8efca4d6db
pkcs15: don't require-L for file caching
...
File caching is done transparently when the user sets the config option.
2016-07-24 17:19:18 +02:00
1198197586
pkcs11-tool: use CKF_{SO,USER}_PIN_* flags to provide alerts to the user
...
rebased by @viktorTarasov
initial version in PR-795
2016-07-17 13:22:55 +02:00
4441efa6da
pkcs11-tool: various improvements, extensions, fixes, cleanup
...
========================================
rebased by VTA -- commits are forged to one,
excluding the following chunk
(reason -- if not explicitely indicated, the mechanism has to be found out using the mechanism flags):
@@ -1713,8 +1713,9 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
int ii;
if (!opt_mechanism_used)
+ opt_mechanism = CKM_EC_KEY_PAIR_GEN;
if (!find_mechanism(slot, CKF_GENERATE_KEY_PAIR, mtypes, mtypes_num, &opt_mechanism))
- util_fatal("Generate EC key mechanism not supported\n");
+ util_warn("Generate EC key mechanism not listed as supported");
for (ii=0; ec_curve_infos[ii].name; ii++) {
if (!strcmp(ec_curve_infos[ii].name, type + 3))
will close PR #747
2016-06-29 14:18:56 +02:00
76e0e19460
pkcs11-tool: no error when getting sensitive attr. value
...
resolves PR #807
2016-06-29 10:34:20 +02:00
3dbcc0b035
pkcs11-tool: generate secret key
...
resolve PR #808
2016-06-29 10:32:30 +02:00
072ec98301
Merge pull request #772 from vletoux/gids_maintenance
...
gids bug fixing
2016-06-25 22:32:37 +02:00
0ae4b4ac0d
gids bux fixing
...
fix the problem if the serial number is entered in the command line
2016-06-24 21:20:40 +02:00
0898d06944
fixed and cleaned up nmake Makefiles
2016-06-23 07:35:53 +02:00
d97ee79333
fix #788 pkcs15-tool --read-ssh-key crash
...
Don't try to free again pubkey if the parent cert has already been freed.
Signed-off-by: Nuno Goncalves <nunojpg@gmail.com>
2016-06-06 18:29:03 +01:00
9066d8f999
simplyfied netkey-tool
...
fixes conversion from 'long' to 'u8', possible loss of data
2016-06-05 02:28:50 +02:00
04825d8d7e
avoid using an uninitialized buffer
2016-06-04 01:22:28 +02:00
b8dcf91515
pkcs11-tool: print in hex the code of unknown mechanism
2016-06-03 11:12:03 +02:00
2ba87640d2
Fixed bug in derive_key(), where correct execution depended on undefined compiler behavior
2016-05-31 01:59:40 +02:00
a4dfb7b07a
tools: fix help message
2016-04-27 20:07:54 +02:00
89a5b5893b
md: use GUID without frame
2016-04-08 11:02:53 +02:00
5c0a37c53d
pkcs15init: use aux-data to set MD container GUID
2016-04-08 11:02:53 +02:00
56f2319fcc
pkcs11-tool: few named curves more
2016-04-01 18:08:00 +02:00
4b51d70969
tools: print OpenSC package version
2016-03-28 20:41:19 +02:00
696e4119a5
pkcs15-crypt: allow decipher for key with 'unwrap' usage
2016-03-28 19:59:28 +02:00
9985144d45
Merge pull request #702 from viktorTarasov/fix/issue700/invalid-parameter
...
pkcs11-tool: fix invalid parameter for 'find-mechanism'
2016-03-05 21:37:31 +01:00
1c0ab2a2d2
Merge pull request #697 from viktorTarasov/feature/package-revision
...
tools: print package revision
2016-03-04 17:14:26 +01:00
36b945aa22
tools: print package revision
2016-03-04 14:16:06 +01:00
998a1e10c5
pkcs11-tool: fix invalid parameter for 'find-mechanism'
...
