Andreas Kemnade
eddea6f3c2
fix logic of send/recv sizes in config files
...
- they are not set if
SCardControl(card_handle, CM_IOCTL_GET_FEATURE_REQUEST, ...
fails
- regarding max_send_size the logic is inverted
2018-11-09 08:56:53 +01:00
Frank Morgner
1e7bb83659
CID 324485 ( #1 of 2): Integer overflowed argument (INTEGER_OVERFLOW)
2018-11-06 15:53:17 +01:00
Frank Morgner
609095a4f4
CID 325860 ( #1 of 1): Dereference before null check (REVERSE_INULL)
2018-11-06 15:53:17 +01:00
Frank Morgner
22c8204a2f
Merge remote-tracking branch 'upstream/pr/1393'
...
closes https://github.com/OpenSC/OpenSC/pull/1393
2018-11-06 10:51:24 +01:00
Frank Morgner
13c7574510
PIV: less debugging
...
- debugging pointers is useless in static log file
- removed double debugging of APDUs
2018-11-06 01:42:41 +01:00
Jakub Jelen
eaed345a76
Add missing header file to the tarball
2018-11-05 09:15:20 +01:00
Jakub Jelen
9342f8ad0a
padding: Fix error checking in RSA-PSS
2018-11-05 09:15:20 +01:00
Jakub Jelen
7cced08a88
coolkey: Check return values from list initialization (coverity)
...
>>> CID 324484: Error handling issues (CHECKED_RETURN)
>>> Calling "list_init" without checking return value (as is done elsewhere 8 out of 9 times).
2018-11-05 09:15:20 +01:00
Jakub Jelen
f276f7f8f4
coverity: Add allocation check
...
*** CID 323588: Uninitialized variables (UNINIT)
/src/libopensc/sc.c: 873 in sc_mem_secure_alloc()
2018-11-05 09:15:20 +01:00
Hannu Honkanen
351e0d2bd6
Merge remote-tracking branch 'upstream/master' into wrapping-rebased and resolve conflicts
2018-11-02 13:42:41 +02:00
Frank Morgner
c70888f9ab
allow compilation with --disable-shared
2018-11-01 00:17:22 +01:00
Frank Morgner
5c7b7bb0b1
fixed minor XCode documentation warnings
2018-11-01 00:17:22 +01:00
Hannu Honkanen
f88419bc63
Removed pointless curly brackets
2018-10-31 10:36:50 +02:00
Hannu Honkanen
7bb53423a1
Code cleanup and minor corrections according to review. pkcs15-lib: Extractable keys are now marked as native. Check return value of check_key_compatibility in more explicit way to avoid misunderstandings.
2018-10-31 10:36:41 +02:00
Hannu Honkanen
90ec7123ba
Corrections and code cleanup as requested in review. Changed value to void* in sc_sec_env_param_t, because param_type defines type of the value. Fixed handling of secret key length in framework-pkcs15 and pkcs15-lib: CKA_VALUE_LEN from PKCS#11 is in bytes, PKCS#15 objects need key length in bits. Rebased on top of upstream/master and resolved merge conflicts.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
ec297b618f
sc_pkcs15_wrap: Fixed checking target key type. (checked partly from wrapping key)
2018-10-31 10:27:03 +02:00
Hannu Honkanen
e636b64377
Fixed: Return OK by PKCS#11 convention if NULL out buffer is provided, when caller wants to query required buffer size.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
f2c041d290
card-myeid: Removed NULL out buffer assertion to allow caller to query required buffer size.
