Menu
▾
▴
opensc-commits — commit notifications
You can subscribe to this list here.
| 2013 |
Jan
(18) |
Feb
(20) |
Mar
(15) |
Apr
(5) |
May
(7) |
Jun
(3) |
Jul
(4) |
Aug
(20) |
Sep
(10) |
Oct
(12) |
Nov
(12) |
Dec
(7) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2014 |
Jan
(12) |
Feb
(8) |
Mar
(3) |
Apr
(7) |
May
(12) |
Jun
(19) |
Jul
(1) |
Aug
(5) |
Sep
(9) |
Oct
(11) |
Nov
(13) |
Dec
(20) |
| 2015 |
Jan
(12) |
Feb
(25) |
Mar
(33) |
Apr
(37) |
May
(36) |
Jun
(2) |
Jul
(18) |
Aug
(31) |
Sep
(98) |
Oct
(50) |
Nov
(25) |
Dec
(34) |
| 2016 |
Jan
(95) |
Feb
(35) |
Mar
(78) |
Apr
(12) |
May
(11) |
Jun
(20) |
Jul
(28) |
Aug
(21) |
Sep
(30) |
Oct
(29) |
Nov
(15) |
Dec
(15) |
| 2017 |
Jan
(29) |
Feb
(17) |
Mar
(34) |
Apr
(28) |
May
(12) |
Jun
(25) |
Jul
(39) |
Aug
(14) |
Sep
(12) |
Oct
(38) |
Nov
(28) |
Dec
(6) |
| 2018 |
Jan
(15) |
Feb
(22) |
Mar
(27) |
Apr
(71) |
May
(78) |
Jun
(47) |
Jul
(24) |
Aug
(63) |
Sep
(43) |
Oct
(34) |
Nov
(27) |
Dec
(18) |
| 2019 |
Jan
(51) |
Feb
(17) |
Mar
(48) |
Apr
(46) |
May
(25) |
Jun
(9) |
Jul
(14) |
Aug
(46) |
Sep
(18) |
Oct
(25) |
Nov
(26) |
Dec
(25) |
| 2020 |
Jan
(28) |
Feb
(30) |
Mar
(20) |
Apr
(69) |
May
(40) |
Jun
(16) |
Jul
(13) |
Aug
(9) |
Sep
(17) |
Oct
(40) |
Nov
(55) |
Dec
(6) |
| 2021 |
Jan
(44) |
Feb
(13) |
Mar
(33) |
Apr
(31) |
May
(32) |
Jun
(10) |
Jul
(9) |
Aug
(27) |
Sep
(33) |
Oct
(7) |
Nov
(14) |
Dec
(17) |
| 2022 |
Jan
(25) |
Feb
(11) |
Mar
(42) |
Apr
(14) |
May
(18) |
Jun
(3) |
Jul
(10) |
Aug
(41) |
Sep
(12) |
Oct
(13) |
Nov
(18) |
Dec
(9) |
| 2023 |
Jan
(10) |
Feb
(18) |
Mar
(25) |
Apr
(27) |
May
(16) |
Jun
(26) |
Jul
(9) |
Aug
(29) |
Sep
(17) |
Oct
(24) |
Nov
(18) |
Dec
(16) |
| 2024 |
Jan
(23) |
Feb
(55) |
Mar
(40) |
Apr
(17) |
May
(15) |
Jun
(12) |
Jul
(12) |
Aug
(6) |
Sep
(15) |
Oct
(16) |
Nov
(29) |
Dec
(26) |
| 2025 |
Jan
(29) |
Feb
(37) |
Mar
(24) |
Apr
(35) |
May
(38) |
Jun
(20) |
Jul
(7) |
Aug
(7) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Jakub J. <no...@gi...> - 2023-09-25 08:44:55
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: cbfa23766873e8c875a8249597013e0acef6dbcd https://github.com/OpenSC/OpenSC/commit/cbfa23766873e8c875a8249597013e0acef6dbcd Author: Jakub Jelen <jj...@re...> Date: 2023-09-25 (Mon, 25 Sep 2023) Changed paths: M .appveyor.yml M NEWS M configure.ac Log Message: ----------- 0.24.0-rc1 |
|
From: David L. <no...@gi...> - 2023-09-22 07:14:36
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 05c7bff7924f8d1d71289faa8fa988a0399b9af5 https://github.com/OpenSC/OpenSC/commit/05c7bff7924f8d1d71289faa8fa988a0399b9af5 Author: David <dle...@bl...> Date: 2023-09-22 (Fri, 22 Sep 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- show 'sign' usage for secret keys Secret keys can be used for signing in algorithms like HMAC and CMAC so they should display their CKA_SIGN attribute value when listing object attributes Fixes #2851 |
|
From: Jakub J. <no...@gi...> - 2023-09-21 20:35:34
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 6414aec2df81a1e3323cd9932ce5d7be5b99a5e4 https://github.com/OpenSC/OpenSC/commit/6414aec2df81a1e3323cd9932ce5d7be5b99a5e4 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_ec_sign.c Log Message: ----------- p11test: Do not test weird inputs lengths with ECDSA mechanism It is usually made to work only with known digest sizes, regardless what the PKCS #11 specification says about that it should work with any input lengths. Commit: 734eaff0d7fc34ac6c18dd1c9cdebcdf6daa4db5 https://github.com/OpenSC/OpenSC/commit/734eaff0d7fc34ac6c18dd1c9cdebcdf6daa4db5 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/pkcs15-sc-hsm.c Log Message: ----------- sc-hsm: Public EC keys should have Derive usage This was previously discussed in #2292 and in #2345 Commit: 1c129bb9759ce0f76f6e2c489894f820bd1efe43 https://github.com/OpenSC/OpenSC/commit/1c129bb9759ce0f76f6e2c489894f820bd1efe43 