306 changes: 259 additions & 47 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,36 @@
language: c

addons:
apt_packages:
- binutils-mingw-w64-i686
- binutils-mingw-w64-x86-64
- docbook-xsl
- gcc-mingw-w64-i686
- gcc-mingw-w64-x86-64
- libpcsclite-dev
- mingw-w64
- wine
- xsltproc
- gengetopt
- libcmocka-dev
matrix:
include:
- compiler: clang
os: osx
env: DO_PUSH_ARTIFACT=yes
- compiler: gcc
os: linux
dist: trusty
env:
- DO_SIMULATION=javacard
- ENABLE_DOC=--enable-doc
sudo: true
- compiler: gcc
os: linux
dist: bionic
env:
- DO_SIMULATION=oseid
sudo: true
- env:
- HOST=x86_64-w64-mingw32
- DO_PUSH_ARTIFACT=yes
- env:
- HOST=i686-w64-mingw32
- DO_PUSH_ARTIFACT=yes
- env: DO_COVERITY_SCAN=yes
- compiler: gcc
os: linux
dist: bionic
env:
- DO_SIMULATION=cac
sudo: true

env:
global:
Expand All @@ -28,74 +46,256 @@ env:
- COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
- SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)

matrix:
fast_finish: true
include:
- compiler: clang
os: osx
env: DO_PUSH_ARTIFACT=yes
- compiler: gcc
os: osx
- compiler: clang
os: linux
env: ENABLE_DOC=--enable-doc
- compiler: gcc
os: linux
env: ENABLE_DOC=--enable-doc
- os: linux
env:
- HOST=x86_64-w64-mingw32
- DO_PUSH_ARTIFACT=yes
- os: linux
env:
- HOST=i686-w64-mingw32
- DO_PUSH_ARTIFACT=yes
- os: linux
env: DO_COVERITY_SCAN=yes
addons:
apt_packages:
- binutils-mingw-w64-i686
- binutils-mingw-w64-x86-64
- docbook-xsl
- gcc-mingw-w64-i686
- gcc-mingw-w64-x86-64
- libpcsclite-dev
- mingw-w64
- xsltproc
- gengetopt
- libcmocka-dev
- help2man
- pcscd
- pcsc-tools
- check
- ant
- socat

before_install:
- if [ "$TRAVIS_OS_NAME" == "osx" ]; then
# brew install gengetopt help2man cmocka ccache llvm;
# export PATH="/usr/local/opt/ccache/libexec:/usr/local/opt/llvm/bin:$PATH";
- if [ "$TRAVIS_OS_NAME" = "osx" ]; then
brew update;
brew uninstall libtool;
brew install libtool;
brew install gengetopt help2man cmocka;
brew install gengetopt help2man cmocka ccache;
export PATH="/usr/local/opt/ccache/libexec:$PATH";
fi
- if [ "${DO_SIMULATION}" = "cac" ]; then
sudo apt-get install -y libglib2.0-dev libnss3-dev pkgconf libtool make autoconf autoconf-archive automake libsofthsm2-dev softhsm2 softhsm2-common help2man gnutls-bin libcmocka-dev libusb-dev libudev-dev flex libnss3-tools libssl-dev libpcsclite1;
export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig;
fi
- if [ -n "${HOST}" ]; then
sudo apt-get install -y wine;
fi

before_script:
- ./bootstrap
- if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
./bootstrap;
fi
- if [ "$TRAVIS_BRANCH" = "master" -a "$TRAVIS_PULL_REQUEST" != "false" ]; then
./bootstrap.ci -s "-pr$TRAVIS_PULL_REQUEST";
fi
- if [ "$TRAVIS_BRANCH" != "master" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
./bootstrap.ci -s "-$TRAVIS_BRANCH";
fi
- if [ "$TRAVIS_BRANCH" != "master" -a "$TRAVIS_PULL_REQUEST" != "false" ]; then
./bootstrap.ci -s "-$TRAVIS_BRANCH-pr$TRAVIS_PULL_REQUEST";
fi
- if [ -z "$HOST" ]; then
CFLAGS="-Werror" ./configure $ENABLE_DOC --enable-dnie-ui;
else
if [ ! -f "$(winepath 'C:/Program Files (x86)/Inno Setup 5/ISCC.exe')" ]; then
/sbin/start-stop-daemon --start --quiet --pidfile /tmp/custom_xvfb_99.pid --make-pidfile --background --exec /usr/bin/Xvfb -- :99 -ac -screen 0 1280x1024x16;
export DISPLAY=:99.0;
wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe;
[ -f isetup-5.5.6.exe ] || wget http://files.jrsoftware.org/is/5/isetup-5.5.6.exe;
wine isetup-5.5.6.exe /SILENT /VERYSILENT /SP- /SUPPRESSMSGBOXES /NORESTART;
fi;
unset CC;
unset CXX;
./configure --host=$HOST --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=${TRAVIS_BUILD_DIR}/win32/opensc || cat config.log;
./configure --host=$HOST --with-completiondir=/tmp --disable-openssl --disable-readline --disable-zlib --disable-notify --prefix=${TRAVIS_BUILD_DIR}/win32/opensc || cat config.log;
fi
# Optionally try to upload to Coverity Scan
# On error (propably quota is exhausted), just continue
- if [ "${DO_COVERITY_SCAN}" = "yes" ]; then curl -s 'https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh' | bash || true; fi

- if [ "${DO_SIMULATION}" = "javacard" ]; then
git clone https://github.com/frankmorgner/vsmartcard.git;
cd vsmartcard/virtualsmartcard;
autoreconf -vis && ./configure && sudo make install;
cd $TRAVIS_BUILD_DIR;
sudo /etc/init.d/pcscd restart;

git clone https://github.com/martinpaljak/oracle_javacard_sdks.git;
export JC_HOME=$PWD/oracle_javacard_sdks/jc222_kit;
export JC_CLASSIC_HOME=$PWD/oracle_javacard_sdks/jc305u3_kit;

git clone https://github.com/arekinath/jcardsim.git;
cd jcardsim;
mvn initialize && mvn clean install;
cd $TRAVIS_BUILD_DIR;

git clone https://github.com/philipWendland/IsoApplet.git;
javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar IsoApplet/src/net/pwendland/javacard/pki/isoapplet/*.java;
echo "com.licel.jcardsim.card.applet.0.AID=F276A288BCFBA69D34F31001" > isoapplet_jcardsim.cfg;
echo "com.licel.jcardsim.card.applet.0.Class=net.pwendland.javacard.pki.isoapplet.IsoApplet" >> isoapplet_jcardsim.cfg;
echo "com.licel.jcardsim.card.ATR=3B80800101" >> isoapplet_jcardsim.cfg;
echo "com.licel.jcardsim.vsmartcard.host=localhost" >> isoapplet_jcardsim.cfg;
echo "com.licel.jcardsim.vsmartcard.port=35963" >> isoapplet_jcardsim.cfg;

git clone https://github.com/vletoux/GidsApplet.git;
javac -classpath jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar GidsApplet/src/com/mysmartlogon/gidsApplet/*.java;
echo "com.licel.jcardsim.card.applet.0.AID=A000000397425446590201" > gids_jcardsim.cfg;
echo "com.licel.jcardsim.card.applet.0.Class=com.mysmartlogon.gidsApplet.GidsApplet" >> gids_jcardsim.cfg;
echo "com.licel.jcardsim.card.ATR=3B80800101" >> gids_jcardsim.cfg;
echo "com.licel.jcardsim.vsmartcard.host=localhost" >> gids_jcardsim.cfg;
echo "com.licel.jcardsim.vsmartcard.port=35963" >> gids_jcardsim.cfg;

git clone --recursive https://github.com/Yubico/ykneo-openpgp.git;
cd ykneo-openpgp;
ant -DJAVACARD_HOME=${JC_HOME};
cd $TRAVIS_BUILD_DIR;
echo "com.licel.jcardsim.card.applet.0.AID=D2760001240102000000000000010000" > openpgp_jcardsim.cfg;
echo "com.licel.jcardsim.card.applet.0.Class=openpgpcard.OpenPGPApplet" >> openpgp_jcardsim.cfg;
echo "com.licel.jcardsim.card.ATR=3B80800101" >> openpgp_jcardsim.cfg;
echo "com.licel.jcardsim.vsmartcard.host=localhost" >> openpgp_jcardsim.cfg;
echo "com.licel.jcardsim.vsmartcard.port=35963" >> openpgp_jcardsim.cfg;

git clone --recursive https://github.com/arekinath/PivApplet.git;
cd PivApplet;
ant dist;
cd $TRAVIS_BUILD_DIR;

git clone https://github.com/Yubico/yubico-piv-tool.git;
cd yubico-piv-tool;
autoreconf -vis && ./configure && sudo make install;
cd $TRAVIS_BUILD_DIR;
fi

- if [ "${DO_SIMULATION}" = "oseid" ]; then
git clone https://github.com/popovec/oseid;
cd oseid/src/;
make -f Makefile.console;
mkdir tmp;
socat -d -d pty,link=tmp/OsEIDsim.socket,raw,echo=0 "exec:build/console/console ...,pty,raw,echo=0" &
sleep 1;
echo "# OsEIDsim" > tmp/reader.conf;
echo 'FRIENDLYNAME "OsEIDsim"' >> tmp/reader.conf;
echo "DEVICENAME ${TRAVIS_BUILD_DIR}/oseid/src/tmp/OsEIDsim.socket" >> tmp/reader.conf;
echo "LIBPATH ${TRAVIS_BUILD_DIR}/oseid/src/build/console/libOsEIDsim.so.0.0.1" >> tmp/reader.conf;
echo "CHANNELID 1" >> tmp/reader.conf;
sudo mv tmp/reader.conf /etc/reader.conf.d/reader.conf;
cat /etc/reader.conf.d/reader.conf;
cd $TRAVIS_BUILD_DIR;

sudo /etc/init.d/pcscd restart;
fi

- if [ "${DO_SIMULATION}" = "cac" ]; then
git clone https://github.com/frankmorgner/vsmartcard.git;
cd vsmartcard/virtualsmartcard;
autoreconf -vis && ./configure && make -j4 && sudo make install;

cd $TRAVIS_BUILD_DIR;
git clone https://gitlab.freedesktop.org/spice/libcacard.git;
cd libcacard && ./autogen.sh --prefix=/usr && make -j4 && sudo make install;

cd $TRAVIS_BUILD_DIR;
git clone https://github.com/PL4typus/virt_cacard.git;
cd virt_cacard && ./autogen.sh && ./configure && make;

cd $TRAVIS_BUILD_DIR;
sudo /etc/init.d/pcscd restart;
fi

script:
- if [ "${DO_COVERITY_SCAN}" != "yes" ]; then
if [ $TRAVIS_OS_NAME == osx ]; then
if [ "${TRAVIS_OS_NAME}" = "osx" ]; then
./MacOSX/build;
else
make;
make -j 4;
fi;
fi
- if [ -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" ]; then
- if [ -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" -a -z "$DO_SIMULATION" ]; then
make check && make dist;
fi
- if [ ! -z "$HOST" -a "${DO_COVERITY_SCAN}" != "yes" ]; then
make install;
wine "C:/Program Files (x86)/Inno Setup 5/ISCC.exe" win32/OpenSC.iss;
fi

