Jakub Jelen
afe255c5b2
Remove never set constants and their handling in cardos driver
2019-12-05 10:45:34 +01:00
Jakub Jelen
2bab09ac03
tcos: Use unique IDs for certificates
2019-12-05 10:43:17 +01:00
Jakub Jelen
88e3c44f22
tcos: Drop undocumented tags from security environment data
2019-12-05 10:43:17 +01:00
Jakub Jelen
bee5c6d639
tcos: Do not advertize non-functional RSA RAW algorithms
2019-12-05 10:43:17 +01:00
Jakub Jelen
424eca8bef
tcos: Remove duplicate lines
2019-12-05 10:43:17 +01:00
Jakub Jelen
4c67bbf383
coolkey: Avoid addressing behind allocated buffers
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19222
2019-12-04 21:47:47 +01:00
Jakub Jelen
c246f6f69a
coolkey: Make sure the object ID is unique when filling list
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208
2019-12-04 21:47:47 +01:00
Andreas Schwier
32b49894c5
sc-hsm: Add ATR for faster token variant
2019-12-04 21:43:47 +01:00
Andreas Schwier
7858f3cd06
sc-hsm: Add support for SmartCard-HSM MicroSD card
2019-12-04 21:43:47 +01:00
Frank Morgner
39c1400fac
opensc-notify: fixed name in plist
2019-12-04 14:55:23 +01:00
Jakub Jelen
8ab39bdec7
pkcs11-session: Explicitly reset login_user and release lock
2019-12-04 12:00:07 +01:00
Frank Morgner
118929df93
macos: use generic location for NotificationProxy
...
to be installed with OpenSC core and to be used from
the tools, tokend and CTK
2019-12-02 08:22:34 +01:00
Jakub Jelen
ef61a95b31
coolkey: Make sure the matching objects have same lengths
...
This ensures that we do not go behind the allocated buffer if
we get wrong data.
Thanks to oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19031
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19032
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19038
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19039
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19040
2019-11-29 22:48:00 +01:00
Jakub Jelen
aa6d3e1d36
coolkey: Fix the comparator return value
2019-11-29 22:48:00 +01:00
Jakub Jelen
249e928176
gp: Correctly check for the CPLC data length
2019-11-29 22:47:26 +01:00
Jakub Jelen
4f3d87d03c
coolkey: Split the CPLC related structures and function to the generic GP file
2019-11-29 22:47:26 +01:00
Jakub Jelen
326955a147
reader-pcsc: Preserve the CARD_PRESENT flag to make sure the card is detected after reader reinsertion
2019-11-28 11:18:25 +01:00
Jakub Jelen
4bd8cda966
pkcs11-session: When we notice logout in lower layers, while pkcs11 thinks we are logged in, invalidate all sessions in given slot
2019-11-28 11:18:25 +01:00
Jakub Jelen
e0e1f10bd3
pkcs11/slot: Fix indentation
2019-11-28 11:18:25 +01:00
Oskar Wiksten
79a51e0d18
pkcs11: Support for RSA PSS padding in verify
...
* Explicitly copies the mechanism parameters during a PKCS#11 `C_VerifyInit`
and `C_DecryptInit` operation.
* Resolves issues where the calling application deallocates the `pParameter`
pointer in the `CK_MECHANISM` struct between calls to `C_VerifyInit` and
`C_Verify`, or between `C_DecryptInit` and `C_Decrypt`.
* These mech parameters are used in RSASSA-PSS and RSAES-OAEP, for example.
* This commit copies the same fix that was applied to `sc_pkcs11_sign_init` in
commit e5707b545e
for supporting RSASSA-PSS.
2019-11-28 11:17:12 +01:00
AdriaoNeves
ce71b171e2
Add support for 4K RSA keys in GemsafeV1
2019-11-23 22:13:28 +01:00
carblue
6d98f8c8d8
card-myeid.c: issue #1219
2019-11-23 21:38:14 +01:00
carblue
d4823541b7
pkcs15-init: Fix issue #1219
2019-11-23 21:38:14 +01:00
Jakub Jelen
2d02de4233
coolkey: Do not return uninitialized data if card does not return CPLP data
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18990
2019-11-18 14:02:07 +01:00
Frank Morgner
bec794fbee
fixed memory leak
...
https://crbug.com/oss-fuzz/18953
2019-11-18 14:01:50 +01:00
Jakub Jelen
c4dcac5de7
pkcs15-prkey: Free allocated data on all error exit paths
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18790
2019-11-14 19:36:01 +01:00
Jakub Jelen
6d6d158f13
pkcs15-cert: Free data on all error exit paths
...
