Jakub Jelen
b67261ab27
Upload also tarball as a build artifact
2021-08-04 22:08:19 +02:00
Jakub Jelen
68b7efb591
github actions: Unbreak migw builds
2021-08-04 22:08:19 +02:00
Jakub Jelen
3048156db0
Execute push-artifacts on macos
2021-08-04 22:08:19 +02:00
Jakub Jelen
1e43a6a1af
Make sure the dist creates tarball for pushing artifacts
2021-08-04 22:08:19 +02:00
Doug Engert
c6a9b5699a
PIV-improved parsing - fix two whilhspace nits
...
On branch PIV-improved-parsing
Changes to be committed:
modified: card-piv.c
2021-08-04 08:58:06 +02:00
Doug Engert
445a6324de
Remove unused code
...
two lines that are never executed are removed for the code.
The LOG_TEST_GOTO_ERR before these lines will goto err.
On branch PIV-improved-parsing
Changes to be committed:
modified: src/libopensc/card-piv.c
2021-08-04 08:58:06 +02:00
Doug Engert
456ac56693
PIV Improved parsing of data from the card
...
Based on Fuzz testing, many of the calls to sc_asn1_find_tag were replaced
with sc_asn1_read_tag. The input is also tested that the
expected tag is the first byte. Additional tests are also add.
sc_asn1_find_tag will skip 0X00 or 0Xff if found. NIST sp800-73-x specs
do not allow these extra bytes.
On branch PIV-improved-parsing
Changes to be committed:
modified: card-piv.c
2021-08-04 08:58:06 +02:00
Jakub Jelen
8453c0d99a
Skip openpgp test for now
2021-08-04 08:57:34 +02:00
Jakub Jelen
d47f42b12a
README: Update badges and links from travis
2021-08-04 08:57:34 +02:00
Jakub Jelen
01cf556ba2
github-actions: Unbreak artifacts pushing
2021-08-04 08:57:34 +02:00
Jakub Jelen
f43d3f8042
Add Javacard tests and mingw build to Github Actions
...
* PIV applet
* Isoapplet
* Gids Applet
* openpgp applet
* Split clang-tidy to separate task as it is too slow
2021-08-03 12:00:49 +02:00
Jakub Jelen
5d338739ac
CI: Avoid warnings from tput
...
As reported by Peter Popovec
2021-08-03 12:00:49 +02:00
Jakub Jelen
e683c531f6
Migrate some tests to Github Actions
...
This ads also retention json files with results from p11test to
make sure we are not introducing regressions for existing cards.
2021-08-03 12:00:49 +02:00
Jakub Jelen
1b329093f7
Move the cifuzz to separate file
2021-08-03 12:00:49 +02:00
Jakub Jelen
bc9b9df869
Do not use EVP_PKEY_get0() for EC_KEY handling
...
The function is intentionally broken in OpenSSL 3.0 for provided keys
and returning NULL. But it should still work for the legacy gost engine
implementation (but I do not have a good way to check).
Discussed in openssl upstream issue:
https://github.com/openssl/openssl/issues/16081
2021-08-02 10:05:59 +02:00
Frank Morgner
99656deaf4
avoid limited size when logging data
2021-07-15 10:04:23 +02:00
Jakub Jelen
9a5a008093
pkcs15-tool: Update the logic to make it more clear for some dumb static analyzers
2021-07-15 09:51:59 +02:00
Jakub Jelen
d34e84c78d
eidenv: Avoid memory leak
2021-07-15 09:51:59 +02:00
Frank Morgner
d90048e5bb
Merge pull request #2357 from a-dma/p11_extractable
...
pkcs11-tool: allow setting CKA_EXTRACTABLE during keypair generation
2021-07-05 16:21:41 +02:00
Jakub Jelen
aa6574b60e
New rc published
2021-06-29 18:17:19 +02:00
Jakub Jelen
fd6b64b91b
Update NEWS with recently merged changes
2021-06-29 13:58:55 +02:00
Alessio Di Mauro
2f94a6b155
pkcs11-tool: allow setting CKA_EXTRACTABLE during keypair generation
...
Section 4.9 of the PKCS#11 v2.40 specification [1], mentions
CKA_EXTRACTABLE as a valid attribute for Private Key objects. However,
when calling "pkcs11-tool" with the "--exportable" option, the
attribute is not set as part of the private key template.
[1]: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
2021-06-23 15:29:29 +02:00
Doug Engert
aebebac432
p11test: Use OPTIONAL_OPENSSL_CFLAGS
...
Needed if building with OpenSSL in non stanard location.
Changes to be committed:
modified: src/tests/p11test/Makefile.am
2021-06-11 05:28:07 -05:00
Frank Morgner
c42792c216
Merge pull request #2343 from Jakuje/ossl3v1
...
Working subset of #2337 (OpenSSL 3.0)
2021-06-07 14:38:30 +02:00
Stephan Mühlstrasser
151583ce26
C_Initialize() must copy CK_C_INITIALIZE_ARGS
...
C_Initialize() must make a copy of the function pointers supplied
via pInitArgs, as the PKCS#11 specification makes no guarantee that
the pInitArgs pointer is allowed to be dereferenced after C_Initialize()
returns.
Fixes issue #2170 .