- if [ "${DO_SIMULATION}" = "javacard" ]; then
set -ex;
sudo make install;
export LD_LIBRARY_PATH=/usr/local/lib;

java -noverify -cp IsoApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard isoapplet_jcardsim.cfg >/dev/null &
sleep 5;
opensc-tool --card-driver default --send-apdu 80b800001a0cf276a288bcfba69d34f310010cf276a288bcfba69d34f3100100;
opensc-tool -n;
pkcs15-init --create-pkcs15 --so-pin 123456 --so-puk 0123456789abcdef;
pkcs15-init --generate-key rsa/2048 --id 1 --key-usage decrypt,sign --auth-id FF --pin 123456;
pkcs15-init --generate-key rsa/2048 --id 2 --key-usage decrypt --auth-id FF --pin 123456;
pkcs15-init --generate-key ec/secp256r1 --id 3 --key-usage sign --auth-id FF --pin 123456;
pkcs15-tool -D;
pkcs11-tool -l -t -p 123456;
killall java;

java -noverify -cp GidsApplet/src/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard gids_jcardsim.cfg >/dev/null &
sleep 5;
opensc-tool --card-driver default --send-apdu 80b80000190bA0000003974254465902010bA00000039742544659020100;
opensc-tool -n;
gids-tool --initialize --pin 123456 --admin-key 000000000000000000000000000000000000000000000000 --serial 00000000000000000000000000000000;
killall java;

java -noverify -cp ykneo-openpgp/applet/bin:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard openpgp_jcardsim.cfg >/dev/null &
sleep 5;
opensc-tool --card-driver default --send-apdu 80b800002210D276000124010200000000000001000010D276000124010200000000000001000000;
opensc-tool -n;
openpgp-tool --verify CHV3 --pin 12345678 --gen-key 2;
pkcs15-init --verify --auth-id 3 --pin 12345678 --delete-objects privkey,pubkey --id 2 --generate-key rsa/2048;
pkcs11-tool -l -t -p 123456;
killall java;

java -noverify -cp PivApplet/bin/:jcardsim/target/jcardsim-3.0.5-SNAPSHOT.jar com.licel.jcardsim.remote.VSmartCard PivApplet/test/jcardsim.cfg >/dev/null &
sleep 5;
opensc-tool --card-driver default --send-apdu 80b80000120ba000000308000010000100050000020F0F7f;
opensc-tool -n;
yubico-piv-tool -r 'Virtual PCD 00 00' -P 123456 -s 9a -a generate -A ECCP256;
yubico-piv-tool -r 'Virtual PCD 00 00' -P 123456 -s 9e -a generate -A RSA2048;
pkcs11-tool -l -t -p 123456;
killall java;

set +ex;
fi

- if [ "${DO_SIMULATION}" = "oseid" ]; then
set -ex;
sudo make install;
export LD_LIBRARY_PATH=/usr/local/lib;

cd oseid/tools;
echo | ./OsEID-tool INIT;
./OsEID-tool RSA-CREATE-KEYS;
./OsEID-tool RSA-UPLOAD-KEYS;
./OsEID-tool RSA-DECRYPT-TEST;
./OsEID-tool EC-CREATE-KEYS;
./OsEID-tool EC-UPLOAD-KEYS;
./OsEID-tool EC-SIGN-TEST;
./OsEID-tool EC-ECDH-TEST;
killall socat;

set +ex;
fi
- if [ "${DO_SIMULATION}" = "cac" ]; then
cd $TRAVIS_BUILD_DIR;
make check && sudo make install;
export LD_LIBRARY_PATH=/usr/local/lib;
cd src/tests/p11test/;
./p11test -s 0 -p 12345678 -i &
sleep 5;
cd $TRAVIS_BUILD_DIR/virt_cacard;
./setup-softhsm2.sh;
export SOFTHSM2_CONF=$PWD/softhsm2.conf;
./virt_cacard &
wait $(ps aux | grep '[p]11test'| awk '{print $2}');
kill -9 $(ps aux | grep '[v]irt_cacard'| awk '{print $2}');
fi

after_script:
# kill process started during compilation to finish the build, see
# https://github.com/moodlerooms/moodle-plugin-ci/issues/33 for details
Expand All @@ -104,10 +304,22 @@ after_script:
fi

# keep in sync with appveyor.yml
- if [ "${DO_PUSH_ARTIFACT}" = "yes" -a "$TRAVIS_PULL_REQUEST" = "false" ]; then
- if [ "${DO_PUSH_ARTIFACT}" = "yes" -a "$TRAVIS_PULL_REQUEST" = "false" -a "$TRAVIS_REPO_SLUG" = "OpenSC/OpenSC" ]; then
git config --global user.email "builds@travis-ci.org";
git config --global user.name "Travis CI";
.github/push_artifacts.sh "Travis CI build ${TRAVIS_JOB_NUMBER}";
fi

cache: ccache
before_cache:
- brew cleanup

cache:
apt: true
ccache: true
directories:
- $HOME/.m2/
- $HOME/Library/Caches/Homebrew
- openssl_bin
- openpace_bin
files:
- isetup-5.5.6.exe
22 changes: 14 additions & 8 deletions MacOSX/Distribution.xml.in
Original file line number Diff line number Diff line change
@@ -1,22 +1,28 @@
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<!--
https://developer.apple.com/library/mac/documentation/DeveloperTools/Reference/DistributionDefinitionRef/
-->
<installer-gui-script minSpecVersion="2">
<allowed-os-versions>
<os-version min="10.10"/>
</allowed-os-versions>
<background file="background.jpg" mime-type="image/jpeg" scaling="tofit"/>
<welcome file="Welcome.html" mime-type="text/html"/>
<title>@PACKAGE_STRING@</title>

<pkg-ref id="com.apple.tokend.opensc"/>
<options customize="never" require-scripts="false"/>
<options customize="allow" require-scripts="false"/>
<choices-outline>
<line choice="default">
<line choice="com.apple.tokend.opensc"/>
<line choice="tokend" />
<line choice="startup" />
</line>
</choices-outline>
<choice id="default"/>
<choice id="com.apple.tokend.opensc" visible="true">
<pkg-ref id="com.apple.tokend.opensc"/>
<choice id="default" title="OpenSC PKCS11 and tools" enabled="false">
<pkg-ref id="org.opensc-project.mac">OpenSC.pkg</pkg-ref>
</choice>
<choice id="tokend" title="OpenSC tokend">
<pkg-ref id="org.opensc-project.tokend">OpenSC-tokend.pkg</pkg-ref>
</choice>
<choice id="startup" title="OpenSC startup icons">
<pkg-ref id="org.opensc-project.startup">OpenSC-startup.pkg</pkg-ref>
</choice>
<pkg-ref id="com.apple.tokend.opensc" onConclusion="none">OpenSC.pkg</pkg-ref>
</installer-gui-script>
22 changes: 15 additions & 7 deletions MacOSX/build-package.in
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ if ! pkg-config libcrypto --atleast-version=1.0.1; then
make clean
make update
make depend
make
make -j 4
make INSTALL_PREFIX=$BUILDPATH/openssl_bin install_sw
cd ..
fi
Expand All @@ -45,22 +45,23 @@ fi

if ! test -e $BUILDPATH/openpace_bin/$PREFIX/lib/pkgconfig; then
if ! test -e openpace; then
git clone --depth=1 https://github.com/frankmorgner/openpace.git
git clone --depth=1 https://github.com/frankmorgner/openpace.git -b 1.1.0
fi
cd openpace
autoreconf -vis
./configure --disable-shared --prefix=$PREFIX CRYPTO_CFLAGS="$OPENSSL_CFLAGS" CRYPTO_LIBS="$OPENSSL_LIBS"
make DESTDIR=$BUILDPATH/openpace_bin install
cd ..
export OPENPACE_CFLAGS="`env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig:$BUILDPATH/openpace_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openpace_bin pkg-config --static --cflags libeac` $OPENSSL_CFLAGS"
export OPENPACE_LIBS="` env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig:$BUILDPATH/openpace_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openpace_bin pkg-config --static --libs libeac` $OPENSSL_LIBS"
fi
export OPENPACE_CFLAGS="`env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig:$BUILDPATH/openpace_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openpace_bin pkg-config --static --cflags libeac` $OPENSSL_CFLAGS"
export OPENPACE_LIBS="` env PKG_CONFIG_PATH=$BUILDPATH/openssl_bin/$PREFIX/lib/pkgconfig:$BUILDPATH/openpace_bin/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openpace_bin pkg-config --static --libs libeac` $OPENSSL_LIBS"

if ! test -e ${BUILDPATH}/target/$PREFIX/lib/pkgconfig; then
./configure --prefix=$PREFIX \
--sysconfdir=$PREFIX/etc \
--enable-cvcdir=$PREFIX/etc/cvc \
--enable-x509dir=$PREFIX/etc/x509 \
--enable-openssl-secure-malloc=65536 \
--disable-dependency-tracking \
--enable-shared \
--enable-static \
Expand All @@ -72,7 +73,7 @@ if ! test -e ${BUILDPATH}/target/$PREFIX/lib/pkgconfig; then
make clean

# compile
make -j 2
make -j 4

# copy files
rm -rf ${BUILDPATH}/target
Expand All @@ -95,7 +96,7 @@ fi
test -L OpenSC.tokend/build/opensc-src || ln -sf ${BUILDPATH}/src OpenSC.tokend/build/opensc-src

# Build and copy OpenSC.tokend
xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj install DSTROOT=${BUILDPATH}/target
xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj install DSTROOT=${BUILDPATH}/target_tokend

#if ! test -e $BUILDPATH/target/Library/Security/tokend/OpenSC.tokend/Contents/Resources/Applications/terminal-notifier.app; then
#if ! test -e terminal-notifier-1.7.1.zip; then
Expand All @@ -111,7 +112,7 @@ xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Token
if ! test -e NotificationProxy; then
git clone http://github.com/frankmorgner/NotificationProxy.git
fi
xcodebuild -target NotificationProxy -configuration Release -project NotificationProxy/NotificationProxy.xcodeproj install DSTROOT=$BUILDPATH/target/Library/Security/tokend/OpenSC.tokend/Contents/Resources/
xcodebuild -target NotificationProxy -configuration Release -project NotificationProxy/NotificationProxy.xcodeproj install DSTROOT=$BUILDPATH/target_tokend/Library/Security/tokend/OpenSC.tokend/Contents/Resources/
mkdir -p "$BUILDPATH/target/Applications"
osacompile -o "$BUILDPATH/target/Applications/OpenSC Notify.app" "MacOSX/OpenSC_Notify.applescript"

Expand All @@ -121,8 +122,15 @@ imagedir=$(mktemp -d)
mkdir -p ${BUILDPATH}/target/usr/local/bin
cp MacOSX/opensc-uninstall ${BUILDPATH}/target/usr/local/bin

# Prepare startup root
mkdir -p ${BUILDPATH}/target_startup/Library/LaunchAgents
cp src/tools/pkcs11-register.plist ${BUILDPATH}/target_startup/Library/LaunchAgents
cp src/tools/opensc-notify.plist ${BUILDPATH}/target_startup/Library/LaunchAgents

# Build package
pkgbuild --root ${BUILDPATH}/target --scripts MacOSX/scripts --identifier org.opensc-project.mac --version @PACKAGE_VERSION@ --install-location / OpenSC.pkg
pkgbuild --root ${BUILDPATH}/target_tokend --identifier org.opensc-project.tokend --version @PACKAGE_VERSION@ --install-location / OpenSC-tokend.pkg
pkgbuild --root ${BUILDPATH}/target_startup --identifier org.opensc-project.startup --version @PACKAGE_VERSION@ --install-location / OpenSC-startup.pkg
# Build product
productbuild --distribution MacOSX/Distribution.xml --package-path . --resources MacOSX/resources "${imagedir}/OpenSC @PACKAGE_VERSION@.pkg"

Expand Down
19 changes: 13 additions & 6 deletions MacOSX/opensc-uninstall
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,17 @@ if [ "$(id -u)" != "0" ]; then
exit 1
fi

