giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
opensc/src
History
aj 16f045bf0c Douglas E. Engert: major update for the PIV smartcard. 
The major issue is with getting the length of an object or the cert
contained in an object. The PIV card does not have a directory on the card,
So the previous version tried to put off as long as possible the reading
of objects for performance so as to avoid having to read objects that would
not be used. The first standard, NIST 800-73, set maximum sizes for objects.
800-73-2 removed this for certificates.

A certificate object can contain a certificate which might be compressed.
The only way to get the length of the compressed certificate is to decompress
it. Thus the decompressed certificate could be larger then the container object,
so even if the PIV card had a directory, one would still need to decompress
the certificate to find its length.

OpenSC sc_read_binary will use the length obtained by using
sc_select_file(...,&file_out), and thus the lengths must be determined
in sc_select_file.

Change are to card-piv.c and pkcs15-piv.c and include:
  * The old cache code which was not working was removed.
  * New cache code was added which caches all object read from the card
  * If an object has a cert, the cert is decompressed and also cached.
  * As part of reading an object the first 8 bytes are read
    and this is then used to allocate a large buffer to read in the
    object.
  * If pkcs15 or pkcs11 asks about a certificate, the cert object
    will be read, and the cert decompressed, to get the actual length.
  * If piv_select_file is called with the file_out != NULL the object
    will be read to get the length If called with NULL it will not be read.
  * The enumeration of the objects now starts with 0.
  * sc_ctx_suppress_errors_on and off are used to avoid file not found
    messages which are are a by product of not having a directory.
  * "Unsigned Card Holder Unique Identifier" object in card-piv and pkcs15-piv.c
     had conflicting paths, as NIST 800-72-1 had two tables with different
     paths. The enumtag for it in card-piv.c was also wrong.



git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@3710 c6295689-39f2-0310-b995-f0e70906c6a9
 		2009-07-22 10:09:21 +00:00
..
common add a prototype for compat_dummy() 2008-05-22 12:14:39 +00:00
include Fix native windows build, add iconv support 2009-01-29 11:47:45 +00:00
libopensc Douglas E. Engert: major update for the PIV smartcard. 2009-07-22 10:09:21 +00:00
openssh More separate srcdir fixups 2008-04-01 19:04:33 +00:00
pkcs11 Kalev Lember: fix onepin-opensc-pkcs11.dll manifest embedding 2009-06-28 10:08:17 +00:00
pkcs15init Add new rutoken_ecp driver by Aktiv Co. / Aleksey Samsonov 2009-06-24 15:26:37 +00:00
scconf Use size_t instead of int when needed, plus some other minor changes 2008-05-05 13:00:01 +00:00
signer Use size_t instead of int when needed, plus some other minor changes 2008-05-05 13:00:01 +00:00
tests Use size_t instead of int when needed, plus some other minor changes 2008-05-05 13:00:01 +00:00
tools print_file(): inverse "write" and "erase" 2009-06-16 09:17:53 +00:00
Makefile.am More separate srcdir fixups 2008-04-01 19:04:33 +00:00
Makefile.mak use ltdl not scdl. 2005-09-09 14:43:59 +00:00