Fixes #700
2016-03-04 11:30:51 +01:00
cd42fbbc65
openpgp-tool.c: fix compiler warning
...
penpgp-tool.c:367:9: warning: comparison of integers of different signs: 'int'
and 'unsigned int' [-Wsign-compare]
if (r != count) {
~ ^ ~~~~~
Remove 3 casts
Add 1 cast
Fix a format problem
2016-02-29 20:19:42 +01:00
e7cbc3ba82
opensc-explorer.c: fix compiler warning
...
opensc-explorer.c:1727:8: warning: comparison of integers of different signs:
'int' and 'size_t' (aka 'unsigned long') [-Wsign-compare]
if(r > len) {
~ ^ ~~~
2016-02-29 20:19:42 +01:00
d929532b63
pkcs11-tool.c: fix 2 compiler warnings
...
pkcs11-tool.c:2650:25: warning: unused variable 'ecdh_parms' [-Wunused-variable]
CK_ECDH1_DERIVE_PARAMS ecdh_parms;
^
pkcs11-tool.c:2021:7: warning: unused variable 'is_private' [-Wunused-variable]
int is_private = opt_object_class == CKO_PRIVATE_KEY;
^
2016-02-29 20:19:42 +01:00
50f03bca3f
fixed memory leak
2016-02-29 13:08:34 +01:00
dbca85636f
pkcs11-tool: use keygen mech. from cmd arguments
...
There are can be more then one keygen mechanism for a given
key type.
(ex. CKM_RSA_PKCS_KEY_PAIR_GEN and CKM_RSA_X9_31_KEY_PAIR_GEN)
2016-02-19 16:05:55 +01:00
6a243449a0
First support for GIDS card
...
- minidriver included by default in Windows
- GIDS Applet is available here https://github.com/vletoux/GidsApplet
- some informative technical information is available here
http://www.mysmartlogon.com/knowledge-base/generic-identity-device-specification-gids-kb/
closes https://github.com/OpenSC/OpenSC/pull/651
2016-02-19 00:12:16 +01:00
1ca22a22d1
Merge pull request #665 from sfff/pkcs11tool-pubkey-2016
...
pkcs11-tool: support write of GOST Public Key object
2016-02-16 23:27:56 +01:00
b2c7803373
sc-hsm: Fix share calculation if prime number is less than secret
2016-02-12 15:36:42 +01:00
3084b3aa32
pkcs11-tool: fix mask for detect PEM format
...
Make universal mask for choose input format from PEM or DER.
Input file at PEM may be contain at start:
"-----BEGIN RSA PRIVATE KEY-----"
or
"-----BEGIN PRIVATE KEY-----"
2016-01-24 02:31:19 +03:00
0d6ecd750e
pkcs11-tool: support write of GOST Public Key object
2016-01-24 02:23:18 +03:00
b09d2777d1
Merge pull request #663 from digitallumens/pkcs15-crypt/stdin
...
pkcs15-crypt: Allow the use of stdin if no input file is specified.
2016-01-22 14:36:02 +01:00
c56378b8ba
pkcs15-crypt: Document defaults of stdin/stdout.
2016-01-21 11:30:26 -05:00
92e02b50dc
pkcs15-crypt: Allow the use of stdin if no input file is specified.
2016-01-20 15:35:44 -05:00
f01a8ad22e
pkcs11-tool: Switched some printfs to fprintfs to allow pipes to work.
2016-01-19 14:54:02 -05:00
611e5200b1
Merge pull request #647 from vletoux/visual-studio-warning
...
remove visual studio compilation error
2016-01-06 07:28:56 +01:00
56275c6993
remove visual studio compilation error
...
quote:
avoid error C4703: potentially uninitialized local pointer variable 'obj' used line 1414
2015-12-31 18:09:45 +01:00
25dae28ab5
Access to public key should not be PIN-authenticated. Especially
...
since access to certificate (from which one can get public key)
is not currently PIN-authenticated.
2015-12-21 12:10:46 -05:00
5129c5a060
Fixed memory leaks
2015-12-09 08:22:45 +01:00
5de1ec4518
Allow ASN.1 decoding if the file seems incomplete
...
Some cards (e.g., BELPIC) have a hardcoded file length that does not
match the actual file length (e.g., 65535 bytes), and simply return the
data that is actually on the card when asked.
It is useful to still be able to do an ASN.1 decode in that case.