https://oss-fuzz.com/testcase-detail/5645063405436928
2019-11-14 19:36:01 +01:00
Jakub Jelen
5645fe2d16
muscle: Check length first before calling memcmp()
2019-11-14 19:36:01 +01:00
Jakub Jelen
1594b1167d
muscle: Initialize variables and check return codes
2019-11-14 19:36:01 +01:00
Jakub Jelen
7360c4bf0c
muscle: Avoid access uninitialized memory
2019-11-14 19:36:01 +01:00
Jakub Jelen
2c68c0662c
coolkey: Avoid success from init if there are no reasonable data raturned
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18918
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18915
2019-11-14 19:36:01 +01:00
Jakub Jelen
75847f4e93
Make ef_dir variable local
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18821
2019-11-13 15:48:40 +01:00
Jakub Jelen
f11c286bc6
coolkey: Refactor the object listing to avoid invalid memory access
...
Probably resolves some bad memory access from oss-fuzz such as
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18907
2019-11-13 15:48:33 +01:00
Jakub Jelen
07d3d8e0df
compression: Free allocated data and return error if nothing was uncompressed
...
Also harmonizes the return codes from decompress*() functions
Fixes oss-fuzz issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18771
2019-11-13 15:48:25 +01:00
Frank Morgner
5557f34f5e
Revert "pkcs15-pubkey: Avoid memory leaks"
...
This reverts commit 0977b5496a
.
2019-11-12 11:57:43 +01:00
Jakub Jelen
b79db82ae7
openpgp: Workaround non-compliant Yubikey 5 OpenPGP applets
...
Fixes #1850
2019-11-12 03:38:09 +01:00
Jakub Jelen
0977b5496a
pkcs15-pubkey: Avoid memory leaks
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:53 +01:00
Jakub Jelen
cc917b541f
asn1: Avoid calling malloc with 0 argument
...
Caused problems reported by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18758
2019-11-11 22:02:41 +01:00
Jakub Jelen
cd51430ba7
asn1: Avoid malloc(0) also from BIT STRING and GENERALIZED TIME structures
2019-11-11 22:02:30 +01:00
Jakub Jelen
e50bc29bd9
card-setcos.c: Avoid unsigned integer underflow
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18798
2019-11-11 22:02:18 +01:00
Jakub Jelen
c173563ad2
coolkey: Accept only SW=90 00 as success to prevent interpretting invalid values
2019-11-11 22:02:08 +01:00
Jakub Jelen
ef3e223917
coolkey: Do not interpret empty answers as success
...
Thanks to oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18868
2019-11-11 22:01:56 +01:00
Peter Popovec
e6a24b71ab
MyEID: fix max_recv_size
...
MyEID 3.3.3 is not working with hardcoded max_recv_size=256 in
card-myeid.c. Use max_recv_size=255 if card major version < 40
Fixes #1852
2019-11-11 21:01:51 +01:00
Frank Morgner
a8de0070fd
fixed Null-dereference READ
...
https://oss-fuzz.com/testcase-detail/5644373382922240
Thanks to OSS-Fuzz
2019-11-06 23:38:37 +01:00
Frank Morgner
1a069ca71e
fixed Global-buffer-overflow READ 1
...
https://oss-fuzz.com/testcase-detail/5685978287308800
Thanks to OSS-Fuzz
2019-11-06 23:08:43 +01:00
Frank Morgner
8fea658fe9
fixed 121888 Time of check time of use
2019-11-05 21:49:30 +01:00
Frank Morgner
3a5a90450e
fixed 333715 Dereference after null check
2019-11-05 21:49:30 +01:00
Frank Morgner
7007b4a889
fixed 127766 Out-of-bounds read
2019-11-05 21:49:30 +01:00
Frank Morgner
8d7092c0cb
13598 Unchecked return value
2019-11-05 21:49:30 +01:00
Frank Morgner
192994fa13
fixed 13608 Unchecked return value
2019-11-05 21:49:30 +01:00
Frank Morgner
804cb68057
removed 339153 Logically dead code
2019-11-05 21:49:30 +01:00
Frank Morgner
8d3dfb2f6d
ignore for 339158 Dereference before null check
2019-11-05 21:49:30 +01:00
Frank Morgner
07cff0e168
fixed 341844 Incorrect deallocator used
2019-11-05 21:49:30 +01:00
Frank Morgner
8b6ba40a8e
fixed 341853 Resource leak
2019-11-05 21:49:30 +01:00
Frank Morgner
fa35be5859
fixed 347857 Resource leak
2019-11-05 21:49:30 +01:00
Frank Morgner
2a2662fb3d
fixed 348981 Resource leak
2019-11-05 21:49:30 +01:00
Frank Morgner
7a1e42e135
fixed compiler warning
...
fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18701
2019-11-05 10:58:32 +01:00
Frank Morgner
c3f23b836e
fixed UNKNOWN READ
...
