0x9B is defined as the Card Management Key, and probably shouldn't be
regenerated. 0x9E is the Card Authentication key which is what you
should be generating keys for. This also brings piv-tool in line with
the documentation that states 0x9A, 0x9C, 0x9D and 0x9E are the proper
keyIds to use.
All the other option values are initialized to NULL, so do the same to
opt_auth_id.
(Although, as they're all static globals, they should be set to 0 at
runtime anyway, I think...)
Signed-Off-By: Anthony Foiani <anthony.foiani@gmail.com>
It seems that this suffered some copy and paste damage at some point.
Change so that we check each return value immediately after the API
call.
Signed-Off-By: Anthony Foiani <anthony.foiani@gmail.com>
To hold the raw certificate blob in 'sc_pkcs15_cert' data use the 'sc_pkcs15_der' data type.
also:
; in 'pkcs15-cert.c' use short call of the debug messages;
; in 'destroy-object' pkcs15 framework handler take into account the multi-application cards:
-- when binding card use the application info;
-- when finalizing profile use the application ID.
Fix autoreconf warnings:
$ autoreconf -vis -Wall
[...]
src/common/Makefile.am:12: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/libopensc/Makefile.am:19: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/minidriver/Makefile.am:15: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/pkcs11/Makefile.am:10: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/pkcs15init/Makefile.am:36: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/scconf/Makefile.am:12: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/sm/Makefile.am:8: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/tests/Makefile.am:9: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
src/tools/Makefile.am:15: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
in previous version
first of all the 'reader' option's value was converted to hexadecimal form,
used as ATR value
and all present readers where scanned to find the inserted card with such ATR.
Only after this the 'reader' option was used as reader's number or reader's name.
Currently in use the 'hex-to-bin' procedure accepts for conversion one digit,
and so even if the 'reader' option value is one digit,
the useless search over all present readers take place.
In the current version the order of checks if kept (ATR, reader's number, reader's name),
but enforced the validity check of ATR, presented by 'reader' option.
Also the option is accepted as reader's number only if the 'entire' option's string can be converted to integer.
Thanks to 'jbwisemo' for cooperation.
https://www.opensc-project.org/opensc/ticket/404
'PACE' is extremely card specific protocol and has not to be ostensibly
present in the common part of OpenSC:
* currently in OpenSC there is no card driver that supports or uses this protocol;
* amazing content of the common 'sc_perform_pace' -- beside the verbose logs
the only substantial action is to call the card/reader specific handler.
According to the current sources and the pull request 83
this 'common' procedure is called by the card driver or
card specific tool/operation.
* currently the 'PACE' can be thouroghly tested only by one person (Frank Morgner),
and only using the OpenSSL patched with the PACE specific patch.
So, at least a dedicated configuration option could be introduced when comiting PACE to the common part.
* common 'sc_perfom_pace' has the same role as the 'initialize-SM' handler of the existing SM framework
and can be implemented as card specific SM, as the others cards do.
This confirmed by Frank Morgner, the author of PACE commits and nPA card driver, himself.
(https://github.com/OpenSC/OpenSC/pull/83)
Fixed issues in pkcs11-tool/test_signature is card has RSA and ECDSA keys
Fixed bug in sc_pkcs11_signature_size that returns the wrong ECDSA signature size
Limit the number of cases when applicated re-selection of application DF to strict minimum.
I.e. only when pkcs11 login session is not locked and private key PKCS#15 object do not
contain the 'path' attribute.
Thanks to 'crank'.
https://www.opensc-project.org/opensc/ticket/439
Some pkcs11 callers (i.e. netscape) will pass in the ASN.1 encoded SEQUENCE OF SET,
while OpenSC just keeps the SET in the issuer/subject field.
Harmonize the allowed PIN length in CHANGE & UNBLOCK with the one in VERIFY,
making sure they are large enough for OpenPGP, which allows up ro 32 characters,
and giving additional security margin for other cards.
In VERIFY, allow the user to enter the PIN unteractively if it was not given
on the command line, and if the card reader does not support PIN input.
If it was not given on the command line and the card reader supports PIN input,
then the bahaviour is unchanged: enter PIN via card reader.
openpgp-tool: PIN verfication support.
openpgp-tool: Add notification in case of error.
openpgp-tool: Add manual for key generation and PIN verification.