...
mechanism.c: Bug fix to sc_pkcs11_wrap. Wrong operation was stopped in end of the function.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
287a63c704
Fixes to key wrapping and unwrapping code: Set IV correctly in symmetric unwrap. Correctly distinguish symmetric and asymmetric operation when building APDUs. Check CKA_TOKEN from the pkcs15 object in framework_pkcs15. Updated some comments.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
861d8b308b
Fixed myeid_unwrap with symmetric keys: set correct p2 and no padding indicator byte.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
eba75ead20
framework-pkcs15: set CKA_EXTRACTABLE into pkcs#15 secret key object's access flags when set. pkcs15-sec: Return needed buffer size correctly when an insufficient buffer is provided.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
c891ad2aad
Fixed version check for key wrapping functionality. Return needed buffer size in myeid_wrap_key, if no buffer or too small buffer is provided.
2018-10-31 10:27:03 +02:00
Lars Silvén
6b8c284d3e
Fixing pointer conversion that is invalid on some architectures.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
550d4eb030
Small fixes to key wrapping and unwrapping. Handle target file ref using sc_sec_env_param type. Transmit initialization vector in symmetric key operations from PKCS#11 layer (mechanism param) to the card driver level, allow setting it in sc_set_security_env.
2018-10-31 10:27:03 +02:00
Hannu Honkanen
7454133272
Added flags to distinguish AES ECB and CBC modes. Added SC_ALGORIHM_UNDEFINED definition to be used with CKK_GENERIC_SECRET type keys. Added sc_sec_env_param type, which can be used to define additional parameters when settings security environment. This is now used for setting IV in symmetric crypto and target EF in key wrapping/unwrapping.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
a2156da044
Fix encoding of SC_ASN1_CHOICE entry "parameters" in c_asn1_algorithm_info. Format only the selected entry of the choice.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
ae5675ca22
Fixed MSE for unwrap operation. Fixed wrong P1 when formatting APDU in myeid_unwrap_key.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
aa814fd8e8
Implemented C_Wrap into PKCS#11 interface. Added support for wrapping and unwrapping with secret keys into framework-pkcs15.c and all the way to the card driver level.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
a9ee85452e
Resolved a merge conflict. Included both changes manually.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
c217b254fc
MyEID: Initial implementation of key wrapping and unwrapping operations, and the related additions to myeid_set_security_env.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
1c09fa8a22
Handle AES algorithm. Doesn't set any flags, but check for AES is needed to avoid SC_ERROR_NOT_SUPPORTED.
2018-10-31 10:24:19 +02:00
Hannu Honkanen
7fc6c52f81
Set native=1 as default when decoding. Check supported algorithms and set PKCS#11 key type, if key supports AES.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
a10480d50e
Continued implementation of unwrap: Creation of a target key object on card to receive an unwrapped key. Setting target key path in sc_security_env_t.
2018-10-31 10:22:16 +02:00
Hannu Honkanen
5f51d5d315
Added implementation of C_UnwrapKey all the way from PKCS#11 interface to the card driver level.
...
Not yet complete, but can be run with CKA_TOKEN=FALSE set in the target object. Currently unwrapping emulated
with a decrypt operation in card-myeid.c. To be improved.
2018-10-31 10:22:16 +02:00
Jakub Jelen
e2b1fb81e0
Restore minimal CAC1 driver for legacy cards ( #1502 )
...
* Add minimal CAC1 driver for legacy cards.
It is using the same pkcs15 backend as the CAC2 cards as well as some of
the CAC2 driver methods.
The separation is made mostly for easier card matching or disabling.
2018-10-30 17:27:28 +01:00
Frank Morgner
c3bef7d527
fixed compilation with XCode 10
...
fixes https://github.com/OpenSC/OpenSC/issues/1485
2018-10-24 10:34:43 +02:00
Frank Morgner
8c535c184f
removed duplicate code for adding padding
...
Fixes padding handling of SC_ALGORITHM_RSA_PAD_NONE introduced with
e5707b545e
2018-10-15 15:21:52 +02:00
Jakub Jelen
46c99e769d
ctx: Move coolkey driver up after improving the matching
...
