Frank Morgner
43951252f5
adapted date in NEWS
2017-07-18 16:29:50 +02:00
asc
78f15062f8
Fix memory leak #1050
2017-07-18 16:27:56 +02:00
Frank Morgner
df5fbc40bc
0.17.0: updated NEWS file
2017-07-17 15:28:02 +02:00
Frank Morgner
cf9b8dd6ea
sc-hsm: removed UTSRCACC100001
2017-07-14 07:23:17 +02:00
Jakub Jelen
12fe5b5e67
[pkcs11-tool] Do not use modLenBytes before validating
2017-07-11 12:55:38 +02:00
Frank Morgner
206b2cec28
Added npa-tool.1 to distribution
...
fixes https://github.com/OpenSC/OpenSC/issues/1093
2017-07-11 10:22:14 +02:00
Frank Morgner
805c6b5a30
PIV: workaround for reading public key
...
closes https://github.com/OpenSC/OpenSC/pull/1069
2017-07-11 10:08:50 +02:00
Jakub Jelen
9d813c075b
Simplify differences between CardOS 5 versions and unbreak 5.3 signatures ( #1080 )
...
* Simplify CardOS 5.0 support (removing explicit 5.3 marker since the behavior should be the same)
* Restore RSA_PKCS signatures functionality
Closes https://github.com/OpenSC/OpenSC/pull/1079
2017-07-06 22:51:45 +02:00
Peter Popovec
a197ba1a99
MyEID - T0 protocol fail for derive operation
...
apdu.le must be set minimally to shared key length (pubkey_len / 2),
otherwise sc_get_response() does not read derived shared key from card.
2017-07-06 22:45:49 +02:00
Frank Morgner
4ea2828246
card-piv: Fix Thunderbird and SC_PIN_CMD_GET_INFO
...
Fixes https://github.com/OpenSC/OpenSC/issues/1071
Closes https://github.com/OpenSC/OpenSC/pull/1072
2017-07-04 10:16:41 +02:00
Jakub Jelen
7e28c1b4e0
[cac] Correctly select APDU CASE to unbreak get_challenge
2017-06-30 22:20:00 +02:00
asc
abb45fb9d3
Fix change PIN failure ( #1076 )
2017-06-24 15:26:04 +02:00
asc
0e8aca8557
Fix maximum CHR length
2017-06-24 15:26:04 +02:00
Frank Morgner
1258aa87a7
fixed library name of smm-local
2017-06-22 10:36:08 +02:00
Frank Morgner
828de113e8
pkcs11-tool: respect CKA_ALWAYS_AUTHENTICATE
...
Quoting from PKCS#11:
The CKA_ALWAYS_AUTHENTICATE attribute can be used to force re-authentication (i.e. force the user to provide a PIN) for each use of a private key. “Use” in this case means a cryptographic operation such as sign or decrypt. This attribute may only be set to CK_TRUE when CKA_PRIVATE is also CK_TRUE.
Re-authentication occurs by calling C_Login with userType set to CKU_CONTEXT_SPECIFIC immediately after a cryptographic operation using the key has been initiated (e.g. after C_SignInit).
Closes https://github.com/OpenSC/OpenSC/pull/1066
2017-06-15 23:43:37 +02:00
Frank Morgner
91ed248e6f
updated required PCSC-Lite version
...
Fixes https://github.com/OpenSC/OpenSC/issues/1065
2017-06-15 23:38:57 +02:00
Frank Morgner
3a299eb2bf
0.17.0 version bump
2017-06-13 13:23:53 +02:00
Frank Morgner
4c654606ea
fixed Coverity issues
...
Fixes https://github.com/OpenSC/OpenSC/issues/1057
2017-06-13 13:07:52 +02:00
Frank Morgner
e894bd175b
Revert "pkcs11-tool: always authenticate when pinpad is in use"
...
This reverts commit 423375c6f8
.
Fixes https://github.com/OpenSC/OpenSC/issues/1063
2017-06-13 13:06:46 +02:00
Timo Teräs
00a710b939
pkcs15-tool: add documentation for secret key options
2017-06-13 10:40:36 +02:00
Timo Teräs
137c6306d2
pkcs15init: use random id for secret key
...
Calculating intrinsic key would probably be not wise, because
it would leak out information about the secret key. Try to
generate globally unique IDs just by using a random one.
