two lines that are never executed are removed for the code.
The LOG_TEST_GOTO_ERR before these lines will goto err.
On branch PIV-improved-parsing
Changes to be committed:
modified: src/libopensc/card-piv.c
Based on Fuzz testing, many of the calls to sc_asn1_find_tag were replaced
with sc_asn1_read_tag. The input is also tested that the
expected tag is the first byte. Additional tests are also add.
sc_asn1_find_tag will skip 0X00 or 0Xff if found. NIST sp800-73-x specs
do not allow these extra bytes.
On branch PIV-improved-parsing
Changes to be committed:
modified: card-piv.c
The function is intentionally broken in OpenSSL 3.0 for provided keys
and returning NULL. But it should still work for the legacy gost engine
implementation (but I do not have a good way to check).
Discussed in openssl upstream issue:
https://github.com/openssl/openssl/issues/16081
C_Initialize() must make a copy of the function pointers supplied
via pInitArgs, as the PKCS#11 specification makes no guarantee that
the pInitArgs pointer is allowed to be dereferenced after C_Initialize()
returns.
Fixes issue #2170.
Proper Ed25519/X25519 certs have pubkey algo with OID 1.3.101.112/110, according to
RFC8410. This commit add these OIDs, and also fixes pubkey parsing/creation - according
to the same RFC, it's just a bytestring, without ASN.1 wrapping.
Also, according to the same RFC, EDDSA/X25519 MUST not have params, even empty.
Let's define an environment MINIDRIVER_PIN=1234 in order to be able
to reuse the tests with any cards.
usage:
(cmd) set MINIDRIVER_PIN=1234
When the PIN code is not defined, let's skip the tests since it may runs
the number of trials out of the max attempts.
Moreover, some cards may have many roles, but the tests are designed for
the ROLE_USER, so let's enforce only the ROLE_USER.
Fix: issue #2326
if 5000 bytes are read, then at the end of the array we will write zero beyond its boundaries, damaging the stack.
Here's a simple solution. if you see the need to increase the array itself, let me know.
Rutoken ECP cards have no default SE file. Previous cards ignored
MSE with restoring default SE, but new cards don't. This requires
SC_SEC_ENV_FILE_REF_PRESENT to be removed from env flags.
Do not truncate ECDSA input to size of key if card or driver will do HASH.
On branch Fix_for_2283_ECDSA
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c