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5681169970757632
2019-11-03 04:45:28 +01:00
Frank Morgner
6263afbe43
fixed memory leak
...
Reported by OSS-Fuzz
https://oss-fuzz.com/testcase-detail/5697134632632320
2019-11-03 04:38:09 +01:00
Jakub Jelen
d3f60a657f
pkcs15*: Fail if there is no fallback file_app
2019-11-01 15:53:40 +01:00
Jakub Jelen
b75c002cfb
cac1: Correctly handle the buffer limits
...
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618
and others
2019-11-01 15:53:40 +01:00
pkubaj
bfa8415ea3
Fix build on ARM, PPC
...
Those architectures use unsigned char by default, and command variable is later compared to -1.
2019-11-01 15:51:06 +01:00
Jakub Jelen
fb15a7dd86
reader-pcsc: Handle yubikey reinsertion
...
When the application (NSS) does not use WaitForSlotEvent and just
opportunistically tries to detect card and reader removals with
C_GetSlotInfo() and C_GetSessionInfo(), we might get errors in
various plcaes, in the sc_lock() function, when we try to transfer
other messages or when we ask for the reader status.
This is generally too late to call any disconnect functions because no
PC/SC handles are valid anymore. The reader state from PCSC
is searched by name so we can be pretty sure it is very similar
reader (with same name as the old one) and I hope we can reuse the
reader structure and just call the pcsc_connect() on that as we do
with invalid handles.
Otherwise we detect this issue in the refresh_attributes() (called
from C_GetSlotInfo()), where we can report the slot change in the
expected manner.
Fixes #1822
2019-11-01 15:50:34 +01:00
Jakub Jelen
0ea11523a3
Improve logging of exit codes
2019-11-01 15:50:34 +01:00
Frank Morgner
3c87ffaa02
fuzzing: correctly consume fuzzing data
2019-11-01 15:49:10 +01:00
Jakub Jelen
424ebf8ed1
pkcs15: Avoid insane allocations
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18592
2019-10-31 02:18:36 +01:00
Jakub Jelen
51363d3392
cac: Make sure we do not leak memory
...
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18564
2019-10-31 02:18:20 +01:00
Jakub Jelen
829a73c941
card-npa: Remove dead code
2019-10-31 02:18:04 +01:00
Jakub Jelen
6c7b4bed37
pkcs15*: Avoid null dereference from fuzzers
...
Thanks oss-fuzz.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18591
2019-10-31 02:17:44 +01:00
Frank Morgner
49f59d9fc9
clean up already enumerated apps
2019-10-29 17:54:40 +01:00
Nuno Goncalves
3ac47fbea9
replace SC_FUNC_CALLED(...,1) with SC_FUNC_CALLED(..., SC_LOG_DEBUG_NORMAL) ( close #1698 )
...
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
Nuno Goncalves
60581ecc82
remove trailing whitespace
...
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-10-28 09:51:28 +01:00
Frank Morgner
026b6ab43d
fuzzing: validate PIN only if it's a PIN
...
https://oss-fuzz.com/testcase-detail/5693809152753664
2019-10-26 23:56:19 +02:00
Frank Morgner
3c286b3cb1
fixed Null-dereference READ
...
https://oss-fuzz.com/testcase-detail/5734505646391296
Thanks to OSS-Fuzz
2019-10-26 23:50:11 +02:00
Jakub Jelen
61cd7fcdb2
card-mcrd: Free the allocated structures on cleanup
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18416
2019-10-25 20:25:06 +02:00
Jakub Jelen
6522df7587
pkcs15: Avoid null dereference in fuzzers
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16617
2019-10-25 20:22:40 +02:00
Jakub Jelen
532b06d07e
pkcs15: Avoid insane allocations
...
and use single max constant accross the code
https://oss-fuzz.com/testcase-detail/6314983763214336
2019-10-25 20:22:40 +02:00
Jakub Jelen
6810eb6cf1
fuzz_pkcs15_reader: Unbreak strict builds
...
The error was
fuzz_pkcs15_reader.c: In function ‘fuzz_get_chunk’:
fuzz_pkcs15_reader.c:66:19: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast]
66 | *chunk_size = (uint16_t) data->Data;
| ^
cc1: all warnings being treated as errors
2019-10-25 20:22:40 +02:00
Jakub Jelen
cc466eea94
asn1: Avoid undefined shifts by adding explicit cast
...
