948f1
ctx: Avoid potential memory leaks reported by clang
2019-08-28 11:01:50 +02:00
bdca524aa8
Fixed memory leak
...
Credits to OSS-Fuzz
2019-08-27 15:59:46 +02:00
03ea3f719c
fixed memory leak
...
Credits to OSS-Fuzz
2019-08-27 15:40:32 +02:00
9b4b080be7
fixed compiler warning
2019-08-27 15:27:15 +02:00
a3fc7693f3
Fixed out of bounds access in ASN.1 Octet string
...
Credit to OSS-Fuzz
2019-08-27 15:21:46 +02:00
412a6142c2
fixed out of bounds access of ASN.1 Bitstring
...
Credit to OSS-Fuzz
2019-08-27 15:19:22 +02:00
2bfd022180
pkcs11-spy: add support of CKM_*_PSS in C_VerifyInit()
...
In bdb1961dee
2019-08-27 14:52:10 +02:00
2eab2bcd74
fixed out of bounds accessing array
...
Credit to OSS-Fuzz
2019-08-27 14:00:34 +02:00
2240abcef1
spy: display -1 instead of 18446744073709551615
...
buf_len is a CK_ULONG (unsigned long). But if the attribute is sensitive
or is not extractable or is invalid for the object then the library set
the buffer length value to (CK_LONG)-1.
It is more friendly to see "-1" instead of "18446744073709551615" (on
64-bits CPU)
2019-08-26 10:53:09 +02:00
43a8f870e5
pkcs11-spy: add support of CKA_OTP_* values
2019-08-26 10:18:04 +02:00
e35a7e7395
Add definition of CKA_OTP_* constants
2019-08-26 10:17:05 +02:00
9099d95c77
fixed interface change
...
fixes https://github.com/OpenSC/OpenSC/issues/1768
2019-08-20 14:21:44 +02:00
d7a86d397f
opensc-tool: do not connect card if not neccesary, fix util.c errors
...
opensc-tool: for options --version, --list-readers, -D, etc. we do not
need to connect card/reader. This removes unnecessary error messages
if card is not present in card reader or if reader is not available.
util.c: use symbolic error codes, pass error codes to caller without change.
2019-08-20 13:38:51 +02:00
b6be87a348
make sc_format_apdu_ex agnostic to card properties
2019-08-20 13:38:20 +02:00
0c563df0c1
document sc_format_apdu_ex()
2019-08-20 13:38:20 +02:00
0e97ef2ce3
don't use sc_format_apdu_ex in default driver
...
fixes https://github.com/OpenSC/OpenSC/issues/1731
closes https://github.com/OpenSC/OpenSC/pull/1734
2019-08-20 13:38:20 +02:00
8dc67e6a61
use statement for noop
2019-08-20 13:38:20 +02:00
fdf80761cf
Remove duplicate code
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-08-20 13:38:00 +02:00
9b47462a51
Fix portability warning from coverity
...
CID 344928 (#1 of 1): Sizeof not portable (SIZEOF_MISMATCH)
suspicious_sizeof: Passing argument object_handles of type CK_OBJECT_HANDLE_PTR and argument objects_length * 8UL /* sizeof (CK_OBJECT_HANDLE_PTR) */ to function realloc is suspicious. In this case, sizeof (CK_OBJECT_HANDLE_PTR) is equal to sizeof (CK_OBJECT_HANDLE), but this is not a portable assumption.
2019-08-20 13:28:54 +02:00
1a0a8e637b
p11test: Check return values
...
CID undefined (#1 of 1): Unchecked return value (CHECKED_RETURN)
10. check_return: Calling RSA_set0_key without checking return value (as is done elsewhere 7 out of 8 times).
2019-08-20 13:28:54 +02:00
818aa5b69c
p11test: Avoid possible issues reported by coverity
...
* The fail_msg() in cmocka has a way not to fail, which confuses coverity. Adding explicit retunr/exit should address this issue
* Reformat some code in p11test
2019-08-20 13:28:54 +02:00
2958b71c9a
typo
2019-08-20 13:28:54 +02:00
7d8009e429
PC/SC: handle resets in SCardTransmit
...
fixes https://github.com/OpenSC/OpenSC/issues/1725
2019-08-20 13:25:06 +02:00
8f838bc1e0
fixed passing LIB_FUZZING_ENGINE
2019-08-19 16:44:54 +02:00
426772298a
pkcs15-tool: inconsistent -r option fix
...
Option -r is used in other opensc tools to specify card reader. pkcs15-tool
uses -r to specify cerfificate. This fix intorduces warning message if -r
is used, and for future versions of pkcs15-tool -r is used to specify
reader.
