Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Oct 22, 2014
  1. @frankmorgner

    Merge pull request #238 from eighthave/master

    frankmorgner authored
    generate bash completion scripts from XML doc files
Commits on Oct 16, 2014
  1. @dengert

    Merge pull request #298 from dengert/pkcs11Hashes

    dengert authored
    PKCS#11 hashes for cards without RAW (see #241)
Commits on Oct 14, 2014
  1. @dengert

    Merge pull request #279 from dengert/master

    dengert authored
    pkcs11-tool sets CKA_DECRYPT=true rather then CKA_DERIVE=true when gener...
Commits on Oct 13, 2014
  1. @dengert

    PKCS#11 hashes for cards without RAW (see #241)

    dengert authored
        The framework-pkcs15.c did not add hashes correctly if the card did not support RSA RAW.
        This change fixes that and only adds hashes if the card did not specify a list of hashes.
        It also will not add hashes done in software if ENABLE_OPENSSL is not specified.
        Some error conditions are also tested for EC mechanisms.
    
        See bug report #241 for more information.
Commits on Oct 3, 2014
  1. @dengert
Commits on Oct 2, 2014
  1. @eighthave

    generate bash completion scripts from XML doc files

    eighthave authored
    This generates the scripts that lets bash do completion per specific tool.
    It gets the options from the documentation XML files that are also the
    source for the man pages and HTML.
Commits on Oct 1, 2014
  1. @LudovicRousseau

    Fix compiler warning

    LudovicRousseau authored Ludovic Rousseau committed
    p15card-helper.c:23:5: warning: 'ENABLE_OPENSSL' is not defined, evaluates to 0
          [-Wundef]
        ^
  2. Fix compiler warning

    Ludovic Rousseau authored Ludovic Rousseau committed
    pkcs15-dnie.c:242:13: warning: function declaration isn't a prototype [-Wstrict-prototypes]
     const char *sc_driver_version()
                 ^
  3. build: disable Secure Messaging if OpenSSL is not used

    Ludovic Rousseau authored Ludovic Rousseau committed
    If OpenSSL is not present or --disable-openssl then Secure Messaging is
    disabled.
    
    The problem was that some Secure Messaging code is missing if OpenSSL is
    absent. The build/link failed with some missing symbols.
    
    Fix issue #293
  4. pkcs15-dnie: fix compilation when OpenSSL is not used

    Ludovic Rousseau authored Ludovic Rousseau committed
    If OpenSSL is not used then the functions from card-dnie.c are not
    defined and in particular dnie_match_card() is not defined.
    In that case we use a fake dnie_match_card() that just returns false.
  5. @philipWendland @viktorTarasov

    Merge PR#288 from philipWendland:upstream-ecc-fix

    philipWendland authored viktorTarasov committed
    add the possibility to store public ECC keys encoded according to SPKI
    EC pubkey storing: Check if params are available before copying.
    pkcs15-lib.c / sc_pkcs15init_store_public_key may be called with keyargs->key.u.ec.params.value == NULL. In this case, allocating and copying the parameters will fail. Add a check to prevent this.
  6. @dirkx @viktorTarasov

    Merge PR#280 from dirkx/master: --no-prompt flag

    dirkx authored viktorTarasov committed
    Add a --no-prompt flag to pkcs15-tool (i.e. the equivalent of the --no-prompt flag of pkcs15-init). As to aid readers with keypads (as commonly used in the medical space).
Commits on Sep 29, 2014
  1. Fix compiler warning

    Ludovic Rousseau authored
    The same function iasecc_sm_external_authentication() was declared in
    two different .h files.
    
    In file included from ../../src/libopensc/iasecc.h:27:0,
                     from sm-card-iasecc.c:44:
    ../../src/libopensc/iasecc-sdo.h:324:5: warning: redundant redeclaration of `iasecc_sm_external_authentication' [-Wredundant-decls]
    In file included from ../../src/libopensc/opensc.h:44:0,
                     from sm-card-iasecc.c:40:
    ../../src/libopensc/sm.h:352:5: note: previous declaration of `iasecc_sm_external_authentication' was here
Commits on Sep 18, 2014
  1. @dengert

    Merge pull request #280 from shootingatshadow/aes-support

    dengert authored
    Remove hardcodes from Mutual Authenticate
Commits on Sep 16, 2014
  1. Fix secure messaging library name on Mac OS X

    Ludovic Rousseau authored Ludovic Rousseau committed
    Mac OS X uses "libsmm-local.3.dylib" as library name. The default value
    "libsmm-local.so.3" is correct for Linux but not for Mac OS X.
    