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: A src/tests/p11test/sc-hsm_ref.json Log Message: ----------- Add reference file for testing sc-hsm token Commit: afbccce9490f8ec12ea235c0610ba1c6d1dd6f09 https://github.com/OpenSC/OpenSC/commit/afbccce9490f8ec12ea235c0610ba1c6d1dd6f09 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c M src/tests/p11test/p11test_case_ec_derive.c M src/tests/p11test/p11test_case_readonly.c M src/tests/p11test/p11test_case_wrap.c Log Message: ----------- p11test: Avoid memory leaks Commit: 84e945d46d24e157ad23aee8a4ff355b472f3846 https://github.com/OpenSC/OpenSC/commit/84e945d46d24e157ad23aee8a4ff355b472f3846 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/libopensc.exports M src/libopensc/pkcs15-skey.c M src/libopensc/pkcs15.c M src/libopensc/pkcs15.h M src/pkcs11/framework-pkcs15.c Log Message: ----------- pkcs15: Correctly handle freeying secret keys in memory Commit: 531d782249e32dd538915de7a3cdb2c140b7e777 https://github.com/OpenSC/OpenSC/commit/531d782249e32dd538915de7a3cdb2c140b7e777 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- piv: Avoid possible NULL dereference Thanks coverity CID 400265 Commit: 240c737f93ecfa83bf8110212a3da9b2fd4e3731 https://github.com/OpenSC/OpenSC/commit/240c737f93ecfa83bf8110212a3da9b2fd4e3731 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- piv: Check return values Thanks coverity CID 400264 Commit: 7236a9ae4ec4a1fe318939371e34d05acb45b089 https://github.com/OpenSC/OpenSC/commit/7236a9ae4ec4a1fe318939371e34d05acb45b089 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- piv: Simplify handling of IDsh length This prevents coverity thinking the value can be different from 8. CID 400263 Commit: b87d1f5756a20fc2f8efd6b7ac89b2e475896bf1 https://github.com/OpenSC/OpenSC/commit/b87d1f5756a20fc2f8efd6b7ac89b2e475896bf1 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .github/test-oseid.sh M .github/workflows/linux.yml M containers/opensc-test-oseid/Containerfile Log Message: ----------- ci: Run oseid with valgrind too The OsEID PR needed for this is available here: https://github.com/popovec/oseid/pull/4 Commit: ebee0cc63896c13741c1181defb911c1aa8c8872 https://github.com/OpenSC/OpenSC/commit/ebee0cc63896c13741c1181defb911c1aa8c8872 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/pkcs15-prkey.c Log Message: ----------- Reformat long lines for readability Commit: 600ab32ef062dd959623d1985a3014a200f51018 https://github.com/OpenSC/OpenSC/commit/600ab32ef062dd959623d1985a3014a200f51018 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .github/setup-linux.sh Log Message: ----------- ci: Install openssl debuginfo to provide useful backtraces Commit: b0a0cec8709ffb47b61a05cf3219a9073fdbe60f https://github.com/OpenSC/OpenSC/commit/b0a0cec8709ffb47b61a05cf3219a9073fdbe60f Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/libopensc.exports M src/libopensc/pkcs15-prkey.c M src/libopensc/pkcs15.h M src/tools/pkcs15-init.c Log Message: ----------- pkcs15: Provide erase/free_prkey same as for pubkey The respective functions for public keys and private keys behaved differently, causing a lot of confusion when using them. Fortunately it is not used in many places. Probably fixing also the following oss-fuzz issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61965 Commit: eba0eb7d7871415d648e19492f0cbb9bde3f22c7 https://github.com/OpenSC/OpenSC/commit/eba0eb7d7871415d648e19492f0cbb9bde3f22c7 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/pkcs15-prkey.c M src/pkcs15init/pkcs15-lib.c M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init: Fix memory leaks Most of them brought up by valgrind while running the OSeEID tests Commit: a7889764e2863b411ad568da01b05ea70cb7d63f https://github.com/OpenSC/OpenSC/commit/a7889764e2863b411ad568da01b05ea70cb7d63f Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool: