eddea6f3c2
fix logic of send/recv sizes in config files
...
- they are not set if
SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, ...
fails
- regarding max_send_size the logic is inverted
2018-11-09 08:56:53 +01:00
1e7bb83659
CID 324485 ( #1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)
2018-11-06 15:53:17 +01:00
609095a4f4
CID 325860 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
22c8204a2f
Merge remote-tracking branch 'upstream/pr/1393'
...
closes https://github.com/OpenSC/OpenSC/pull/1393
2018-11-06 10:51:24 +01:00
13c7574510
PIV: less debugging
...
- debugging pointers is useless in static log file
- removed double debugging of APDUs
2018-11-06 01:42:41 +01:00
eaed345a76
Add missing header file to the tarball
2018-11-05 09:15:20 +01:00
9342f8ad0a
padding: Fix error checking in RSA-PSS
2018-11-05 09:15:20 +01:00
7cced08a88
coolkey: Check return values from list initialization (coverity)
...
>>> CID 324484: Error handling issues (CHECKED_RETURN)
>>> Calling "list_init" without checking return value (as is done elsewhere 8 out of 9 times).
2018-11-05 09:15:20 +01:00
f276f7f8f4
coverity: Add allocation check
...
*** CID 323588: Uninitialized variables (UNINIT)
/src/libopensc/sc.c: 873 in sc_mem_secure_alloc()
2018-11-05 09:15:20 +01:00
351e0d2bd6
Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts
2018-11-02 13:42:41 +02:00
c70888f9ab
allow compilation with --disable-shared
2018-11-01 00:17:22 +01:00
5c7b7bb0b1
fixed minor XCode documentation warnings
2018-11-01 00:17:22 +01:00
f88419bc63
Removed pointless curly brackets
2018-10-31 10:36:50 +02:00
7bb53423a1
Code cleanup and minor corrections according to review. pkcs15-lib: Extractable keys are now marked as native. Check return value of check_key_compatibility in more explicit way to avoid misunderstandings.
2018-10-31 10:36:41 +02:00
90ec7123ba
Corrections and code cleanup as requested in review. Changed value to void* in sc_sec_env_param_t, because param_type defines type of the value. Fixed handling of secret key length in framework-pkcs15 and pkcs15-lib: CKA_VALUE_LEN from PKCS#11 is in bytes, PKCS#15 objects need key length in bits. Rebased on top of upstream/master and resolved merge conflicts.
2018-10-31 10:27:03 +02:00
ec297b618f
sc_pkcs15_wrap: Fixed checking target key type. (checked partly from wrapping key)
2018-10-31 10:27:03 +02:00
e636b64377
Fixed: Return OK by PKCS#11 convention if NULL out buffer is provided, when caller wants to query required buffer size.
2018-10-31 10:27:03 +02:00
f2c041d290
card-myeid: Removed NULL out buffer assertion to allow caller to query required buffer size.
...
mechanism.c: Bug fix to sc_pkcs11_wrap. Wrong operation was stopped in end of the function.
2018-10-31 10:27:03 +02:00
287a63c704
Fixes to key wrapping and unwrapping code: Set IV correctly in symmetric unwrap. Correctly distinguish symmetric and asymmetric operation when building APDUs. Check CKA_TOKEN from the pkcs15 object in framework_pkcs15. Updated some comments.
2018-10-31 10:27:03 +02:00
861d8b308b
Fixed myeid_unwrap with symmetric keys: set correct p2 and no padding indicator byte.
2018-10-31 10:27:03 +02:00
eba75ead20
framework-pkcs15: set CKA_EXTRACTABLE into pkcs#15 secret key object's access flags when set. pkcs15-sec: Return needed buffer size correctly when an insufficient buffer is provided.
2018-10-31 10:27:03 +02:00
c891ad2aad
Fixed version check for key wrapping functionality. Return needed buffer size in myeid_wrap_key, if no buffer or too small buffer is provided.
2018-10-31 10:27:03 +02:00
6b8c284d3e
Fixing pointer conversion that is invalid on some architectures.
2018-10-31 10:27:03 +02:00
550d4eb030
Small fixes to key wrapping and unwrapping. Handle target file ref using sc_sec_env_param type. Transmit initialization vector in symmetric key operations from PKCS#11 layer (mechanism param) to the card driver level, allow setting it in sc_set_security_env.
