* Add missing SHA224 RSA algorithms
* Fix wrong replacement in pkcs11-tool manual page
* Add MGF and PSS_PARAMS definitions in PKCS#11 header file
* Inspect PSS signature parameters in pkcs11-spy
* Enable RSA-PSS signatures in pkcs11-tool
* Added short names to RSA-PSS methods
* Reintroduce portable NORETURN indication for functions and use it to avoid compilers complaining
Use the ASN.1 decoder's SC_ASN1_BIT_FIELD decoder to properly decode
into a machine word. As _bitstring_extension is used only for the OID
2.5.29.15 by all callers, which is at most 9 bits wide, this is a
reasonable thing to do.
Note, that there are a number of card drivers that still use
`sc_read_binary` in the wrong way. Unfortunately, I don't have the time
to go through all of them.
Fixes https://github.com/OpenSC/OpenSC/issues/1112
* Support for new MinInt agent card
This card uses the same ATR as the existing card, but the applet installed
does not have the same AID. This card actually works exactly as the
IASECC_SAGEM.
Unify iasecc_init for AMOS/SAGEM and MI cards
* cac: Make the retransmitted APDU valid by restoring the resplen
* cac: Check SWs for all the APDUs and report the errors to underlying layers
* cac: Fallback from CACv1 to CACv2 when CACv1 instruction is not recognized
for the lack of other pointers how to recongnize them
* avoid goto
- use UI framework
- timeout progressbar is running backwards
- cancelling is disabled by default
- removes card specific UI strings, use opensc.conf for that instead
- icon can be loaded by file
Pressing the cancel button in the PIN pad dialog should not close the
dialog. The application will still wait for the request to complete
even if the dialog is gone. Instead, we tell the user to press the
cancel butten on the PIN pad if the reader does not support SCardCancel.
When the dialog is shown in a separate thread and the user removes the
card, both, the thread for the pin pad operation and the main thread
are trying to access the card and context handles. Even worse, the main
thread deletes the context handle, which may result in a segmentation
fault for the thread with the pin pad operation.
- themable in the sense of using OS native design
- user messages on PIN pad dialog are identical to Base CSP, which still displays the dialog for PIN entry if no PIN pad is available
- adds progress bar to dialog
- Uses Smartcard icon extracted from DDORes.dll
- requires windows vista/windows server 2008 or above
tools/pkcs15-tool.c:
Dead assignment: Value stored to 'c' is never read
tools/pkcs11-tool.c:
Dead assignment: Value stored to 'n' is never read
Dead assignment: Value stored to 'rv' is never read
libopensc/card-cac.c:
Dead assignemnt: Value stored to 'tl_head_len' is never read
Dead increment: Value stored to 'outp' is never read
common/libpkcs11.c:
Memory leak in case of C_UnloadModule() fails
libopensc/pkcs15-pubkey.c:
Potential memory leaks
pkcs11/mechanism.c:
Potential memory leak
pkcs11/framework-pkcs15.c:
Potential memory leaks
Dereference of null pointer
Dead assignments
tools/sc-hsm-tool.c:
Function call argument is an uninitialized value
Dead assignment: Value stored to 'r' is never read
libopensc/card-openpgp.c:
Dead assignment: ignoring the errors in case of sc_pkcs15_encode_pubkey() failed
libopensc/pkcs15-cac.c:
Dead assignments: ignoring return values
libopensc/pkcs15-coolkey.c:
Dead assignments: ignoring return values
libopensc/card-sc-hsm.c:
Dereference of undefined pointer value: Properly check the file allocation
pkcs11/slot.c:
Dead assignment
pkcs15init/pkcs15-cflex.c:
Dereference of null pointer
Uninitialized argument values
MyEID does not support RAW RSA signature for 2048 bit key.
(Source: MyEID reference manual 2.1.4)
This hack uses decipher operation for calculating
RAW 2048 bit signature.
* Simplify CardOS 5.0 support (removing explicit 5.3 marker since the behavior should be the same)
* Restore RSA_PKCS signatures functionality
Closes https://github.com/OpenSC/OpenSC/pull/1079
Quoting from PKCS#11:
The CKA_ALWAYS_AUTHENTICATE attribute can be used to force re-authentication (i.e. force the user to provide a PIN) for each use of a private key. “Use” in this case means a cryptographic operation such as sign or decrypt. This attribute may only be set to CK_TRUE when CKA_PRIVATE is also CK_TRUE.
Re-authentication occurs by calling C_Login with userType set to CKU_CONTEXT_SPECIFIC immediately after a cryptographic operation using the key has been initiated (e.g. after C_SignInit).
Closes https://github.com/OpenSC/OpenSC/pull/1066
Calculating intrinsic key would probably be not wise, because
it would leak out information about the secret key. Try to
generate globally unique IDs just by using a random one.
- fixes decoding of SecretKeyAttributes
- adds support for algorithmReferences
- adds support for algIndependentKeys (PKCS#15 Generic keys)
- implements encoding of SKDF
- don't use private data on card matching
- instead, return 1 for every known ATR and only select the applet if the ATR is unknown.
- card initialization always selects the applet.
Advantage: decouples memeory management in matching from initializing the card.
Disadvantage: Applet is selected twice in case of an unknown ATR (once for matching and a second time for initializing the card).
Fixes https://github.com/OpenSC/OpenSC/issues/1042
- eac: allow CA without EF.CardSecurity
- sc-hsm: implemented CA based on document PKI
- sc-hsm: adds receive limit for SoC card
- introduces dedicated card type for SoC card
- md: integrate card's PIN pad capabilities
- installer: added SC-HSM SoC card to registry
- pkcs15-tool: Added support for PIN entry on card
- change/unblock PIN: add support for PIN entry on card
- added OpenPACE to macOS build
- travis-ci: install gengetopt/help2man via brew
- sc-hsm: Cache EF.C_DevAut
- sc-hsm: Prevent unnecessary applet selection and state resets
- sc-hsm: added support for session pin
- sc-hsm: avoid multiple AID selection
- sc-hsm: Use the information from match_card for all subsequent selections of the applet
- sc-hsm: cache optional files as empty files (Decoding the files will reveal that they were not existing prior caching. This avoids selecting the file though we have already tried to cache the file before.)
- use dedicated directory for CVC trust anchors
- appveyor: added OpenPACE to windows build
regression of 45a7ea9737075b5901fe7a5d65ed898733140315:
due to the change in the linkage, the symbols should be found in
opensc.dll instead of the static support libraries.
Add code to support OpenSSL initialization correctly when using OpenSSL-1.1
Tested with OpenSSL-1.1.0c and OpenSSL-1.1.0e.
Changes to be committed:
modified: src/tools/piv-tool.c
Communication defined by ISO/IEC 14443 is identical to T=1, so make
sure we connect in the right mode to the card so that the constructed
APDUs can be handled by the card.