The error was:
asn1.c:681:23: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
#0 0x5e9b11 in decode_bit_field opensc/src/libopensc/asn1.c:681:23
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18487
2019-10-25 20:19:50 +02:00
Jakub Jelen
0d091c8e0c
asn1: Avoid integer overflow
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18475
2019-10-23 13:50:52 +02:00
Jakub Jelen
6ce6152284
pkcs15-prkey: Simplify cleaning memory after failure
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478
2019-10-23 13:50:52 +02:00
Jakub Jelen
19f4c7e428
card-mcrd.c: Avoid null dereference
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18477
2019-10-23 13:50:52 +02:00
Jakub Jelen
1be013d08e
asn1: Fix undefined shift in OID parser
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16618
2019-10-22 09:42:18 +02:00
Jakub Jelen
630d6adf32
pkcs15-prkey: Avoid memory leak
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16625
2019-10-22 09:41:14 +02:00
Jakub Jelen
62049ea18c
Avoid memory leaks from file selection
...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17106
2019-10-22 09:38:30 +02:00
Jakub Jelen
6ef0ac6e67
asn1: Correctly parse negative integers
...
The negative integers were parsed uterly wrong, resulting in undefined
shift overflows as reported by oss-fuzz.
The current implementation takes negated values (properly masked) and
calculates two's complement in the end, which results in correct values
and correct data handling.
https://oss-fuzz.com/testcase-detail/5125815506829312
2019-10-22 09:33:46 +02:00
Jakub Jelen
ff893d2224
pkcs15: Remove unused code
2019-10-22 09:22:59 +02:00
Jakub Jelen
5e9e5b232c
card-piv: Fix indentation
2019-10-22 09:17:24 +02:00
Jakub Jelen
459e4ecc37
piv: Avoid insane allocations in fuzzer
2019-10-22 09:17:12 +02:00
Jakub Jelen
544d576b00
asn1: Do not pass null argument to memcpy
...
Reported by clang analyzer:
src/libopensc/asn1.c:1080:2: note: Null pointer passed as an argument to a 'nonnull' parameter
memcpy(p, data, datalen);
2019-10-22 09:15:49 +02:00
Jakub Jelen
889d598bcd
asn1: Initialize values to avoid comparison with garbage
...
Reported by clang analyzer:
src/libopensc/asn1.c:2115:14: warning: The right operand of '<' is a garbage value [clang-analyzer-core.UndefinedBinaryOperatorResult]
if (halflen < r_len || halflen < s_len) {
2019-10-22 09:15:36 +02:00
Raul Metsma
f4ac617c19
Remove unused card type
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-10-16 13:16:56 +02:00
Frank Morgner
3a1bd36e20
Use onepin-opensc-pkcs11.so for Chromium ( #1828 )
...
* pkcs11-register: Fixed detection of already registered OpenSC
Anny configuration of onepin-opensc-pkcs11.so and opensc-pkcs11.so
should be enough to skip registering the default module again.
* Use onepin module for generic NSS DB
fixes https://github.com/OpenSC/OpenSC/issues/1818
May have the disadvantage that some other programs that use NSS don't
see the signature keys. However, we currently only know for sure that
Chromium is using the generic NSS DB.
2019-10-16 13:16:22 +02:00
Jakub Jelen
eac516fd41
dir: Avoid insane allocations
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17449
2019-10-03 13:57:09 +02:00
Jakub Jelen
5490d73f31
card: Avoid integer overflows
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17007
2019-10-03 13:57:09 +02:00
Jakub Jelen
34bd879400
openpgp: Properly free the allocated file structure
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16879
2019-10-03 13:57:09 +02:00
Jakub Jelen
79cb753921
cac: Free the certificate data on failure
...
Resolves:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16819
2019-10-03 13:57:09 +02:00
Jakub Jelen
d6435b0af4
pkcs15-din-66291: Fix indentation
2019-10-03 13:57:09 +02:00
Frank Morgner
53ff7182fb
pkcs11-tool: disable wrap/unwrap test ( #1808 )
...
... until https://github.com/OpenSC/OpenSC/issues/1796 is resolved
2019-10-01 11:52:33 +02:00
Frank Morgner
e2491a7d7f
pkcs11-tool: fixed displaying secret key attributes ( #1807 )
...
fixes https://github.com/OpenSC/OpenSC/issues/1805
2019-10-01 11:51:55 +02:00
Frank Morgner
d965156fe6
fuzz_pkcs15_decode: fixed use after free
2019-09-30 20:02:12 +02:00
Andreas Schwier
aae529547c
sc-hsm: Fix maximum APDU size to 4K version ( Fixes #1794 )
2019-09-20 20:35:54 +02:00
Andreas Kemnade
b9810e62d6
cardos5: fix reading of serial number
...
The corresponding GET DATA command only returns the serial,
nothing else.
Tested with CardOS 5.0 and 5.3 cards. The serial number
is the same as shown with other tools
2019-09-16 13:09:16 +02:00
Frank Morgner
25bc8fc167
fix https://github.com/OpenSC/OpenSC/issues/1786
...