Fixes #1483
2018-10-15 12:14:22 +02:00
Jakub Jelen
f220d0b77d
coolkey: Improve card matching to avoid mismatches in muscle
2018-10-15 12:14:22 +02:00
Jakub Jelen
55a8478ed6
cac: These functions do not have to be exposed
2018-10-15 12:14:22 +02:00
Frank Morgner
ac276b1202
starcos: fixed decipher with 2.3 ( #1496 )
...
closes https://github.com/OpenSC/OpenSC/issues/765
fixes https://github.com/OpenSC/OpenSC/issues/1495
2018-10-11 22:50:37 +02:00
Luka Logar
d517d8e18d
Fix minidriver padding
...
Commit e5707b545e
broke signing using minidriver on Windows.
More specifically changing #define SC_ALGORITHM_RSA_PAD_NONE from 0x00000000 to 0x00000001 caused a call to sc_pkcs1_encode() to fail as the padding algorithm was not specified anywhere in the CardSignData() implementation. It kind of worked as long as SC_ALGORITHM_RSA_PAD_NONE was 0x00000000, but the above mentioned commit broke this.
Now padding algorithm has to be explicitly specified, otherwise a call to sc_pkcs1_encode() will fail.
2018-10-11 12:47:48 +02:00
Peter Marschall
550665b906
OpenPGP: refactor pgp_get_card_features()
...
Use pgp_parse_alog_attr_blob() to get the algorithm attribute DO's contents.
2018-10-10 14:52:29 +02:00
Peter Marschall
8a564107a8
OpenPGP: introduce gpg_parse_algo_attr_blob()
...
Introduce a central function to parse the algorithm atributes in DOs C1 - C3.
2018-10-10 14:52:29 +02:00
Peter Marschall
248ece23c6
OpenPGP: bail out on non-RSA key generation/import
...
Also add the necessary algorithm info where necessary.
2018-10-10 14:52:29 +02:00
Peter Marschall
c2f02f72bd
OpenPGP: adapt data structures to support RSA alternatives
...
* update callers to use the adapted structures.
2018-10-10 14:52:29 +02:00
Peter Marschall
772d20969a
OpenPGP: first steps to support key types beyond RSA
...
- rename 'keytype' in some OpenPGP-specific types to 'key_id'
because they key ID was what the field was used for
- introduce field 'algorithm' in the structures above
to indicate the key's algorithm: RSA, ...
- define constant SC_OPENPGP_KEYALGO_RSA and use it
- rename constants SC_OPENPGP_KEYFORMAT_* to SC_OPENPGP_KEYFORMAT_RSA_*
because they are RSA specific
2018-10-10 14:52:29 +02:00
Peter Marschall
f1ae31aea4
OpenPGP: expose additional algorithms only with EXT_CAP_ALG_ATTR_CHANGEABLE
...
List additional algorithms & attributes as supported only when the card
supports changing the algorithms attributes DOs and exposes this by having
the EXT_CAP_ALG_ATTR_CHANGEABLE capability set.
Using different algorithms and attributes requires changing the algorithm
attributes DOs. If that is not supported - as indicated by a missing
EXT_CAP_ALG_ATTR_CHANGEABLE capability - then only those algorithms
described by the current algorithms attributes DOs' contents can be used.
In addition simplify setting the flags.
2018-10-10 14:52:29 +02:00
Peter Marschall
44d6116c59
OpenPGP: slight cleanups
...
* use variables if they are already there
* be a bit more explicit in logging
* more consistent tag format: %04X
* cleanup flag setting for _sc_card_add_rsa_alg()
2018-10-10 14:52:29 +02:00
Frank Morgner
ea6f7cfe1d
Added memory locking for secrets ( #1491 )
...
When caching a PIN in memory or using an OpenSSL private key this data should not be swapped to disk.
