giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
opensc/src/libopensc
History
Doug Engert 3fea6b7927 PIV detection of AID using Discovery Object before doing select AID 
Many OpenSC drivers try and detect during match if the card supports
their AID by doing a SELECT FILE for the AID.

But this can cause problems with cards such as Yubico that do not ignore
SELECT AID commands for applications they do not support. Other cards may
have the same problems. Selecting the wrong AID can also lose the security
state.

The card-piv.c will now uses the GET DATA to read the PIV Discovery Object '7E'
which is a ISO standard template that will contain the AID of the currently
active application. The driver will then double check that the template is
for the PIV application.

If the template contains the PIV AID, then no SELECT AID is done.
PIV standards say there can only be one PIV application on a card.
PIV standards also say PIV must be the the default application,
but Yubico does not follow this.

The command fails only then will a SELECT AID be done.

Thus this can avoid the Yubico problem.

This logic is used in both "match" and in the piv_card_reader_lock_obtained
routine.

Additional logic was in piv_card_reader_lock_obtained was added to handle
when the card reset was received by some other program. Multiple programs
may be trying to use the PIV application on the card, and thus multiple
programs will all receive that the card was reset. The first program to receive
the card was reset will do all of the above logic, and may leave the card in
a state will cause other programs to not  have to do much at all.

 The intent of all of this is to avoid sending extra commands to the card
 including SELECT AID that could change the card state when not needed.