2021-06-07 12:44:07 +02:00
Jakub Jelen
9be6dc6606
pkcs11: Update the version to 3.0 (unused anywhere though)
2021-06-02 15:46:00 +02:00
Jakub Jelen
9d1a214340
pkcs11: Undefine internal typedef and remove its usage
2021-06-02 15:46:00 +02:00
Jakub Jelen
fc2fecc80e
Use const types for RSA and EC_KEY
...
These are anyway not supposed to be modified even in older versions of
openssl.
Visible when building with -Wno-deprecated-declarations
2021-06-02 15:46:00 +02:00
Jakub Jelen
ffd6e2a576
p11test: Expect DERIVE to be set on both private and public key
...
Basically reverts part of 485b6cf
, which turned out to be wrong.
Alternative to #2292
2021-05-31 15:36:29 +02:00
Jaime Hablutzel
465375bda2
Fixing command-line option names in error messages
2021-05-26 10:41:30 +02:00
Jakub Jelen
33426df3ff
p11test: Do not return on warnings for (X)EDDSA keys
2021-05-24 11:25:53 +02:00
Jakub Jelen
8e4134841d
p11test: Add new mechanisms from softhsm
2021-05-24 11:25:53 +02:00
Jakub Jelen
a8a4bddfad
p11test: Debug level from commandline
...
This replaces the debug level defined at build time with -NDEBUG,
which turned out to be quite confusing.
Fixes #2304
2021-05-24 11:25:53 +02:00
Jakub Jelen
a69ab7c70c
tests: Fix context for the asn1 test
2021-05-24 11:25:53 +02:00
Jakub Jelen
fd96d2c960
Do not use deprecated ERR_load_ERR_strings() with OpenSSL 3.0
2021-05-24 11:25:53 +02:00
Jakub Jelen
1b92501ef9
sm: Rewrite to use non-deprecated OpenSSL 3.0 API
2021-05-24 11:25:53 +02:00
Jakub Jelen
07f5e63abf
tests: verify secure messaging functions work as expected
2021-05-24 11:25:53 +02:00
Jakub Jelen
12be677cb8
Drop duplicate -Werror build flag (already used unless --disable-strict)
2021-05-24 11:25:53 +02:00
Jakub Jelen
e4cf0e7b39
Basic unit test for secure messaging functions
2021-05-24 11:25:53 +02:00
Jakub Jelen
0b45e78e4f
idprime: Fix RSA-PKCS mechanism with hashing on card
2021-05-24 10:42:08 +02:00
Yaroslav Isakov
fc08818f6f
OpenPGP: Fix read/write certs with Ed25519/X25519 public key
...
Proper Ed25519/X25519 certs have pubkey algo with OID 1.3.101.112/110, according to
RFC8410. This commit add these OIDs, and also fixes pubkey parsing/creation - according
to the same RFC, it's just a bytestring, without ASN.1 wrapping.
Also, according to the same RFC, EDDSA/X25519 MUST not have params, even empty.
2021-05-21 14:37:30 +02:00
Yaroslav Isakov
23dc52c903
Fixed OpenPGP logic for comparing OIDs
...
It's better to leave oid comparison as it was before, and drop trailing
zero byte after it, when reading from token.
2021-05-20 11:11:05 +02:00
Yaroslav Isakov
29410c170e
Make OpenPGP curves to be a pointer to OpenPGP 3.4 curves list
2021-05-20 11:11:05 +02:00
Yaroslav Isakov
f356d301b9
Enable ed25519/curve25519 support for Yubikey 5
2021-05-20 11:11:05 +02:00
Doug Engert
48a11c0634
Update piv-tool man pages for AES
...
commit 295c523e4
(William Roberts 2014-07-08 13:52:48)
added support for AES keys to card-piv.c but the man page
for piv-tool that uses the code was never updated.
On branch piv-tool-doc
Changes to be committed:
modified: ../../doc/tools/piv-tool.1.xml
2021-05-20 11:07:29 +02:00
Doug Engert
f1bc07dec1
Fix piv-tool on wondows
...
fopen needs "rb" for fopen in two places
fixes #2338
On branch piv-tool-windows
Changes to be committed:
modified: piv-tool.c
2021-05-20 10:37:31 +02:00
Doug Engert
8dfafe4fc2
Fix 2340 pkcs15-sec.c wrong test
...
if (obj->type == SC_PKCS15_TYPE_PRKEY_RSA) { is the correct test.
2021-05-17 15:00:26 +02:00
Vincent JARDIN
5256bc3d3d
tests: minidriver using T0 or T1
...
Some cards should be used with T0 and some others with T1. Let's support
both.
Fix: issue #2326
2021-05-17 12:06:12 +02:00
Vincent JARDIN
180737d1b6
tests: minidriver runtime PINCODE
...
Let's define an environment MINIDRIVER_PIN=1234 in order to be able
to reuse the tests with any cards.
usage:
(cmd) set MINIDRIVER_PIN=1234
When the PIN code is not defined, let's skip the tests since it may runs
the number of trials out of the max attempts.
Moreover, some cards may have many roles, but the tests are designed for
the ROLE_USER, so let's enforce only the ROLE_USER.
Fix: issue #2326
2021-05-17 12:06:12 +02:00
Vincent JARDIN
f0c059ede8
ATRMask: better describe the rule to be applied
...
Include some notes in order to properly define the ATR values.
Suggested-by: Doug Engert <deengert@gmail.com>
Fix: issue #2321
2021-05-12 07:51:42 +02:00