2018-10-31 10:27:03 +02:00
7454133272
Added flags to distinguish AES ECB and CBC modes. Added SC_ALGORIHM_UNDEFINED definition to be used with CKK_GENERIC_SECRET type keys. Added sc_sec_env_param type, which can be used to define additional parameters when settings security environment. This is now used for setting IV in symmetric crypto and target EF in key wrapping/unwrapping.
2018-10-31 10:24:19 +02:00
a2156da044
Fix encoding of SC_ASN1_CHOICE entry "parameters" in c_asn1_algorithm_info. Format only the selected entry of the choice.
2018-10-31 10:24:19 +02:00
ae5675ca22
Fixed MSE for unwrap operation. Fixed wrong P1 when formatting APDU in myeid_unwrap_key.
2018-10-31 10:24:19 +02:00
aa814fd8e8
Implemented C_Wrap into PKCS#11 interface. Added support for wrapping and unwrapping with secret keys into framework-pkcs15.c and all the way to the card driver level.
2018-10-31 10:24:19 +02:00
a9ee85452e
Resolved a merge conflict. Included both changes manually.
2018-10-31 10:24:19 +02:00
c217b254fc
MyEID: Initial implementation of key wrapping and unwrapping operations, and the related additions to myeid_set_security_env.
2018-10-31 10:24:19 +02:00
1c09fa8a22
Handle AES algorithm. Doesn't set any flags, but check for AES is needed to avoid SC_ERROR_NOT_SUPPORTED.
2018-10-31 10:24:19 +02:00
7fc6c52f81
Set native=1 as default when decoding. Check supported algorithms and set PKCS#11 key type, if key supports AES.
2018-10-31 10:22:16 +02:00
a10480d50e
Continued implementation of unwrap: Creation of a target key object on card to receive an unwrapped key. Setting target key path in sc_security_env_t.
2018-10-31 10:22:16 +02:00
5f51d5d315
Added implementation of C_UnwrapKey all the way from PKCS#11 interface to the card driver level.
...
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
2018-10-31 10:22:16 +02:00
e2b1fb81e0
Restore minimal CAC1 driver for legacy cards ( #1502 )
...
* Add minimal CAC1 driver for legacy cards.
It is using the same pkcs15 backend as the CAC2 cards as well as some of
the CAC2 driver methods.
The separation is made mostly for easier card matching or disabling.
2018-10-30 17:27:28 +01:00
c3bef7d527
fixed compilation with XCode 10
...
fixes https://github.com/OpenSC/OpenSC/issues/1485
2018-10-24 10:34:43 +02:00
8c535c184f
removed duplicate code for adding padding
...
Fixes padding handling of SC_ALGORITHM_RSA_PAD_NONE introduced with
e5707b545e
2018-10-15 15:21:52 +02:00
46c99e769d
ctx: Move coolkey driver up after improving the matching
...
Fixes #1483
2018-10-15 12:14:22 +02:00
f220d0b77d
coolkey: Improve card matching to avoid mismatches in muscle
2018-10-15 12:14:22 +02:00
55a8478ed6
cac: These functions do not have to be exposed
2018-10-15 12:14:22 +02:00
ac276b1202
starcos: fixed decipher with 2.3 ( #1496 )
...
closes https://github.com/OpenSC/OpenSC/issues/765
fixes https://github.com/OpenSC/OpenSC/issues/1495
2018-10-11 22:50:37 +02:00
d517d8e18d
Fix minidriver padding
...
Commit e5707b545e
2018-10-11 12:47:48 +02:00
550665b906
OpenPGP: refactor pgp_get_card_features()
...
Use pgp_parse_alog_attr_blob() to get the algorithm attribute DO's contents.
2018-10-10 14:52:29 +02:00
8a564107a8
OpenPGP: introduce gpg_parse_algo_attr_blob()
...
Introduce a central function to parse the algorithm atributes in DOs C1 - C3.
2018-10-10 14:52:29 +02:00
248ece23c6
OpenPGP: bail out on non-RSA key generation/import
...
Also add the necessary algorithm info where necessary.