    This bug prevented the "opensc-tool -a" to work correctly and return the
    ATR if an IAS card is present in the reader.
Commits on Sep 7, 2014
  1. @viktorTarasov

    Merge pull request #282 from CardContact/fix-deleted-related-public-key

    Andreas Schwier authored viktorTarasov committed
    framework-pkcs15: Duplicate public key related to private key rather than referencing the framework object
    
    Referencing the related public key is required to return PKCS#11 attributes for a private key only available
    in the public key object (i.e. CKA_MODULUS). This patch adds a copy of the public key to the private key object rather than
    referencing the public key object in the framework. This prevents SEGV when the public key framework object
    is deleted with C_DestroyObject, but the reference from the public key remains intact.
    
    The bug leads to all kind of stability problems when keys are created and deleted in the same session.
    
    The patch is in particular important if OpenSC is used with EJBCA or any other application using the
    SUN PKCS#11 provider: When generating key pairs, then the public key object is eventually garbage collected
    which removes the related object in the PKCS#11 module. Because there is no fixed time for this operation,
    corruption occurs at random.
    
    In a next step, the remaining related_xxx fields in sc_pkcs11_object should be revised and possibly removed.
    
    framework: Added more error checking
  2. @viktorTarasov

    sc-hsm: Fix certificate delete bug

    Andreas Schwier authored viktorTarasov committed
    If a certificate is deleted after the related private key, then the driver
    picks the wrong certificate EF, leading to an CKR_GENERAL_ERROR or the wrong
    certificate being deleted.
  3. @viktorTarasov

    sc-hsm: Added error if private key import tried

    Andreas Schwier authored viktorTarasov committed
    Private key import is not supported by the SmartCard-HSM. However there is no error code
    if it is still tried using pkcs15-init or from within Firefox.
  4. @viktorTarasov

    sc-hsm: Improve error detection and reporting in sc-hsm-tool

    Andreas Schwier authored viktorTarasov committed
  5. @viktorTarasov

    Merge pull request #274 from github-asmw/private-do-3

    Sumedha Widyadharma authored viktorTarasov committed
    openpgp-tool: Added PRIVATE-DO-3 dump option
    
    The bytes of private-do-3 will be written to stdout raw.
    Requires pin and verify to work.
    
    openpgp-tool: Fix private-do-3 dump for Windows
    
    fwrite will convert line endings on Windows if the destination
    is not openend in binary mode. As this actually dumps binary data,
    it makes sense to reopen stdout in binary mode for the dump.
    
    openpgp-tool: Enable dumping of all DOs
    
    PRIVATE-DO-<X> can now be dumped via the -d/--do switches and
    the DO number as a parameter.
    PRIVATE-DO-[12] can be dumped without verification.
    PRIVATE-DO-3 requires CHV2, PRIVATE-DO-4 CHV3.
    
    openpgp-tool: Dump DOs as hex into a tty, binary otherwise
    
    This prevents messing up a terminal if there really _is_
    binary data in a private DO. To force the binary data to a terminal,
    pipe through cat.
    
    openpgp-tool: Hint at the pin and verify options on error
    
    SC_ERROR_SECURITY_STATUS_NOT_SATISFIED is the error code
    here when dumping a private DO without the appropriate verification.
    
    openpgp-tool: Explictly use --raw for binary ouput
    
    The --raw switch already exists. If present, raw binary will be written,
    a pretty-printed hex/ascii representation otherwise.
  6. @andbil @viktorTarasov

    Fix error when signing with Swedish BankID card

    andbil authored viktorTarasov committed
    Added card type check in addition to check for SC_SEC_ENV_KEY_REF_PRESENT
    