2017-06-13 10:40:36 +02:00
Timo Teräs
023216c755
add algorithm references for AES keys
2017-06-13 10:40:36 +02:00
Timo Teräs
e23190d0b5
pkcs15-init: support secret key upload and generation
2017-06-13 10:40:36 +02:00
Timo Teräs
94973809c2
Support SKDF and secret key upload for MyEID cards
2017-06-13 10:40:36 +02:00
Timo Teräs
3d8cf274ff
pkcs15init: add support for secret key upload and generation
2017-06-13 10:40:36 +02:00
Timo Teräs
576e70b70f
pkcs15: allow struct sc_pkcs15_prkey to contain secret key
...
This allows using the existing store_key abstraction to upload
secret keys too.
2017-06-13 10:40:36 +02:00
Timo Teräs
7e99cf7411
pkcs15-init: include secret keys in generic object handling code
...
Type user visible type string is 'secrkey' in harmony with pkcs11-tool.
2017-06-13 10:40:36 +02:00
Timo Teräs
e2e1cbd10f
pkcs15init: prepare sc_pkcs15init_skeyargs for proper secret key support
2017-06-13 10:40:36 +02:00
Timo Teräs
8f53133ae3
pkcs15-tool: fix secret key dumping
2017-06-13 10:40:36 +02:00
Timo Teräs
2632b616d9
Imporve SKDF decoding and implement encoding
...
- fixes decoding of SecretKeyAttributes
- adds support for algorithmReferences
- adds support for algIndependentKeys (PKCS#15 Generic keys)
- implements encoding of SKDF
2017-06-13 10:40:36 +02:00
Timo Teräs
becd243fd6
add AES algorithm ID
2017-06-13 10:40:36 +02:00
Timo Teräs
fe88222ffe
pkcs15init: handle secret key in generic helper functions
2017-06-13 10:40:36 +02:00
Timo Teräs
048e703ab7
pkcs15init: generalize key compatibility checking helpers
2017-06-13 10:40:36 +02:00
Timo Teräs
0576ccce0c
Add _sc_card_add_generic for registering secret key algorithms
2017-06-13 10:40:36 +02:00
Frank Morgner
35c5eb0659
fixed ressource leak
2017-06-09 10:33:46 +02:00
Frank Morgner
32aa51a0f6
avoid logically dead code
2017-06-09 10:33:46 +02:00
Frank Morgner
888215ca7c
prevent integer overflow
2017-06-09 10:33:46 +02:00
Frank Morgner
7e5afad630
fixed bad memory access
2017-06-09 10:33:46 +02:00
konstantinpersidskiy
083cec8fda
pkcs11-tool: add GOSTR3410 keypair generation ( #997 )
...
* pkcs11-tool: add GOSTR3410 keypair generation
* Refactor gost3410 generation
2017-06-09 10:30:40 +02:00
Frank Morgner
3e5fc896b7
sc-hsm: fixed using GoID with unknown ATR
2017-06-06 00:59:20 +02:00
Frank Morgner
3131282760
sc-hsm: add GoID ATRs
...
disables forcing sc-hsm for standard JCOP ATRs, see
b7de5888a0 (commitcomment-22258928)
2017-06-06 00:59:20 +02:00
Frank Morgner
fb8fccd7ba
AppVeyor: cache openpace build
2017-06-05 00:09:33 +02:00
Frank Morgner
ad451bd201
AppVeyor: cache zlib build
2017-06-05 00:09:33 +02:00
Frank Morgner
74d5eee573
AppVeyor: Updated OpenSSL version
2017-06-05 00:09:33 +02:00
Frank Morgner
2536365d79
removed BUILD_ON/BUILD_FOR variable
...
- guess the system architecture based on %PROCESSOR_ARCHITECTURE%
- guess the target system based on %PLATFORM%
2017-06-05 00:09:33 +02:00
Frank Morgner
eb19691efe
added compatibility with WiX 3.11
2017-06-05 00:09:33 +02:00
Jakuje
0e70c59aef
If the underlying PKCS#15 structure does not provide label for a cert… ( #1045 )
2017-05-30 00:05:30 +02:00
Frank Morgner
b7de5888a0
sc-hsm: fixed forcing a card driver via opensc.conf
...
- don't use private data on card matching
- instead, return 1 for every known ATR and only select the applet if the ATR is unknown.
- card initialization always selects the applet.
Advantage: decouples memeory management in matching from initializing the card.
Disadvantage: Applet is selected twice in case of an unknown ATR (once for matching and a second time for initializing the card).
Fixes https://github.com/OpenSC/OpenSC/issues/1042
2017-05-22 16:25:08 +02:00
Frank Morgner
a0e868974d
pkcs15-tool: added test for session PIN
2017-05-22 16:25:08 +02:00
Frank Morgner
7c3bb44cdf
minidriver: added support for session pin
2017-05-22 16:25:08 +02:00