2018-10-10 14:52:01 +02:00
Jakub Jelen
52959df9f6
pkcs15-oberthur: Avoid memory leaks on failures
2018-10-01 23:07:34 +02:00
Jakub Jelen
bce43e6855
Remove dead code
2018-10-01 23:07:34 +02:00
Jakub Jelen
74105300bf
card-iasecc: Avoid memory leaks on failure
2018-10-01 23:07:34 +02:00
Jakub Jelen
674e5e8b3d
ctx: Require dll parameter otherwise we are leaking it
2018-10-01 23:07:34 +02:00
Jakub Jelen
65e1cd2df7
muscle: Check return values
2018-10-01 23:07:34 +02:00
Jakub Jelen
a2ab2071bb
piv: Check return value of sc_lock()
2018-10-01 23:07:34 +02:00
Jakub Jelen
e5da6b66b9
iso7816: Replace asserts with explicit length checks to make coverity happy
2018-10-01 23:07:34 +02:00
Jakub Jelen
b9e33a3c64
Coverity warnings
...
card-piv.c
make sure the string is null terminated before passing it
to hex_to_bin routine, which expects it
pkcs15-cac.c
free cn_name on failure
pkcs11-tool.c
make sure the string is null terminated before passing it to
parse_certificate(), which expects it
2018-10-01 23:07:34 +02:00
Raul Metsma
83b188c950
Remove long expired EstEID 1.0/1.1 card support
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-09-30 21:25:13 +02:00
Nicholas Wilson
e5707b545e
Add support for PSS padding to RSA signatures
...
A card driver may declare support for computing the padding on the card,
or else the padding will be applied locally in padding.c. All five
PKCS11 PSS mechanisms are supported, for signature and verification.
There are a few limits on what we choose to support, in particular I
don't see a need for arbitrary combinations of MGF hash, data hash, and
salt length, so I've restricted it (for the user's benefit) to the only
cases that really matter, where salt_len = hash_len and the same hash is
used for the MGF and data hashing.
------------------------------------------------------------------------
Reworked and extended in 2018 by Jakub Jelen <jjelen@redhat.com> against
current OpenSC master, to actually work with existing PIV cards:
* extended of missing mechanisms (SHA224, possibility to select MGF1)
* compatibility with OpenSSL 1.1+
* Removed the ANSI padding
* Formatting cleanup, error checking
Based on the original work from
https://github.com/NWilson/OpenSC/commit/42f3199e66
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
2018-09-30 21:23:27 +02:00
Gabriel Müller
551fcccb90
Changed outdated "STARCOS SPK 2.3" name to "STARCOS".
...
modified: src/libopensc/pkcs15-infocamere.c
modified: src/libopensc/pkcs15-starcert.c
modified: src/pkcs15init/pkcs15-lib.c
Changed isf_acl to also need SO PIN for CREATE.
modified: src/pkcs15init/starcos.profile
2018-09-28 16:50:39 +02:00
Frank Morgner
db4ed9f4a2
export _sc_match_atr_block
2018-09-14 08:23:08 +02:00
Priit Laes
1f06a76b1a
openssl: Bump openssl requirement to 0.9.8
2018-09-14 08:21:40 +02:00
Frank Morgner
3750d70106
pgp: detect gnuk with newer fw
...
closes https://github.com/OpenSC/OpenSC/issues/1475
2018-09-13 13:46:27 +02:00
Frank Morgner
66fe060363
fixed gcc 8 compiler waring
...
closes https://github.com/OpenSC/OpenSC/pull/1474
2018-09-12 13:10:06 +02:00
Raul Metsma
430a9b3f5a
Commit c463985fed
broke EstEID PIN verify
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-09-12 12:30:05 +02:00
Alon Bar-Lev
d8a2a7bf88
reader-ctapi: ctapi_connect: remove unused variable
...
from day 1 return value of _sc_parse_atr was ignored.