 On branch piv-aid-discovery
 Changes to be committed:
	modified:   card-piv.c
 		2018-02-22 09:37:46 -06:00
..
Makefile.am Added PKCS#15 emulator for DIN 66291 profile 2017-10-27 19:48:22 +02:00
Makefile.mak win32: don't link static libs into static libs 2017-11-09 12:42:29 +01:00
apdu.c dump data with sc_debug_hex and sc_log_hex 2017-11-17 10:03:54 +01:00
asn1.c ISO7816: allow nested CP DOs 2018-01-22 15:26:44 +01:00
asn1.h asn1: tagnum size has not exceed 3 bytes 2016-03-10 10:13:27 +01:00
authentic.h
aux-data.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
aux-data.h Move include for internal.h from aux-date.h to aux-data.c (#888) 2016-10-16 20:09:00 +02:00
base64.c make casting explicit 2015-11-01 13:18:39 +01:00
card-acos5.c honour HAVE_CONFIG_H 2015-04-22 23:55:33 +02:00
card-akis.c honour HAVE_CONFIG_H 2015-04-22 23:55:33 +02:00
card-asepcos.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-atrust-acos.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
card-authentic.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-belpic.c fixed accessing garbage value 2017-11-09 12:42:29 +01:00
card-cac.c cac: Try to read the ACA file 2018-02-07 11:13:09 +01:00
card-cardos.c CardOS: Try forcing max_send_size for PSO:DEC 2017-12-04 21:09:46 +01:00
card-coolkey.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-default.c honour HAVE_CONFIG_H 2015-04-22 23:55:33 +02:00
card-dnie.c DNIe: card also supports 1920 bits (#1247) 2018-01-28 21:25:42 +01:00
card-entersafe.c fixed bad memory access 2017-06-09 10:33:46 +02:00
card-epass2003.c dump data with sc_debug_hex and sc_log_hex 2017-11-17 10:03:54 +01:00
card-flex.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
card-gemsafeV1.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-gids.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-gids.h First support for GIDS card 2016-02-19 00:12:16 +01:00
card-gpk.c dump data with sc_debug_hex and sc_log_hex 2017-11-17 10:03:54 +01:00
card-iasecc.c IAS/ECC: fixed applet selection 2018-01-24 10:45:16 +01:00
card-incrypto34.c Avoid GCC 7 warnings with -Werror (#1196) 2017-11-17 10:47:53 +01:00
card-isoApplet.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-itacns.c Fix missing error handling of memory allocation (#1020) 2017-04-20 21:08:49 +02:00
card-jcop.c fixed binary comparison 2017-11-09 12:42:29 +01:00
card-jpki.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-masktech.c Merge pull request #483 from adminmt/master 2015-09-02 10:41:06 +02:00
card-mcrd.c Fix reading EstEID certificates with T=0 (#1193) 2017-11-17 10:46:34 +01:00
card-miocos.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
card-muscle.c Reselect PKI-Applets after card reset 2018-02-07 11:57:48 +01:00
card-myeid.c fixed dead assignment 2017-11-09 12:42:29 +01:00
card-npa.c compiler fix 2018-02-20 22:16:51 +01:00
card-npa.h EAC: Clearify naming of functions and data 2018-02-20 22:16:51 +01:00
card-oberthur.c dump data with sc_debug_hex and sc_log_hex 2017-11-17 10:03:54 +01:00
card-openpgp.c Return SC_SUCCESS in openpgp_card_reader_lock_obtained 2018-02-12 09:45:36 +01:00
card-piv.c PIV detection of AID using Discovery Object before doing select AID 2018-02-22 09:37:46 -06:00
card-rtecp.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
card-rutoken.c pkcs15init: Fix rutokenS FCP parsing (#1259) 2018-02-13 13:24:28 +01:00
card-sc-hsm.c sc-hsm: fixed accessing version info (#1252) 2018-02-07 12:00:09 +01:00
card-sc-hsm.h Fix maximum CHR length 2017-06-24 15:26:04 +02:00
card-setcos.c Add support for RSA with keylength 2048 2016-05-16 11:12:53 +02:00
card-starcos.c starcos: 3.4 supports ISO based PIN status queries 2017-10-27 19:48:22 +02:00
card-tcos.c win32: generate PDB files for releases 2017-11-21 10:54:48 +01:00
card-westcos.c Avoid GCC 7 warnings with -Werror (#1196) 2017-11-17 10:47:53 +01:00
card.c Add _sc_card_add_generic for registering secret key algorithms 2017-06-13 10:40:36 +02:00
cardctl.h Add the ACA path to the PIN structure if we have one 2017-11-09 12:45:35 +01:00
cards.h OpenPGP: Added basic support for OpenPGP card V3 2018-01-22 15:26:44 +01:00
ccid-types.h Added support for PIN commands via escape commands 2017-03-20 21:28:48 +01:00
compression.c First support for GIDS card 2016-02-19 00:12:16 +01:00
compression.h First support for GIDS card 2016-02-19 00:12:16 +01:00
ctbcs.c coverity-scan: supplement to #710 2016-03-15 19:10:52 +01:00
ctbcs.h
ctx.c OpenPGP: Implemented "keep alive" command 2018-02-07 11:57:48 +01:00
cwa-dnie.c Add dnie_free_apdu_buffers into dnie_sm_free_wrapped_apdu. 2017-04-20 11:04:02 +02:00
cwa-dnie.h Add dnie_free_apdu_buffers into dnie_sm_free_wrapped_apdu. 2017-04-20 11:04:02 +02:00
cwa14890.c dump data with sc_debug_hex and sc_log_hex 2017-11-17 10:03:54 +01:00
cwa14890.h Use struct sm_cwa_session from sm.h in dnie (#955) 2017-02-04 22:32:35 +01:00
dir.c OpenPGP: Implemented "keep alive" command 2018-02-07 11:57:48 +01:00
ef-atr.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
ef-gdo.c fixed compiler warnings 2017-11-09 12:42:29 +01:00
errors.c honour HAVE_CONFIG_H 2015-04-22 23:55:33 +02:00
errors.h
esteid.h
iasecc-sdo.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
iasecc-sdo.h
iasecc-sm.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
iasecc.h
internal-winscard.h License clarification (#988) 2017-03-14 22:47:13 +01:00
internal.h Add _sc_card_add_generic for registering secret key algorithms 2017-06-13 10:40:36 +02:00