The code to send the APDU to the piv card when using
piv-tool -s xx:xx:xx... was inadvertently removed
on 2011-04-26 02:29:53 by: 1cdb3fa971
APDU parsing: switch to Frank Morgner's implementation
The missing code is replaced.
The -s option is infrequently used, so the problem
was not spotted earlier.
New operations:
- 'erase-application' -- erase on-card application indicated by it's AID;
- 'update-lastupdate' -- parse tokenInfo, set 'lastUpdate' value to the current date and write back tokenInfo content;
- 'ignore-ca-certificates' -- when importing PKCS#12 ignore all CA certificates;
When reading and printing file content, do not read it by small chunks,
but read an entire file.
It allows to verify how card driver reads the data of maximal size
that is allowed for one transaction ('max_recv_size').
* change order of long & short option names: letters first, then the long names
Effect: nicely aligned short and long option names in the help text
* more space between option names and explanation
Effect: better readability on long options
* print "Options:" header only if there is at least one non-hidden options
Effect: nicer output when all options are hidden
* only show printable, non-space short options letters
Effect: no control codes printed to terminal
* get rid of a temporary variable
improvements to opensc-explorer & new tool openpgp-tool
Usefull improvement: probably could be used in automated tests.
I follow Ludovic and attract your attention onto the necessity, in the nearest future,
to supply the doc/man for the tool newly introduced.
Without it the build of OpenSC package will simply not be possible.
Add new argument 'application-info',
that will allow to select the on-card application to by binded with.
pkcs11: use sc_pkcs15init_bind with 'AID' argument
Prototype of sc_pkcs15init_bind() has been changed to add argument with
AID of the on-card application to be binded with.
Add 'echo' command that simply displays its arguments.
With the recently committed script interpreter feature and this echo command,
nice litte scripts can be written, like e.g.
$ cat opengpg-userinfo
#!/usr/bin/opensc-explorer
cd 0065
echo Name:
cat 005B
echo Language:
cat 5F2D
echo Gender:
cat 5F35
quit
If the system libraries are set before the locally built libraries,
libtool will pick the system copy of OpenSC instead of the local one,
and that can make cross-builds fail badly.
This patch is already applied in Gentoo for proper building.
This seems the right thing to do, when you look at the initial commit which added the flags in do_generate_key and the ticket
http://www.opensc-project.org/opensc/ticket/198
Currently when storing a key, the accessflags are not set
* add new function path_to_filename() that converts a path into
filename, and returns a static buffer to it
* convert all occurrences where file names get generated
to using this function
Signed-off-by: Peter Marschall <peter@adpm.de>
Use the easier to read & shorter expression
path->type = (is_id) ? SC_PATH_TYPE_FILE_ID : SC_PATH_TYPE_PATH;
nstead of the longer, but equivalent if () .. else construction.
Signed-off-by: Peter Marschall <peter@adpm.de>
* allow double-quoted strings besides hexdata in ADPU generation
* detect errors in parameter parsing
* use utility function to print bytes sent,
fixing an error that only showed parts of the APDU wheni
it was generated from multiple arguments
Signed-off-by: Peter Marschall <peter@adpm.de>
Simplify argument handling in do_change() and do_unblock(),
making the functions shorter and deasier to understand.,
Signed-off-by: Peter Marschall <peter@adpm.de>
The variables "in_str" in do_update_binary() & do_update_record()
do not serve a purpose: use argv[x] directly & remove them.
Signed-off-by: Peter Marschall <peter@adpm.de>
Convert arg_to_path() to using the standard sc_hex_to_binary() instead of
the local hex2binary().
While at it, return erros on failed conversions.
Signed-off-by: Peter Marschall <peter@adpm.de>
Update do_update_record() to use parse_string_or_hexdata() instead of the old
hex2binary().
This change allows to use double-quoted strings in the "update_record" command.
Signed-off-by: Peter Marschall <peter@adpm.de>
do_update_binary() and do_update_record() expect a fixed number of parameters
each: adapt the checks for argc so that they do the right thing.