2018-10-10 14:52:29 +02:00
c2f02f72bd
OpenPGP: adapt data structures to support RSA alternatives
...
* update callers to use the adapted structures.
2018-10-10 14:52:29 +02:00
772d20969a
OpenPGP: first steps to support key types beyond RSA
...
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
2018-10-10 14:52:29 +02:00
f1ae31aea4
OpenPGP: expose additional algorithms only with EXT_CAP_ALG_ATTR_CHANGEABLE
...
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
2018-10-10 14:52:29 +02:00
44d6116c59
OpenPGP: slight cleanups
...
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
2018-10-10 14:52:29 +02:00
ea6f7cfe1d
Added memory locking for secrets ( #1491 )
...
When caching a PIN in memory or using an OpenSSL private key this data should not be swapped to disk.
2018-10-10 14:52:01 +02:00
52959df9f6
pkcs15-oberthur: Avoid memory leaks on failures
2018-10-01 23:07:34 +02:00
bce43e6855
Remove dead code
2018-10-01 23:07:34 +02:00
74105300bf
card-iasecc: Avoid memory leaks on failure
2018-10-01 23:07:34 +02:00
674e5e8b3d
ctx: Require dll parameter otherwise we are leaking it
2018-10-01 23:07:34 +02:00
65e1cd2df7
muscle: Check return values
2018-10-01 23:07:34 +02:00
a2ab2071bb
piv: Check return value of sc_lock()
2018-10-01 23:07:34 +02:00
e5da6b66b9
iso7816: Replace asserts with explicit length checks to make coverity happy
2018-10-01 23:07:34 +02:00
b9e33a3c64
Coverity warnings
...
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it
2018-10-01 23:07:34 +02:00
83b188c950
Remove long expired EstEID 1.0/1.1 card support
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-09-30 21:25:13 +02:00
e5707b545e
Add support for PSS padding to RSA signatures
...
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-30 21:23:27 +02:00
551fcccb90
Changed outdated "STARCOS SPK 2.3" name to "STARCOS".
...
modified: src/libopensc/pkcs15-infocamere.c
modified: src/libopensc/pkcs15-starcert.c
modified: src/pkcs15init/pkcs15-lib.c
Changed isf_acl to also need SO PIN for CREATE.
modified: src/pkcs15init/starcos.profile
2018-09-28 16:50:39 +02:00
db4ed9f4a2
export _sc_match_atr_block
2018-09-14 08:23:08 +02:00
1f06a76b1a
openssl: Bump openssl requirement to 0.9.8
2018-09-14 08:21:40 +02:00
3750d70106
pgp: detect gnuk with newer fw
...
closes https://github.com/OpenSC/OpenSC/issues/1475
2018-09-13 13:46:27 +02:00
66fe060363
fixed gcc 8 compiler waring
...
closes https://github.com/OpenSC/OpenSC/pull/1474
2018-09-12 13:10:06 +02:00
430a9b3f5a
Commit c463985fed broke EstEID PIN verify
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-09-12 12:30:05 +02:00
d8a2a7bf88
reader-ctapi: ctapi_connect: remove unused variable
...
from day 1 return value of _sc_parse_atr was ignored.
2018-09-09 14:55:28 +02:00
083c18045e
Make deciphering with AUT-key possible for OpenPGP Card >v3.2 ( fixes #1352 ) ( #1446 )
2018-09-06 10:57:23 +02:00
748234b7cc
Fix SM algorithm in extended capabilities
2018-09-05 23:42:14 +02:00
39bd1ddd58
fixed wrong condition
...
fixes https://github.com/OpenSC/OpenSC/issues/1465
2018-09-04 13:51:40 +02:00
b572b383b2
Add supported algorithms for OpenPGP Card ( Fixes #1432 ) ( #1442 )
2018-08-31 14:38:14 +02:00
2b60a0db0f
Add support for SmartCard-HSM 4K (V3.0)
2018-08-31 13:42:44 +02:00
db438f61c1
ias/ecc: fixed GET CHALLENGE
2018-08-24 13:59:03 +02:00
94f9fdf145
ias/ecc: fixed card detection
...
regression of 439a95f2d
2018-08-24 13:51:15 +02:00
5daec17e32
ias/ecc: ignore missing serial on card initialization
...
fixes problem in card detection introduced in
50b000047c
2018-08-24 13:50:53 +02:00
336b282324
Reuse gp_select_aid
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-08-23 20:37:38 +02:00
719ec39b3e
Use sc_asn1_read_tag to read first tag of partially block ( #1454 )
...