Signed-off-by: Wouter Verhelst <w@uter.be>
2015-12-01 16:20:17 +01:00
681e8aef98
Fixed accessing Application label
...
regression of 78018a2b49
2015-11-01 13:22:26 +01:00
a34d1f7dcd
sc-hsm-tool.c: fixed potential resource leak
2015-11-01 10:44:24 +01:00
4ca7daf31c
pkcs15-tool.c: fixed potential resource leak
2015-11-01 10:44:24 +01:00
5399c264fb
cryptoflex-tool.c: fixed potential resource leak
2015-11-01 10:44:23 +01:00
8e7049c2fa
removed unused variables
2015-10-30 18:21:40 +01:00
9f0087d968
fixed missing includes
2015-10-30 18:21:40 +01:00
c50a951337
Merge pull request #566 from vletoux/ecc_minidriver
...
First ECC support for the minidriver
2015-10-24 23:32:42 +02:00
35175a814c
minidriver: fix according to frank's comments
2015-10-15 22:40:36 +02:00
e316bf3140
Merge pull request #582 from marschap/openpgp-tool-fixes
...
Openpgp tool fixes
2015-10-15 13:13:18 +02:00
6498721076
piv: fix typos in usage & man page
2015-10-15 12:51:19 +02:00
7de373b3b9
OpenPGP: mark do_erase as an action in openpgp-tool
...
- avoid the unintended output of user info when only erasing was requested
2015-10-15 12:51:10 +02:00
524ad56146
OpenPGP: remove unnecessary semicolons in openpgp-tool
...
- this is C, not a shell script
2015-10-15 12:51:10 +02:00
392bc08d86
OpenPGP: fix pretty name for gender code 39 in openpgp-tool
...
- use the same term that GnuPG uses
2015-10-15 12:51:10 +02:00
e79f1f4b01
OpenPGP: accept -E as option in openpgp-tool
...
- make behaviour match the usage message by accepting '-E' as
alternative short form of '--erase'
2015-10-15 12:51:10 +02:00
75d76f5ce4
Merge branch 'master' of https://github.com/OpenSC/OpenSC into OpenSC-master
...
Conflicts:
src/minidriver/minidriver.c
2015-10-14 22:22:19 +02:00
851e0a24ff
Merge pull request #571 from frankmorgner/label
...
Fixes accessing fixed size arrays
2015-10-14 18:56:29 +02:00
b968fcfb1f
minidriver: Windows x509 enrollment works
...
Removed cmap_record in sc_pkcs15_prkey_info (not used by any driver nor code)
Remove cardcf specific code (cardcf neutralized by CP_CACHE_MODE_NO_CACHE and it maintened by the Base CSP/KSP, not the minidriver)
Add conversion code for Windows GUID / OpenSC self computed GUID
2015-10-11 15:20:04 +02:00
f42a1c2563
Replace outdated address okir@lst.de -> okir@suse.de
...
Signed-off-by: Olaf Kirch <okir@suse.de>
2015-10-05 14:07:28 +02:00
137afb10b7
Check for NUL in label to test its presence
2015-10-05 08:30:47 +02:00
161e84f066
pkcs15-tool.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
35f028a57c
pkcs15-init.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
d709347c2b
pkcs15-crypt.c: fixed accessing label in sc_pkcs15_object_t
2015-10-04 17:33:14 +02:00
78018a2b49
fixed string operation on fixed size array
2015-10-04 13:07:39 +02:00
d33517a58b
fixed missing comma
2015-10-04 12:55:25 +02:00
50e81d1de0
added missing break
2015-10-04 12:45:25 +02:00
4f4643ee3e
Merge pull request #452 from frankmorgner/memory-leaks
...
Fix some memory leaks
2015-10-02 15:13:34 +02:00
f851197129
Merge pull request #565 from frankmorgner/sm-openssl
...