Thanks to Alexandre Gonzalo
2019-09-16 13:06:38 +02:00
Doug Engert
3b632e64a1
Fix #1731 sc_format_apdu_cse_lc_le fails to set Le correctly
...
Changed four places where "<" should be "<=" so Le will be set correctly
Previous for 65K (extended) or 256 (short) Le is left set to 0.
This then caused Le to be to be not added to APDU as Le==0
Code later converts actual Le in APDU to be set to 0 to mean 256 or 65K.
SC_APDU_CASE_*_EXT are changed to SC_APDU_CASE_* so sc_detect_apdu_cse
to set the cse based on card capabilities as well as data chaining.
This commit is not well tested and neds review.
On branch fix-1731
Changes to be committed:
modified: src/libopensc/card.c
2019-09-09 12:49:56 +02:00
Frank Morgner
28a93fdf55
fixed memory leak
2019-09-09 09:37:33 +02:00
Frank Morgner
2eaf422cb2
refactor DIN 66291 profile to avoid memory confusion
2019-09-09 09:34:37 +02:00
Frank Morgner
64d3d81036
fixed invalid free
2019-09-05 08:51:13 +02:00
Frank Morgner
769db0297b
fixed memory leak
...
Credits to OSS-Fuzz
2019-09-02 09:43:50 +02:00
Peter Popovec
5b8095ca2c
string null-termination fix
...
strncpy does not generate null-terminated string, fixed by memcpy.
2019-09-02 09:32:12 +02:00
Frank Morgner
f621305140
fixed undefined behavior when parsing negative ASN.1 Integer
2019-08-30 23:45:40 +02:00
Frank Morgner
3e110995bc
fixed undefined behavior
...
Credits to OSS-Fuzz
2019-08-30 23:45:40 +02:00
Frank Morgner
e971ffb48e
fixed memory leak
...
Credits to OSS-Fuzz
2019-08-30 23:45:40 +02:00
Frank Morgner
849de1d9e3
fixed memory leak when parsing malformed PKCS#15 data
...
Credits to OSS-Fuzz
2019-08-30 23:45:40 +02:00
Frank Morgner
f5bea72637
Add support for 4K RSA keys in CardOS 5 ( #1776 )
...
fixes https://github.com/OpenSC/OpenSC/issues/1764
2019-08-29 09:43:37 +02:00
Frank Morgner
a1d3e76999
openpgp: handle cards with static algorithms
...
fixes https://github.com/OpenSC/OpenSC/issues/1659
2019-08-28 11:06:55 +02:00
Jakub Jelen
cc9020f56a
pkcs15-sc-hsm: Avoid potential memory leaks
2019-08-28 11:01:50 +02:00
Jakub Jelen
fb67ffdca6
pkcs15-sc-hsm: Avoid potential memory leaks
2019-08-28 11:01:50 +02:00
Jakub Jelen
14e1f3c4d3
pkcs15-tccardos: Make sure we do not overrun buffers in this wild parsing
2019-08-28 11:01:50 +02:00
Jakub Jelen
489886724f
pkcs15-tccardos: Avoid negative indexing
2019-08-28 11:01:50 +02:00
Jakub Jelen
cab5d3da17
iasecc-sdo: Avoid potential memory leak
2019-08-28 11:01:50 +02:00
Jakub Jelen
070a37cebd
card-authentic: Avoid potential memory leaks
2019-08-28 11:01:50 +02:00
Jakub Jelen
1b32bfe4e5
card-coolkey: Avoid potential null dereference
2019-08-28 11:01:50 +02:00
Jakub Jelen
24eaa3eaa1
card-jcop: Avoid left-shift of negative values
2019-08-28 11:01:50 +02:00
Jakub Jelen
2f643948f1
ctx: Avoid potential memory leaks reported by clang
2019-08-28 11:01:50 +02:00
Frank Morgner
bdca524aa8
Fixed memory leak
...
Credits to OSS-Fuzz
2019-08-27 15:59:46 +02:00
Frank Morgner
03ea3f719c
fixed memory leak
...
Credits to OSS-Fuzz
2019-08-27 15:40:32 +02:00
Frank Morgner
9b4b080be7
fixed compiler warning
2019-08-27 15:27:15 +02:00
Frank Morgner
a3fc7693f3
Fixed out of bounds access in ASN.1 Octet string
...
Credit to OSS-Fuzz
2019-08-27 15:21:46 +02:00
Frank Morgner
412a6142c2
fixed out of bounds access of ASN.1 Bitstring
...
Credit to OSS-Fuzz
2019-08-27 15:19:22 +02:00
Ludovic Rousseau
2bfd022180
pkcs11-spy: add support of CKM_*_PSS in C_VerifyInit()
...
In bdb1961dee
the same code was added to
C_SignInit(). Now it is also used in C_VerifyInit().