Sc_asn1_read_tag can return SC_ERROR_ASN1_END_OF_CONTENTS
which indicates the tag and length are OK, but any value
is not completely contained in the buffer supplied. card-piv.c
can use this when reading just the beginning of a object to
determine the size of a buffer needed to hold the object.
2018-08-23 20:35:24 +02:00
97f0a341b0
fixed typo
2018-08-23 10:14:25 +02:00
70c4813f30
fixed Dereference before null check
2018-08-23 09:59:45 +02:00
67fbf15741
fixed NULL dereference
2018-08-23 09:51:04 +02:00
45f407c021
Mark driver-specific global sc_atr_table structures as const
...
As most of the drivers do not modify these, we can mark them as const.
Two drivers that we cannot convert are dnie and masktech.
section size
.data 35232 -> 25472
.data.rel.ro 36928 -> 46688
2018-08-22 22:50:30 +02:00
2eae5e70f5
Mark atr table argument as const in match_atr_table and _sc_match_atr functions
...
This allows us to mark driver-specific atr tables as constants.
2018-08-22 22:50:30 +02:00
fcd719d30f
Merge pull request #1447 from Jakuje/x41sec-merge
...
Security issues idefnitifed by fuzzing. For more information, see the blog post:
https://www.x41-dsec.de/lab/blog/smartcards/
2018-08-20 15:11:51 +02:00
ff8ec86f26
avoid looping forever in GET CHALLENGE
...
fixes https://github.com/OpenSC/OpenSC/issues/1440
2018-08-20 14:37:20 +02:00
fcf00e66cd
Starcos: added ATR for 2nd gen. eGK
...
fixes https://github.com/OpenSC/OpenSC/issues/1451
2018-08-20 14:27:02 +02:00
5ec26573da
coolkey: Do not overflow allocated buffer
2018-08-14 16:13:22 +02:00
79c0dbaa4e
cac: Avoid OOB reads for inconsistent TLV structures
2018-08-14 16:13:22 +02:00
50b000047c
ias/ecc: disable iccsn parsing
...
if someone wants to implement this with memory bounds checking, please
raise your hands
2018-08-14 16:13:22 +02:00
0b44793900
tcos: use ISO7816 fci parser
2018-08-14 16:13:22 +02:00
30fe0ad453
pgp: fixed integer underflow
2018-08-14 16:13:22 +02:00
92a98cb3bb
mcrd: converted assert to proper error handling
2018-08-14 16:13:22 +02:00
78f0055338
fixed uninitialized use of variable
2018-08-14 16:13:22 +02:00
03628449b7
iasecc: fixed unbound recursion
2018-08-14 16:13:22 +02:00
5807368ed4
fixed bad memory access
2018-08-14 16:13:22 +02:00
384626533e
PIV Security Changes
...
Add return code if "out" is smaller then received data.
Remove extra blanks.
2018-08-14 16:13:22 +02:00
3e5a9a42c3
Remove in PIV driver need for aid_file
...
Remove aid_file and aidfile variables in card-piv.c. These are not needed
as piv_select_aid parses the returned data from a SELECT AID command.
In response to e-mail from X41 group on 6/11/2018.
On branch x41-piv-2
Changes to be committed:
modified: card-piv.c
2018-08-14 16:13:22 +02:00
d5d15105dd
cac: Ignore end of content errors ( #7 )
...
The CAC buffers are split to separate TL and V buffers so we need to ignore this error
2018-08-14 15:50:13 +02:00
83f45cda2a
Added bounds checking to sc_simpletlv_read_tag()
...
- Logic is identical to sc_asn1_read_tag()
- Fixes out of bounds access e.g. in cac_parse_CCC
2018-08-14 15:50:13 +02:00
ffe38fd87f
sc_asn1_read_tag: fixed tracking of consumed bytes
...
fixes return buffers that are outside the allocated memory space
2018-08-14 15:50:13 +02:00
360e95d45a
fixed out of bounds writes
...
