Recent compilers have activated some additional
checks which let the build fail. (at least with cygwin)
(Normally it would be warnings but opensc compiles
with -Werror)
GCC 9.3:
In file included from profile.c:27:
profile.c: In function '__expr_get':
profile.c:2273:18: error: array subscript has type 'char' [-Werror=char-subscripts]
2273 | while (isspace(*s))
| ^~
clang 8.0.1:
compat_getopt_main.c:102:22: error: array subscript is of type 'char' [-Werror,-Wchar-subscripts]
rc = toupper(rc);
^~~~~~~~~~~
/usr/include/ctype.h:161:25: note: expanded from macro 'toupper'
(void) __CTYPE_PTR[__x]; (toupper) (__x);})
^~~~
Actually the code is correct as isspace and others
are used here with data type char, and are to be used
with data type int.
So either the compiler should have deactivated
this error, or the ctype.h macros have to be
written so the compiler no longer complains.
As there is also a simple workaround by casting
char to unsigned char, there is no need to wait for one
of the former options to be happen sometime.
Fixes
error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation]
if(cipher)
^
../../../git/src/libopensc/card-entersafe.c:369:2: note: previous statement is here
if(sbuf)
^
1. pkcs15-init is using XKU but it should use cert KU to check private key usage instead.
2. Don't mark imported keys as ALWAYSSENSITIVE and NEVEREXTRACTABLE as they are not.
3. When importing keys from PKCS#12 files (with several certs inside), use consecutive IDs for additional certificates (instead of starting from 45).
* Avoid GCC 7 warnings with -Werror
-Werror=implicit-fallthrough=
libopensc/card-incrypto34.c
not sure if this is a bug or intention
libopensc/card-rutoken.c
most probably intention
libopensc/card-westcos.c
remove bogus if so the compile is not confused
I will fill a separate bug to gcc probably
pkcs15init/pkcs15-iasecc.c
Simplify the log and avoid compiler confusion
sm/sm-common.c
explicit fallthrough
tools/pkcs11-tool.c
use explicit fallthrough comment
tools/pkcs15-init.c
The fallthrough is obvious here
-Werror=format-truncation=
libopensc/pkcs15-itacns.c
use explicit string lengths
pkcs11/framework-pkcs15.c
calculate the truncation
tests/pintest.c
avoid sprintf
tools/pkcs15-crypt.c
avoid sprintf
tools/pkcs15-init.c
calculate the truncation
card-cac.c
* CLANG_WARNING: The left operand of '<' is a garbage value
card-coolkey.c
* CLANG_WARNING: overwriting variable
* CPPCHECK_WARNING: memory leak / overwrite variable
* CLANG_WARNING: null pointer dereference
* UNUSED_VALUE: unused return value
card-gids.c
* CLANG_WARNING: Branch condition evaluates to a garbage value
* SIZEOF_MISMATCH: suspicious_sizeof
card-myeid.c
* RESOURCE_LEAK: Variable "buf" going out of scope leaks the storage it points to.
* CLANG_WARNING: overwriting variable
* (rewrite not to confuse coverity)
pkcs15-cac.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-coolkey.c
* UNUSED_VALUE: unused return value
pkcs15-piv.c
* RESOURCE_LEAK: Variable "cert_out" going out of scope leaks the storage it points to.
pkcs15-sc-hsm.c
* DEADCODE
pkcs11/framework-pkcs15.c
* RESOURCE_LEAK: Variable "p15_cert" going out of scope leaks the storage it points to.
pkcs15init/pkcs15-lib.c
* CLANG_WARNING: Assigned value is garbage or undefined
pkcs15init/pkcs15-myeid.c
* UNREACHABLE: Probably wrong placement of code block
tests/p15dump.c
* IDENTICAL_BRANCHES
pkcs15-init.c
* CLANG_WARNING: Potential leak of memory pointed to by 'args.der_encoded.value'
pkcs15-tool.c
* RESOURCE_LEAK: Variable "cert" going out of scope leaks the storage it points to.
* MISSING_BREAK: The above case falls through to this one.
sc-hsm-tool.c
* CLANG_WARNING: Potential leak of memory pointed to by 'sp'
westcos-tool.c
* FORWARD_NULL: Passing null pointer "pin" to "unlock_pin", which dereferences it.
* (rewrite not to confuse coverity)
card-cac.c
* Avoid malloc with 0 argument
gids-tool.c
* FORWARD_NULL -- copy&paste error
scconf.c
* CLANG_WARNING: Call to 'malloc' has an allocation size of 0 bytes
closes#982
* pkcs15-init,pkcs15-tool: reword --no-prompt to --use-pinpad (close#944)
Wording was confusing for a novice user. Old option is mantained as an alias,
but will print to stderr a deprecation warning.