Avoid memory leaks Commit: 354246828079544eef8592405e426d095328f0fa https://github.com/OpenSC/OpenSC/commit/354246828079544eef8592405e426d095328f0fa Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- pkcs11: Avoid use of uninitialized variables while doing symmetric deciphering Commit: a979f23d64c6a00d2c6f6e00957d86b24d095b6b https://github.com/OpenSC/OpenSC/commit/a979f23d64c6a00d2c6f6e00957d86b24d095b6b Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .github/test-oseid.sh Log Message: ----------- ci: Run p11test anyway for oseid at least to capture memory issues Commit: e440120cca9f42444477635a4c2c70e94fac8fdb https://github.com/OpenSC/OpenSC/commit/e440120cca9f42444477635a4c2c70e94fac8fdb Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .gitignore Log Message: ----------- .gitignore: Add new generated files Commit: 55edcb16feb94c23e241b9ed2cfe3db5941203d7 https://github.com/OpenSC/OpenSC/commit/55edcb16feb94c23e241b9ed2cfe3db5941203d7 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_ec_sign.c M src/tests/p11test/p11test_case_readonly.c Log Message: ----------- p11test: Skip derive mechanisms while running signature tests Commit: 9da052df69134393f036c8065e8a34e101451176 https://github.com/OpenSC/OpenSC/commit/9da052df69134393f036c8065e8a34e101451176 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_pss_oaep.c Log Message: ----------- p11test: Make the title more self-describing Commit: 3bfc6b910799a80bb4eefc71da7cc985cd60c9ce https://github.com/OpenSC/OpenSC/commit/3bfc6b910799a80bb4eefc71da7cc985cd60c9ce Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .github/setup-valgrind.sh Log Message: ----------- ci: Keep valgrind quite to avoid noise Commit: cbddca6d170ef5c33b8ff9a0f52549b4ec4ab86e https://github.com/OpenSC/OpenSC/commit/cbddca6d170ef5c33b8ff9a0f52549b4ec4ab86e Author: Frank Morgner <fra...@gm...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- pkcs11: clean up secret key information Commit: d1acf3bab9036107ac19af871c548d6f47a3a83d https://github.com/OpenSC/OpenSC/commit/d1acf3bab9036107ac19af871c548d6f47a3a83d Author: Frank Morgner <fra...@gm...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/pkcs15-prkey.c Log Message: ----------- erase private key data on clean up Commit: 0875c69295ef28b45fb682b37cede58fc36b7a1a https://github.com/OpenSC/OpenSC/commit/0875c69295ef28b45fb682b37cede58fc36b7a1a Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/pkcs15-cache.c Log Message: ----------- pkcs15-cache: Avoid fd leaks and check return values CID 401725 CID 401726 Thanks coverity Commit: ed44af2724b24dc9fbd8b25eb5dbe6cb7aad8f16 https://github.com/OpenSC/OpenSC/commit/ed44af2724b24dc9fbd8b25eb5dbe6cb7aad8f16 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- pkcs11: Avoid memory leak session secret keys Normally, any keys are added to the pkcs15 directory structure, which is tracked by the pkcs15 layer, but this does not happen for session objects (see sc_pkcs15init_store_secret_key()) so when clearing the key from the pkcs11 layer, we need to check if this key is session key and if so, free it. We can not free it for non-session keys as this would cause double-free as the pkcs15 layer attempts to free these too through the same reference. Commit: 1634adab29757ecbb5b9b5635e0a66ef92fa56ce https://github.com/OpenSC/OpenSC/commit/1634adab29757ecbb5b9b5635e0a66ef92fa56ce Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/libopensc/card-oberthur.c Log Message: ----------- oberthur: Avoid memory leak Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61976 Commit: 41d61da8481582e12710b5858f8b635e0a71ab5e https://github.com/OpenSC/OpenSC/commit/41d61da8481582e12710b5858f8b635e0a71ab5e Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/pkcs15init/pkcs15-oberthur.c Log Message: ----------- oberthur: Avoid buffer overflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650 Commit: f7dc16401cef84cdfde212de38cb6faa125430b9 https://github.com/OpenSC/OpenSC/commit/f7dc16401cef84cdfde212de38cb6faa125430b9 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .github/setup-linux.sh M .github/workflows/linux.yml Log Message: ----------- ci: Do not install debug symbols if not needed as it sounds flaky and time consuming Compare: https://github.com/OpenSC/OpenSC/compare/188d0fa6769c...f7dc16401cef |
