In real world pTemplate=NULL case is only used by PKCS#11 test suites but
no need to crash them.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
In real world phSession=NULL case is only used by PKCS#11 test suites but
no need to crash them.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
In real world ppFunctionList=NULL case is only used by PKCS#11 test suites but
no need to crash them.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Depending on stack state print_generic() could cause crash or spurious garbage
in logs.
Example crash:
*** buffer overflow detected ***: pkcs11test terminated
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Some test suites are excercising pMechanism==NULL case and this causes
crash when using pkcs11-spy for logging in between.
Centralize logging for pMechanism and handle NULL case.
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
two lines that are never executed are removed for the code.
The LOG_TEST_GOTO_ERR before these lines will goto err.
On branch PIV-improved-parsing
Changes to be committed:
modified: src/libopensc/card-piv.c
Based on Fuzz testing, many of the calls to sc_asn1_find_tag were replaced
with sc_asn1_read_tag. The input is also tested that the
expected tag is the first byte. Additional tests are also add.
sc_asn1_find_tag will skip 0X00 or 0Xff if found. NIST sp800-73-x specs
do not allow these extra bytes.
On branch PIV-improved-parsing
Changes to be committed:
modified: card-piv.c
The function is intentionally broken in OpenSSL 3.0 for provided keys
and returning NULL. But it should still work for the legacy gost engine
implementation (but I do not have a good way to check).
Discussed in openssl upstream issue:
https://github.com/openssl/openssl/issues/16081
C_Initialize() must make a copy of the function pointers supplied
via pInitArgs, as the PKCS#11 specification makes no guarantee that
the pInitArgs pointer is allowed to be dereferenced after C_Initialize()
returns.
Fixes issue #2170.
Proper Ed25519/X25519 certs have pubkey algo with OID 1.3.101.112/110, according to
RFC8410. This commit add these OIDs, and also fixes pubkey parsing/creation - according
to the same RFC, it's just a bytestring, without ASN.1 wrapping.
Also, according to the same RFC, EDDSA/X25519 MUST not have params, even empty.
Let's define an environment MINIDRIVER_PIN=1234 in order to be able
to reuse the tests with any cards.
usage:
(cmd) set MINIDRIVER_PIN=1234
When the PIN code is not defined, let's skip the tests since it may runs
the number of trials out of the max attempts.
Moreover, some cards may have many roles, but the tests are designed for
the ROLE_USER, so let's enforce only the ROLE_USER.
Fix: issue #2326
if 5000 bytes are read, then at the end of the array we will write zero beyond its boundaries, damaging the stack.
Here's a simple solution. if you see the need to increase the array itself, let me know.
Vesa Jääskeläinen
Doug Engert
Jakub Jelen
Frank Morgner
Alessio Di Mauro
Stephan Mühlstrasser
Jaime Hablutzel
Yaroslav Isakov
Vincent JARDIN
Georgi Kirichkov
Alon Bar-Lev
divinehawk
ihsinme