2019-08-27 14:52:10 +02:00
Frank Morgner
2eab2bcd74
fixed out of bounds accessing array
...
Credit to OSS-Fuzz
2019-08-27 14:00:34 +02:00
Ludovic Rousseau
2240abcef1
spy: display -1 instead of 18446744073709551615
...
buf_len is a CK_ULONG (unsigned long). But if the attribute is sensitive
or is not extractable or is invalid for the object then the library set
the buffer length value to (CK_LONG)-1.
It is more friendly to see "-1" instead of "18446744073709551615" (on
64-bits CPU)
2019-08-26 10:53:09 +02:00
Ludovic Rousseau
43a8f870e5
pkcs11-spy: add support of CKA_OTP_* values
2019-08-26 10:18:04 +02:00
Ludovic Rousseau
e35a7e7395
Add definition of CKA_OTP_* constants
2019-08-26 10:17:05 +02:00
Frank Morgner
9099d95c77
fixed interface change
...
fixes https://github.com/OpenSC/OpenSC/issues/1768
2019-08-20 14:21:44 +02:00
Peter Popovec
d7a86d397f
opensc-tool: do not connect card if not neccesary, fix util.c errors
...
opensc-tool: for options --version, --list-readers, -D, etc. we do not
need to connect card/reader. This removes unnecessary error messages
if card is not present in card reader or if reader is not available.
util.c: use symbolic error codes, pass error codes to caller without change.
2019-08-20 13:38:51 +02:00
Frank Morgner
b6be87a348
make sc_format_apdu_ex agnostic to card properties
2019-08-20 13:38:20 +02:00
Frank Morgner
0c563df0c1
document sc_format_apdu_ex()
2019-08-20 13:38:20 +02:00
Frank Morgner
0e97ef2ce3
don't use sc_format_apdu_ex in default driver
...
fixes https://github.com/OpenSC/OpenSC/issues/1731
closes https://github.com/OpenSC/OpenSC/pull/1734
2019-08-20 13:38:20 +02:00
Frank Morgner
8dc67e6a61
use statement for noop
2019-08-20 13:38:20 +02:00
Raul Metsma
fdf80761cf
Remove duplicate code
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-08-20 13:38:00 +02:00
Jakub Jelen
9b47462a51
Fix portability warning from coverity
...
CID 344928 (#1 of 1): Sizeof not portable (SIZEOF_MISMATCH)
suspicious_sizeof: Passing argument object_handles of type CK_OBJECT_HANDLE_PTR and argument objects_length * 8UL /* sizeof (CK_OBJECT_HANDLE_PTR) */ to function realloc is suspicious. In this case, sizeof (CK_OBJECT_HANDLE_PTR) is equal to sizeof (CK_OBJECT_HANDLE), but this is not a portable assumption.
2019-08-20 13:28:54 +02:00
Jakub Jelen
1a0a8e637b
p11test: Check return values
...
CID undefined (#1 of 1): Unchecked return value (CHECKED_RETURN)
10. check_return: Calling RSA_set0_key without checking return value (as is done elsewhere 7 out of 8 times).
2019-08-20 13:28:54 +02:00
Jakub Jelen
818aa5b69c
p11test: Avoid possible issues reported by coverity
...
* The fail_msg() in cmocka has a way not to fail, which confuses coverity. Adding explicit retunr/exit should address this issue
* Reformat some code in p11test
2019-08-20 13:28:54 +02:00
Jakub Jelen
2958b71c9a
typo
2019-08-20 13:28:54 +02:00
Frank Morgner
7d8009e429
PC/SC: handle resets in SCardTransmit
...
fixes https://github.com/OpenSC/OpenSC/issues/1725
2019-08-20 13:25:06 +02:00
Frank Morgner
8f838bc1e0
fixed passing LIB_FUZZING_ENGINE
2019-08-19 16:44:54 +02:00
Peter Popovec
426772298a
pkcs15-tool: inconsistent -r option fix
...
Option -r is used in other opensc tools to specify card reader. pkcs15-tool
uses -r to specify cerfificate. This fix intorduces warning message if -r
is used, and for future versions of pkcs15-tool -r is used to specify
reader.
2019-08-05 01:14:35 +02:00
Doug Engert
93bdc8c826
Support OpenSSL when deprecated defines have been removed Fixes 1755
...
sc-ossl-compat.h will check if OpenSSL has been built with or without some
deprecated defines. OpenSSL will provide defines for some of these if
built to still support depreacted routines but not if built with
"no-depracted". .
This commit will define some of the needed defines if ther are not
defined by OpenSSL. Thus if a distro builds OpenSSL with "no-depracted"
it can still be used.