Signed-off-by: Peter Marschall <peter@adpm.de>
* add new function parse_string_or_hexdata() that parses
a double-quoted string or a hex-data string (e.g: AA:BB:CC)
into a buffer
* use parse_string_or_hexdata() wherever strings or hexdata
gets parsed into a buffer
Signed-off-by: Peter Marschall <peter@adpm.de>
* extend cmds struct by a new element args for a description of the arguments
* use args in help texts
* new function usage() for centralited dispaly of usage info
* harmonize argument strings for usage / help texts
* re-sort cmd list shown in help texts
* add function "help" to cwallow asking for for help
* space-police
Signed-off-by: Peter Marschall <peter@adpm.de>
* use ID<->name tables instead of arrays of strings where
the index was treated like some "magic" constant.
With the new mapping tables, the meaning is obvious.
* fix a bug with ac_ops_df[]: before the conversion, it was a list
of pointers to strings but was in one case treated like it was a mapping table.
With the conversion to a mapping table, and the adaption of other code parts
this bug got fixed "automagically" ;-)
* use common code to cleanly print ACLs for DFs & EFs
* harmonize EF structure names to the ones used in ISO 7816-4
Signed-off-by: Peter Marschall <peter@adpm.de>
the main difference between 'slot-description' and 'token-label' is that
the first one is unique in any case,
the second one can be the same for more then one slots.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5528 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-wrap.c can be removed. Clarified/changed the meaning of "insecure" flag to pkcs15-init tool,
which will be needed to explicitly enforce the creation of a key which does not require a PIN.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5510 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs11-tool.c:1253: warning: comparison between signed and unsigned
pkcs11-tool.c: In function ‘write_object’:
pkcs11-tool.c:1777: warning: unused variable ‘type’
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5505 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c: In function 'main':
opensc-explorer.c:1602: warning: declaration of 'argv' shadows a parameter
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5466 c6295689-39f2-0310-b995-f0e70906c6a9
Not all PKCS#11 driver support the C_SignUpdate.
So, for the short data begin with procedure "C_SignInit & C_Sign".
If no success, try to applicate the procedure "C_SignInit & C_SignUpdate & ... & C_SignFinal".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5458 c6295689-39f2-0310-b995-f0e70906c6a9
'asn1' takes a file_id as argument. This should be selected relative
to the currently selected DF instead of being treated as an ID.
(compare with 'get' & 'cat' that also take a file_id argument)
Patch from Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5417 c6295689-39f2-0310-b995-f0e70906c6a9
In the output of the interacive command 'help', leave more room
for the command names so that they do not flow into the descrition.
Patch from Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5416 c6295689-39f2-0310-b995-f0e70906c6a9
When composing path to file (for ex. to be read), if the type of parent DF is DF_NAME,
the value of the parent path is moved to the aid path member and
file ID takes place of the path value.
; 'cd ..' command takes into account the parent can be presented by DF_NAME
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5391 c6295689-39f2-0310-b995-f0e70906c6a9
EC parameters can be presented in a three forms: namedCurve, OID and implicit data.
This new data type will facilitate manipulation of ec-parameters in the OpenSC tools and library.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5386 c6295689-39f2-0310-b995-f0e70906c6a9
In do_apdu() resp send_apdu/(, flexibilize parsing the APDU string passed
so that extended APDUs are accepted a valid APDUs too.
While at it, fix a bug where more data than available would have been copied,
potentially leading to a SIGSEGV.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5369 c6295689-39f2-0310-b995-f0e70906c6a9
Use ID<->name tables in print_file() innstead of arrays of strings where
the index was treated like some "magic" constant. With the new mapping tables,
the meaning is obvious.
While on it, fix a bug with ac_ops_df[]: before the conversion, it was a list
of pointers to strings but was in one case treated like it was a mapping table.
With the conversion to a mapping table, and the adaption of other code parts
this bug got fixed "automagically" ;-)
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5368 c6295689-39f2-0310-b995-f0e70906c6a9
Use easily extensible tables instead of explicit coding to display
algorithm names and options in list_algorithms.
Leverage the new tables to add more RSA hashes.