# Remove symlinks to commands
for file in /Library/OpenSC/bin/*; do
test -L "/usr/local/bin/$(basename $file)" && rm -f "/usr/local/bin/$(basename $file)"
for f in \
/Library/OpenSC/bin/* \
/Library/OpenSC/etc/bash_completion.d/* \
/Library/OpenSC/share/doc/opensc \
/Library/OpenSC/share/man/man1/* \
/Library/OpenSC/share/man/man5/*
do
a=/Library/OpenSC
b=/usr/local
l="${f/$a/$b}"
test -L "$l" && rm -f "$l"
done

# Remove pkcs11 libraries
Expand All @@ -22,9 +30,8 @@ rm -rf /Library/Security/tokend/OpenSC.tokend
rm -rf /System/Library/Security/tokend/OpenSC.tokend

# delete receipts on 10.6+
for file in /var/db/receipts/org.opensc-project.mac.bom /var/db/receipts/org.opensc-project.mac.plist; do
test -f $file && rm -f $file
done
pkgutil --forget org.opensc-project.mac > /dev/null
pkgutil --forget org.opensc-project.tokend > /dev/null

# remove this script
rm -f /usr/local/bin/opensc-uninstall
Expand Down
25 changes: 23 additions & 2 deletions MacOSX/scripts/postinstall
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,29 @@ else
mv /Library/OpenSC/etc/opensc.conf.orig /Library/OpenSC/etc/opensc.conf
md5 -r /Library/OpenSC/etc/opensc.conf > /Library/OpenSC/etc/opensc.conf.md5
fi
for f in /Library/OpenSC/bin/*

for f in \
/Library/OpenSC/bin/* \
/Library/OpenSC/etc/bash_completion.d/* \
/Library/OpenSC/share/doc/opensc \
/Library/OpenSC/share/man/man1/* \
/Library/OpenSC/share/man/man5/*
do
ln -sf $f /usr/local/bin
a=/Library/OpenSC
b=/usr/local
l="$(dirname ${f/$a/$b})"
mkdir -p $l
ln -sf $f $l
done

for f in \
/Library/LaunchAgents/pkcs11-register.plist \
/Library/LaunchAgents/opensc-notify.plist
do
if [ -e "$f" ]
then
/bin/launchctl asuser $(id -u "${USER}") /bin/launchctl load "$f"
fi
done

exit 0
2 changes: 1 addition & 1 deletion Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ EXTRA_DIST = Makefile.mak

DISTCHECK_CONFIGURE_FLAGS = --with-completiondir=/tmp

SUBDIRS = etc src win32 doc MacOSX
SUBDIRS = etc src win32 doc MacOSX tests

dist_noinst_SCRIPTS = bootstrap bootstrap.ci
dist_noinst_DATA = README \
Expand Down
14 changes: 14 additions & 0 deletions Makefile.mak
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,19 @@ SUBDIRS = etc win32 src

default: all

32:
CALL "C:\Program Files\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86
$(MAKE) /f Makefile.mak opensc.msi PLATFORM=x86 OPENPACE_DIR=C:\openpace-Win32_1.0.2
MOVE win32\OpenSC.msi OpenSC_win32.msi

64:
CALL "C:\Program Files\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86_amd64
$(MAKE) /f Makefile.mak opensc.msi OPENPACE_DIR=C:\openpace-Win64_1.0.2
MOVE win32\OpenSC.msi OpenSC_win64.msi

opensc.msi:
$(MAKE) /f Makefile.mak all OPENSSL_DEF=/DENABLE_OPENSSL OPENPACE_DEF=/DENABLE_OPENPACE"
@cmd /c "cd win32 && $(MAKE) /nologo /f Makefile.mak opensc.msi OPENSSL_DEF=/DENABLE_OPENSSL OPENPACE_DEF=/DENABLE_OPENPACE"

all clean::
@for %i in ( $(SUBDIRS) ) do @cmd /c "cd %i && $(MAKE) /nologo /f Makefile.mak $@"
16 changes: 11 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,17 @@ Wiki is [available online](https://github.com/OpenSC/OpenSC/wiki)

Please take a look at the documentation before trying to use OpenSC.

[![Travis CI Build Status](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) [![AppVeyor CI Build Status](https://ci.appveyor.com/api/projects/status/github/OpenSC/OpenSC?branch=master&svg=true)](https://ci.appveyor.com/project/LudovicRousseau/OpenSC/branch/master) [![Coverity Scan Status](https://scan.coverity.com/projects/4026/badge.svg)](https://scan.coverity.com/projects/4026)
[![Travis CI Build Status](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) [![AppVeyor CI Build Status](https://ci.appveyor.com/api/projects/status/github/OpenSC/OpenSC?branch=master&svg=true)](https://ci.appveyor.com/project/LudovicRousseau/OpenSC/branch/master) [![Coverity Scan Status](https://scan.coverity.com/projects/4026/badge.svg)](https://scan.coverity.com/projects/4026) [![Language grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/OpenSC/OpenSC.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/OpenSC/OpenSC/context:cpp)

Build and test status of specific cards:

| Cards | Status |
|-----------------------|--------|
| CAC | [![CAC](https://gitlab.com/redhat-crypto/OpenSC/badges/cac/build.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
| Coolkey | [![Coolkey](https://gitlab.com/redhat-crypto/OpenSC/badges/coolkey/build.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
| Cards | Status |
|---------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------|
| CAC | [![CAC](https://gitlab.com/redhat-crypto/OpenSC/badges/cac/build.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
| [virt_CACard](https://github.com/OpenSC/OpenSC/tree/virt_cacard) | [![virt_CACard](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
| [Coolkey](https://github.com/dogtagpki/coolkey/tree/master/applet) | [![Coolkey](https://gitlab.com/redhat-crypto/OpenSC/badges/coolkey/build.svg)](https://gitlab.com/redhat-crypto/OpenSC/pipelines) |
| [PivApplet](https://github.com/arekinath/PivApplet) | [![PIV](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
| [OpenPGP Applet](https://github.com/Yubico/ykneo-openpgp/) | [![OpenPGP](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
| [GidsApplet](https://github.com/vletoux/GidsApplet/) | [![GIDS](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
| [IsoApplet](https://github.com/philipWendland/IsoApplet/) | [![IsoApplet](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
| [OsEID (MyEID)](https://sourceforge.net/projects/oseid/) | [![OsEID (MyEID)](https://travis-ci.org/OpenSC/OpenSC.svg)](https://travis-ci.org/OpenSC/OpenSC/branches) |
22 changes: 13 additions & 9 deletions appveyor.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
version: 0.19.0.{build}
version: 0.20.0.{build}

platform:
- x86
Expand All @@ -23,24 +23,25 @@ install:
throw "There are newer queued builds for this pull request, failing early." }
- date /T & time /T
- set PATH=C:\cygwin\bin;%PATH%
- set OPENPACE_VER=1.0.3
- set OPENPACE_VER=1.1.0
- set ZLIB_VER_DOT=1.2.11
- ps: $env:PACKAGE_NAME=(git describe --tags --abbrev=0)
- ps: >-
If ($env:Platform -Match "x86") {
$env:VCVARS_PLATFORM="x86"
$env:OPENSSL_PF="Win32"
$env:ARTIFACT="OpenSC-win32_${env:PACKAGE_NAME}"
$env:ARTIFACT="OpenSC-${env:PACKAGE_NAME}_win32"
} Else {
$env:VCVARS_PLATFORM="amd64"
$env:OPENSSL_PF="Win64"
$env:ARTIFACT="OpenSC-win64_${env:PACKAGE_NAME}"
$env:ARTIFACT="OpenSC-${env:PACKAGE_NAME}_win64"
}
- ps: >-
If ($env:Configuration -Like "*Light*") {
$env:ARTIFACT="${env:ARTIFACT}-Light"
} Else {
$env:NMAKE_EXTRA="OPENSSL_DEF=/DENABLE_OPENSSL ${env:NMAKE_EXTRA}"
$env:NMAKE_EXTRA="OPENSSL_EXTRA_CFLAGS=/DOPENSSL_SECURE_MALLOC_SIZE=65536 ${env:NMAKE_EXTRA}"
If (!(Test-Path C:\zlib )) {
appveyor DownloadFile "https://github.com/madler/zlib/archive/v${env:ZLIB_VER_DOT}.zip" -FileName zlib.zip
7z x zlib.zip -oC:\
Expand Down Expand Up @@ -86,27 +87,30 @@ build_script:
}
$env:NMAKE_EXTRA="OPENPACE_DEF=/DENABLE_OPENPACE OPENPACE_DIR=C:\openpace-${env:OPENSSL_PF} ${env:NMAKE_EXTRA}"
}
- bash -c "exec 0</dev/null && ./bootstrap"
- bash -c "exec 0</dev/null && if [ \"$APPVEYOR_REPO_BRANCH\" == \"master\" -a -z \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then ./bootstrap; fi"
- bash -c "exec 0</dev/null && if [ \"$APPVEYOR_REPO_BRANCH\" == \"master\" -a -n \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then ./bootstrap.ci -s \"-pr$APPVEYOR_PULL_REQUEST_NUMBER\"; fi"
- bash -c "exec 0</dev/null && if [ \"$APPVEYOR_REPO_BRANCH\" != \"master\" -a -z \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then ./bootstrap.ci -s \"-$APPVEYOR_REPO_BRANCH\"; fi"
- bash -c "exec 0</dev/null && if [ \"$APPVEYOR_REPO_BRANCH\" != \"master\" -a -n \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then ./bootstrap.ci -s \"-$APPVEYOR_REPO_BRANCH-prAPPVEYOR_PULL_REQUEST_NUMBER\"; fi"
# disable features to speed up the script
- bash -c "exec 0</dev/null && ./configure --with-cygwin-native --disable-openssl --disable-readline --disable-zlib || cat config.log"
- bash -c "make -C etc opensc.conf"
- cp win32/winconfig.h config.h
- bash -c "exec 0</dev/null && rm src/getopt.h"
- nmake /f Makefile.mak %NMAKE_EXTRA%
- cd win32 && nmake /f Makefile.mak %NMAKE_EXTRA% VSVER=%VSVER% OpenSC.msi && cd ..
- move win32\OpenSC.msi %ARTIFACT%.msi
- appveyor PushArtifact %ARTIFACT%.msi
# put all pdb files for dump analysis, but this consumes approx 100 MB per build
- md %ARTIFACT%-Debug
- ps: >-
Get-ChildItem -recurse C:\projects\OpenSC -exclude vc*.pdb *.pdb | % {
7z a -tzip ${env:ARTIFACT}-Debug.zip $_.FullName
}
- appveyor PushArtifact %ARTIFACT%.msi
- appveyor PushArtifact %ARTIFACT%-Debug.zip

deploy_script:
# keep in sync with .travis.yml
- bash -c "git config --global user.email 'no-reply@appveyor.com'"
- bash -c "git config --global user.name 'AppVeyor'"
- bash -c "if [ \"$DO_PUSH_ARTIFACT\" = yes -a -z \"$APPVEYOR_PULL_REQUEST_NUMBER\" ]; then .github/push_artifacts.sh \"AppVeyor build ${APPVEYOR_BUILD_NUMBER}.${APPVEYOR_JOB_NUMBER}\"; fi"
- bash -c "if [ \"$DO_PUSH_ARTIFACT\" = yes -a -z \"$APPVEYOR_PULL_REQUEST_NUMBER\" -a \"$APPVEYOR_REPO_NAME\" = \"OpenSC/OpenSC\" ]; then .github/push_artifacts.sh \"AppVeyor build ${APPVEYOR_BUILD_NUMBER}.${APPVEYOR_JOB_NUMBER}\"; fi"

cache:
- C:\zlib -> appveyor.yml
Expand Down
97 changes: 65 additions & 32 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ define([PRODUCT_TARNAME], [opensc])
define([PRODUCT_BUGREPORT], [https://github.com/OpenSC/OpenSC/issues])
define([PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
define([PACKAGE_VERSION_MAJOR], [0])
define([PACKAGE_VERSION_MINOR], [19])
define([PACKAGE_VERSION_MINOR], [20])
define([PACKAGE_VERSION_FIX], [0])
define([PACKAGE_SUFFIX], [])