On branch fix-1755
Changes to be committed:
modified: src/libopensc/sc-ossl-compat.h
2019-07-31 20:12:22 +02:00
Frank Morgner
af8f965009
fixed memory leak
2019-07-26 15:23:02 +02:00
Frank Morgner
bf8d449795
fixed memory leak
2019-07-26 15:23:02 +02:00
Frank Morgner
973b09f943
fixed exports
2019-07-26 15:23:02 +02:00
Frank Morgner
72f474f09f
use consistent parameters
...
- in sc_pkcs15_wrap()
- and sc_pkcs15_derive()
2019-07-26 15:23:02 +02:00
Frank Morgner
e28ada99fe
added parameter checking
2019-07-26 15:23:02 +02:00
Frank Morgner
b7f202221c
fixed undefined reference
2019-07-26 15:23:02 +02:00
Frank Morgner
86c4d3384b
removed undefined reference to sc_pkcs15_create
2019-07-26 15:23:02 +02:00
Frank Morgner
45dfc14573
fixed memory leak
2019-07-26 15:23:02 +02:00
Frank Morgner
755ac78a02
added fuzzing with libFuzzer and OSS-Fuzz
...
makes cmocka detection not required for building tests
2019-07-26 15:23:02 +02:00
Rosen Penev
7159400086
treewide: Fix compilation without deprecated OpenSSL APIs
2019-07-26 08:49:18 +02:00
programatix
91b9aea42a
Update pkcs15-sec.c
...
When card supports SC_ALGORITHM_RSA_PAD_PKCS1 but not SC_ALGORITHM_RSA_HASH_NONE, then the DigestInfo need to be removed.
Current check make requires the card to not support both SC_ALGORITHM_RSA_PAD_PKCS1 and SC_ALGORITHM_RSA_HASH_NONE to have the removal done.
2019-07-26 08:48:10 +02:00
Jó Ágila Bitsch
a7766b3de3
allow chaining for pkcs15-init --store-private-key EC keys
...
when importing a private key onto a pkcs15 card, if the card does not support
extended APDUs, we need to use chaining to store keys longer than 255 bytes.
While for RSA keys, this check was included, it was missing for EC keys.
This patch adds the SC_APDU_FLAGS_CHAINING flag to apdu.flags if data length is
greater than 255 and the card caps does not include SC_CARD_CAP_APDU_EXT.
Fixes #1747
2019-07-24 01:25:49 +02:00
Raul Metsma
d14cf97d7a
Allow to create temporary objects with readonly sessions and readonly cards
...
Fixes #1719
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-07-22 13:34:59 +02:00
Daniel Kouril
916434f3a2
Fix using environmental variables on WIN32.
2019-07-22 13:32:46 +02:00
carblue
709fa98bb5
opensc-tool: fix --list-algorithms for AES
2019-07-22 13:09:30 +02:00
Frank Morgner
ba19a467e4
Rutoken Lite ( #1728 )
...
* card-rtecp: Add Rutoken Lite
* avoid seperate rutoken lite driver
* added rutoken lite to minidriver
closes #1722
2019-07-22 13:05:32 +02:00
programatix
130e9bb068
Update strings.c
2019-07-04 10:12:23 +02:00
programatix
6b97071bb3
Update strings.c
...
The check condition is obviously wrong. It should check for EQUAL. The original bitwise check caused any other language to turn into DE because as long as a bit is filtered, it will hit.
2019-07-04 10:12:23 +02:00
Dmitriy Fortinskiy
3c1624676d
card-rtecp,card-rutoken: Set specific card types
2019-07-02 12:13:57 +02:00
Dmitriy Fortinskiy
60a2cf16c7
card-rtecp: Fix list_files on T0 cards
...
Rutoken ECP SC over T0 expects Get Response after SW1=61 which
is not called with zero le.
2019-07-02 12:13:57 +02:00
Frank Morgner
7fb72ccf7b
pkcs11: fixed slotIDs when a new slot list is requested
...
fixes https://github.com/OpenSC/OpenSC/issues/1706
regression of 24b7507a69
2019-06-30 10:24:11 +02:00
Andreas Schwier
e7a8c00566
sc-hsm: Use CHR in CSR based on device serial number
2019-06-21 15:08:14 +02:00
Peter Marschall
229dd32e3a
opensc-explorer: fix APDU command
...
Do not ignore first parameter.
2019-06-21 14:34:38 +02:00
Timo Teräs
19711d0a13
myeid: fix EC key upload, and avoid data copying
...
Fixes regression from commit 3688dfe
which did not consider that
the zero prefixing tests were too generic and matched EC keys too.
This simplifies the code even further and avoids data copying
when possible. Proper test is now included to do data value prefixing
only for the RSA keys it is needed.
Closes #1701 .