Build a lightweight version of OpenSC
2015-10-02 15:12:41 +02:00
e14e028453
Properly describe OpenSSL dependencies in .mak files
2015-09-23 08:23:28 +02:00
c399bc94ec
piv-tool: fixed resource leak
2015-09-17 22:32:07 +02:00
f08985086a
Fixes potential buffer overrun
2015-09-17 22:24:33 +02:00
8aba7b9598
added missing files to WiX installer
...
fixes https://github.com/OpenSC/OpenSC/issues/488
2015-09-16 04:18:12 +02:00
76b6b483c7
Merge branch 'master' into gnuk
2015-09-13 22:09:59 +08:00
b0c1e1fc89
Merge pull request #540 from nioncode/readDataObjectRawOption
...
add '--raw' option to pkcs15-tools '--read-data-object'
2015-09-04 15:31:16 +02:00
f44e229865
update help message to clarify that --raw only affects stdout behavior
2015-09-04 13:04:24 +02:00
72e25db360
sc-hsm: Add status info support for SmartCard-HSM V2.0
2015-09-03 21:49:24 +02:00
68796edf36
add '--raw' option to output 8 bit data instead of its hex representation
2015-09-03 15:09:23 +02:00
9456db90fc
handle record-based files correctly when doing file caching
...
implementation copied from `sc_pkcs15_read_file`
closes #372
2015-09-02 10:35:18 +02:00
70890a8f61
Merge branch 'master' into gnuk
...
Conflicts:
src/libopensc/card-openpgp.c
src/tools/openpgp-tool.c
2015-08-31 21:55:14 +08:00
4df35b922c
pkcs11: Fix to CKA_PRIVATE handling pcks11-tool
...
There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
2015-08-23 12:41:38 +02:00
c14be48ed9
really set the --login option when using --pin
...
Until now, if -p was used without -l, we didn't authenticate to the token (see man pkcs11-tool)
2015-08-11 18:03:31 +02:00
6409202c2f
[OpenPGP] Fix warnings about type conversion.
2015-08-08 14:17:12 +08:00
5e352ea477
Merge pull request #504 from frankmorgner/find_tags
...
Find tags with GET DATA
2015-08-04 10:32:23 +02:00
24d91acf69
opensc-explorer: added command find_tags
2015-07-30 11:29:14 +02:00
7cec500e54
added flags to sc_context_t
...
- is initialized in sc_context_create with parm->flags
- removes members paranoid_memory and enable_default_driver
2015-07-22 17:30:21 +02:00
d0e3d1be3d
Fix tab & spaces
2015-07-04 00:21:38 +08:00
8c94662e96
Add --test-fork option to pkcs11-tool
...
The PKCS#11 Usage Guide, at least up to v2.40, says that calling
C_Initialize() in the child after fork is "considered to be good
Cryptoki programming practice, since it can prevent the existence of
dangling duplicate resources that were created at the time of the fork()
call."
(It neglects to mention that doing so in the child of a multi-threaded
process is a clear violation of POSIX, mind you. Not to mention being
utterly pointless if all you're going to do in the child is exec something
else anyway.)
Regardless of the sagacity of this recommendation, we need to cope when
it happens. Historically, we've been quite bad at that. Let's add a test
to pkcs11-tool in the hope it'll help...
Fixes #464
2015-05-16 12:18:54 +02:00
e0aec3764a
pkcs15init: 'store-or-update' certificate option
2015-05-10 14:35:41 +02:00
e84951a5bf
fix resource leaks in while registering PKCS#11 mechanisms
...
introduces a free_mech_data for sc_pkcs11_mechanism_type_t to clear the
mechanisms private memory
2015-05-08 09:11:55 +02:00
2c32575e89
pkcs11-tool: fixed resource leak
2015-05-08 09:11:55 +02:00
bbb803ff2e
sc-hsm-tool: fixed resource leak
2015-05-08 09:11:54 +02:00
d96f25c147
pkcs15-tool: fixed resource leak
2015-05-08 09:11:54 +02:00
1f16f24052
pkcs15-init: fixed resource leak
2015-05-08 09:11:54 +02:00
a83da8a947
pkcs15-crypt: fixed resource leak
2015-05-08 09:11:54 +02:00
c65caed7f4
openpgp-tool: fixed resource leak
...
VTA: slightly touched, original commit f0ddbf4
2015-05-08 09:11:54 +02:00
f0189e8378
pkcs11-tool: option to 'decrypt some data'
2015-04-30 15:57:44 +02:00
c754e3f197
Merge pull request #444 from frankmorgner/pkcs11-error-handling
...