Expand Down Expand Up @@ -104,7 +104,6 @@ case "${host}" in
WIN32="yes"
else
AC_MSG_RESULT([Using cygwin])
CPPFLAGS="${CPPFLAGS} -DCRYPTOKI_FORCE_WIN32"
WIN_LIBPREFIX="cyg"
AC_DEFINE([USE_CYGWIN], [1], [Define if you are on Cygwin])
fi
Expand All @@ -130,9 +129,18 @@ case "${host}" in
;;
esac

AX_CHECK_COMPILE_FLAG(-Wunknown-warning-option, [have_unknown_warning_option="yes"], [have_unknown_warning_option="no"], [-Werror])
AX_CHECK_COMPILE_FLAG([-Wunknown-warning-option], [have_unknown_warning_option="yes"], [have_unknown_warning_option="no"], [-Werror])
AM_CONDITIONAL([HAVE_UNKNOWN_WARNING_OPTION], [test "${have_unknown_warning_option}" = "yes"])

AC_ARG_ENABLE(
[fuzzing],
[AS_HELP_STRING([--enable-fuzzing],[enable compile of fuzzing tests @<:@disabled@:>@, note that CFLAGS and FUZZING_LIBS should be set accoringly, e.g. to something like CFLAGS="-fsanitize=address,fuzzer" FUZZING_LIBS="-fsanitize=fuzzer"])],
,
[enable_fuzzing="no"]
)

AC_ARG_VAR([FUZZING_LIBS], [linker flags for fuzzing])

AC_ARG_ENABLE(
[strict],
[AS_HELP_STRING([--disable-strict],[disable strict compile mode @<:@enabled@:>@])],
Expand Down Expand Up @@ -170,11 +178,18 @@ AC_ARG_ENABLE(

AC_ARG_ENABLE(
[openssl],
[AS_HELP_STRING([--enable-openssl],[enable openssl linkage @<:@detect@:>@])],
[AS_HELP_STRING([--enable-openssl],[enable OpenSSL linkage @<:@detect@:>@])],
,
[enable_openssl="detect"]
)

AC_ARG_ENABLE([openssl-secure-malloc],
[AC_HELP_STRING([--openssl-secure-malloc=<SIZE_IN_BYTES>],
[Enable OpenSSL secure memory by specifying its size in bytes, must be a power of 2 @<:@disabled@:>@])],
[], [enable_openssl_secure_malloc=no])
AS_IF([test $enable_openssl_secure_malloc != no],
[AC_DEFINE_UNQUOTED([OPENSSL_SECURE_MALLOC_SIZE],[$enable_openssl_secure_malloc],[Size of OpenSSL secure memory in bytes, must be a power of 2])])

AC_ARG_ENABLE(
[openpace],
[AS_HELP_STRING([--enable-openpace],[enable OpenPACE linkage @<:@detect@:>@])],
Expand Down Expand Up @@ -253,10 +268,17 @@ AC_ARG_ENABLE(
)

AC_ARG_ENABLE(
[tests],
[AS_HELP_STRING([--enable-tests],[Build tests in src/tests/ directory @<:@detect@:>@])],
[autostart-items],
[AS_HELP_STRING([--enable-autostart-items],[enable autostart items @<:@enabled@:>@])],
,
[enable_tests="detect"]
[enable_autostart="yes"]
)

AC_ARG_ENABLE(
[cmocka],
[AS_HELP_STRING([--enable-cmocka],[Build tests in src/tests/p11test directory @<:@detect@:>@])],
,
[enable_cmocka="detect"]
)

AC_ARG_WITH(
Expand Down Expand Up @@ -374,7 +396,7 @@ AC_HEADER_ASSERT
AC_CHECK_HEADERS([ \
errno.h fcntl.h stdlib.h \
inttypes.h string.h strings.h \
sys/time.h unistd.h getopt.h sys/mman.h
sys/time.h unistd.h sys/mman.h
])

dnl Checks for typedefs, structures, and compiler characteristics.
Expand All @@ -389,7 +411,7 @@ AC_FUNC_STAT
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([ \
getpass gettimeofday getline memset mkdir \
strdup strerror getopt_long getopt_long_only \
strdup strerror \
strlcpy strlcat strnlen sigaction
])
AC_CHECK_SIZEOF(void *)
Expand Down Expand Up @@ -610,21 +632,16 @@ fi

PKG_CHECK_MODULES(
[OPENSSL],
[libcrypto >= 0.9.7],
[libcrypto >= 0.9.8],
[have_openssl="yes"],
[PKG_CHECK_MODULES(
[OPENSSL],
[openssl >= 0.9.7],
[have_openssl="yes"],
[AC_CHECK_LIB(
[crypto],
[RSA_version],
[
have_openssl="yes"
OPENSSL_LIBS="-lcrypto"
],
[have_openssl="no"]
)]
[AC_CHECK_LIB(
[crypto],
[RSA_version],
[
have_openssl="yes"
OPENSSL_LIBS="-lcrypto"
],
[have_openssl="no"]
)]
)

Expand Down Expand Up @@ -656,21 +673,18 @@ else
OPENSSL_LIBS=""
fi

if test "${enable_tests}" = "detect"; then
if test "${enable_cmocka}" = "detect"; then
if test "${have_cmocka}" = "yes" -a "${have_openssl}" = "yes"; then
enable_tests="yes"
enable_cmocka="yes"
else
enable_tests="no"
enable_cmocka="no"
fi
fi

if test "${enable_tests}" = "yes"; then
if test "${enable_cmocka}" = "yes"; then
if test "${have_cmocka}" != "yes"; then
AC_MSG_ERROR([Tests required, but cmocka is not available])
fi
if test "${have_openssl}" != "yes"; then
AC_MSG_ERROR([Tests required, but openssl is not available])
fi
fi


Expand Down Expand Up @@ -888,11 +902,14 @@ fi
if test "${with_pkcs11_provider}" = "detect"; then
if test "${WIN32}" != "yes"; then
DEFAULT_PKCS11_PROVIDER="${libdir}/opensc-pkcs11${DYN_LIB_EXT}"
DEFAULT_ONEPIN_PKCS11_PROVIDER="${libdir}/onepin-opensc-pkcs11${DYN_LIB_EXT}"
else
DEFAULT_PKCS11_PROVIDER="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\pkcs11\\\opensc-pkcs11.dll"
DEFAULT_ONEPIN_PKCS11_PROVIDER="%PROGRAMFILES%\\\OpenSC Project\\\OpenSC\\\pkcs11\\\onepin-opensc-pkcs11.dll"
fi
else
DEFAULT_PKCS11_PROVIDER="${with_pkcs11_provider}"
DEFAULT_ONEPIN_PKCS11_PROVIDER="${with_pkcs11_provider}"
fi

if test "${enable_man}" = "detect"; then
Expand All @@ -915,6 +932,12 @@ fi
AC_ARG_VAR([GENGETOPT],
[absolute path to gengetopt used for command line parsing of npa-tool])
AC_PATH_PROG(GENGETOPT, gengetopt, not found)
AC_ARG_VAR([CLANGTIDY],
[absolute path to clang-tidy used for static code analysis])
AC_PATH_PROG(CLANGTIDY, clang-tidy, not found)

AX_FUNC_GETOPT_LONG
#AH_BOTTOM([#include "common/compat_getopt.h"])

OPENSC_FEATURES=""
if test "${enable_thread_locking}" = "yes"; then
Expand Down Expand Up @@ -1001,6 +1024,7 @@ AC_SUBST([OPENSC_LT_OLDEST])
AC_SUBST([WIN_LIBPREFIX])
AC_SUBST([DEFAULT_PCSC_PROVIDER])
AC_SUBST([DEFAULT_PKCS11_PROVIDER])
AC_SUBST([DEFAULT_ONEPIN_PKCS11_PROVIDER])
AC_SUBST([OPTIONAL_ZLIB_CFLAGS])
AC_SUBST([OPTIONAL_ZLIB_LIBS])
AC_SUBST([OPTIONAL_READLINE_CFLAGS])
Expand Down Expand Up @@ -1035,8 +1059,12 @@ AM_CONDITIONAL([ENABLE_MINIDRIVER_SETUP_CUSTOMACTION], [test "${enable_minidrive
AM_CONDITIONAL([ENABLE_SM], [test "${enable_sm}" = "yes"])
AM_CONDITIONAL([ENABLE_DNIE_UI], [test "${enable_dnie_ui}" = "yes"])
AM_CONDITIONAL([ENABLE_NPATOOL], [test "${ENABLE_NPATOOL}" = "yes"])
AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"])
AM_CONDITIONAL([ENABLE_AUTOSTART], [test "${enable_autostart}" = "yes"])
AM_CONDITIONAL([ENABLE_CMOCKA], [test "${enable_cmocka}" = "yes"])
AM_CONDITIONAL([GIT_CHECKOUT], [test "${GIT_CHECKOUT}" = "yes"])
AM_CONDITIONAL([ENABLE_FUZZING], [test "${enable_fuzzing}" = "yes"])
AM_CONDITIONAL([ENABLE_SHARED], [test "${enable_shared}" = "yes"])
AS_IF([test "${enable_shared}" = "yes"], [AC_DEFINE([ENABLE_SHARED], [1], [Enable shared libraries])])

if test "${enable_pedantic}" = "yes"; then
enable_strict="yes";
Expand All @@ -1052,6 +1080,7 @@ AC_CONFIG_FILES([
doc/tools/Makefile
doc/files/Makefile
etc/Makefile
tests/Makefile
src/Makefile
src/common/Makefile
src/ui/Makefile
Expand All @@ -1066,6 +1095,7 @@ AC_CONFIG_FILES([
src/tests/Makefile
src/tests/regression/Makefile
src/tests/p11test/Makefile
src/tests/fuzzing/Makefile
src/tools/Makefile
src/tools/versioninfo-tools.rc
src/tools/versioninfo-opensc-notify.rc
Expand All @@ -1084,6 +1114,7 @@ AC_CONFIG_FILES([
MacOSX/Distribution.xml
MacOSX/resources/Welcome.html
])

AC_OUTPUT

cat <<EOF
Expand Down Expand Up @@ -1115,6 +1146,7 @@ thread locking support: ${enable_thread_locking}
zlib support: ${enable_zlib}
readline support: ${enable_readline}
OpenSSL support: ${enable_openssl}
OpenSSL secure memory: ${enable_openssl_secure_malloc}
PC/SC support: ${enable_pcsc}
CryptoTokenKit support: ${enable_cryptotokenkit}
OpenCT support: ${enable_openct}
Expand All @@ -1125,10 +1157,10 @@ SM default module: ${DEFAULT_SM_MODULE}
SM default path: $(eval eval eval echo "${DEFAULT_SM_MODULE_PATH}")
DNIe UI support: ${enable_dnie_ui}
Notification support: ${enable_notify}
Build tests: ${enable_tests}

PC/SC default provider: ${DEFAULT_PCSC_PROVIDER}
PKCS11 default provider: $(eval eval eval echo "${DEFAULT_PKCS11_PROVIDER}")
PKCS11 onepin provider: $(eval eval eval echo "${DEFAULT_ONEPIN_PKCS11_PROVIDER}")