|
From: David L. <no...@gi...> - 2023-09-21 13:34:10
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 4afbb70f81839f5fc925d30f26150831519cfdb0 https://github.com/OpenSC/OpenSC/commit/4afbb70f81839f5fc925d30f26150831519cfdb0 Author: David <dle...@bl...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool: avoid true/false keywords Fixes #2868 Commit: 188d0fa6769c4e4e2e17f8fa26c29a80828e5c3f https://github.com/OpenSC/OpenSC/commit/188d0fa6769c4e4e2e17f8fa26c29a80828e5c3f Author: David <dle...@bl...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_ec_derive.c Log Message: ----------- fixup p11test_case_ec_derive.c Compare: https://github.com/OpenSC/OpenSC/compare/0b0c428d0656...188d0fa6769c |
|
From: Jakub J. <no...@gi...> - 2023-09-21 08:35:51
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 0b0c428d065602421ba495d2303aa0687cd26665 https://github.com/OpenSC/OpenSC/commit/0b0c428d065602421ba495d2303aa0687cd26665 Author: Jakub Jelen <jj...@re...> Date: 2023-09-21 (Thu, 21 Sep 2023) Changed paths: M .github/setup-libressl.sh Log Message: ----------- ci: Bump libressl release Related: #2670 |
|
From: Doug E. <no...@gi...> - 2023-09-20 10:24:11
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 9e1b5b2836cadde19cbf58e771f6a93c7811f977 https://github.com/OpenSC/OpenSC/commit/9e1b5b2836cadde19cbf58e771f6a93c7811f977 Author: Doug Engert <dee...@gm...> Date: 2023-03-01 (Wed, 01 Mar 2023) Changed paths: M src/minidriver/minidriver.c Log Message: ----------- Minidriver - handle pin ROLE_EVERYONE Needed for private keys that do not require a PIN Changes to be committed: modified: minidriver/minidriver.c Commit: beeb83a120bc8ab9e22db31906d17b4795e8f67b https://github.com/OpenSC/OpenSC/commit/beeb83a120bc8ab9e22db31906d17b4795e8f67b Author: Doug Engert <dee...@gm...> Date: 2023-03-01 (Wed, 01 Mar 2023) Changed paths: M src/minidriver/minidriver.c Log Message: ----------- Minidriver - Don't use RSA PAD flags with EC keys SC_ALGORITHM_RSA_HASH_SHA* are also SC_ALGORITHM_ECDSA_HASH_SHA* Turn off any RSA PAD flags if key is EC On branch minidriver-EC-2 Changes to be committed: modified: minidriver/minidriver.c Commit: 9d059e0e457d9e7dc52558a12682d70c36a25ab1 https://github.com/OpenSC/OpenSC/commit/9d059e0e457d9e7dc52558a12682d70c36a25ab1 Author: Doug Engert <dee...@gm...> Date: 2023-09-20 (Wed, 20 Sep 2023) Changed paths: M src/minidriver/minidriver.c Log Message: ----------- Merge pull request #2722 from dengert/minidriver-EC-2 Minidriver EC Changes for private keys that do not need a PIN and/or ECDSA failure to sign Compare: https://github.com/OpenSC/OpenSC/compare/c7607347812f...9d059e0e457d |
|
From: Joshua R. <no...@gi...> - 2023-09-19 08:19:07
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: c7607347812f0b0bd6f29dd41ef251fbe2e4f957 https://github.com/OpenSC/OpenSC/commit/c7607347812f0b0bd6f29dd41ef251fbe2e4f957 Author: Joshua Root <jm...@ma...> Date: 2023-09-19 (Tue, 19 Sep 2023) Changed paths: M src/tools/openpgp-tool-helpers.c Log Message: ----------- openpgp-tool-helpers.c: include header for strnlen Closes: #2863 |
|
From: Jakub J. <no...@gi...> - 2023-09-15 08:35:16