2018-09-09 14:55:28 +02:00
alex-nitrokey
083c18045e
Make deciphering with AUT-key possible for OpenPGP Card >v3.2 ( fixes #1352 ) ( #1446 )
2018-09-06 10:57:23 +02:00
alex-nitrokey
748234b7cc
Fix SM algorithm in extended capabilities
2018-09-05 23:42:14 +02:00
Frank Morgner
39bd1ddd58
fixed wrong condition
...
fixes https://github.com/OpenSC/OpenSC/issues/1465
2018-09-04 13:51:40 +02:00
alex-nitrokey
b572b383b2
Add supported algorithms for OpenPGP Card ( Fixes #1432 ) ( #1442 )
2018-08-31 14:38:14 +02:00
asc
2b60a0db0f
Add support for SmartCard-HSM 4K (V3.0)
2018-08-31 13:42:44 +02:00
Frank Morgner
db438f61c1
ias/ecc: fixed GET CHALLENGE
2018-08-24 13:59:03 +02:00
Frank Morgner
94f9fdf145
ias/ecc: fixed card detection
...
regression of 439a95f2d
2018-08-24 13:51:15 +02:00
Frank Morgner
5daec17e32
ias/ecc: ignore missing serial on card initialization
...
fixes problem in card detection introduced in
50b000047c
2018-08-24 13:50:53 +02:00
Raul Metsma
336b282324
Reuse gp_select_aid
...
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-08-23 20:37:38 +02:00
Doug Engert
719ec39b3e
Use sc_asn1_read_tag to read first tag of partially block ( #1454 )
...
Sc_asn1_read_tag can return SC_ERROR_ASN1_END_OF_CONTENTS
which indicates the tag and length are OK, but any value
is not completely contained in the buffer supplied. card-piv.c
can use this when reading just the beginning of a object to
determine the size of a buffer needed to hold the object.
2018-08-23 20:35:24 +02:00
Frank Morgner
97f0a341b0
fixed typo
2018-08-23 10:14:25 +02:00
Frank Morgner
70c4813f30
fixed Dereference before null check
2018-08-23 09:59:45 +02:00
Frank Morgner
67fbf15741
fixed NULL dereference
2018-08-23 09:51:04 +02:00
Priit Laes
45f407c021
Mark driver-specific global sc_atr_table structures as const
...
As most of the drivers do not modify these, we can mark them as const.
Two drivers that we cannot convert are dnie and masktech.
section size
.data 35232 -> 25472
.data.rel.ro 36928 -> 46688
2018-08-22 22:50:30 +02:00
Priit Laes
2eae5e70f5
Mark atr table argument as const in match_atr_table and _sc_match_atr functions
...
This allows us to mark driver-specific atr tables as constants.
2018-08-22 22:50:30 +02:00
Frank Morgner
fcd719d30f
Merge pull request #1447 from Jakuje/x41sec-merge
...
Security issues idefnitifed by fuzzing. For more information, see the blog post:
https://www.x41-dsec.de/lab/blog/smartcards/
2018-08-20 15:11:51 +02:00
Frank Morgner
ff8ec86f26
avoid looping forever in GET CHALLENGE
...
fixes https://github.com/OpenSC/OpenSC/issues/1440
2018-08-20 14:37:20 +02:00
Frank Morgner
fcf00e66cd
Starcos: added ATR for 2nd gen. eGK
...
fixes https://github.com/OpenSC/OpenSC/issues/1451
2018-08-20 14:27:02 +02:00
Jakub Jelen
5ec26573da
coolkey: Do not overflow allocated buffer
2018-08-14 16:13:22 +02:00
Jakub Jelen
79c0dbaa4e
cac: Avoid OOB reads for inconsistent TLV structures
2018-08-14 16:13:22 +02:00
Frank Morgner
50b000047c
ias/ecc: disable iccsn parsing
...
if someone wants to implement this with memory bounds checking, please
raise your hands
2018-08-14 16:13:22 +02:00
Frank Morgner
0b44793900
tcos: use ISO7816 fci parser
2018-08-14 16:13:22 +02:00
Frank Morgner
30fe0ad453
pgp: fixed integer underflow
2018-08-14 16:13:22 +02:00
Frank Morgner
92a98cb3bb
mcrd: converted assert to proper error handling
2018-08-14 16:13:22 +02:00
Frank Morgner
78f0055338
fixed uninitialized use of variable
2018-08-14 16:13:22 +02:00
Frank Morgner
03628449b7
iasecc: fixed unbound recursion
2018-08-14 16:13:22 +02:00
Frank Morgner
5807368ed4
fixed bad memory access
2018-08-14 16:13:22 +02:00
Doug Engert
384626533e
PIV Security Changes
...