Host: ${host}
Compiler: ${CC}
Expand All @@ -1151,6 +1183,7 @@ PCSC_CFLAGS: ${PCSC_CFLAGS}
CRYPTOTOKENKIT_CFLAGS: ${CRYPTOTOKENKIT_CFLAGS}
GIO2_CFLAGS: ${GIO2_CFLAGS}
GIO2_LIBS: ${GIO2_LIBS}
FUZZING_LIBS: ${FUZZING_LIBS}

EOF

4 changes: 2 additions & 2 deletions doc/files/files.html
Original file line number Diff line number Diff line change
Expand Up @@ -775,8 +775,8 @@
<code class="option">builtin_emulators = <em class="replaceable"><code>emulators</code></em>;</code>
</span></dt><dd><p>
List of the builtin pkcs15 emulators to test
(Default: <code class="literal">westcos, openpgp, infocamere,
starcert, tcos, esteid, itacns, postecert,
(Default: <code class="literal">westcos, openpgp,
starcert, tcos, esteid, itacns,
PIV-II, cac, gemsafeGPK, gemsafeV1, actalis,
atrust-acos, tccardos, entersafe, pteid,
oberthur, sc-hsm, dnie, gids, iasecc, jpki,
Expand Down
55 changes: 39 additions & 16 deletions doc/files/opensc.conf.5.xml.in
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,16 @@ app <replaceable>application</replaceable> {
checked.
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>disable_colors = <replaceable>bool</replaceable>;</option>
</term>
<listitem><para>
Disable colors of log messages (Default:
<literal>false</literal> if attached to a console,
<literal>true</literal> otherwise).
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>disable_popups = <replaceable>bool</replaceable>;</option>
Expand Down Expand Up @@ -205,7 +215,7 @@ app <replaceable>application</replaceable> {
</para>
<para>
If an unknown (i.e. not internal or old) driver is
supplied, a separate configuration configuration
supplied, a separate configuration
block has to be written for the driver. A special
value <literal>old</literal> will load all
statically linked drivers that may be removed in
Expand Down Expand Up @@ -822,11 +832,11 @@ app <replaceable>application</replaceable> {
</varlistentry>
<varlistentry>
<term>
<option>md_read_only = <replaceable>bool</replaceable>;</option>
<option>read_only = <replaceable>bool</replaceable>;</option>
</term>
<listitem><para>
Mark card as read/only card in
Minidriver/BaseCSP interface
PKCS#11/Minidriver/BaseCSP interface
(Default: <literal>false</literal>).
</para></listitem>
</varlistentry>
Expand Down Expand Up @@ -1132,6 +1142,30 @@ app <replaceable>application</replaceable> {
some cards (Default: <literal>false</literal>).
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>private_certificate = <replaceable>value</replaceable>;</option>
</term>
<listitem><para>
How to handle a PIN-protected certificate. Known
parameters:
<itemizedlist>
<listitem><para>
<literal>protect</literal>: The certificate stays PIN-protected.
</para></listitem>
<listitem><para>
<literal>declassify</literal>: Allow
reading the certificate without
enforcing verification of the PIN.
</para></listitem>
<listitem><para>
<literal>ignore</literal>: Ignore PIN-protected certificates.
</para></listitem>
</itemizedlist>
(Default: <literal>ignore</literal> in Tokend,
<literal>protect</literal> otherwise).
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>enable_pkcs15_emulation = <replaceable>bool</replaceable>;</option>
Expand Down Expand Up @@ -1168,8 +1202,8 @@ app <replaceable>application</replaceable> {
</term>
<listitem><para>
List of the builtin pkcs15 emulators to test
(Default: <literal>westcos, openpgp, infocamere,
starcert, tcos, esteid, itacns, postecert,
(Default: <literal>westcos, openpgp,
starcert, tcos, esteid, itacns,
PIV-II, cac, gemsafeGPK, gemsafeV1, actalis,
atrust-acos, tccardos, entersafe, pteid,
oberthur, sc-hsm, dnie, gids, iasecc, jpki,
Expand Down Expand Up @@ -1301,17 +1335,6 @@ app <replaceable>application</replaceable> {
the highest score shall be used.
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>ignore_private_certificate = <replaceable>bool</replaceable>;</option>
</term>
<listitem><para>
Tokend ignore to read PIN protected certificate
that is set
<literal>SC_PKCS15_CO_FLAG_PRIVATE</literal> flag
(Default: <literal>true</literal>).
</para></listitem>
</varlistentry>
</variablelist>
</refsect2>

Expand Down
3 changes: 0 additions & 3 deletions doc/tools/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,6 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in

EXTRA_DIST = completion-template

TESTS = test-manpage.sh
dist_noinst_SCRIPTS = test-manpage.sh

dist_noinst_DATA = $(wildcard $(srcdir)/*.xml)
if ENABLE_DOC
html_DATA = tools.html
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/cardos-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,14 @@ smart cards and similar security tokens based on Siemens Card/OS M4.
</varlistentry>
<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/cryptoflex-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -131,14 +131,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/dnie-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -83,14 +83,14 @@
</varlistentry>
<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/egk-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem><para>
Specify the reader to use.
Use <literal>-1</literal> as <replaceable>arg</replaceable>
to automatically detect the reader to use.
By default, the first reader with a present card is used.
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para></listitem>
</varlistentry>
<varlistentry>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/eidenv.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -66,14 +66,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
1,096 changes: 0 additions & 1,096 deletions doc/tools/files.html

This file was deleted.

4 changes: 2 additions & 2 deletions doc/tools/gids-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,9 @@
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>argument</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
6 changes: 3 additions & 3 deletions doc/tools/iasecc-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -34,13 +34,13 @@
<variablelist>
<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>--reader</option> <replaceable>arg</replaceable>,
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/netkey-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -71,14 +71,14 @@
</varlistentry>
<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/npa-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -52,10 +52,10 @@
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem><para>
Specify the reader to use.
Use <literal>-1</literal> as <replaceable>arg</replaceable>
to automatically detect the reader to use.
By default, the first reader with a present card is used.
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para></listitem>
</varlistentry>
<varlistentry>
Expand Down
45 changes: 35 additions & 10 deletions doc/tools/openpgp-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,16 @@
<title>Options</title>
<para>
<variablelist>
<varlistentry>
<term>
<option>--card-info</option>,
<option>-C</option>
</term>
<listitem><para>
Show card information.
</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--del-key</option> <replaceable>arg</replaceable>
Expand Down Expand Up @@ -113,12 +123,27 @@

<varlistentry>
<term>
<option>--key-length</option> <replaceable>bitlength</replaceable>,
<option>-L</option> <replaceable>bitlength</replaceable>
<option>--key-info</option>,
<option>-K</option>
</term>
<listitem><para>
Specify the length of the key to be generated.
If not given, it defaults to 2048 bit.
Show information of keys on the card.
</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--key-type</option> <replaceable>keytype</replaceable>,
<option>-t</option> <replaceable>keytype</replaceable>
</term>
<listitem><para>
Specify the type of the key to be generated.
Supported values for <replaceable>keytype</replaceable> are
<literal>rsa</literal> for RSA with 2048 bits,
<literal>rsa</literal><replaceable>LENGTH</replaceable>
for RSA with a bit length of <replaceable>LENGTH</replaceable>.

If not given, it defaults to <literal>rsa2048</literal>.
</para></listitem>
</varlistentry>

Expand Down Expand Up @@ -154,14 +179,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem><para>
Specify the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
reader with a matching card will be chosen.
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para></listitem>
</varlistentry>

Expand Down
409 changes: 312 additions & 97 deletions doc/tools/opensc-explorer.1.xml

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions doc/tools/opensc-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -108,18 +108,18 @@
<option>--set-conf-entry</option> <replaceable>conf</replaceable>,
<option>-S</option> <replaceable>conf</replaceable>
</term>
<listitem><para>Get configuration key, format: section:name:key:value</para></listitem>
<listitem><para>Set configuration key, format: section:name:key:value</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/piv-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -151,14 +151,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
65 changes: 57 additions & 8 deletions doc/tools/pkcs11-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -77,9 +77,9 @@
</term>
<listitem>
<para>
Specify hash algorithm used with RSA-PKCS-PSS signature or RSA-OAEP decryption.
Allowed values are "SHA-1", "SHA256", "SHA384", "SHA512", and some tokens may
also allow "SHA224". Default is "SHA-1".
Specify hash algorithm used with RSA-PKCS-PSS signature or RSA-OAEP decryption.
Allowed values are "SHA-1", "SHA256", "SHA384", "SHA512", and some tokens may
also allow "SHA224". Default is "SHA-1".
</para>
<para>
Note that the input to RSA-PKCS-PSS has to be of the size equal to
Expand Down Expand Up @@ -319,6 +319,13 @@
<listitem><para>Set the CKA_SENSITIVE attribute (object cannot be revealed in plaintext).</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--extractable</option>
</term>
<listitem><para>Set the CKA_EXTRACTABLE attribute (object can be extracted)</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--set-id</option> <replaceable>id</replaceable>,
Expand Down Expand Up @@ -396,6 +403,13 @@
<listitem><para>Specify the index of the slot to use.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--object-index</option> <replaceable>index</replaceable>
</term>
<listitem><para>Specify the index of the object to use.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--token-label</option> <replaceable>label</replaceable>
Expand Down Expand Up @@ -444,6 +458,26 @@
viewable after a login).</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--always-auth</option>
</term>
<listitem><para>Set the CKA_ALWAYS_AUTHENTICATE attribute to a private key object.
If set, the user has to supply the PIN for each use (sign or decrypt) with the key.</para>
</listitem>
</varlistentry>

<varlistentry>
<term>
<option>--allowed-mechanisms</option> <replaceable>mechanisms</replaceable>
</term>
<listitem><para>Sets the CKA_ALLOWED_MECHANISMS attribute
to a key objects when importing an object or generating
a keys. The argument accepts comma-separated list of
algorithmsm, that can be used with the given key.</para>
</listitem>
</varlistentry>

<varlistentry>
<term>
<option>--test-ec</option>
Expand All @@ -466,8 +500,9 @@
<option>-y</option> <replaceable>type</replaceable>
</term>
<listitem><para>Specify the type of object to operate on.
Examples are <literal>cert</literal>, <literal>privkey</literal>
and <literal>pubkey</literal>.</para></listitem>
Valid value are <literal>cert</literal>, <literal>privkey</literal>,
<literal>pubkey</literal>, <literal>secrkey</literal>
and <literal>data</literal>.</para></listitem>
</varlistentry>

<varlistentry>
Expand All @@ -481,6 +516,13 @@
non-zero number.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--verify</option>,
</term>
<listitem><para>Verify signature of some data.</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--read-object</option>,
Expand Down Expand Up @@ -530,6 +572,13 @@
<option>--type</option> cert/privkey/pubkey).</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--signature-file</option> <replaceable>filename</replaceable>
</term>
<listitem><para>The path to the signature file for signature verification</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--signature-format</option> <replaceable>format</replaceable>
Expand All @@ -545,15 +594,15 @@
</term>
<listitem><para>Write a key or certificate object to the token.
<replaceable>filename</replaceable> points to the DER-encoded certificate or key file.
</para></listitem>
</para></listitem>
</varlistentry>

<varlistentry>
<term>
<option>--generate-random</option> <replaceable>num</replaceable>
</term>
<listitem><para>Get <replaceable>num</replaceable> bytes of random data.
</para></listitem>
</para></listitem>
</varlistentry>