2019-06-17 15:19:08 +02:00
Jakub Jelen
9197dfe5ae
myeid: Detect also OsEID card in the MyEID driver and difference them with separate types
2019-06-17 12:49:11 +02:00
Jakub Jelen
07c0a47b37
card-openpgp: Fix typo in the EC Key size
2019-06-17 12:49:11 +02:00
Jakub Jelen
b65275d6f8
p11test: Improve error reporting on unknown EC groups
2019-06-17 12:49:11 +02:00
Jakub Jelen
87770df65b
p11test: Implement simple derive tests
2019-06-17 12:49:11 +02:00
Jakub Jelen
852f057ce3
p11test: Add MD5 mechanisms pretty-print
2019-06-17 12:49:11 +02:00
Jakub Jelen
86fd200462
sc-hsm: Check the operation first
2019-06-17 12:49:11 +02:00
Jakub Jelen
df0bbc110e
pkcs11-spy: Dump EC Derive parameters
2019-06-17 12:49:11 +02:00
Jakub Jelen
10abef9206
pkcs15-sec: Drop unused code (copied from RSA decipher)
2019-06-17 12:49:11 +02:00
Jakub Jelen
272e380898
Set correctly flags for ECDH derive operations
2019-06-17 12:49:11 +02:00
Jakub Jelen
6d751e8b22
opensc.h: Add missing raw ecdh algorithm
2019-06-17 12:49:11 +02:00
Jakub Jelen
293760c0d0
Fix derive operation detection in MyEID and sc-hsm drivers
2019-06-17 12:49:11 +02:00
Andreas Schwier
58fa53ac91
sc-hsm: Add missing secp384r1 curve parameter
2019-06-14 14:29:58 +02:00
Frank Morgner
94388f9538
fixed more clang-tidy warnings
2019-06-05 13:48:51 +02:00
Nuno Goncalves
0322401aae
gemsafeV1: remove redundant match card call to allow for opensc.conf match
...
At the point when gemsafe_match_card is called, the card type is already known,
either because of a previous match at card.c, or because it is forced at opensc.conf.
With this redundant match it's not possible to force selection on opensc.conf.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-06-05 13:43:52 +02:00
Raul Metsma
3a192e2c87
pkcs11-tool: Add extractable option to key import
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-06-03 10:59:58 +02:00
Doug Engert
a2dd500624
Fix pkcs11-tool encryption error Fix #1694
...
Make sure data being encrypted is less then the modulus.
On branch pkcs11-tool-encryption
Changes to be committed:
modified: ../tools/pkcs11-tool.c
2019-05-31 14:16:24 +02:00
Frank Morgner
3a665f6479
allow single character strings with sc_hex_to_bin
...
fixes https://github.com/OpenSC/OpenSC/issues/1684
fixes https://github.com/OpenSC/OpenSC/issues/1669
2019-05-31 14:15:37 +02:00
Nuno Goncalves
e3ff3be4fe
pteid: add new ATRs
...
One ATR have been confirmed on my personal card and also added to the official middleware:
https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf
There is another ATR I am adding blind from the official middleware:
https://svn.gov.pt/projects/ccidadao/changeset/321/middleware-offline/trunk/_src/eidmw/minidriver/makemsi/pteidmdrv.inf
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2019-05-31 14:12:12 +02:00
Ludovic Rousseau
cc189585c8
pkcs11-spy: display CK_GCM_PARAMS.ulIvBits field
2019-05-29 15:17:15 +02:00
Ludovic Rousseau
0fbd2663e6
Add missing ulIvBits to CK_GCM_PARAMS
...
The PKCS#11 specification text does not document the ulIvBits field.
But the header file defining CK_GCM_PARAMS uses it.
Since the header file is the normative version we need to add it.
See also https://github.com/Pkcs11Interop/Pkcs11Interop/issues/126o
and https://lists.oasis-open.org/archives/pkcs11-comment/201602/msg00001.html
and https://www.oasis-open.org/committees/document.php?document_id=58032&wg_abbrev=pkcs11
2019-05-29 15:17:15 +02:00
Frank Morgner
b7b501d0a5
fixed issues reported by clang-analyzer
2019-05-21 19:34:46 +02:00
Frank Morgner
3c83a80b57
fixed printing non primitive tag
...
fixes undefined bitshift
2019-05-21 19:34:46 +02:00
Frank Morgner
1423c6bb90
CI: integrate clang-tidy (disabled)
...
files that have warnings are currently excluded
2019-05-21 19:34:46 +02:00
Raul Metsma
1e59643caa
Remove process_arr unused file argument and fix clang-tidy warnings
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2019-05-21 19:34:46 +02:00
Jakub Jelen
e501c5ae81
Unbreak build without OpenSSL
2019-05-21 18:44:06 +02:00
Frank Morgner
65d607af66
fixed 325860 Dereference before null check
2019-05-14 14:50:17 +02:00