    Added card type check in addition to check for SC_SEC_ENV_KEY_REF_PRESENT
  7. @frankmorgner @viktorTarasov

    pkcs15-tool: fixed file reading

    frankmorgner authored viktorTarasov committed
  8. @viktorTarasov

    pkcs11: Fixed wrong reference to PIN object in C_SetPIN() for SO-PIN

    Andreas Schwier authored viktorTarasov committed
  9. @metsma @viktorTarasov

    Target minimum OSX version to 10.7

    metsma authored viktorTarasov committed
  10. @frankmorgner @viktorTarasov

    fixed pkcs15 version check

    frankmorgner authored viktorTarasov committed
  11. @frankmorgner @viktorTarasov

    Merge pull request #253 from github-frankmorgner/remove-deadcode

    frankmorgner authored viktorTarasov committed
    card-asepcos: removed dead code
    card-authentic: removed dead code
    card-belpic: removed dead code
    card-epass2003: removed dead code
    card-flex: removed dead code
    card-gpk: removed dead code
    card-oberthur: removed dead code
    card-piv: removed dead code
    card-setcos: removed dead code
    ctbcs: removed dead code
    cwa14890: removed dead code
    muscle: removed dead code
    pkcs15-atrust-acos: removed dead code
    pkcs15-gemsafeV1: removed dead code
    pkcs15-skey: removed dead code
    reader-ctapi: removed dead code
    framework-pkcs15: removed dead code
    pkcs11-object: removed dead code
    pkcs15-asepcos: removed dead code
    pkcs15-cardos: removed dead code
    pkcs15-jcop: removed dead code
    pkcs15-lib: removed dead code
    pkcs15-oberthur: removed dead code
    parse: removed dead code
    sclex: removed dead code
    sm-card-authentic: removed dead code
    sm-card-iasecc: removed dead code
    sm-cwa14890: removed dead code
    sm-global-platform: removed dead code
    sc-test: removed dead code
    pkcs11-tool: removed dead code
    pkcs15-tool: removed dead code
  12. @viktorTarasov
Commits on Sep 3, 2014
  1. Remove hardcodes from Mutual Authenticate

    William Roberts authored
    Support nonces that are not only 8 bytes in
    Mutual Authenticate. Use the witness length
    to determine the nonce size, thus existing
    systems using 8 bytes will continue to use 8
    bytes. However, with AES 256, the nonces could
    be a single block size of 16 bytes or greater.
Commits on Sep 2, 2014
  1. @dengert
  2. @dengert

    Merge pull request #270 from shootingatshadow/aes-support

    dengert authored
    Add AES support for PIV General Authenticate
    
     adds new routine sc_right_trim in sc.c and opensc.h. It is used by  PIV card driver when using the piv-tool.
Commits on Aug 26, 2014
  1. @dengert

    pkcs11-tool sets CKA_DECRYPT=true rather then CKA_DERIVE=true when ge…

    dengert authored
    …nerating EC keys (#277)
    
    RSA and EC keys have different usage attributes. Appropriate attributes are set
    When using --keypairgen the user can use the --usage-sign, --usage-decrypt,
    and --usage-derive. to get finer control.
    
     Changes to be committed:
    	modified:   tools/pkcs11-tool.c
  2. Add AES support for PIV General Authenticate

    William Roberts authored
    This adds algorithm IDs 0xA, 0xA, 0xC which as documented
    by the NIST PIV specification is algorithms AES-128, AES-192
    and AES-256 respectively.
    
    This patch also addresses some of the hardcodes that prevented
    nonces greater than the single byte TLV length tags would allow.
    It was explicitly tested with AES-256 and 256 byte nonces.
    
    Signed-off-by: William Roberts <w2.roberts@samsung.com>
Commits on Jul 9, 2014
  1. sc-hsm: Prevent double-free crash if key generation fails

    Andreas Schwier authored
    Fixes #262 (SEGV when reader does not support extended length ADPU)
Commits on Jun 26, 2014
  1. @viktorTarasov

    release 0.14.0

    viktorTarasov authored
  2. @viktorTarasov

    sc-hsm: reduce indicated maximum PIN length to 15

    Andreas Schwier authored viktorTarasov committed
    Fix bogus minimum PIN length to support more PIN pad readers
Something went wrong with that request. Please try again.