2019-08-05 01:14:35 +02:00
93bdc8c826
Support OpenSSL when deprecated defines have been removed Fixes 1755
...
sc-ossl-compat.h will check if OpenSSL has been built with or without some
deprecated defines. OpenSSL will provide defines for some of these if
built to still support depreacted routines but not if built with
"no-depracted". .
This commit will define some of the needed defines if ther are not
defined by OpenSSL. Thus if a distro builds OpenSSL with "no-depracted"
it can still be used.
On branch fix-1755
Changes to be committed:
modified: src/libopensc/sc-ossl-compat.h
2019-07-31 20:12:22 +02:00
af8f965009
fixed memory leak
2019-07-26 15:23:02 +02:00
bf8d449795
fixed memory leak
2019-07-26 15:23:02 +02:00
973b09f943
fixed exports
2019-07-26 15:23:02 +02:00
72f474f09f
use consistent parameters
...
- in sc_pkcs15_wrap()
- and sc_pkcs15_derive()
2019-07-26 15:23:02 +02:00
e28ada99fe
added parameter checking
2019-07-26 15:23:02 +02:00
b7f202221c
fixed undefined reference
2019-07-26 15:23:02 +02:00
86c4d3384b
removed undefined reference to sc_pkcs15_create
2019-07-26 15:23:02 +02:00
45dfc14573
fixed memory leak
2019-07-26 15:23:02 +02:00
755ac78a02
added fuzzing with libFuzzer and OSS-Fuzz
...
makes cmocka detection not required for building tests
2019-07-26 15:23:02 +02:00
7159400086
treewide: Fix compilation without deprecated OpenSSL APIs
2019-07-26 08:49:18 +02:00
91b9aea42a
Update pkcs15-sec.c
...
When card supports SC_ALGORITHM_RSA_PAD_PKCS1 but not SC_ALGORITHM_RSA_HASH_NONE, then the DigestInfo need to be removed.
Current check make requires the card to not support both SC_ALGORITHM_RSA_PAD_PKCS1 and SC_ALGORITHM_RSA_HASH_NONE to have the removal done.
2019-07-26 08:48:10 +02:00
a7766b3de3
allow chaining for pkcs15-init --store-private-key EC keys
...
when importing a private key onto a pkcs15 card, if the card does not support
extended APDUs, we need to use chaining to store keys longer than 255 bytes.
While for RSA keys, this check was included, it was missing for EC keys.
This patch adds the SC_APDU_FLAGS_CHAINING flag to apdu.flags if data length is
greater than 255 and the card caps does not include SC_CARD_CAP_APDU_EXT.
Fixes #1747
2019-07-24 01:25:49 +02:00
d14cf97d7a
Allow to create temporary objects with readonly sessions and readonly cards
...
Fixes #1719
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-07-22 13:34:59 +02:00
916434f3a2
Fix using environmental variables on WIN32.
2019-07-22 13:32:46 +02:00
709fa98bb5
opensc-tool: fix --list-algorithms for AES
2019-07-22 13:09:30 +02:00
ba19a467e4
Rutoken Lite ( #1728 )
...
* card-rtecp: Add Rutoken Lite
* avoid seperate rutoken lite driver
* added rutoken lite to minidriver
closes #1722
2019-07-22 13:05:32 +02:00
130e9bb068
Update strings.c
2019-07-04 10:12:23 +02:00
6b97071bb3
Update strings.c
...
The check condition is obviously wrong. It should check for EQUAL. The original bitwise check caused any other language to turn into DE because as long as a bit is filtered, it will hit.
2019-07-04 10:12:23 +02:00
3c1624676d
card-rtecp,card-rutoken: Set specific card types
2019-07-02 12:13:57 +02:00
60a2cf16c7
card-rtecp: Fix list_files on T0 cards
...
Rutoken ECP SC over T0 expects Get Response after SW1=61 which
is not called with zero le.
2019-07-02 12:13:57 +02:00
7fb72ccf7b
pkcs11: fixed slotIDs when a new slot list is requested
...
fixes https://github.com/OpenSC/OpenSC/issues/1706
regression of 24b7507a69
2019-06-30 10:24:11 +02:00
e7a8c00566
sc-hsm: Use CHR in CSR based on device serial number
2019-06-21 15:08:14 +02:00
229dd32e3a
opensc-explorer: fix APDU command
...
Do not ignore first parameter.
2019-06-21 14:34:38 +02:00
19711d0a13
myeid: fix EC key upload, and avoid data copying
...