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: bff98ff078a99e6864ba1a598fd7dc9af4a9476b https://github.com/OpenSC/OpenSC/commit/bff98ff078a99e6864ba1a598fd7dc9af4a9476b Author: Jakub Jelen <jj...@re...> Date: 2023-09-15 (Fri, 15 Sep 2023) Changed paths: M src/libopensc/pkcs15-cache.c Log Message: ----------- cache: Honor the file offset when writing cache When the reads are not consecutive, avoid caching anything after the gaps. Signed-off-by: Jakub Jelen <jj...@re...> |
|
From: Doug E. <no...@gi...> - 2023-09-12 06:40:41
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 9933d620544f691acbcd04dba23cd8a27e3bbd90 https://github.com/OpenSC/OpenSC/commit/9933d620544f691acbcd04dba23cd8a27e3bbd90 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/apdu.c M src/libopensc/types.h Log Message: ----------- Fix SM handling of command chaining for short apdus Allow driver to tell apdu.c to pass to sm_get_apdus to have it do the chaining. Without this change, apdu.c will do the command chaining and pass each chained apdu to SM. This may be OK for some, but not PIV which uses short APDUs and encryption and MAC for data before doing the chaining. The driver sets SC_APDU_FLAGS_SM_CHAINING flag and SC_APDU_FLAGS_CHAINING. which causes apdu.c to pass the plain adpu to card->sm_ctx.ops.get_sm_apdu. Without the SC_APDU_FLAGS_SM_CHAINING the flow of SM is not changed. On branch PIV-4-extensions Changes to be committed: modified: apdu.c modified: types.h Commit: 26b24c7c17a153e4697187f5145ac632472184f9 https://github.com/OpenSC/OpenSC/commit/26b24c7c17a153e4697187f5145ac632472184f9 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/apdu.c Log Message: ----------- apdu.c log apdu->flags for debugging On branch PIV-4-extensions Changes to be committed: modified: apdu.c Commit: f6b4a2e6582d5c1a37a04be475df88bee86f0bc3 https://github.com/OpenSC/OpenSC/commit/f6b4a2e6582d5c1a37a04be475df88bee86f0bc3 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M etc/opensc.conf.example.in M src/libopensc/card-piv.c M src/libopensc/cards.h M src/libopensc/pkcs15-piv.c M src/libopensc/types.h Log Message: ----------- PIV Secure Messaging as defined in NIST 800-73-4 5/2015 Looking for other users who have cards that support PIV SM and VCI for testing. Changes to PIV code for SM as defined in NIST 800-73-4. Section 4.1 The Key Establishment Protocol is done in piv_sm_open. Step names and variable names were chosen to match the names used used in 800-73-4. piv_get_sm_apdu, piv_free_sm_apdu, and piv_sm_close use the builtin SM apdu handling. This version calls piv_sm_open once from piv_init. and card->sm_ctx.sm_mode is set. See TODO below. PR has been tested with pkcs11-tool -O and --test --login using a "IDEMIA ID-One PIV 2.4 on Cosmo V8.1" with vendor provided certificates (about 25 certificates and keys) and other data objects. The test card does not have a "pairing code object" need for VCI for use over a contactless interface (NFC), But code has been added to support pairing to allow testing. The PIV SM code is only enabled if ENABLE_SM, ENABLE_OPENSSL and OPENSSL_NO_EC is not defined. It was tested with --disable_sm A card indicates it can suport SM in the response to SELECT_AID. If card can support SM, but OpenSC was built without ENABLE_SM a sc_log message will say so. card-piv.c use SC_APDU_FLAGS_SM_CHAINING from previous commit. This allows the PIV to pass a plain ADPU which needs command chaining, to SM and piv_get_sm_apdu and will encrypt and MAC the data before command chaining is done in apdu.c NIST sp800-73-4 3.3.2 extends pin policy usage flags for optional VCI and OCC are defined. Checked with valgrind, pkcs11 -O and pkcs11-tool --test --login If card supports SM it is turned on in piv_init, so if card is reset or interfered with from other process, SM will not restart. Signer certificates and CVC certificates are verified. If interfered with by other processes, and SM session is lost, it is restarted. TODO Need a way to give user paring code from card over usb after login if it is not printed on card or distributed in