Signed-off-by: Peter Marschall <peter@adpm.de>
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5367 c6295689-39f2-0310-b995-f0e70906c6a9
On Windows every DLL has their own file descriptor table, thus specifying
-v from any of the OpenSC tools resulted in a crash when the tool tried to override
ctx->debug_file with stderr.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5359 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-init.c: In function 'verify_pin':
pkcs15-init.c:2840: warning: declaration of 'r' shadows a previous local
pkcs15-init.c:2836: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5268 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:1111: warning: comparison between signed and unsigned
pkcs15-tool.c:1117: warning: comparison between signed and unsigned
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5224 c6295689-39f2-0310-b995-f0e70906c6a9
* shift libpkcs11 from src/pkcs11 to src/common as it is not used to implement the OpenSC PKCS#11 module
* invent a "libscdl" mini library that implements either libltdl based dynamic loading or uses native interfaces
* drop hard requirement for libltl to build OpenSC
* native Windows build does not need libltdl any more
* specify CNGSDK include dir to find cardmod.h. CNGSDK only registers with a handful of compilers
Deals with #323
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5201 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1440:22: warning: conversion specifies type 'unsigned int' but
the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
printf("expecting %u, got only %d bytes.\n", len, r);
~^ ~~~
%lu
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5137 c6295689-39f2-0310-b995-f0e70906c6a9
If the card supports it, changing a blocked PIN will result in an error before PIN entry, not when the card re-states that the PIN is already blocked.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5123 c6295689-39f2-0310-b995-f0e70906c6a9
emulated cards. True PKCS#15 cards with EC
will need additional changes.
Main changes are in framework-pkcs15.c, mechanism.c,
padding.c, pkcs15-algo.c and pkcs15-sec.c
where switch statements for key type, and testing
of flags was modified to make it easier to add
additional key types in the future.
The code was tested using RSA and ECDSA using a PIV card
from pkcs11-tool, OpenSSL and Thunderbird with
modifications to NSS-3.12.7 to get ECDSA to sign e-mail.
Only named curves are supported for ECDSA, ECDH is still
needed. pkcs11-tool has only minimal changes need to work
with the -O option to list EC keys.
One additional line was added to pkcs15-sec.c which
should get GOSTR sign to work.
libp11 and engine do not yet have EC support.
--This line, and those below, will be ignored--
M src/tools/piv-tool.c
M src/tools/pkcs11-tool.c
M src/pkcs11/framework-pkcs15.c
M src/pkcs11/mechanism.c
M src/pkcs11/pkcs11-object.c
M src/libopensc/pkcs15-prkey.c
M src/libopensc/card-piv.c
M src/libopensc/padding.c
M src/libopensc/cardctl.h
M src/libopensc/pkcs15-algo.c
M src/libopensc/libopensc.exports
M src/libopensc/pkcs15-piv.c
M src/libopensc/pkcs15-sec.c
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4904 c6295689-39f2-0310-b995-f0e70906c6a9
* Detect different cards based on ATR-s and on card objects
* Set the card name from the ATR table
* Conditionally add support for 2048b keys
* Add workarounds for broken MULTOS and JavaCard cards.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4893 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:976: warning: declaration of ‘r’ shadows a previous local
pkcs15-tool.c:972: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4867 c6295689-39f2-0310-b995-f0e70906c6a9
pkcs15-tool.c:151: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:152: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:153: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:154: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:155: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:156: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:157: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:158: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:159: warning: initialization discards qualifiers from pointer target type
pkcs15-tool.c:160: warning: initialization discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4866 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c:292: warning: declaration of ‘newkey’ shadows a global declaration
piv-tool.c:97: warning: shadowed declaration is here
piv-tool.c: At top level:
piv-tool.c:97: warning: ‘newkey’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4865 c6295689-39f2-0310-b995-f0e70906c6a9
PIV driver client can build and run without OpenSSL,
(admin functions and piv-tool still need OpenSSL)
define PIV specific ctrl codes and structures.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4767 c6295689-39f2-0310-b995-f0e70906c6a9
--slot will take the actual CK_SLOT_ID
--slot-label will use the token label to find the correct slot
--slot-index will use the N-th slot from the list returned by C_GetSlotList
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4746 c6295689-39f2-0310-b995-f0e70906c6a9
* One sc_context has only a single reader driver.
* remove dynamic reader driver loading capabilities
* remove opensc-tool -R command
* change the internal API, we don't need to pass around a "driver data" pointer as it can be found directly from the context.
* check in ./configure for only a single enabled reader driver
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4709 c6295689-39f2-0310-b995-f0e70906c6a9
Support for importing cleartext keys is left untouched, but all transparent key generation by either opensc-pkcs11.so or pkcs15-init is removed, to make the operation with cleartext keys visible to the user and his explicit wish.