Fixes regression from commit 3688dfeCloses #1701 .
2019-06-17 15:19:08 +02:00
9197dfe5ae
myeid: Detect also OsEID card in the MyEID driver and difference them with separate types
2019-06-17 12:49:11 +02:00
07c0a47b37
card-openpgp: Fix typo in the EC Key size
2019-06-17 12:49:11 +02:00
b65275d6f8
p11test: Improve error reporting on unknown EC groups
2019-06-17 12:49:11 +02:00
87770df65b
p11test: Implement simple derive tests
2019-06-17 12:49:11 +02:00
852f057ce3
p11test: Add MD5 mechanisms pretty-print
2019-06-17 12:49:11 +02:00
86fd200462
sc-hsm: Check the operation first
2019-06-17 12:49:11 +02:00
df0bbc110e
pkcs11-spy: Dump EC Derive parameters
2019-06-17 12:49:11 +02:00
10abef9206
pkcs15-sec: Drop unused code (copied from RSA decipher)
2019-06-17 12:49:11 +02:00
272e380898
Set correctly flags for ECDH derive operations
2019-06-17 12:49:11 +02:00
6d751e8b22
opensc.h: Add missing raw ecdh algorithm
2019-06-17 12:49:11 +02:00
293760c0d0
Fix derive operation detection in MyEID and sc-hsm drivers
2019-06-17 12:49:11 +02:00
58fa53ac91
sc-hsm: Add missing secp384r1 curve parameter
2019-06-14 14:29:58 +02:00
94388f9538
fixed more clang-tidy warnings
2019-06-05 13:48:51 +02:00
0322401aae
gemsafeV1: remove redundant match card call to allow for opensc.conf match
...
At the point when gemsafe_match_card is called, the card type is already known,
either because of a previous match at card.c, or because it is forced at opensc.conf.
With this redundant match it's not possible to force selection on opensc.conf.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-06-05 13:43:52 +02:00
3a192e2c87
pkcs11-tool: Add extractable option to key import
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
a2dd500624
Fix pkcs11-tool encryption error Fix #1694
...
Make sure data being encrypted is less then the modulus.
On branch pkcs11-tool-encryption
Changes to be committed:
modified: ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
3a665f6479
allow single character strings with sc_hex_to_bin
...
fixes https://github.com/OpenSC/OpenSC/issues/1684
fixes https://github.com/OpenSC/OpenSC/issues/1669
2019-05-31 14:15:37 +02:00
e3ff3be4fe
pteid: add new ATRs
...
One ATR have been confirmed on my personal card and also added to the official middleware:
https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf
There is another ATR I am adding blind from the official middleware:
https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-05-31 14:12:12 +02:00
cc189585c8
pkcs11-spy: display CK_GCM_PARAMS.ulIvBits field
2019-05-29 15:17:15 +02:00
0fbd2663e6
Add missing ulIvBits to CK_GCM_PARAMS
...
The PKCS#11 specification text does not document the ulIvBits field.
But the header file defining CK_GCM_PARAMS uses it.
Since the header file is the normative version we need to add it.
See also https://github.com/Pkcs11Interop/Pkcs11Interop/issues/126o
and https://lists.oasis-open.org/archives/pkcs11-comment/201602/msg00001.html
and https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11
2019-05-29 15:17:15 +02:00
b7b501d0a5
fixed issues reported by clang-analyzer
2019-05-21 19:34:46 +02:00
3c83a80b57
fixed printing non primitive tag
...
fixes undefined bitshift
2019-05-21 19:34:46 +02:00
1423c6bb90
CI: integrate clang-tidy (disabled)
...
files that have warnings are currently excluded
2019-05-21 19:34:46 +02:00
1e59643caa
Remove process_arr unused file argument and fix clang-tidy warnings
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-21 19:34:46 +02:00
e501c5ae81
Unbreak build without OpenSSL
2019-05-21 18:44:06 +02:00
65d607af66
fixed 325860 Dereference before null check
2019-05-14 14:50:17 +02:00
630bcbedd4
fixed 337490 Unchecked return value
2019-05-14 14:50:17 +02:00
e275b34269
fixed 339157 Unused value
2019-05-14 14:50:17 +02:00
2829c5870f
Address review comments
...
Change-Id: I9aa97c8a9878dddd3e6f1a2baa877d188b9d7fe5
2019-05-02 11:51:02 +03:00
5f5d40521e
Avoid 6282 reply for a successful operation
...
