Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Comparing changes

Choose two branches to see what's changed or to start a new pull request. If you need to, you can also compare across forks.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks.
base fork: marschap/OpenSC
base: 40ff0e4ede
head fork: marschap/OpenSC
compare: master
Checking mergeability… Don't worry, you can still create the pull request.
Commits on Oct 03, 2012
@viktorTarasov viktorTarasov build: release candidate 0.13.0 RC1 6b7d8af
Commits on Oct 21, 2012
Andreas Schwier pksc11: Added ability to indicate hardware and firmware version infor…
…mation at PKCS#11 interface
Andreas Schwier sc-hsm: Added ability to initialize SmartCard-HSM using C_Initialize …
…and C_InitPIN on PKCS#11 interface
@viktorTarasov viktorTarasov move CK_VERSION data from 'pkcs15' to 'sc-card'
CK_VERSION is included into PKCS#11 data but is not specified by PKCS#15.

CK_VERSION can be provided by card's pkcs15 emulator or by the card's driver,
including the cards with the native support of pkcs#15 (and thus without pkcs15 emulator).

That's why the more general solution is to have these data included into 'sc-card' data type.
@viktorTarasov viktorTarasov pkcs15: use whe available the pkcs15 object content
when reading certificate, try to get the pkcs15 object's content
before reading the certificate file.
Commits on Nov 04, 2012
@viktorTarasov viktorTarasov libopensc: increase maximum number of card drivers
Default driver is disabled on 0.13 because there are more drivers listed in ctx.c. (

SC_MAX_CARD_DRIVERS is increases from 32 to 48. It's not the best solution, but the most rapid.
Will be waiting for the better proposals.
Commits on Nov 09, 2012
@viktorTarasov viktorTarasov gemsafeV1: set 'auth-method' for the emulated PIN PKCS#15 object 62fd67f
@viktorTarasov viktorTarasov pkcs15-tool: for public key show the presence of 'direct' value 6819b32
@viktorTarasov viktorTarasov opensc: new card operation 'read-public-key'
In PukDF of PKCS#15 the public key value can be presented by 'direct value', by path or by path and reference.
For the different cards the public key can be stored in EF, internal EF or in card specific SDO (security data objects).
A new card handle allows to read out the public key from the card specific SDOs.
Commits on Nov 10, 2012
@viktorTarasov viktorTarasov pkcs15-crypt tool: set HASH_NONE crypto flags when the hash do not asked
without this for the cards that have only RAW mechanism
it's not possible to compute signature with PKCS1 padding and without hash.
@viktorTarasov viktorTarasov build MSI: add openpgp.profile 8d35b2c
Commits on Nov 11, 2012
Andreas Schwier sc-hsm: Added sc-hsm-tool with DKEK support and key wrap / unwrap ffb20e5
Andreas Schwier sc-hsm: Added code to prevent CV certificates being listed as X.509 c…
Andreas Schwier sc-hsm: Fixed bug decoding CVCs without domain parameter 7c71486
@viktorTarasov viktorTarasov build sc-hsm-tool: link with OpenSSL libs a4ac33f
@viktorTarasov viktorTarasov libopensc iso7816: retry SELECT with FCI if SELECT without FCI fails
t457 (
For some cards that currently use the common iso-7816 operations
only SELECT with return of FCI/FCP can be applied.

In iso-7816 'select-file' handle, if 'SELECT without FCI' fails with error code 6A86,
then retry 'SELECT with FCI'. Other error code can be added.

Sorry for the 'coding style' noise.
@viktorTarasov viktorTarasov libopensc: check data returned by 'read-public-key'
fix error message
@viktorTarasov viktorTarasov t447: return value from init() in reader driver not checked 68ee0e7
Commits on Nov 12, 2012
@viktorTarasov viktorTarasov t455: check validity of RSA/DSA public key components
Segmentation fault happened when reading SSH key with the non-initilized public key components.
@viktorTarasov viktorTarasov pkcs11: check arguments in get_bignum_bits() procedure
t451: segmentation fault when getting public key bits number
Commits on Nov 20, 2012
Andreas Schwier sc-hsm: Now saving the internal CSR in place of the certificate and d…
…ecoding the public key at initialization (RSA only)
Andreas Schwier sc-hsm: Fixed bug with memory released to early 0adec1b
Andreas Schwier sc-hsm: Improved checking in sc-hsm-tool fb8e0cc
@tkil tkil tools: check return value after each call.
It seems that this suffered some copy and paste damage at some point.
Change so that we check each return value immediately after the API

Signed-Off-By: Anthony Foiani <>
@tkil tkil pcks11: trivial: fix debug output for CKA_PRIME_1 and CKA_PRIME_2
Without this patch, debugging output issues these as unknown

  ... C_CreateObject(): CKA_PRIVATE_EXPONENT = 97F798...
  ... C_CreateObject(): Attribute 0x124 = EFE5AD...
  ... C_CreateObject(): Attribute 0x125 = D4D3F6...
  ... C_CreateObject(): CKA_EXPONENT_1 = 5815FD...