</variablelist>
Expand All @@ -568,7 +617,7 @@

To read the certificate with ID <replaceable>KEY_ID</replaceable>
in DER format from smart card:
<programlisting>pkcs11-tool --read-object --id KEY_ID --type cert --outfile cert.der</programlisting>
<programlisting>pkcs11-tool --read-object --id KEY_ID --type cert --output-file cert.der</programlisting>

To convert the certificate in DER format to PEM format, use OpenSSL
tools:
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/pkcs15-crypt.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -129,14 +129,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>N</replaceable>,
<option>-r</option> <replaceable>N</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
26 changes: 20 additions & 6 deletions doc/tools/pkcs15-init.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@
</para>
<para>
In addition to storing the private portion of the key on the card,
<command>pkcs15-init</command> will also store the the public portion of the
<command>pkcs15-init</command> will also store the public portion of the
key as a PKCS #15 public key object.
</para>
</refsect2>
Expand All @@ -165,7 +165,7 @@
</para>
<para>
In addition to storing the private portion of the key on the card,
<command>pkcs15-init</command> will also store the the public portion of the
<command>pkcs15-init</command> will also store the public portion of the
key as a PKCS #15 public key object.
</para>
<para>
Expand Down Expand Up @@ -644,14 +644,14 @@ puk 87654321

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down Expand Up @@ -873,6 +873,20 @@ puk 87654321
</listitem>
</varlistentry>

<varlistentry>
<term>
<option>--user-consent</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify user-consent. <replaceable>arg</replaceable> is an integer value.
If > 0, the value specifies how many times the
object can be accessed before a new authentication is required.
If zero, the object does not require re-authentication.
</para>
</listitem>
</varlistentry>

<varlistentry>
<term>
<option>--insecure</option>
Expand Down
9 changes: 4 additions & 5 deletions doc/tools/pkcs15-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -209,8 +209,7 @@

<varlistentry>
<term>
<option>--read-certificate</option> <replaceable>cert</replaceable>,
<option>-r</option> <replaceable>cert</replaceable>
<option>--read-certificate</option> <replaceable>cert</replaceable>
</term>
<listitem><para>Reads the certificate with the given id.</para></listitem>
</varlistentry>
Expand Down Expand Up @@ -278,13 +277,13 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
28 changes: 23 additions & 5 deletions doc/tools/sc-hsm-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,25 @@
<para>Define number of PIN retries for user PIN during initialization. Default is 3.</para>
</listitem>
</varlistentry>


<varlistentry>
<term>
<option>--bio-server1</option> <replaceable>value</replaceable>
</term>
<listitem>
<para>The hexadecimal AID of of the biometric server for template 1. Switches on the use of the user PIN as session PIN.</para>
</listitem>
</varlistentry>

<varlistentry>
<term>
<option>--bio-server2</option> <replaceable>value</replaceable>
</term>
<listitem>
<para>The hexadecimal AID of of the biometric server for template 2. Switches on the use of the user PIN as session PIN.</para>
</listitem>
</varlistentry>

<varlistentry>
<term>
<option>--password</option> <replaceable>value</replaceable>
Expand Down Expand Up @@ -201,14 +219,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
8 changes: 4 additions & 4 deletions doc/tools/westcos-tool.1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -148,14 +148,14 @@

<varlistentry>
<term>
<option>--reader</option> <replaceable>num</replaceable>,
<option>-r</option> <replaceable>num</replaceable>
<option>--reader</option> <replaceable>arg</replaceable>,
<option>-r</option> <replaceable>arg</replaceable>
</term>
<listitem>
<para>
Specify the reader to use. By default, the first
Number of the reader to use. By default, the first
reader with a present card is used. If
<replaceable>num</replaceable> is an ATR, the
<replaceable>arg</replaceable> is an ATR, the
reader with a matching card will be chosen.
</para>
</listitem>
Expand Down
Binary file added etc/DESCHSMCVCA00001
Binary file not shown.
2 changes: 1 addition & 1 deletion etc/Makefile.am
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
CV_CERTS = DESRCACC100001
CV_CERTS = DESRCACC100001 DESCHSMCVCA00001

MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
DISTCLEANFILES = opensc.conf.example
Expand Down
62 changes: 38 additions & 24 deletions etc/opensc.conf.example.in
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ app default {

# Context: minidriver
#
# md_read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
# read_only: Mark card as read/only card in Minidriver/BaseCSP interface (Default: false)
# md_supports_X509_enrollment: Indicate X509 enrollment support at Minidriver/BaseCSP interface (Default: false)
# md_guid_as_id: Use the GUID generated for the key as id in the PKCS#15 structure (Default: false, i.e. auto generated)
# md_guid_as_label: Use the GUID generated for the key as label in the PKCS#15 structure (Default: false, i.e. no label set)
Expand Down Expand Up @@ -396,15 +396,15 @@ app default {
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
# secure_messaging = local_adele;
md_read_only = false;
read_only = false;
md_supports_X509_enrollment = true;
}
card_atr 3B:7F:96:00:00:00:31:B8:64:40:70:14:10:73:94:01:80:82:90:00 {
type = 25001;
driver = "iasecc";
name = "Gemalto MultiApp IAS/ECC v1.0.1";
secure_messaging = local_gemalto_iam;
md_read_only = false;
read_only = false;
md_supports_X509_enrollment = true;
}
#card_atr 3B:DD:18:00:81:31:FE:45:80:F9:A0:00:00:00:77:01:08:00:07:90:00:FE {
Expand All @@ -423,31 +423,31 @@ app default {
# type = 25005;
# driver = "iasecc";
# name = "Morpho MI IAS/ECC v1.0.1";
# md_read_only = false;
# read_only = false;
# md_supports_X509_enrollment = true;
# secure_messaging = local_morpho_mi;
#}
card_atr 3B:DF:18:FF:81:91:FE:1F:C3:00:31:B8:64:0C:01:EC:C1:73:94:01:80:82:90:00:B3 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos;
}
card_atr 3B:DC:18:FF:81:91:FE:1F:C3:80:73:C8:21:13:66:01:0B:03:52:00:05:38 {
type = 25004;
driver = "iasecc";
name = "Amos IAS/ECC v1.0.1";
md_read_only = false;
read_only = false;
md_supports_X509_enrollment = true;
secure_messaging = local_amos_eid;
}

# SmartCard-HSM with contact-based interface or USB-Stick
card_atr 3B:FE:18:00:00:81:31:FE:45:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:FA {
driver = "sc-hsm";
md_read_only = false;
read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -456,7 +456,16 @@ app default {
# SmartCard-HSM with contact-less interface
card_atr 3B:8E:80:01:80:31:81:54:48:53:4D:31:73:80:21:40:81:07:18 {
driver = "sc-hsm";
md_read_only = false;
read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
}

# SmartCard-HSM 4k with contact-based interface or USB-Stick
card_atr 3b:de:18:ff:81:91:fe:1f:c3:80:31:81:54:48:53:4d:31:73:80:21:40:81:07:1c {
driver = "sc-hsm";
read_only = false;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -465,7 +474,7 @@ app default {
# SmartCard-HSM with fingerprint sensor and PIN pad
card_atr 3B:80:80:01:01 {
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -489,7 +498,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -512,7 +521,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -535,7 +544,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -558,7 +567,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -581,7 +590,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -604,7 +613,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -627,7 +636,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -650,7 +659,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -673,7 +682,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -697,7 +706,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -721,7 +730,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand All @@ -745,7 +754,7 @@ app default {
atrmask = "FF:FF:FF:FF:FF:FF:FF:FF:00:00:00:00:00:00:00:00:00:00:00:00";
driver = "sc-hsm";
force_protocol = "t1";
md_read_only = false;
read_only = true;
md_supports_X509_enrollment = true;
md_supports_container_key_gen = true;
md_guid_as_label = true;
Expand Down Expand Up @@ -873,7 +882,7 @@ app default {
# (with certificate check) where $HOME is not set
# Default: path in user home
# file_cache_dir = /var/lib/opensc/cache
#

# Use PIN caching?
# Default: true
# use_pin_caching = false;
Expand All @@ -886,7 +895,12 @@ app default {
# may need to set this to get signatures to work with some cards.
# Default: false
# pin_cache_ignore_user_consent = true;
#

# How to handle a PIN-protected certificate
# Valid values: protect, declassify, ignore.
# Default: ignore in tokend, protect otherwise
# private_certificate = declassify;

# Enable pkcs15 emulation.
# Default: yes
# enable_pkcs15_emulation = no;
Expand All @@ -904,7 +918,7 @@ app default {
# enable_builtin_emulation = no;
#
# List of the builtin pkcs15 emulators to test
# Default: esteid, openpgp, tcos, starcert, itacns, infocamere, postecert, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
# Default: esteid, openpgp, tcos, starcert, itacns, actalis, atrust-acos, gemsafeGPK, gemsafeV1, tccardos, PIV-II;
# builtin_emulators = openpgp;

# additional settings per driver
Expand Down
62 changes: 62 additions & 0 deletions m4/m4_ax_func_getopt_long.m4
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
# ===========================================================================
# https://www.gnu.org/software/autoconf-archive/ax_func_getopt_long.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_FUNC_GETOPT_LONG
#
# DESCRIPTION
#
# Check for getopt_long support.
#
# This assume that the standard getopt.h file (from GNU libc) is available
# as src/common/compat_getopt.h. If needed, this file will be linked as getopt.h, but
# we want to default to the system's getopt.h file. (See
# http://sources.redhat.com/ml/automake/2000-09/msg00041.html for an
# explanation about why using the system's getopt.h file is important.)
#
# LICENSE
#
# Copyright (c) 2008 Alexandre Duret-Lutz <adl@gnu.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
# Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <https://www.gnu.org/licenses/>.
#
# As a special exception, the respective Autoconf Macro's copyright owner
# gives unlimited permission to copy, distribute and modify the configure
# scripts that are the output of Autoconf when processing the Macro. You
# need not follow the terms of the GNU General Public License when using
# or distributing such scripts, even though portions of the text of the
# Macro appear in them. The GNU General Public License (GPL) does govern
# all other use of the material that constitutes the Autoconf Macro.
#
# This special exception to the GPL applies to versions of the Autoconf
# Macro released by the Autoconf Archive. When you make and distribute a
# modified version of the Autoconf Macro, you may extend this special
# exception to the GPL to apply to your modified version as well.