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problems.
2018-08-14 15:50:13 +02:00
8fe377e93b
fixed out of bounds reads
...
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting and suggesting security fixes.
2018-08-14 15:50:13 +02:00
9294058d5c
fixed requesting DWORD with sc_ctx_win32_get_config_value
...
the length of the value is not determined by strlen()
2018-08-05 11:35:12 +02:00
cd557df54d
md: change semantics of cancelling the PIN pad prompt
...
md_pinpad_dlg_allow_cancel now defines whether or not the user is asked
before verifying the PIN on the PIN pad. This can be denied without
interaction with the PIN pad. A checkbox in the dialog allows the user
to change this setting, which is saved in the registry by the path of
the process.
This change fixes the progress bar to match the actual configured
timout. The progressbar now fills instead of running empty, which seemed
less frightening for most users.
This change also fixes some copy/paste errors in the documentation of
opensc.conf(5).
2018-08-05 11:35:12 +02:00
da40c61d13
npa/sc-hsm: don't call EAC_cleanup()
...
In Minidriver, when the DLL is called in multiple threads, this can
lead to a deinitialization of OpenSSL's OIDs in one thread making them
unavailable from other threads of the same process. As result, CVCs
cannot be veriefied anymore during chip authentication.
2018-08-05 11:35:12 +02:00
2190bb927c
Drop support for CAC 1
...
This removes code related to the old CAC 1 specification, while
preserving the CAC 2 functionality including CAC Alt token detection
for the tokens without CCC or ACA.
The detection based on SELECT APPLET APDU is improved to require also
the READ BUFFER APDU working, which should fail on misbehaving Java cards.
2018-08-03 01:51:44 +02:00
f097d88b3a
coolkey: Drop bogus ;
2018-08-03 01:50:05 +02:00
8e8193f8f5
coolkey: Unbreak get_challenge with correct instruction code
2018-08-03 01:50:05 +02:00
dfe932d00d
OMNIKEY 3x21 and 6121 Smart Card Reader are not pinpad readers
...
macOS 10.13 ships with ccid driver 1.4.27 (fixed in 1.4.29) and this version identifies these readers wrongly as pinpad readers.
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-07-28 13:42:20 +02:00
4de0d06a93
use single quotes for passing define
...
makes sure that the shell doesn't evaluate parts of the define
2018-07-17 14:49:27 +02:00
a0b6643fa7
Use hard coded default SM module (path)
...
- avoids the need to set this default in opensc.conf
- fixes loading of (unknown) local library
- removes some unused defines from config.h
2018-07-17 14:49:27 +02:00
fbc9ff84bc
Some cards may return short RSA signatures without leading zero bytes.
...
Add leading zeros to RSA signature so it is the size of modulus.
Return modulus length.
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2018-07-11 22:30:50 +02:00
3a7a1ba31f
Do not fail if we found unknown tag or the count does not match
...
* The HID tokens present such undocumented tags
2018-07-11 10:48:10 +02:00
bf3382d4d9
Standardize logging and include also AID
2018-07-11 10:48:10 +02:00
3480d9fc99
Log also information about unitialized slots with correct labels
2018-07-11 10:48:10 +02:00
1c2a7f8dd2
HID Alt tokens have the other bunch of slots in other undocumented AID
2018-07-11 10:48:10 +02:00
1eb8391b4a
OpenPGP: slightly re-factor pgp_get_card_features()
...
* length checks where needed
* more & better comments
2018-07-11 10:47:39 +02:00
7332a37abb
OpenPGP: add serial number to card name
2018-07-11 10:47:39 +02:00
6d6efa2ded
OpenPGP: fix FIXME in pgp_new_blob()
...
Form a correct path instead ofmusising an array of 2 u8's.
Perform proper error checking.
2018-07-11 10:47:39 +02:00
215fcdad15
OpenPGP: include detailed version into card name
...
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
2018-07-11 10:47:39 +02:00
2e1b47a79a
OpenPGP: improve get_full_pgp_aid()'s parameter checking
2018-07-11 10:47:39 +02:00
2a7a6a62fa
OpenPGP: limit scope of variable
2018-07-11 10:47:39 +02:00
15125b03ab
OpenPGP: use LOG_FUNC_CALLED & LOG_FUNC_RETURN symmetrically
...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
2018-07-11 10:47:39 +02:00
fcecd1bdd2
OpenPGP: update comments on function use: ABI or internal
2018-07-11 10:47:39 +02:00
0d6be5db26
OpenPGP: define & set LCS (lifecycle support) as extended capability
...