Change-Id: I5d4d3103692fc6db51f13fc5338360289c26af9a
2019-05-02 11:51:02 +03:00
fc8e9bf3f3
Address review comments and further reduce LOC
...
and make sure the card is always handled emulated card first
Change-Id: I60174c2793bb882fb73716f62a652d84e028382c
2019-05-02 11:51:02 +03:00
b3d4a0d69a
EstEID 2018+ driver
...
This adds support for a minimalistic, small and fast card profile based on IAS-ECC.
Based on information from https://installer.id.ee/media/id2019/TD-ID1-Chip-App.pdf
and proprietary driver snoops.
Thanks to @metsma and @frankmorgner.
Change-Id: I2e4b4914d8a3b991d9a639728695abf4a2362ca0
2019-05-02 11:47:31 +03:00
c3a9458fa8
egk-tool: fix missed initialisation of card pointer
...
If util_connect_card_ex() fails, sc_disconnect_card() will use a
random pointer leading to segmentation faults.
2019-05-02 10:09:08 +02:00
209be72979
eGK: fix path for vd/gvd
...
path was wrong, the same as for pd
2019-05-02 10:09:08 +02:00
9ca836975a
Starcos: added another ATR for 2nd gen. eGK (TK)
2019-05-02 10:09:08 +02:00
63fd71c245
Remove unused sc_pkcs15emu_opt_t structure
...
Only usage was removed SC_PKCS15EMU_FLAGS_NO_CHECK flag
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-02 10:08:46 +02:00
f0a6a568f4
fixed Local variable hides global variable
2019-05-02 10:08:28 +02:00
0bc95cb6a1
added include guards
2019-05-02 10:08:28 +02:00
86ba3ea489
fixed Wrong type of arguments to formatting function
2019-05-02 10:08:28 +02:00
5123531e62
Fix EstEID 3.4 signing
...
opensc master requires now SC_ALGORITHM_RSA_HASH_NONE
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-02 10:06:19 +02:00
7449b00768
pkcs11: avoid double initialization of notify
2019-04-26 23:51:37 +02:00
c671083ee3
fixed missing file
2019-04-25 16:46:07 +02:00
7df789ec5d
fixed 337490 Unchecked return value
2019-04-25 15:44:11 +02:00
8382f243b2
fixed 337891 Out-of-bounds write
2019-04-25 15:44:11 +02:00
bbec50bfdb
Remove unused SC_PKCS15EMU_FLAGS_NO_CHECK flag
...
Fixes #1634
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-25 14:53:25 +02:00
3688dfe238
MyEID: simplify key component loading
...
Encode the component ID to be key type and component ID. This allows
each combination to be unique and direct mapping to card component
ID type in the code by just taking the low byte. This simplifies
the code, and reduces confusion as there is now only one #define
for each component.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
3f832ca6da
MyEID: implement support for 4K RSA keys (MyEID 4.5+)
...
MyEID starting version 4.5 supports 4K RSA keys. The card also
now supports proper APDU chainging (for sending large APDUs) and
receiving large responses via GET_RESPONSE splitting.
This updates the following:
* detection code properly announces 3K and 4K RSA support
when available
* APDU chaining is used when possible
* use ISO GET_RESPONSE handling for large responses
* max_recv_size is set to 256 which it always was supposed to be
as the old cards respond with that large responses too
* use the 2K signing kludge only on cards that need it
* unwrap and decipher code paths unified to the extent possible
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
0e25c1d2a6
MyEID: detect card from ATR historical data instead of full ATR
...
This will simplify the matching code, and match prototype cards.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
2019-04-25 14:53:10 +02:00
ffaaf1c0d3
pkcs11-spy: parse CKM_AES_GCM for C_EncryptInit()
2019-04-25 14:52:20 +02:00
69727c79ad
pkcs11.h: add CK_GCM_PARAMS structure
2019-04-25 14:52:20 +02:00
98ec27e768
pkcs11-spy: log pParameter buffer for C_EncryptInit & C_DecryptInit
2019-04-25 14:52:20 +02:00
bfa94dc90d
Merge pull request #1600 from AlexandreGonzalo/trustonic_pkcs11
2019-04-25 14:51:54 +02:00
e21cb5712c
Fix in encrypt_decrypt(), initialize the mgf
2019-04-24 14:03:35 +02:00
13429baed0
cac: Avoid signed/unsigned casting reported by coverity
...
src/libopensc/card-cac.c:1707: negative_returns: "val_len" is passed to a parameter that cannot be negative.