Add return code if "out" is smaller then received data.
Remove extra blanks.
2018-08-14 16:13:22 +02:00
Doug Engert
3e5a9a42c3
Remove in PIV driver need for aid_file
...
Remove aid_file and aidfile variables in card-piv.c. These are not needed
as piv_select_aid parses the returned data from a SELECT AID command.
In response to e-mail from X41 group on 6/11/2018.
On branch x41-piv-2
Changes to be committed:
modified: card-piv.c
2018-08-14 16:13:22 +02:00
Jakub Jelen
d5d15105dd
cac: Ignore end of content errors ( #7 )
...
The CAC buffers are split to separate TL and V buffers so we need to ignore this error
2018-08-14 15:50:13 +02:00
Frank Morgner
83f45cda2a
Added bounds checking to sc_simpletlv_read_tag()
...
- Logic is identical to sc_asn1_read_tag()
- Fixes out of bounds access e.g. in cac_parse_CCC
2018-08-14 15:50:13 +02:00
Frank Morgner
ffe38fd87f
sc_asn1_read_tag: fixed tracking of consumed bytes
...
fixes return buffers that are outside the allocated memory space
2018-08-14 15:50:13 +02:00
Frank Morgner
360e95d45a
fixed out of bounds writes
...
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting the problems.
2018-08-14 15:50:13 +02:00
Frank Morgner
8fe377e93b
fixed out of bounds reads
...
Thanks to Eric Sesterhenn from X41 D-SEC GmbH
for reporting and suggesting security fixes.
2018-08-14 15:50:13 +02:00
Frank Morgner
9294058d5c
fixed requesting DWORD with sc_ctx_win32_get_config_value
...
the length of the value is not determined by strlen()
2018-08-05 11:35:12 +02:00
Frank Morgner
cd557df54d
md: change semantics of cancelling the PIN pad prompt
...
md_pinpad_dlg_allow_cancel now defines whether or not the user is asked
before verifying the PIN on the PIN pad. This can be denied without
interaction with the PIN pad. A checkbox in the dialog allows the user
to change this setting, which is saved in the registry by the path of
the process.
This change fixes the progress bar to match the actual configured
timout. The progressbar now fills instead of running empty, which seemed
less frightening for most users.
This change also fixes some copy/paste errors in the documentation of
opensc.conf(5).
2018-08-05 11:35:12 +02:00
Frank Morgner
da40c61d13
npa/sc-hsm: don't call EAC_cleanup()
...
In Minidriver, when the DLL is called in multiple threads, this can
lead to a deinitialization of OpenSSL's OIDs in one thread making them
unavailable from other threads of the same process. As result, CVCs
cannot be veriefied anymore during chip authentication.
2018-08-05 11:35:12 +02:00
Jakub Jelen
2190bb927c
Drop support for CAC 1
...
This removes code related to the old CAC 1 specification, while
preserving the CAC 2 functionality including CAC Alt token detection
for the tokens without CCC or ACA.
The detection based on SELECT APPLET APDU is improved to require also
the READ BUFFER APDU working, which should fail on misbehaving Java cards.
2018-08-03 01:51:44 +02:00
Jakub Jelen
f097d88b3a
coolkey: Drop bogus ;
2018-08-03 01:50:05 +02:00
Jakub Jelen
8e8193f8f5
coolkey: Unbreak get_challenge with correct instruction code
2018-08-03 01:50:05 +02:00
Raul Metsma
dfe932d00d
OMNIKEY 3x21 and 6121 Smart Card Reader are not pinpad readers
...
macOS 10.13 ships with ccid driver 1.4.27 (fixed in 1.4.29) and this version identifies these readers wrongly as pinpad readers.