some other way. MD_MAX_KEY_CONTAINERS 32 add piv_logout PIV test card have more the 12 keys. "card_driver PIV_II {" block in opensc.conf See: etc/opensc.conf.example.in piv_max_object_size - removes the code to read first 8 bytes to get object size and use piv_max_object_size as read buffer size. default is 16K, max is 65K piv_use_sm - default, never, always default - use it for PIN, crypto and reading objects that are PIN protected Other objects are read in the clear for performance. never - Don't use SM, even if card supports it. Can help is situations were problems ith SM, and to debug other PIN or cryto problems. always -Like default, but read all objects using SM. piv_pairing_code - Card may require user to enter 8 digit pairing code to use VCI so card can be used over contactless as if using contact reader. VCI requires SM, and encrypts everything. All can be set via env. PIV_USE_SM= PIV_PAIRING_CODE= Used of a contactless reader is identified by the ATR 3B 8X 80 01 .... Rework PIV card matching and init for less overhead. piv_match_card_continued was committed in 4222036a6 2018-02-28 to handle limitations in card.c on not allowing *_match_card to pass anything other the card->type to *_init routines. These restrictions were removed in 2c0d1b9ab 2018-07-05. piv_match_card_continued is only called once, from piv_match_card does some checks, sets card->type, allocates piv_private_data_t, saves it in card->drv_data, calls sc_lock. If piv_match_card_continued fails, piv_match_card will call sc_lock, piv_finish and return 0 (failed to match). And just in case piv_match_card is not called, piv_init will call piv_match_card_continued. And if it fails will call sc_unlock, piv_finish and return SC_ERROR_INVALID_CARD. The card lock is finally released at end of piv_init. This allows no interference from other process during piv_match_card and piv_init. If CSAI 0xAC tag is found in the response to a SELECT AID and is used to say the card supports SM. It will still do this even if built without SM so it will show up in debug logs. PIV specs are vague and some PIV applets and a 0xAC tag for every algorithm and not just for SM. PIV Secure Messaging requires at least OpenSSL-1.1.1 or OpenSSL-3.0.0 Added equivelent code from PR 2366. Pairing code is optional, and only used when creating a VCI over contetless reader. It can be provided via env PIV_PAIRING_CODE or in opensc.conf. In any case the paring code, if provided, must be 8 ASCII digits. There is no not easy way to tell the user the code is invalid. "piv_parse_pairing_code" is added to check the length and digits. The caller will add a debug log entry if it is invalid so there is a record of the failure. With 800-73-4 Secure Messaging the SELECT AID response specifies which cryptographic algorithms under tag 0xAC are supported for Secure Messaging. The code was using the discovery object to test if the PIV applet is active as some cards have a card issue of losing the login state if the SELECT AID is used instead. (None of these cards support SM so reading the discovey object was as good as doing SELECT_AID.) The problme was found while running in contactless mode, card would work the first time becaus the discovery object would not find the PIV applet so a SELECT AID was done and it would also update the the cryptographic algorithms. When run a second time, reading the discovery object would work but the SELECT AID would only be done near the end of match routine for card types the may support 800-73-4. The duplicate "sc_atr" was not listed as one the need to have SELECT AID done. PIV change processing of CVC certificates At the request of others va github comment, the method to used to extract an optional intermediate CVC certificate was changed. Unlike other certificate objects in 800-73-4, "Table 42. Secure Messaging Certificate Signer" the "Intermediate CVC (Conditional)" does not have an enclosing tag, but uses the 0x7F21 tag. Later the 0x7F21 tag is considered part of the certificate and a hash of the the full certificate is sent to the card as part of SM. OpenSC has a number of asn1 routines such as "sc_asn1_find" to find tags but once found, they only return the address of the value(V) and its length(L) but do not return the address of the found tag(T). The previous code reconstructed the address of the found tag be calculating the number of bytes it took to encode (L) and known tag(T). 