With this patch, we see:

  ... C_CreateObject(): CKA_PRIVATE_EXPONENT = 97F798...
  ... C_CreateObject(): CKA_PRIME_1 = EFE5AD...
  ... C_CreateObject(): CKA_PRIME_2 = D4D3F6...
  ... C_CreateObject(): CKA_EXPONENT_1 = 5815FD...

Signed-Off-By: Anthony Foiani <>
Ludovic Rousseau card-gemsafeV1: Add a GemSafe V1 ATR
Thanks to Lukas Wunner for the patch
@viktorTarasov viktorTarasov pkcs15: mandatory 'publicKeyCoefficients' in encode/decode public key… 60b7e52
Commits on Nov 28, 2012
@viktorTarasov viktorTarasov tool: in 'do_apdu' increase size of send/receive buffers 9e9b3d0
Commits on Dec 03, 2012
@sjoblomt sjoblomt MyEID ECDSA support 4574265
@viktorTarasov viktorTarasov compile on Windows, minor codding style issues 8b07b9c
Commits on Dec 04, 2012
@viktorTarasov viktorTarasov release 0.13.0 98ca66b
Commits on Dec 10, 2012
@tkil tkil pkcs15-tool: initialize 'opt_auth_id' consistently.
All the other option values are initialized to NULL, so do the same to

(Although, as they're all static globals, they should be set to 0 at
runtime anyway, I think...)

Signed-Off-By: Anthony Foiani <>
Commits on Dec 16, 2012
@l1k l1k pkcs15-gemsafeV1.c: Multiple key containers and ATR-specific PIN poli…

pkcs15-gemsafeV1.c: Change PIN data structure to make MSVC compiler happy
pkcs15-gemsafeV1.c: Turn constants into macros to make MSVC compiler happy
@mtausig mtausig cardOS: Use information from AlgorithmInfo
In set_security_env, the algorithmInfo structure (from the TokenInfo file of
PKCS#15) is parsed to see, what algorithm IDs are supported for signature

Using the information from AlgorithmInfo set in set_security_env when
computing signatures.

Fixed incorrect order of code blocks. If neither a reference to rsa_sig nor to
rsa_pure_sig is found in AlogirthmInfo, boths methods are enabled before (and
not after) trying pure_sig
@viktorTarasov viktorTarasov cardOS: compile on Windows
few coding style remarks
Commits on Dec 25, 2012
@viktorTarasov viktorTarasov pkcs15: regression in e35febe: compute cert length
parse_x509_cert() reviewed.
Now certificate's DER data are allocated and the DER data length is determined in one place.

Commits on Jan 04, 2013
@viktorTarasov viktorTarasov pkcs15init: fix spurious gcc overflow warning,
thanks to Milan Broz (
As discussed in pull request #115 (OpenSC#115),
'if' test of impossible condition is removed in 'cardos' and 'incypto34' card drivers.
@viktorTarasov viktorTarasov sm: move SM common crypto procedures to the dedicated library
rename 'sm' source directory
Commits on Jan 06, 2013
@viktorTarasov viktorTarasov opensc-tool: add 'call-SM-handler' command
'open' and 'close' handlers of the card's SM driver can be called
@viktorTarasov viktorTarasov SM: move SM APDU procedures to dedicated source file
new SM errors: 'session-already-opened' and 'invalid-checksum'
declare typed data for DH SM session
@viktorTarasov viktorTarasov libopensc: APDU 'allocate & copy'and 'free' procedures 6a4de6d
@viktorTarasov viktorTarasov SM: common SM 'increase-sequence-counter' procedure d30cd83
Ludovic Rousseau Update wiki URL
The wiki migrated from to
Commits on Jan 27, 2013
@sjoblomt sjoblomt Fixed file-id in myeid.profile 58679a5
@mescheryakov1 mescheryakov1 Update src/tools/pkcs11-tool.c
fixed filling key type attr on writing object

pointer refers to local variable from destroyed stack frame
Andreas Schwier sc-hsm-tool: Added better error handling for non-SmartCard-HSM cards 6d51b32
Andreas Schwier sc-hsm: Fixed a bug that prevents a newly generated 2048 key to show …
…up at the PKCS#11 interface
Commits on Feb 07, 2013
Frank Thater sc-hsm-tool: Added support for DKEK password sharing scheme 0577f7d
Frank Thater sc-hsm-tool: Added threshold scheme parameters to manpage 20824e2
Commits on Feb 15, 2013
Andreas Schwier sc-hsm: Fixed problem deleting CA certificates
sc-hsm: Fixed public key format returned when generating ECC keys
Commits on Feb 16, 2013
@hiviah hiviah Fix to allow exponents other than 65537 for Feitian ePass 2003 ee48ea1
Commits on Feb 20, 2013
@martinpaljak martinpaljak Upgrade the MacOSX package build script to current state of affairs.
 - Target only Intel (available since 2006) and OS X 10.6+ (released in 2009)
 - Use sources only from
Commits on Feb 21, 2013
@viktorTarasov viktorTarasov MacOSX: remove obsolete EXTRA_DISTs from
build scripts have been changed in 3fc2dbc
Commits on Feb 22, 2013
@martinpaljak martinpaljak Fixup: somehow a double "make make" slipped through.
Thanks to Pohjalainen Pietu for noticing it.