Signed-off-by: Raul Metsma <raul@metsma.ee>
2018-07-28 13:42:20 +02:00
Frank Morgner
4de0d06a93
use single quotes for passing define
...
makes sure that the shell doesn't evaluate parts of the define
2018-07-17 14:49:27 +02:00
Frank Morgner
a0b6643fa7
Use hard coded default SM module (path)
...
- avoids the need to set this default in opensc.conf
- fixes loading of (unknown) local library
- removes some unused defines from config.h
2018-07-17 14:49:27 +02:00
Doug Engert
fbc9ff84bc
Some cards may return short RSA signatures without leading zero bytes.
...
Add leading zeros to RSA signature so it is the size of modulus.
Return modulus length.
Changes to be committed:
modified: src/libopensc/pkcs15-sec.c
2018-07-11 22:30:50 +02:00
Jakub Jelen
3a7a1ba31f
Do not fail if we found unknown tag or the count does not match
...
* The HID tokens present such undocumented tags
2018-07-11 10:48:10 +02:00
Jakub Jelen
bf3382d4d9
Standardize logging and include also AID
2018-07-11 10:48:10 +02:00
Jakub Jelen
3480d9fc99
Log also information about unitialized slots with correct labels
2018-07-11 10:48:10 +02:00
Jakub Jelen
1c2a7f8dd2
HID Alt tokens have the other bunch of slots in other undocumented AID
2018-07-11 10:48:10 +02:00
Peter Marschall
1eb8391b4a
OpenPGP: slightly re-factor pgp_get_card_features()
...
* length checks where needed
* more & better comments
2018-07-11 10:47:39 +02:00
Peter Marschall
7332a37abb
OpenPGP: add serial number to card name
2018-07-11 10:47:39 +02:00
Peter Marschall
6d6efa2ded
OpenPGP: fix FIXME in pgp_new_blob()
...
Form a correct path instead ofmusising an array of 2 u8's.
Perform proper error checking.
2018-07-11 10:47:39 +02:00
Peter Marschall
215fcdad15
OpenPGP: include detailed version into card name
...
... for "standard" OpenPGP cards.
This gives more detailed information to the user on the detailed specs
the card adheres to.
In addition it fixes a long-standing annoyance that every standard 2.x
card matching the v2.0 ATR was announced as CryptoStick 1.2.
This ATR is not only used in the CryptoStick 1.2, but also also in
ZeitControl cards as well as NitroKeys, ...
2018-07-11 10:47:39 +02:00
Peter Marschall
2e1b47a79a
OpenPGP: improve get_full_pgp_aid()'s parameter checking
2018-07-11 10:47:39 +02:00
Peter Marschall
2a7a6a62fa
OpenPGP: limit scope of variable
2018-07-11 10:47:39 +02:00
Peter Marschall
15125b03ab
OpenPGP: use LOG_FUNC_CALLED & LOG_FUNC_RETURN symmetrically
...
To help debugging,
- replace plain return's after LOG_FUNC_CALLED()
has been called with LOG_FUNC_RETURN()
- use LOG_FUNC_CALLED() & LOG_FUNC_RETURN() pairs more often
2018-07-11 10:47:39 +02:00
Peter Marschall
fcecd1bdd2
OpenPGP: update comments on function use: ABI or internal
2018-07-11 10:47:39 +02:00
Peter Marschall
0d6be5db26
OpenPGP: define & set LCS (lifecycle support) as extended capability
...
Use it in pgp_erase_card() to slightly simplify the code.