#serial 6

AU_ALIAS([ADL_FUNC_GETOPT_LONG], [AX_FUNC_GETOPT_LONG])
AC_DEFUN([AX_FUNC_GETOPT_LONG],
[AC_PREREQ(2.49)dnl
# clean out junk possibly left behind by a previous configuration
rm -f src/getopt.h
# Check for getopt_long support
AC_CHECK_HEADERS([getopt.h])
AC_CHECK_FUNCS([getopt_long],,
[# FreeBSD has a gnugetopt library for this
AC_CHECK_LIB([gnugetopt],[getopt_long],[AC_DEFINE([HAVE_GETOPT_LONG])],
[# use the OpenSC replacement
AC_CONFIG_LINKS([src/getopt.h:src/common/compat_getopt.h])])])])
6 changes: 1 addition & 5 deletions src/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,8 @@ EXTRA_DIST = Makefile.mak

# Order IS important
SUBDIRS = common scconf ui pkcs15init sm \
libopensc pkcs11 tools minidriver
libopensc pkcs11 tools minidriver tests

if ENABLE_SM
SUBDIRS += smm
endif

if ENABLE_TESTS
SUBDIRS += tests
endif
8 changes: 7 additions & 1 deletion src/Makefile.mak
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ SUBDIRS = $(SUBDIRS) smm
SUBDIRS = $(SUBDIRS) tests
!ENDIF

all clean::
all::
copy /y common\compat_getopt.h getopt.h
@for %i in ( $(SUBDIRS) ) do \
@cmd /c "cd %i && $(MAKE) /nologo /f Makefile.mak $@"

clean::
@for %i in ( $(SUBDIRS) ) do \
@cmd /c "cd %i && $(MAKE) /nologo /f Makefile.mak $@"
del /Q getopt.h
29 changes: 23 additions & 6 deletions src/common/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,29 @@ dist_noinst_DATA = \
LICENSE.compat_getopt compat_getopt.txt \
compat_getopt_main.c \
README.compat_strlcpy compat_strlcpy.3
noinst_HEADERS = compat_strlcat.h compat_strlcpy.h compat_strnlen.h compat_getpass.h compat_getopt.h simclist.h libpkcs11.h libscdl.h

AM_CPPFLAGS = -I$(top_srcdir)/src

libcompat_la_SOURCES = \
compat_dummy.c \
compat_strlcat.c \
compat_strlcpy.c \
compat_strnlen.c \
compat_getpass.c \
compat_getopt.c \
compat_report_rangecheckfailure.c \
compat___iob_func.c \
simclist.c

compat_getopt_main_LDADD = libcompat.la

libpkcs11_la_SOURCES = libpkcs11.c

libscdl_la_SOURCES = libscdl.c

TIDY_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
TIDY_FILES = \
compat_dummy.c \
compat_strlcat.h compat_strlcat.c \
compat_strlcpy.h compat_strlcpy.c \
Expand All @@ -20,10 +39,8 @@ libcompat_la_SOURCES = \
compat_getopt.h compat_getopt.c \
compat_report_rangecheckfailure.c \
compat___iob_func.c \
simclist.c simclist.h

compat_getopt_main_LDADD = libcompat.la

libpkcs11_la_SOURCES = libpkcs11.c libpkcs11.h
simclist.c simclist.h \
libpkcs11.c libscdl.c

libscdl_la_SOURCES = libscdl.c libscdl.h
check-local:
if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' -header-filter=.* $(TIDY_FILES) -- $(TIDY_FLAGS); fi
5 changes: 3 additions & 2 deletions src/common/compat_getopt.c
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ int _my_getopt_internal(int argc, char * argv[], const char *shortopts,
const struct option *longopts, int *longind,
int long_only)
{
char mode, colon_mode = *shortopts;
char mode, colon_mode;
int shortoff = 0, opt = -1;

if(getenv("POSIXLY_CORRECT")) colon_mode = mode = '+';
Expand Down Expand Up @@ -230,7 +230,8 @@ int _my_getopt_internal(int argc, char * argv[], const char *shortopts,
argv[0], longopts[found].name);
} else {
my_optarg = argv[my_optind] + ++charind;
charind = 0;
/* charind not read again
* charind = 0;*/
}
} else if(longopts[found].has_arg == 1) {
if(++my_optind >= argc) {
Expand Down
6 changes: 0 additions & 6 deletions src/common/compat_getopt.h
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,6 @@
#include "config.h"
#endif

#if defined(HAVE_GETOPT_H) && defined(HAVE_GETOPT_LONG) && defined(HAVE_GETOPT_LONG_ONLY)
#include <getopt.h>
#else

/* Prevent mingw32 from including an incompatible getopt implementation */
#define __GETOPT_H__

Expand Down Expand Up @@ -86,6 +82,4 @@ extern int _my_getopt_internal(int argc, char * argv[], const char *shortopts,
}
#endif

#endif /* HAVE_GETOPT_H && HAVE_GETOPT_LONG && HAVE_GETOPT_LONG_ONLY */

#endif /* MY_GETOPT_H_INCLUDED */
11 changes: 10 additions & 1 deletion src/common/compat_strlcat.h
Original file line number Diff line number Diff line change
@@ -1,9 +1,18 @@
/**
* @file
* @brief prototypes of strlcpy()/strlcat() imported from OpenBSD
* @brief prototypes of strlcat() imported from OpenBSD
*/

#ifndef __COMPAT_STRLCAT_H
#define __COMPAT_STRLCAT_H

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifndef HAVE_STRLCAT
#include <stddef.h>
size_t strlcat(char *dst, const char *src, size_t siz);
#endif

#endif
11 changes: 10 additions & 1 deletion src/common/compat_strlcpy.h
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,19 @@ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

/**
* @file
* @brief prototypes of strlcpy()/strlcat() imported from OpenBSD
* @brief prototypes of strlcpy() imported from OpenBSD
*/

#ifndef __COMPAT_STRLCPY_H
#define __COMPAT_STRLCPY_H

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifndef HAVE_STRLCPY
#include <stddef.h>
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif

#endif
9 changes: 9 additions & 0 deletions src/common/compat_strnlen.h
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,16 @@
* @brief prototype of strnlen() from OpenBSD
*/

#ifndef __COMPAT_STRNLEN_H
#define __COMPAT_STRNLEN_H

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#ifndef HAVE_STRNLEN
#include <stddef.h>
size_t strnlen(const char *str, size_t maxlen);
#endif

#endif
3 changes: 3 additions & 0 deletions src/common/libpkcs11.h
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,8 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

#ifndef __LIBPKCS11_H
#define __LIBPKCS11_H
void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
CK_RV C_UnloadModule(void *module);
#endif
9 changes: 6 additions & 3 deletions src/common/simclist.c
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,7 @@ static simclist_inline struct list_entry_s *list_findpos(const list_t *simclist_
/* accept 1 slot overflow for fetching head and tail sentinels */
if (posstart < -1 || posstart > (int)l->numels) return NULL;

x = (float)(posstart+1) / l->numels;
x = l->numels ? (float)(posstart+1) / l->numels : 0;
if (x <= 0.25) {
/* first quarter: get to posstart from head */
for (i = -1, ptr = l->head_sentinel; i < posstart; ptr = ptr->next, i++);
Expand Down Expand Up @@ -479,6 +479,9 @@ int list_insert_at(list_t *simclist_restrict l, const void *data, unsigned int p
size_t datalen = l->attrs.meter(data);
lent->data = (struct list_entry_s *)malloc(datalen);
if (lent->data == NULL) {
if (!(l->spareelsnum > 0)) {
free(lent);
}
return -1;
}
memcpy(lent->data, data, datalen);
Expand Down Expand Up @@ -763,10 +766,10 @@ int list_concat(const list_t *l1, const list_t *l2, list_t *simclist_restrict de
err = l2->numels - l1->numels;
if ((err+1)/2 > 0) { /* correct pos RIGHT (err-1)/2 moves */
err = (err+1)/2;
for (cnt = 0; cnt < (unsigned int)err; cnt++) dest->mid = dest->mid->next;
for (cnt = 0; dest->mid && cnt < (unsigned int)err; cnt++) dest->mid = dest->mid->next;
} else if (err/2 < 0) { /* correct pos LEFT (err/2)-1 moves */
err = -err/2;
for (cnt = 0; cnt < (unsigned int)err; cnt++) dest->mid = dest->mid->prev;
for (cnt = 0; dest->mid && cnt < (unsigned int)err; cnt++) dest->mid = dest->mid->prev;
}

assert(!(list_repOk(l1) && list_repOk(l2)) || list_repOk(dest));
Expand Down
2 changes: 1 addition & 1 deletion src/common/simclist.h
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ typedef list_hash_t (*element_hash_computer)(const void *el);
* @param serialize_buffer reference to fill with the length of the buffer
* @return reference to the buffer with the serialized data
*/
typedef void *(*element_serializer)(const void *simclist_restrict el, uint32_t *simclist_restrict serializ_len);
typedef void *(*element_serializer)(const void *simclist_restrict el, uint32_t *simclist_restrict serialize_buffer);

/**
* a function for un-serializing an element.
Expand Down
59 changes: 51 additions & 8 deletions src/libopensc/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,15 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
EXTRA_DIST = Makefile.mak opensc.dll.manifest

lib_LTLIBRARIES = libopensc.la
noinst_HEADERS = cards.h ctbcs.h internal.h esteid.h muscle.h muscle-filesystem.h \
noinst_HEADERS = cards.h ctbcs.h internal.h muscle.h muscle-filesystem.h \
internal-winscard.h p15card-helper.h pkcs15-syn.h \
opensc.h pkcs15.h gp.h \
cardctl.h asn1.h log.h simpletlv.h \
errors.h types.h compression.h itacns.h iso7816.h \
authentic.h iasecc.h iasecc-sdo.h sm.h card-sc-hsm.h \
pace.h cwa14890.h cwa-dnie.h card-gids.h aux-data.h \
jpki.h sc-ossl-compat.h card-npa.h ccid-types.h reader-tr03119.h
jpki.h sc-ossl-compat.h card-npa.h ccid-types.h reader-tr03119.h \
card-cac-common.h

AM_CPPFLAGS = -D'OPENSC_CONF_PATH="$(sysconfdir)/opensc.conf"' \
-D'DEFAULT_SM_MODULE_PATH="$(DEFAULT_SM_MODULE_PATH)"' \
Expand Down Expand Up @@ -40,22 +41,22 @@ libopensc_la_SOURCES_BASE = \
card-mcrd.c card-starcos.c card-openpgp.c card-jcop.c \
card-oberthur.c card-belpic.c card-atrust-acos.c \
card-entersafe.c card-epass2003.c card-coolkey.c card-incrypto34.c \
card-piv.c card-cac.c card-muscle.c card-acos5.c \
card-asepcos.c card-akis.c card-gemsafeV1.c card-rutoken.c \
card-piv.c card-cac-common.c card-cac.c card-cac1.c \
card-muscle.c card-asepcos.c card-akis.c card-gemsafeV1.c card-rutoken.c \
card-rtecp.c card-westcos.c card-myeid.c \
card-itacns.c card-authentic.c \
card-iasecc.c iasecc-sdo.c iasecc-sm.c card-sc-hsm.c \
card-dnie.c cwa14890.c cwa-dnie.c \
card-isoApplet.c card-masktech.c card-gids.c card-jpki.c \
card-npa.c \
card-npa.c card-esteid2018.c \
\
pkcs15-openpgp.c pkcs15-infocamere.c pkcs15-starcert.c \
pkcs15-tcos.c pkcs15-esteid.c pkcs15-postecert.c pkcs15-gemsafeGPK.c \
pkcs15-openpgp.c pkcs15-starcert.c \
pkcs15-tcos.c pkcs15-esteid.c pkcs15-gemsafeGPK.c \
pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c pkcs15-piv.c \
pkcs15-cac.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \
pkcs15-oberthur.c pkcs15-itacns.c pkcs15-gemsafeV1.c pkcs15-sc-hsm.c \
pkcs15-coolkey.c pkcs15-din-66291.c \
pkcs15-dnie.c pkcs15-gids.c pkcs15-iasecc.c pkcs15-jpki.c \
pkcs15-dnie.c pkcs15-gids.c pkcs15-iasecc.c pkcs15-jpki.c pkcs15-esteid2018.c \
compression.c p15card-helper.c sm.c \
aux-data.c

Expand Down Expand Up @@ -103,3 +104,45 @@ if ENABLE_MINIDRIVER
noinst_LTLIBRARIES = libopensc_static.la
endif
endif