Improved error handling for PKCS#11 module
2015-04-25 13:04:07 +02:00
0a754b694e
pkcs11-tool: pass key usage flags to created objs
...
* Command-line parameters were introduced to specify key usage
(--usage-{sign,decrypt,derive}). However, those are not used when importing
external objects using C_CreateObject function.
fix #445
2015-04-25 12:28:48 +02:00
02f3997632
added error handling to print_ssh_key
2015-04-21 01:32:37 +02:00
23ca1f101d
pkcs11-tool: Add support for creating EC privkey
...
* This patch allows to create EC private keys. The feature re-use the GOST
parsing function as instanciating an ECDSA key is the same as a GOST key.
2015-04-15 08:58:05 +02:00
6e84ee0ba7
pkcs11-tool: honour unsupported signature mechs
2015-04-12 11:28:25 +02:00
4000e6d5b0
Add missed option debug info
...
Fix misspelled key in --help output (thanks Philip Wendland).
2015-04-08 18:03:46 +02:00
fa045d44ec
pkcs11-tool: Let the user choose the ECDSA signature format
...
Instead of hard-coding the format depending on whether OpenSC was compiled with
OpenSSL or not, the user should be able to choose the format himself.
The default format now is the normal concatenation of R,S both for CKM_ECDSA
and CKM_ECDSA_SHA1.
2015-04-04 22:01:22 +02:00
88ec461bc5
tool: RFC4716 compliant key output
...
Add a comment field to the ssh key output if a label is set on the key. Add RFC4716 compliant key output for the new breed of modern (mobile) SSH clients.
VTA: use short form of log call in iso7816
2015-03-31 19:09:25 +02:00
0790969b97
recognize short EF identifier
2015-03-31 18:48:57 +02:00
4b51b99748
pkcs11-tool: harmonize supported ECC curves
...
pkcs15-pubkey.c holds a struct containing supported ECC curves. The contents of
this struct are being harmonized with pkcs11-tool supported curves.
2015-03-29 12:55:54 +02:00
b1bdfae200
sc-hsm: revert broken a4c8d671
...
sc-hsm: Fixed minimum value for number of password shares
2015-03-29 12:40:44 +02:00
bff0ea4837
fixed compiler warning
2015-02-20 19:54:40 +01:00
b08671fab5
pkcs15-crypt: option for output format of ECDSA signature
2015-02-20 14:20:28 +01:00
572218c59c
Fall through comment before break
2015-02-16 10:11:24 -06:00
981a0fbbaf
Fix-up changes caused by Coverity scan
...
piv-tool.c add /* fall through */ to avoif false warning
card-piv.c - clean up if sc_lock fails.
2015-02-11 13:39:59 -06:00
96265e6d08
pkcs15init: superpluous 'ec-params' in init data
...
Pkcs15init data, used to import/generate key objects, includes twice the same EC parameters data:
- explicit 'params' data
- part of sc_pkcs15_pubkey/sc_pkcs15_prkey
Explicit 'ec-params' data is removed.
2015-02-07 20:00:41 +01:00
08eb700b97
revert or partially revert some of recent commits
...
b94c16311881a63a92bf7#373
3a92bf76759c04
2015-02-07 19:31:17 +01:00
3a92bf7af5
fixed resource leaks
2015-02-05 01:38:41 +01:00
11881a61b8
removed/fixed dead code
2015-02-05 01:38:41 +01:00
a3fc62f79f
fixed NULL dereference (or warning thereof)
2015-02-05 01:38:40 +01:00
8d902d1ed3
fixed out of bounds read/write/access
2015-02-04 09:24:50 +01:00
a4c8d67110
fixed improper use of negative value
2015-02-04 09:03:27 +01:00
ed9572422f
check return values
2015-02-05 01:37:53 +01:00
2f3eaa1dbe
Merge pull request #366 from frankmorgner/coverity
...