Deprecation related code is all marked with deprecated word to easy future removal.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
* pkcs15-init,pkcs15-tool: document --use-pinpad
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
This commit is based on input from https://github.com/lbschenkel
LibreSSL is based on OpenSSL 1.0.1. API.
Changes to be committed:
modified: libopensc/sc-ossl-compat.h
modified: tools/pkcs11-tool.c
modified: tools/pkcs15-init.c
modified: tools/sc-hsm-tool.c
OpenSSL-1.1.0 was released 8/25/2016
OpenSSL-1.1.0a was released 9/22/2016
https://www.openssl.org/news/openssl-1.1.0-notes.html
Changes to allow the OpenSC code base to work with OpenSSL versions from
0.9.7 to 1.1.0 with few changes.
This is an update and rebased version of my prep-openssl-1.1.0-pre6 branch.
No attempt was made to back port any OpenSSL features. These changes
just allow an updated OpenSC code base to use what is in the various OpenSSL
releases.
A new header libopensc/sc-ossl-compat.h contains extra defines
to reduce the need for so many #if OPENSSL_VERSION_NUMBER statements
in the source code.
The OpenSC source can now use the OpenSSL 1.1 API. The libopensc/sc-ossl-compat.h
has defines for the new API for use with older versions of OpenSSL.
sc-ossl-compat.h is included by libopensc/internal.h so all OpenSC
library routines can take advantage of it. For the tools, which do not use
libopensc/internal.h, libopensc/sc-ossl-compat.h is included by the tools.
The OpenSC source has been modified to use OpenSSL functions to access
hidden structures, such X509, BIGNUM, EVP_CIPHER_CTX, and use XXX_new
functions to allocate structures which must use pointer such as
BIGNUM and EVP_CIPHER_CTX.
For backward compatability sc-ossl-compat.h now defines inline routines
to emulate the RSA and DSA access routines in OpenSSL-1.1.0. Thus
the same OpenSC source code can be used with openSSL versions from
0.9.7 to 1.1.0.
Inline routines were chosen, because using macros does not work on all platforms.
Having OpenSC versions of these routines in libopensc would be a posibility,
but they are only used for older version of OpenSSL, and could be removed in
the future.
Changes to be committed:
modified: src/libopensc/card-entersafe.c
modified: src/libopensc/card-epass2003.c
modified: src/libopensc/card-gids.c
modified: src/libopensc/card-gpk.c
modified: src/libopensc/card-oberthur.c
modified: src/libopensc/card-piv.c
modified: src/libopensc/card-westcos.c
modified: src/libopensc/cwa-dnie.c
modified: src/libopensc/cwa14890.c
modified: src/libopensc/internal.h
modified: src/libopensc/p15card-helper.c
modified: src/libopensc/pkcs15-itacns.c
modified: src/libopensc/pkcs15-prkey.c
modified: src/libopensc/pkcs15-pubkey.c
new file: src/libopensc/sc-ossl-compat.h
modified: src/pkcs11/openssl.c
modified: src/pkcs15init/pkcs15-lib.c
modified: src/pkcs15init/pkcs15-oberthur-awp.c
modified: src/pkcs15init/pkcs15-oberthur.c
modified: src/pkcs15init/pkcs15-oberthur.h
modified: src/pkcs15init/pkcs15-westcos.c
modified: src/tools/cryptoflex-tool.c
modified: src/tools/gids-tool.c
modified: src/tools/netkey-tool.c
modified: src/tools/piv-tool.c
modified: src/tools/pkcs11-tool.c
modified: src/tools/pkcs15-init.c
modified: src/tools/sc-hsm-tool.c
modified: src/tools/westcos-tool.c
Pkcs15init data, used to import/generate key objects, includes twice the same EC parameters data:
- explicit 'params' data
- part of sc_pkcs15_pubkey/sc_pkcs15_prkey
Explicit 'ec-params' data is removed.
To hold the raw certificate blob in 'sc_pkcs15_cert' data use the 'sc_pkcs15_der' data type.
also:
; in 'pkcs15-cert.c' use short call of the debug messages;
; in 'destroy-object' pkcs15 framework handler take into account the multi-application cards:
-- when binding card use the application info;
-- when finalizing profile use the application ID.
New operations:
- 'erase-application' -- erase on-card application indicated by it's AID;
- 'update-lastupdate' -- parse tokenInfo, set 'lastUpdate' value to the current date and write back tokenInfo content;
- 'ignore-ca-certificates' -- when importing PKCS#12 ignore all CA certificates;