Use it in pgp_erase_card() to slightly simplify the code.
2018-07-11 10:47:39 +02:00
3af54b2fe0
OpenPGP: harmonize some comments
2018-07-11 10:47:39 +02:00
3a59b0a182
OpenPGP: parse "extended length info" DO 7f66 on init
2018-07-11 10:47:39 +02:00
f73005791c
OpenPGP: improve parsing of extended capabilities
2018-07-11 10:47:39 +02:00
dea5fd9551
OpenPGP: add new DOs introduced with OpenPGP card spec v3.0 & v3.3
...
For some files spec states CONSTRUCTED, but we treat them as SIMPLE,
because we only need parts of their contents.
2018-07-11 10:47:39 +02:00
9dbdf42e9e
OpenPGP: update references to specifications
2018-07-11 10:47:39 +02:00
14cd6ee39e
OpenPGP: clarify meaning of padding byte in pgp_decipher()
2018-07-11 10:47:39 +02:00
4323a3d37c
OpenPGP: add new DO D5 introduced with OpenPGP card spec v2.1
...
... and make it accessible for v2.1+ cards
2018-07-11 10:47:39 +02:00
4ec37adea8
OpenPGP: extend manufacturer list in pkcs15-openpgp.c
2018-07-11 10:46:56 +02:00
2c0d1b9ab0
reset sc_card_t during card detection
...
fixes https://github.com/OpenSC/OpenSC/issues/1417
2018-07-11 10:12:42 +02:00
e2f0e367b1
Implement RSA PSS for GoID / SmartCard-HSM
2018-07-11 10:07:28 +02:00
a6b4605b86
card-piv.c: initialize variable to fix a ppc64el build failure
...
This fixes a build failure with optimized ppc64el and new gcc builds
card-piv.c: In function ‘piv_validate_general_authentication.isra.3’:
card-piv.c:2390:9: error: ‘rbuflen’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-07-11 09:54:51 +02:00
452e1d3b96
fixed used of uninitialized return value
2018-06-30 01:17:57 +02:00
971dac2f78
unignore result
2018-06-29 17:14:55 +02:00
6184c1fbab
avoid out of bounds read
2018-06-29 17:14:55 +02:00
ed0d829eab
removed unused check
2018-06-29 17:14:55 +02:00
6819759946
fixed memory leak
2018-06-29 17:14:55 +02:00
0e9565754c
avoid uninitialized output after sc_file_dup
2018-06-29 17:14:55 +02:00
31cbf83738
build: support >=libressl-2.7
2018-06-28 08:58:07 +02:00
0603c3b7fc
iso7816: fix typo in previous commit
2018-06-24 10:34:49 +03:00
2818e0f703
iso7816: update & extend error codes
...
While at it, do some space policing.
2018-06-24 10:34:49 +03:00
1ca1a024df
card-npa: fixed memory leak
...
fixes https://github.com/OpenSC/OpenSC/issues/1396
2018-06-22 09:23:00 +02:00
1f352d4c6d
muscle: Properly clean up the applet memory footprint
2018-06-21 12:48:57 +02:00
5b3da5d462
cac: Missing memory cleanup
2018-06-21 12:48:57 +02:00
2682741293
cac: Avoid segfaults from get_challenge()
2018-06-21 12:48:57 +02:00
9c2afad417
fixed copy/paste error
2018-06-20 00:56:01 +02:00
8b3f5b7d97
epass2003: fixed logical error
2018-06-19 23:24:36 +02:00
Andreas Kemnade
Frank Morgner
Jakub Jelen
Hannu Honkanen
Lars Silvén
Jakub Jelen
Luka Logar
Peter Marschall
Raul Metsma
Nicholas Wilson
Gabriel Müller
Priit Laes
Alon Bar-Lev
alex-nitrokey
alex-nitrokey
asc
Doug Engert
Leif Erik Wagner
Gianfranco Costamagna