2018-07-11 10:47:39 +02:00
Peter Marschall
3af54b2fe0
OpenPGP: harmonize some comments
2018-07-11 10:47:39 +02:00
Peter Marschall
3a59b0a182
OpenPGP: parse "extended length info" DO 7f66 on init
2018-07-11 10:47:39 +02:00
Peter Marschall
f73005791c
OpenPGP: improve parsing of extended capabilities
2018-07-11 10:47:39 +02:00
Peter Marschall
dea5fd9551
OpenPGP: add new DOs introduced with OpenPGP card spec v3.0 & v3.3
...
For some files spec states CONSTRUCTED, but we treat them as SIMPLE,
because we only need parts of their contents.
2018-07-11 10:47:39 +02:00
Peter Marschall
9dbdf42e9e
OpenPGP: update references to specifications
2018-07-11 10:47:39 +02:00
Peter Marschall
14cd6ee39e
OpenPGP: clarify meaning of padding byte in pgp_decipher()
2018-07-11 10:47:39 +02:00
Peter Marschall
4323a3d37c
OpenPGP: add new DO D5 introduced with OpenPGP card spec v2.1
...
... and make it accessible for v2.1+ cards
2018-07-11 10:47:39 +02:00
Peter Marschall
4ec37adea8
OpenPGP: extend manufacturer list in pkcs15-openpgp.c
2018-07-11 10:46:56 +02:00
Frank Morgner
2c0d1b9ab0
reset sc_card_t during card detection
...
fixes https://github.com/OpenSC/OpenSC/issues/1417
2018-07-11 10:12:42 +02:00
Leif Erik Wagner
e2f0e367b1
Implement RSA PSS for GoID / SmartCard-HSM
2018-07-11 10:07:28 +02:00
Gianfranco Costamagna
a6b4605b86
card-piv.c: initialize variable to fix a ppc64el build failure
...
This fixes a build failure with optimized ppc64el and new gcc builds
card-piv.c: In function ‘piv_validate_general_authentication.isra.3’:
card-piv.c:2390:9: error: ‘rbuflen’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
body = sc_asn1_find_tag(card->ctx, rbuf, rbuflen, 0x7c, &bodylen);
~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2018-07-11 09:54:51 +02:00
Frank Morgner
452e1d3b96
fixed used of uninitialized return value
2018-06-30 01:17:57 +02:00
Frank Morgner
971dac2f78
unignore result
2018-06-29 17:14:55 +02:00
Frank Morgner
6184c1fbab
avoid out of bounds read
2018-06-29 17:14:55 +02:00
Frank Morgner
ed0d829eab
removed unused check
2018-06-29 17:14:55 +02:00
Frank Morgner
6819759946
fixed memory leak
2018-06-29 17:14:55 +02:00
Frank Morgner
0e9565754c
avoid uninitialized output after sc_file_dup
2018-06-29 17:14:55 +02:00
Alon Bar-Lev
31cbf83738
build: support >=libressl-2.7
2018-06-28 08:58:07 +02:00
Peter Marschall
0603c3b7fc
iso7816: fix typo in previous commit
2018-06-24 10:34:49 +03:00
Peter Marschall
2818e0f703
iso7816: update & extend error codes
...
While at it, do some space policing.
2018-06-24 10:34:49 +03:00
Frank Morgner
1ca1a024df
card-npa: fixed memory leak
...
fixes https://github.com/OpenSC/OpenSC/issues/1396
2018-06-22 09:23:00 +02:00
Jakub Jelen
1f352d4c6d
muscle: Properly clean up the applet memory footprint
2018-06-21 12:48:57 +02:00
Jakub Jelen
5b3da5d462
cac: Missing memory cleanup
2018-06-21 12:48:57 +02:00
Jakub Jelen
2682741293
cac: Avoid segfaults from get_challenge()
2018-06-21 12:48:57 +02:00
Frank Morgner
9c2afad417
fixed copy/paste error
2018-06-20 00:56:01 +02:00
Frank Morgner
8b3f5b7d97
epass2003: fixed logical error
2018-06-19 23:24:36 +02:00