OpenSC is a PKCS#11 library for accessing keys protected by a smart card. Key material in software is not protected by smart cards and can leave a false sense of security to the user.
http://www.opensc-project.org/pipermail/opensc-devel/2010-April/013877.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4646 c6295689-39f2-0310-b995-f0e70906c6a9
This version, additionally, skips this step entirely if there is no current_path; this is useful when starting with --mf "".
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4638 c6295689-39f2-0310-b995-f0e70906c6a9
From http://en.wikipedia.org/wiki/Malloc#Casting_and_type_safety
" Casting and type safety
malloc returns a void pointer (void *), which indicates that it is a
pointer to a region of unknown data type. One may "cast" (see type
conversion) this pointer to a specific type, as in
int *ptr = (int*)malloc(10 * sizeof (int));
When using C, this is considered bad practice; it is redundant under the
C standard. Moreover, putting in a cast may mask failure to include the
header stdlib.h, in which the prototype for malloc is found. In the
absence of a prototype for malloc, the C compiler will assume that
malloc returns an int, and will issue a warning in a context such as the
above, provided the error is not masked by a cast. On certain
architectures and data models (such as LP64 on 64 bit systems, where
long and pointers are 64 bit and int is 32 bit), this error can actually
result in undefined behavior, as the implicitly declared malloc returns
a 32 bit value whereas the actually defined function returns a 64 bit
value. Depending on calling conventions and memory layout, this may
result in stack smashing.
The returned pointer need not be explicitly cast to a more specific
pointer type, since ANSI C defines an implicit conversion between the
void pointer type and other pointers to objects. An explicit cast of
malloc's return value is sometimes performed because malloc originally
returned a char *, but this cast is unnecessary in standard C
code.[4][5] Omitting the cast, however, creates an incompatibility with
C++, which does require it.
The lack of a specific pointer type returned from malloc is type-unsafe
behaviour: malloc allocates based on byte count but not on type. This
distinguishes it from the C++ new operator that returns a pointer whose
type relies on the operand. (see C Type Safety). "
See also
http://www.opensc-project.org/pipermail/opensc-devel/2010-August/014586.html
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4636 c6295689-39f2-0310-b995-f0e70906c6a9
--debug was not documented and not used by other tools; --help was not handled.
Thanks to Ludolf Holzheid for noticing this.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4596 c6295689-39f2-0310-b995-f0e70906c6a9
westcos-tool.c: In function ‘main’:
westcos-tool.c:375: warning: unused variable ‘lecteur’
westcos-tool.c:373: warning: unused variable ‘card_presente’
westcos-tool.c:372: warning: unused variable ‘p’
westcos-tool.c:371: warning: unused variable ‘i’
westcos-tool.c: At top level:
westcos-tool.c:43: warning: ‘version’ defined but not used
westcos-tool.c:45: warning: ‘nom_card’ defined but not used
westcos-tool.c:103: warning: ‘no_lecteur’ defined but not used
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4420 c6295689-39f2-0310-b995-f0e70906c6a9
Without GNU C extention 'getline()' the same code of the local 'getpass' procedure is used for Mac OS and Linux.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4272 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
pkcs15-crypt.c: In function ‘sign_ext’:
pkcs15-crypt.c:293: warning: dereferencing type-punned pointer will break strict-aliasing rules
pkcs15-crypt.c:299: warning: dereferencing type-punned pointer will break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4183 c6295689-39f2-0310-b995-f0e70906c6a9
for DES_ecb_encrypt() input and output parameters.
I have no idea how it could have worked.