Fixes for Problems reported by Coverity Scan
2015-02-02 23:51:10 +01:00
8e9a2361c6
pkcs15-tool: print length of EC public key
...
when this key is read from dedicated EF
2015-02-02 16:55:07 +01:00
6759c04b26
don't ignore errors
2015-01-28 04:45:08 +01:00
2e04fa99c1
fixed pointless array comparisons
2015-01-28 07:39:35 +01:00
08fcfcc8f0
fixed wrong sizeof argument
2015-01-28 07:04:02 +01:00
87b2403673
fixed out of bounds access/write
2015-01-28 07:00:02 +01:00
77752f442d
fixed unused value
2015-01-28 05:47:20 +01:00
6641cbf455
fixed potential string overflow
2015-01-24 20:17:26 +01:00
3f64d3a805
fixed bad memory allocation
2015-01-24 20:11:16 +01:00
9a4b58800b
fixed Printf arg type mismatch
2015-01-24 20:00:03 +01:00
fca3a37097
fixed truncated stdio return value
2015-01-24 19:47:01 +01:00
8df9896204
pass big parameter by reference
...
reported by coverity scan
2015-01-24 19:25:11 +01:00
1b53b59ed3
fixed potential use after free
...
reported by coverity scan
2015-01-24 19:22:39 +01:00
7a34c204c1
fixed dereference before null check
...
silence warnings reported by coverity-scan
2015-01-22 20:29:33 +01:00
f143d7b73e
Merge pull request #346 from frankmorgner/pkcs11provider
...
use OpenSC as default PKCS#11 provider
2015-01-20 23:43:48 +01:00
3961275d8c
Allow user to overwrite SO-PIN when using PIN-PAD reader
2014-12-29 13:39:37 +01:00
291e9dab9e
use OpenSC as default PKCS#11 provider
...
closes #229
2014-12-19 22:27:34 +01:00
aa7886f36d
pkcs15-init: fix memory corruption
2014-12-19 16:52:14 +01:00
73715e37d9
fixed compiler warnings
...
fixed warnings introduced with b18c86e646
2014-12-12 21:45:53 +01:00
c71a453ff1
openpgp-tool: Fix wrong operator
...
Used "!=" instead of "|="
2014-12-11 12:51:15 +08:00
99b5cb53e1
OpenPGP: Remove unused variables and fix type cast.
2014-12-10 04:01:06 +08:00
7f08983240
Merge branch 'master' into gnuk
...
Conflicts:
src/tools/openpgp-tool.c
2014-12-09 02:40:33 +08:00
ec2eb86bec
don't reimplement output of status words
...
Closes #326
2014-12-07 23:54:32 +01:00
9cbec38cfa
Fix bug in verbose flag handling.
...
Using the verbose flag was causing cardos-tool to return as if an error
had occured.
2014-12-07 23:54:09 +01:00
a2ba4d3bae
Merge pull request #319 from CardContact/add-sec-k-curves
...
sc-hsm: Add support for Koblitz curves secp192k1 and secp256k1 (Bitcoin)
2014-12-06 23:22:43 +01:00
b18c86e646
Merge pull request #320 from frankmorgner/tools-pin
...
Optimize util_get_pin from #289
2014-12-06 23:21:39 +01:00
0c0b2145ac
Translate French to English.
2014-11-26 19:00:38 +01:00
d00d7b3498
Merge pull request #276 from asmw/fix_return
...
openpgp-tool: Return EXIT_SUCCESS if no error occurs
2014-11-05 10:57:26 +01:00
aa45685e0b
fixed documentation of dnie-tool
2014-11-04 22:23:01 +01:00
4459e146c4
use util_get_pin in tools
2014-11-04 22:07:07 +01:00
Frank Morgner
Nuno Goncalves
David von Oheimb
Viktor Tarasov
vletoux
Mouse
Ludovic Rousseau
LE TOUX Vincent
Frank Thater
Aleksey Samsonov
Chris Elledge
Uri Blumenthal
Frank Morgner
Wouter Verhelst
Peter Marschall
Olaf Kirch
Nguyễn Hồng Quân
Nicolas Schneider
Andreas Schwier
Andreas Kemnade
Nicholas Wilson
HenryJacques
David Woodhouse
Thomas Calderon
Dirk-Willem van Gulik
Philip Wendland
Doug Engert
Etienne Cordonnier