2019-04-23 14:49:45 +02:00
8cf1e6f769
pkcs11-tool: List supported GOST mechanisms
2019-04-17 16:42:12 +02:00
a5382d32fd
pkcs11-tool: Show GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
0e12b1dc71
pkcs11-tool: Generate GOSTR3410-2012 keys
2019-04-17 16:42:12 +02:00
4614beb87e
pkcs11-tool: Add keys access flags
2019-04-17 16:40:41 +02:00
aff2059ec1
card-rtecp: Fix SELECT FILE
2019-04-17 16:38:49 +02:00
fe4dae4d31
card-rtecp: Add Rutoken ECP SC ATR
2019-04-17 16:38:49 +02:00
91a1dd9af4
Option to delete object by index
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:38:40 +02:00
3935d501bf
Implement Secret Key write object
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-17 14:37:49 +02:00
066c30bb4e
opensc-notify: add to autostart
2019-04-08 11:16:13 +02:00
159821497c
egk-tool: fixed verbose logging
2019-04-08 11:16:13 +02:00
fe95520e3e
explicitly import libpkcs11.h
2019-04-08 11:16:13 +02:00
6f9b58af72
added pkcs11-register
2019-04-08 11:16:13 +02:00
fc4d600634
pkcs11-tool: Allow to set CKA_ALLOWED_MECHANISMS when creating an objects
...
Also list them in the attributes listing
2019-04-08 11:15:19 +02:00
f631b5f733
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:39:52 +02:00
4913feadb8
Fix in encrypt_decrypt(), check for (in_len <= sizeof orig_data)
2019-04-05 10:38:12 +02:00
fd20ffe608
optimize bin/hex low parsing level functions ( #1646 )
...
* optimize sc_hex_to_bin
* optimize sc_bin_to_hex
* added documentation
closes https://github.com/OpenSC/OpenSC/pull/1643
thanks to carblue <ka6613-496@online.de>
2019-04-04 12:52:08 +02:00
0abe9d11c7
pkcs11: (de-) initialize notifications on load
...
fixes https://github.com/OpenSC/OpenSC/issues/1507
fixes https://github.com/OpenSC/pkcs11-helper/issues/16
2019-04-04 11:04:50 +02:00
9ba8f56037
Change u8 *data to const because sc_apdu unsigned char *data is const
...
Name sc_format_apdu parameters for IDE help hints
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-03 22:15:54 +02:00
4ba086bfd4
Use strdup and fix all casts
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-04-01 12:53:33 +02:00
ea74308512
iso7816_read_binary: do not assume that 6282 is returned with data
...
Instead of a double check_sw call in case there is no data, assume
that a SW is properly sent by the card and do not expose
SC_ERROR_FILE_END_REACHED outside of the function
(like sc_pkcs15_read_file)
This is to facilitate Estonian eID 2018+ that instead of properly returning
6282 with trunkated data, 9000 is returned and next READ BINARY returns
6b00 (invalid p1/p2). The change should be generally harmless for well-behaving
cards.
Change-Id: I7511ab4841d3bcdf8d6f4a37a9315ea4ac569b10
2019-04-01 12:51:00 +02:00
f070c99b65
opensc-tool: do not use card driver to read ATR
...
If card driver fails to connect to card, 'opensc-tool -a' may fail to print
ATR even if ATR is available from card reader. Before use of card driver,
do only card reader connect, then print ATR. Only if it is neccesary, use
card driver for the rest of opensc-tool functions.
2019-03-25 14:34:26 +01:00
b389b19ca5
Merge pull request #1633 from metsma/esteid
...
Only EstEID 3.5 has EC 384 keys
2019-03-25 14:31:02 +01:00
2f4df1b93e
tools: unified handling of gengetopt
2019-03-25 14:30:09 +01:00
fc9277b778
use compat_getopt_long if getopt_long is not available
...
uses the autoconf way for replacing getopt.h
fixes https://github.com/OpenSC/OpenSC/issues/1527
2019-03-25 14:30:09 +01:00
7ae54f490d
Remove dead code ( #1638 )
2019-03-25 14:28:53 +01:00
8dea0a9028
fix overlapping memcpy
...
Fixes https://github.com/OpenSC/OpenSC/issues/1631
2019-03-18 23:33:24 +01:00
6aa5410e73
goid-tool: live with short length APDUs
2019-03-18 13:59:11 +01:00
4d2254a092
Only EstEID 3.5 has EC 384 keys
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 23:01:07 +02:00
2e87e4cfed
fixed issues from review
2019-03-13 21:22:19 +01:00
b7ec7f95b1
pkcs11: fixed token label
2019-03-13 21:22:19 +01:00
0079d836f3
pkcs11: truncate oversized labels with '...'
