ASN1 tags are represented in two many ways within OpenSC.
This is a trivial change to simplify one aspect of this.
It also makes the code more readable.
SC_ASN1_CLASS_MASK, SC_ASN1_APP, SC_ASN1_CTX, SC_ASN1_PRV,
SC_ASN1_CONS are changed, and SC_ASN1_CLASS_MASK is added.
These then align with the bits defined by SC_ASN1_TAG_CLASS,
SC_ASN1_TAG_APPLICATION, SC_ASN1_TAG_CONTEXT, SC_ASN1_TAG_PRIVATE,
and SC_ASN1_TAG_CONSTRUCTED.
(SC_ASN1_UNI and SC_ASN1_TAG_UNIVERSAL are both 0x00 thus no change
is needed).
(No sign of a right shift of SC_ASN1_CTX or SC_ASN1_PRV causeing
problems has been seen in the code.) If found, can be solved.)
Close examination of the OpenSC code base shows all uses of tags
used by routines and sc_asn1_entry use the defines.
This could allows 26 lines of code in sc_asn1_skip_tag used to test
the 3 CLASS and CONSTRUCTED bits to be replaced by:
if (((cla << 24) | tag) != tag_in)
return NULL;
The 26 lines still work as will any other code in OpenSC
that tests the bits using the defines. It also allows new code
to be simplified.
Problem identified while looking at better way to check response
on GET_DATA (0xCB) that returns TLV as used in card-piv.c
Changes tested using pkcs11-tool --test --login with PIV, SC_HSM
and OpenPGP cards.
- update code signing credentials, thanks to Tim Wilbrink
- split up large files into 50 MB chunks for Nightly to avoid Github's file size limit
- codesign tools/libs with hardened runtime and entitlements
- avoid relocation of app bundles on installation
- sign installer for distribution
Fixes#2141
NIST 800-73-3 based cards only had 2 bits set in first pin policy byte.
NIST 800-73-4 defines additions bits in first pin policy byte.
When one of these bit is set, and the policy prefers the Global pin,
it is not recognized and the local pin is used.
On branch PIV-global-pin-bug
Changes to be committed:
modified: src/libopensc/card-piv.c
When failed to access reader, cxt needs to be released before
exiting the program. Like in the patch of CVE-2019-6502, a
sc_release_context(ctx) is needed before line 71, or a
memory leak may occur.