iso7816.c OpenPGP: Added support for PIN logout and status 2018-01-22 15:26:44 +01:00
iso7816.h parse Extended Length Information in EF.ATR/INFO 2016-07-19 14:30:38 +02:00
itacns.h
jpki.h login state preservation for JPKI card 2017-02-06 14:22:14 +01:00
libopensc.exports EAC: Clearify naming of functions and data 2018-02-20 22:16:51 +01:00
log.c win32: generate PDB files for releases 2017-11-21 10:54:48 +01:00
log.h dump data with sc_debug_hex and sc_log_hex 2017-11-17 10:03:54 +01:00
muscle-filesystem.c honour HAVE_CONFIG_H 2015-04-22 23:55:33 +02:00
muscle-filesystem.h
muscle.c fixed dead assignment 2017-11-09 12:42:29 +01:00
muscle.h use size_t for a length instead of int 2015-10-14 22:56:53 +02:00
opensc.dll.manifest Windows: Added support for notifications 2017-08-02 19:03:16 +02:00
opensc.h OpenPGP: Implemented "keep alive" command 2018-02-07 11:57:48 +01:00
p15card-helper.c Use OpenSSL versions OpenSSL-0.9.7 to 1.1.0a for OpenSC 2016-10-08 06:15:06 -05:00
p15card-helper.h
pace.h Added (external) card driver for German ID card 2017-03-20 21:28:48 +01:00
padding.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
pkcs15-actalis.c Fix missing error handling of memory allocation (#1020) 2017-04-20 21:08:49 +02:00
pkcs15-algo.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
pkcs15-atrust-acos.c Initialize PIN logged_in field for cards that do not support PIN info 2016-09-01 02:03:42 +02:00
pkcs15-cac.c Add the ACA path to the PIN structure if we have one 2017-11-09 12:45:35 +01:00
pkcs15-cache.c fixed Coverity issues 2017-06-13 13:07:52 +02:00
pkcs15-cert.c sc_pkcs15_get_bitstring_extension: int, not long long 2017-09-12 23:05:27 +02:00
pkcs15-coolkey.c clang static analyzer reports 2017-07-18 22:40:20 +02:00
pkcs15-data.c add compatibility implementation for strnlen 2016-01-20 10:47:27 +01:00
pkcs15-din-66291.c Added PKCS#15 emulator for DIN 66291 profile 2017-10-27 19:48:22 +02:00
pkcs15-dnie.c NULL parameter check moved to sc_file_free() 2017-01-10 12:46:44 +01:00
pkcs15-esinit.c fixed dead assignment 2017-11-09 12:42:29 +01:00
pkcs15-esteid.c EstEID ECDH token support (#1185) 2017-11-10 08:58:31 +01:00
pkcs15-gemsafeGPK.c fixed dead assignment 2017-11-09 12:42:29 +01:00
pkcs15-gemsafeV1.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
pkcs15-gids.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
pkcs15-iasecc.c fixed dead assignment 2017-11-09 12:42:29 +01:00
pkcs15-infocamere.c fixed dead assignment 2017-11-09 12:42:29 +01:00
pkcs15-itacns.c Avoid GCC 7 warnings with -Werror (#1196) 2017-11-17 10:47:53 +01:00
pkcs15-jpki.c add public keys 2017-08-02 10:27:06 +02:00
pkcs15-oberthur.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
pkcs15-openpgp.c OpenPGP: Added basic support for OpenPGP card V3 2018-01-22 15:26:44 +01:00
pkcs15-pin.c fixed possible NULL dereference 2017-11-09 12:42:29 +01:00
pkcs15-piv.c Avoid potential memory leak 2017-11-09 12:45:35 +01:00
pkcs15-postecert.c Initialize PIN logged_in field for cards that do not support PIN info 2016-09-01 02:03:42 +02:00
pkcs15-prkey.c Fix missing error handling of memory allocation (#1020) 2017-04-20 21:08:49 +02:00
pkcs15-pteid.c pteid: order objects by address (supersede #949) (#954) 2017-02-09 20:54:06 +01:00
pkcs15-pubkey.c clang static analyzer reports 2017-07-18 22:40:20 +02:00
pkcs15-sc-hsm.c sc-hsm: fixed accessing version info (#1252) 2018-02-07 12:00:09 +01:00
pkcs15-sec.c Fix log messages format and parameter issues flagged by GCC 2017-03-27 11:05:16 +02:00
pkcs15-skey.c Imporve SKDF decoding and implement encoding 2017-06-13 10:40:36 +02:00
pkcs15-starcert.c fixed dead assignment 2017-11-09 12:42:29 +01:00
pkcs15-syn.c Yubico PIV application fixed CI_VERIFY_LC0_FAIL in version 4.3.2 2018-02-22 09:33:30 -06:00
pkcs15-syn.h Added PKCS#15 emulator for DIN 66291 profile 2017-10-27 19:48:22 +02:00
pkcs15-tccardos.c unified reading of EF.GDO 2017-10-27 19:48:22 +02:00
pkcs15-tcos.c Initialize PIN logged_in field for cards that do not support PIN info 2016-09-01 02:03:42 +02:00
pkcs15-westcos.c fixed dead assignment 2017-11-09 12:42:29 +01:00
pkcs15.c OpenPGP: Implemented "keep alive" command 2018-02-07 11:57:48 +01:00
pkcs15.h Added PKCS#15 emulator for DIN 66291 profile 2017-10-27 19:48:22 +02:00
reader-cryptotokenkit.m CTK: Added support for PIN pad 2017-11-17 10:04:46 +01:00
reader-ctapi.c Fix missing error handling of memory allocation (#1020) 2017-04-20 21:08:49 +02:00
reader-openct.c Fix missing error handling of memory allocation (#1020) 2017-04-20 21:08:49 +02:00
reader-pcsc.c PC/SC: don't reset the card on disconnection 2018-01-22 15:27:18 +01:00
reader-tr03119.c EAC: Clearify naming of functions and data 2018-02-20 22:16:51 +01:00
reader-tr03119.h EAC: Clearify naming of functions and data 2018-02-20 22:16:51 +01:00
sc-ossl-compat.h build fix for libressl 2.5.3 2017-04-26 10:59:47 +02:00
sc.c Linux: Added support for notifications 2017-08-02 19:02:21 +02:00
sec.c fixed compiler warnings 2017-11-09 12:42:29 +01:00
simpletlv.c SimpleTLV: Skip correctly two bytes after reading 2b size (#1231) 2018-01-17 00:28:05 +01:00
simpletlv.h adding a CAC support into OpenSC (#841) 2017-02-27 11:05:12 +01:00
sm.c Add ECC support and solve wrong Length status codes with SM card 2017-10-16 14:57:52 +02:00
sm.h documented usage of SM_MODE_ACL 2018-01-24 11:05:31 +01:00
types.h sc-hsm: Add support for SoC 2017-05-22 16:25:08 +02:00