2019-03-13 21:22:19 +01:00
1e6d3df201
Remove un-lincenced header file
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-13 21:19:26 +01:00
71b85d15e4
opensc.conf: Configure handling of private_certificate
...
possible choices: ignore, protect, declassify
fixes https://github.com/OpenSC/OpenSC/issues/1430
2019-03-13 21:18:57 +01:00
1e0743b29f
removed untested use of SC_SEC_OPERATION_AUTHENTICATE
...
fixes https://github.com/OpenSC/OpenSC/issues/1271
2019-03-13 21:17:54 +01:00
106b3a28b1
acos5: removed incomplete driver
...
fixes https://github.com/OpenSC/OpenSC/issues/1204
2019-03-13 21:17:54 +01:00
9fa1722f73
sc_bin_to_hex returns a Nul terminated string
2019-03-13 21:17:00 +01:00
eb8f28db20
fixed error handling
2019-03-13 21:17:00 +01:00
d4f1decd15
Make sure card's strings are Nul terminated
...
Avoids out of bounds reads when using internal operations with the given string
2019-03-13 21:17:00 +01:00
d953998aa3
npa-tool: force default card driver
2019-03-13 12:01:09 +01:00
31831c300b
Remove the call to OPENSSL_init_crypto() which is not needed. I have a segmentation fault when the process exits.
2019-03-12 08:52:06 +01:00
6472027848
tools: release context when card connection fails
2019-03-07 22:18:54 +02:00
bc4eeda573
Remove readers when smart card service stops
...
The code already removes all active cards when the service goes
away, but it doesn't remove the reader. This can be a bit confusing
since they will still be polled and listed.
2019-03-07 21:51:02 +02:00
9ed5f63c17
Fix smart card removal handling for older PC/SC
...
Older PC/SC doesn't have the code SCARD_E_NO_READERS_AVAILABLE, so fix
the code to handle such systems as well.
2019-03-07 21:51:02 +02:00
9e9bdac2f1
Handle reader going missing
...
It might just be this specific reader going missing, and not all
of them.
2019-03-07 21:51:02 +02:00
b227fb8b9f
Cleanup EstEID 1.0/1.1 lefovers
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-03-07 21:31:08 +02:00
0d79675497
Small memory leak fix (CVE-2019-6502 in #1586 )
...
CVE-2019-6502 was assigned to what appears to be a very minor
memory leak that only occurs on an error-case in a CLI tool.
If util_connect_card fails, we still need to release the sc
context previously allocated by sc_context_create else memory
will leak.
2019-03-06 19:51:43 +01:00
728d099a53
FIX typo OpenSSL vs OpenSsl.
2019-03-06 11:35:11 +01:00
b327b76134
FIX use pseudo_randomize() for a proper initialization of orig_data in encrypt_decrypt().
2019-03-06 10:26:05 +01:00
19c5ab315d
fixed uninitialized use of variable
2019-03-06 08:53:47 +01:00
070370895f
fixed 333707 Dereference before null check
2019-03-06 00:42:38 +01:00
8fbd0b3ee1
fixed 333708 Dereference after null check
2019-03-06 00:42:38 +01:00
ba185954c5
fixed 333709 Unchecked return value
2019-03-06 00:42:38 +01:00
e8f8f0bfbb
fixed 333714 Uninitialized scalar variable
2019-03-06 00:42:38 +01:00
9abe44f03c
fixed 333715 Dereference after null check
2019-03-06 00:42:38 +01:00
e876cf62eb
fixed 333711 Dereference before null check
2019-03-06 00:42:38 +01:00
b1a58c7925
removed dead code
2019-03-06 00:42:38 +01:00
27526de021
implemented sc_format_apdu_ex
2019-03-05 13:54:13 +01:00
155b197932
sc-hsm: require T=1 connection
2019-03-05 13:47:45 +01:00
7271fe610b
Add support for the OpenSsl signature format for the signature verification.