TIDY_FLAGS = $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
TIDY_FILES = \
sc.c ctx.c errors.c \
asn1.c base64.c sec.c card.c iso7816.c dir.c ef-atr.c \
ef-gdo.c padding.c apdu.c simpletlv.c gp.c \
\
pkcs15-cert.c pkcs15-data.c pkcs15-pin.c \
pkcs15-prkey.c pkcs15-pubkey.c pkcs15-skey.c \
pkcs15-sec.c pkcs15-algo.c pkcs15-cache.c pkcs15-syn.c \
\
muscle.c muscle-filesystem.c \
\
ctbcs.c reader-ctapi.c reader-pcsc.c reader-openct.c reader-tr03119.c \
\
card-setcos.c card-miocos.c card-flex.c card-gpk.c \
card-cardos.c card-tcos.c card-default.c \
card-mcrd.c card-starcos.c card-jcop.c \
card-oberthur.c card-belpic.c card-atrust-acos.c \
card-entersafe.c card-epass2003.c card-coolkey.c card-incrypto34.c \
card-cac-common.c card-cac.c card-cac1.c \
card-muscle.c card-asepcos.c card-akis.c card-gemsafeV1.c card-rutoken.c \
card-rtecp.c card-westcos.c card-myeid.c \
card-itacns.c card-authentic.c \
card-iasecc.c iasecc-sdo.c iasecc-sm.c card-sc-hsm.c \
cwa14890.c cwa-dnie.c \
card-isoApplet.c card-masktech.c card-jpki.c \
card-npa.c card-esteid2018.c \
\
pkcs15-openpgp.c \
pkcs15-tcos.c pkcs15-esteid.c \
pkcs15-actalis.c pkcs15-atrust-acos.c pkcs15-tccardos.c \
pkcs15-cac.c pkcs15-esinit.c pkcs15-westcos.c pkcs15-pteid.c \
pkcs15-oberthur.c pkcs15-itacns.c pkcs15-sc-hsm.c \
pkcs15-coolkey.c pkcs15-din-66291.c \
pkcs15-dnie.c pkcs15-gids.c pkcs15-iasecc.c pkcs15-jpki.c pkcs15-esteid2018.c \
compression.c p15card-helper.c sm.c \
aux-data.c \
#$(SOURCES)

check-local:
if [ -x "$(CLANGTIDY)" ]; then clang-tidy -config='' -header-filter=.* $(TIDY_FILES) -- $(TIDY_FLAGS); fi
11 changes: 6 additions & 5 deletions src/libopensc/Makefile.mak
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,23 @@ OBJECTS = \
card-mcrd.obj card-starcos.obj card-openpgp.obj card-jcop.obj \
card-oberthur.obj card-belpic.obj card-atrust-acos.obj \
card-entersafe.obj card-epass2003.obj card-coolkey.obj \
card-incrypto34.obj card-cac.obj card-piv.obj card-muscle.obj \
card-acos5.obj \
card-incrypto34.obj card-cac.obj card-cac1.obj card-cac-common.obj \
card-piv.obj card-muscle.obj \
card-asepcos.obj card-akis.obj card-gemsafeV1.obj card-rutoken.obj \
card-rtecp.obj card-westcos.obj card-myeid.obj \
card-itacns.obj card-authentic.obj \
card-iasecc.obj iasecc-sdo.obj iasecc-sm.obj cwa-dnie.obj cwa14890.obj \
card-sc-hsm.obj card-dnie.obj card-isoApplet.obj pkcs15-coolkey.obj \
card-masktech.obj card-gids.obj card-jpki.obj \
card-npa.obj \
card-npa.obj card-esteid2018.obj \
\
pkcs15-openpgp.obj pkcs15-infocamere.obj pkcs15-starcert.obj \
pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-postecert.obj pkcs15-gemsafeGPK.obj \
pkcs15-openpgp.obj pkcs15-starcert.obj \
pkcs15-tcos.obj pkcs15-esteid.obj pkcs15-gemsafeGPK.obj \
pkcs15-actalis.obj pkcs15-atrust-acos.obj pkcs15-tccardos.obj pkcs15-piv.obj \
pkcs15-cac.obj pkcs15-esinit.obj pkcs15-westcos.obj pkcs15-pteid.obj pkcs15-din-66291.obj \
pkcs15-oberthur.obj pkcs15-itacns.obj pkcs15-gemsafeV1.obj pkcs15-sc-hsm.obj \
pkcs15-dnie.obj pkcs15-gids.obj pkcs15-iasecc.obj pkcs15-jpki.obj \
pkcs15-esteid2018.obj \
compression.obj p15card-helper.obj sm.obj \
aux-data.obj \
$(TOPDIR)\win32\versioninfo.res
Expand Down
19 changes: 10 additions & 9 deletions src/libopensc/apdu.c
Original file line number Diff line number Diff line change
Expand Up @@ -291,10 +291,6 @@ sc_check_apdu(sc_card_t *card, const sc_apdu_t *apdu)
/* data is expected */
if (apdu->resplen == 0 || apdu->resp == NULL)
goto error;
/* return buffer to small */
if ((apdu->le == 0 && apdu->resplen < SC_MAX_APDU_BUFFER_SIZE-2)
|| (apdu->resplen < apdu->le))
goto error;
break;
case SC_APDU_CASE_3_SHORT:
/* data is sent */
Expand All @@ -314,10 +310,6 @@ sc_check_apdu(sc_card_t *card, const sc_apdu_t *apdu)
/* data is expected */
if (apdu->resplen == 0 || apdu->resp == NULL)
goto error;
/* return buffer to small */
if ((apdu->le == 0 && apdu->resplen < SC_MAX_APDU_BUFFER_SIZE-2)
|| (apdu->resplen < apdu->le))
goto error;
/* inconsistent datalen */
if (apdu->datalen != apdu->lc)
goto error;
Expand Down Expand Up @@ -627,9 +619,18 @@ int sc_transmit_apdu(sc_card_t *card, sc_apdu_t *apdu)
len -= plen;
buf += plen;
}
} else
} else {
/* transmit single APDU */
r = sc_transmit(card, apdu);
}

if (r == SC_ERROR_CARD_RESET || r == SC_ERROR_READER_REATTACHED) {
sc_invalidate_cache(card);
/* give card driver a chance to react on resets */
if (card->ops->card_reader_lock_obtained)
card->ops->card_reader_lock_obtained(card, 1);
}

/* all done => release lock */
if (sc_unlock(card) != SC_SUCCESS)
sc_log(card->ctx, "sc_unlock failed");
Expand Down
33 changes: 20 additions & 13 deletions src/libopensc/asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -395,7 +395,7 @@ static void print_tags_recursive(const u8 * buf0, const u8 * buf,
} else {
printf(" %s %-2u",
classes[cla >> 6],
i == 1 ? tag & SC_ASN1_TAG_PRIMITIVE : tag & (((unsigned int) ~0) >> (i + 1) * 8));
i == 1 ? tag & SC_ASN1_TAG_PRIMITIVE : tag & (((unsigned int) ~0) >> (i-1)*8));
}
if (!((cla & SC_ASN1_TAG_CLASS) == SC_ASN1_TAG_UNIVERSAL
&& tag == SC_ASN1_TAG_NULL && len == 0)) {
Expand Down Expand Up @@ -570,16 +570,19 @@ static int decode_bit_string(const u8 * inbuf, size_t inlen, void *outbuf,
{
const u8 *in = inbuf;
u8 *out = (u8 *) outbuf;
int zero_bits = *in & 0x07;
size_t octets_left = inlen - 1;
int i, count = 0;
int zero_bits;
size_t octets_left;

if (inlen < 1)
return SC_ERROR_INVALID_ASN1_OBJECT;
memset(outbuf, 0, outlen);
zero_bits = *in & 0x07;
in++;
octets_left = inlen - 1;
if (outlen < octets_left)
return SC_ERROR_BUFFER_TOO_SMALL;
if (inlen < 1)
return SC_ERROR_INVALID_ASN1_OBJECT;

while (octets_left) {
/* 1st octet of input: ABCDEFGH, where A is the MSB */
/* 1st octet of output: HGFEDCBA, where A is the LSB */
Expand Down Expand Up @@ -704,17 +707,19 @@ static int encode_bit_field(const u8 *inbuf, size_t inlen,

int sc_asn1_decode_integer(const u8 * inbuf, size_t inlen, int *out)
{
int a = 0;
int a = 0, is_negative = 0;
size_t i;

if (inlen > sizeof(int) || inlen == 0)
return SC_ERROR_INVALID_ASN1_OBJECT;
if (inbuf[0] & 0x80)
a = -1;
is_negative = 1;
for (i = 0; i < inlen; i++) {
a <<= 8;
a |= *inbuf++;
}
if (is_negative)
a *= -1;
*out = a;
return 0;
}
Expand Down Expand Up @@ -1225,6 +1230,8 @@ static int asn1_encode_se_info(sc_context_t *ctx,
if (ret != SC_SUCCESS)
goto err;

if (!ptrlen)
continue;
p = (unsigned char *) realloc(out, outlen + ptrlen);
if (!p) {
ret = SC_ERROR_OUT_OF_MEMORY;
Expand Down Expand Up @@ -1463,7 +1470,7 @@ static int asn1_decode_entry(sc_context_t *ctx,struct sc_asn1_entry *entry,

/* Strip off padding zero */
if ((entry->flags & SC_ASN1_UNSIGNED)
&& obj[0] == 0x00 && objlen > 1) {
&& objlen > 1 && obj[0] == 0x00) {
objlen--;
obj++;
}
Expand Down Expand Up @@ -2034,12 +2041,12 @@ sc_asn1_sig_value_rs_to_sequence(struct sc_context *ctx, unsigned char *in, size


int
sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx, unsigned char *in, size_t inlen,
sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx, const unsigned char *in, size_t inlen,
unsigned char *buf, size_t buflen)
{
struct sc_asn1_entry asn1_sig_value[C_ASN1_SIG_VALUE_SIZE];
struct sc_asn1_entry asn1_sig_value_coefficients[C_ASN1_SIG_VALUE_COEFFICIENTS_SIZE];
unsigned char *r, *s;
unsigned char *r = NULL, *s = NULL;
size_t r_len, s_len, halflen = buflen/2;
int rv;

Expand All @@ -2055,11 +2062,11 @@ sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx, unsigned char *in, size
sc_format_asn1_entry(asn1_sig_value_coefficients + 1, &s, &s_len, 0);

rv = sc_asn1_decode(ctx, asn1_sig_value, in, inlen, NULL, NULL);
LOG_TEST_RET(ctx, rv, "ASN.1 decoding ECDSA-Sig-Value failed");
LOG_TEST_GOTO_ERR(ctx, rv, "ASN.1 decoding ECDSA-Sig-Value failed");

if (halflen < r_len || halflen < s_len) {
rv = SC_ERROR_BUFFER_TOO_SMALL;
goto done;
goto err;
}

memset(buf, 0, buflen);
Expand All @@ -2072,7 +2079,7 @@ sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx, unsigned char *in, size
sc_dump_hex(buf + halflen, halflen));

rv = SC_SUCCESS;
done:
err:
free(r);
free(s);

Expand Down
2 changes: 1 addition & 1 deletion src/libopensc/asn1.h
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ int sc_asn1_sig_value_rs_to_sequence(struct sc_context *ctx,
unsigned char *in, size_t inlen,
unsigned char **buf, size_t *buflen);
int sc_asn1_sig_value_sequence_to_rs(struct sc_context *ctx,
unsigned char *in, size_t inlen,
const unsigned char *in, size_t inlen,
unsigned char *buf, size_t buflen);

#define SC_ASN1_CLASS_MASK 0x30000000
Expand Down
2 changes: 1 addition & 1 deletion src/libopensc/aux-data.c
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ sc_aux_data_get_md_guid(struct sc_context *ctx, struct sc_auxiliary_data *aux_da

*guid = '\0';
if (!flags)
strcpy(guid, "{");
strncpy(guid, "{", sizeof guid);
strlcat(guid, (char *)cmap_record->guid, sizeof(guid)-1);
if (!flags)
strlcat(guid, "}", sizeof(guid));
Expand Down
241 changes: 0 additions & 241 deletions src/libopensc/card-acos5.c

This file was deleted.

Loading