Fix
cardos-tool.c: In function ‘cardos_sm4h’:
cardos-tool.c:421: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:421: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:426: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:432: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 1 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:434: warning: passing argument 2 of ‘DES_ecb_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:472: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 1 of ‘DES_ecb3_encrypt’ from incompatible pointer type
cardos-tool.c:483: warning: passing argument 2 of ‘DES_ecb3_encrypt’ from incompatible pointer type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4181 c6295689-39f2-0310-b995-f0e70906c6a9
util.c:11: warning: declaration of ‘wait’ shadows a global declaration
/usr/include/sys/wait.h:255: warning: shadowed declaration is here
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4180 c6295689-39f2-0310-b995-f0e70906c6a9
opensc-explorer.c:1606: warning: passing argument 3 of
‘util_connect_card’ discards qualifiers from pointer target type
rutoken-tool.c:492: warning: passing argument 3 of ‘util_connect_card’
discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4179 c6295689-39f2-0310-b995-f0e70906c6a9
piv-tool.c: In function ‘load_object’:
piv-tool.c:130: warning: implicit declaration of function ‘sc_asn1_find_tag’
piv-tool.c:130: warning: nested extern declaration of ‘sc_asn1_find_tag’
piv-tool.c:130: warning: cast from function call of type ‘int’ to non-matching type ‘u8 *’
piv-tool.c:130: warning: cast to pointer from integer of different size
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4178 c6295689-39f2-0310-b995-f0e70906c6a9
Would fail on PowerPC in 64-bits for example.
Fix pkcs11-tool.c:2954: warning: dereferencing type-punned pointer will
break strict-aliasing rules
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4174 c6295689-39f2-0310-b995-f0e70906c6a9
Fix
pkcs11-tool.c:1899: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1902: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1906: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1910: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1914: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1918: warning: assignment discards qualifiers from pointer target type
pkcs11-tool.c:1922: warning: assignment discards qualifiers from pointer target type
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4173 c6295689-39f2-0310-b995-f0e70906c6a9
Four method are added to the 'sc_pkcs15init_operations':
emu_update_dir -- create or not the DIR file;
emu_update_any_df -- update the non-pkcs15 descriptors that are equivalents to pkcs15 xDF files;
emu_update_tokeninfo -- update analog of tokenInfo;
emu_write_info -- to not create OPENSC-INFO file;
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4128 c6295689-39f2-0310-b995-f0e70906c6a9
It's implemented for the card with emulated pkcs#15 and protected private object attributes.
Update to man pages is comming soon.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4126 c6295689-39f2-0310-b995-f0e70906c6a9
* reduce to a few, supported functions.
* change all functions to take the debug level as parameter.
* use symbolic names for the debug levels.
* fix tools to pass "verbose"/"opt_debug" as ctx->debug.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4118 c6295689-39f2-0310-b995-f0e70906c6a9
(with "Unsupported card"). This needs to be improved.
This patch changes the "initialization" to "binding", so we at least
can tell people: you need to initialized an empty card first.
Needs to be improved of course.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4117 c6295689-39f2-0310-b995-f0e70906c6a9
Implemented to have the possibility to verify PIN after binding of the pkcs15 card and before any 'substantial' operation.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4093 c6295689-39f2-0310-b995-f0e70906c6a9
the PIV driver no longer need to set the card max_*_size parameters
to get around emulating read_binary and write_binary. It can
now handle partial reads and writes.
The assumptions for write_binary are that the first chuck will
have idx = 0, and the last chunk will write the last byte.
The flags parameter will contain the total length.
The only write_binary operations are done when initializing
a card, and this is only done from piv-tool.c which was modified
to pass in the length and other flags.
Piv-tool continues to be a primative test tool for inializing test
cards. But it has been expanded to be able to write other objects
on test cards.
The serial number of a PIV card is obtained from the CHUID object
if present which has a FASC-N which is an ID number created by the
issuer. Normally PIV cards are issued the U.S. Federal government
But there are ways to use the same cards with a non government CA.
This is then be referred to as PIV Compatible. In this case,
the FASC-N should start with an agency code = 9999 and an RFC 4122
GUID should be present in the CHUID. If this is the case, the GUID
is used as the serial number.
Windows 7 comes with a PIV card card driver, but to get it use one of
these card the CHUID is required. (piv-tool can now write one.
git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3998 c6295689-39f2-0310-b995-f0e70906c6a9
Andreas Schwier
Charles Bancroft
Viktor Tarasov
Martin Paljak
Frank Thater
mescheryakov1
Anthony Foiani
Jean-Pierre Szikora
sjoblomt
Ludovic Rousseau
Peter Marschall
Nguyễn Hồng Quân
Doug Engert
Nguyễn Hồng Quân
Diego Elio Pettenò
Frank Morgner
Alon Bar-Lev
Robbert Müller
andre
vtarasov
martin
ludovic.rousseau
dengert
s
viktor.tarasov
ep
jps
flc
aj