2019-02-18 16:03:41 +01:00
20daced605
fixed special case of deletion in gnuk_write_certificate
2019-02-14 09:22:23 +01:00
1a61ae849f
fixed Null pointer argument in call to memcpy
2019-02-14 09:22:23 +01:00
b6fadb469f
fixed sc_decompress_zlib_alloc return code
2019-02-14 09:22:23 +01:00
6e48de83c7
avoid allocation of 0 bytes
2019-02-14 09:22:23 +01:00
f4fccfd94e
fixed undefined bitshift
2019-02-14 09:22:23 +01:00
c858d4b3d1
fixed argument checking
2019-02-14 09:22:23 +01:00
6fdb29a470
fixed use of uninitialized values
2019-02-14 09:22:23 +01:00
01d515a026
fixed use of garbage value
2019-02-14 09:22:23 +01:00
8ea77a83e0
fixed misuse of realloc
2019-02-14 09:22:23 +01:00
32e1995300
fixed dead assignment
2019-02-14 09:22:23 +01:00
e4a01643a6
fixed possible NULL pointer dereference
2019-02-14 09:22:23 +01:00
53954e9ff1
fixed OpenSSL handling in PKCS#11 mapping
...
prevents NULL pointer dereference
2019-02-14 09:22:23 +01:00
b708cab0a3
fixed assignment of garbage value
2019-02-14 09:22:23 +01:00
85485eb9b0
fixed unused assignments
2019-02-14 09:22:23 +01:00
fdb0e6d581
Fixed Potential leak of memory
2019-02-14 09:22:23 +01:00
9ae507c5f8
Fix indentation.
2019-02-12 14:09:26 +01:00
b63a868e68
Fix build when EVP_PKEY_CTX_set_rsa_oaep_md is not defined.
2019-02-12 10:42:39 +01:00
c2cc83754e
select_esteid_df is only used in card-mcrd.c
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-02-12 08:56:20 +01:00
f37a8a5c52
is_esteid_card is only used card-mcrd.c
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-02-12 08:56:20 +01:00
4757466f27
OpenPGP: space police
...
remove trailing spaces & tabs
2019-02-12 08:55:59 +01:00
04ef9dbf3b
Fix build on cygwin in strict mode ( #1605 )
2019-02-11 20:50:12 +01:00
be33e82b75
goid-tool: fixed possible memory leak
...
internally created context needs to be freed if TA/CA is done without
an existing SM context from PACE
2019-02-11 15:41:32 +01:00
72cdc9d82e
goid-tool: fixed confusion about always/never acl
2019-02-08 15:08:03 +01:00
aca9d79f6d
fixed parsing SoCManager info
2019-02-07 16:56:33 +01:00
973625773b
Fix encrypt_decrypt() for CKM_RSA_PKCS_OAEP. It is working fine now with OpenSsl 1.1.1a.
2019-02-07 10:42:48 +01:00
084624f340
Fix CKM_RSA_PKCS in encrypt_decrypt().
2019-02-05 12:03:51 +01:00
9aa413bd7e
Fix CKM_RSA_X_509 encrypt_decrypt(). Improve the code for CKM_RSA_PKCS and CKM_RSA_PKCS_OAEP. For these alogs, only CKM_SHA_1 is supported.
2019-02-05 11:35:42 +01:00
d25fbe3cec
Remove 2 useless comments in encrypt_decrypt().
2019-02-05 11:24:33 +01:00
928fbf2f03
goid-tool: implented PIN/FP verification for PAccess
2019-02-04 16:01:56 +01:00
3d09823df0
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined. Fix formatting.
2019-02-04 14:26:02 +01:00
f030aa2c25
Add support for CKM_RSA_X_509 in encrypt_decrypt() and decrypt_data().
2019-02-04 14:23:13 +01:00
9b7605ff3c
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). Only set the OAEP params for CKM_RSA_PKCS_OAEP, I had an issue with a variable not initialized.
2019-02-01 15:27:55 +01:00
cf617da4bd
Before calling encrypt_decrypt() make sure that the mechanism is for RSA and supports decryption, otherwise skip it.
2019-02-01 11:37:47 +01:00
2be799f739
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal(). fix formatting.
2019-02-01 11:35:25 +01:00
16ca73ae40
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt(). fix mechanism value in call to util_fatal().
2019-02-01 11:19:33 +01:00
968bfa8444
Add support for CKM_RSA_PKCS_OAEP in encrypt_decrypt().
2019-02-01 09:16:59 +01:00
ff3448fb18
Fix build when OPENSSL_NO_RIPEMD and OPENSSL_NO_CAST are defined.
2019-02-01 09:13:21 +01:00
f412995811
Bug fix in verify_signature() when the buffer to verify is larger than 1025 bytes. In this case, the signature length given to C_VerifyFinal() was incorrect.
2019-02-01 09:10:02 +01:00
36c5461c99
Make function more readable
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-01-30 22:02:14 +01:00
ec176443e2
Fixes an issue that appeared in 6bf9685 (PR #1540 ). In case use_pinpad==0 && pinsize == 0, uninitialized pinbuf was passed to sc_pkcs15_verify_pin causing problems.
2019-01-30 22:01:52 +01:00
84f0a88edb
Remove postecert and infocamere support because no longer issued ( #1584 )
...
* Remove postecert and infocamere support because no longer issued
* Remove wrong changes
* reset NEWS
* EC_POINT_set_affine_coordinates_GFp and EC_POINT_get_affine_coordinates_GFp are
deprecated, use EC_POINT_set_affine_coordinates and EC_POINT_get_affine_coordinates
* If OPENSSL API version is < 3 use old functions EC_POINT_[sg]et_affine_coordinates_GFp
* Move the OpenSSL compatibility stuff to src/libopensc/sc-ossl-compat.h
2019-01-30 22:01:24 +01:00
09a594d0f0
OpenPGP Card v3 ECC support ( #1506 )
...
* pgp: initialize ecc keys for OPC3
* Add supported ECC algorithms by card version
* Add tasks identified so far
* pgp: Recognize ECC set on card
* pgp: get_pubkey_pem read ECC pubkey from card
* pgp: minor code changes for ECC compatibility
* pgp: expand sc_cardctl_openpgp_keygen_info to hold ec info
* Fix segfault problem in pkcs15-pubkey.c
* pgp: enable key generation with pkcs15-init and ECC
* pgp: adapt calculate_and_store_fingerprint to accept ECC
* pgp: adapt rest of pgp_gen_key and subfunctions to accept ECC
* pgp: add kdf parameters for ECDH fingerprint calculation
* pgp: enable key import with pkcs15-init and ECC
* pkcs15-pubkey: fix_ec_parameters onlz accpets explicit data or named_curve
* Fix some mistakes during merge
* More clean up for PR
* Fix some ugly alignments
* Improve code readability
* Prevent unitialized variable by using FUNC_RETURN
* OpenPGP: add length check
* pgp: save exponent length in bits for sc_cardctl_openpgp_keystore_info_t
* pgp: length checks and reallocations
* pgp: oid init added
* OpenPGP: slightly re-factor pgp_update_new_algo_attr()
* replace loop copy with memcpy()
* use ushort2bebytes() to set RSA modulus & exponent
* use symbolic name SC_OPENPGP_KEYFORMAT_RSA_STD for the key import format
* OpenPGP: slighly re-factor pgp_parse_and_set_pubkey_output()
* check for RSA modulus & exponent lengths not being a multiple of 8
* make sure RSA modulus & exponent lengths are always set
* remove a left-over RSA setting from the EC code
* pgp: adding BYTES4BITS
* pgp: initialization of values in pgp_build_extended_header_list based on key type
* pgp: add BYTES4BITS and remove unnecessary tests
* Fix broken pgp_update_new_algo_attr
* pgp: fix the ecpoint_len variable
2019-01-30 22:00:36 +01:00
7a7ff50422
fixed memory leaks during card initialization
2019-01-30 21:57:59 +01:00
f486486413
removed unused defines
2019-01-30 21:57:59 +01:00
97a58cb441
fixed https://github.com/OpenSC/OpenSC/issues/1581
2019-01-30 21:57:59 +01:00
aed95b2f2b
pkcs11: check inputs
...
prevents NULL pointer dereference
2019-01-30 21:57:59 +01:00
993f6f5cc6
Use opensc-pkcs11.so for static build of pkcs11-tool
...
Statically link opensc-pkcs11 into pkcs11-tool with --disable-shared
2019-01-30 21:57:59 +01:00
7f7bcbff52
fixed misuse of realloc
...
calling it with size 0 leads to a free, which eventually may lead to a
double free corruption.
2019-01-30 21:57:59 +01:00
2ad7453718
use const qualifier for sc_simpletlv_read/put_tag
2019-01-30 21:57:59 +01:00
893be0d9c0
fixed memory leaks
2019-01-30 21:57:59 +01:00
Jakub Jelen
Frank Morgner
Peter Marschall
alex-nitrokey
carblue
Priit Laes
Julian Strobl
Khem Raj
Benjamin DELPY
Jakub Jelen
dojo
Doug Engert
Raul Metsma
AdriaoNeves
Andreas Schwier
Oskar Wiksten
Peter Popovec
pkubaj
Nuno Goncalves
Andreas Kemnade
Ludovic Rousseau
Rosen Penev
programatix
Jó Ágila Bitsch
Daniel Kouril
Dmitriy Fortinskiy
Timo Teräs
Ludovic Rousseau
Martin Paljak
alegon01
Pierre Ossman
Scott Gayou
Alex Karabanov
Hannu Honkanen
opensignature
Alexander Paetzelt