800-73-4 says the "Intermediate CVC (Conditional)" immediately follows the "CertInfo" so the address of the following byte is saved to locate where the "Intermediate CVC (Conditional)" could start. Rename dec_counter to resp_enc_counter as name was misleading 800-74-4 says: "(i.e., the IV used to encrypt the first response after successful completion of the key establishment protocol shall be generated by encrypting '80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01' with SKENC)." Use the same (encrypted) IV the card used to encrypt the response when decrypting the response. Explain how SM APDU case is derived Added comment and used defines to show how the APDU for SM is derived from the plain APDU. and how it will allow for extended APDUs if NIST allows them or card vendor in known to support them. Changes to be committed: modified: etc/opensc.conf.example.in modified: src/libopensc/card-piv.c modified: src/libopensc/cards.h modified: src/libopensc/pkcs15-piv.c modified: src/libopensc/types.h Commit: e227f68d3c6a6e1cae1b16114ea96525a6c692ea https://github.com/OpenSC/OpenSC/commit/e227f68d3c6a6e1cae1b16114ea96525a6c692ea Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M doc/files/opensc.conf.5.xml.in M src/libopensc/card-piv.c Log Message: ----------- card-piv.c various improvments Update PIV conf and env in opensc.conf.5.xml.in Improved card match and testing for SM cards Allow force of SC_CARD_TYPE_PIV_II_BASE, which will test for all posible type of cards tested including 800-74-4 supported features. Tested with ID-One with SM, Older NIST beta cards: Gemalto and Oberthur, YubiKey: 4 and 5 NFC and PIVKey C910. Allow testing PIV SM with or without github.com/OpenSC/OpenSC/pull/2712 Clear CVC contents if CVC fails to encode In responses to https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102504801 For example, if the CVC can not be parsed, clear it by calling piv_clear_cvc_content Add PIV SM functions prototypes as static PIV Use piv_free_sm_apdu to cleanup if piv_encode_apdu fails This is in response to: https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102512477 and https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102516064 PIV Improve testing of AuthCryptogram This is in response to: https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1102625542 PIV goto err if AuthCryptogram check fails PIV Add check for plain->resp == NULL Handle case where apdu resp == NULL and resplen > 0 which would be a programming error. card-piv.c With SM and no data returned set plain->resplen=0 Fixes https://github.com/OpenSC/OpenSC/pull/2053#issuecomment-1501913641 PIV fix checking of padding Fixes: https://github.com/OpenSC/OpenSC/pull/2053#discussion_r1202793082 PIV SM - Unzip SM Certificate Signer Certificate With SM, the Cert Signer certificate may be ziped. card-piv.c needs to extract the public key before pkcs15 emulation is setup. Call sc_decompress_alloc. Changes to be committed: modified: doc/files/opensc.conf.5.xml.in modified: src/libopensc/card-piv.c Commit: a36db5f3b87bf9600e185b3b073e3072d2f04bf6 https://github.com/OpenSC/OpenSC/commit/a36db5f3b87bf9600e185b3b073e3072d2f04bf6 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M configure.ac M doc/files/opensc.conf.5.xml.in M etc/opensc.conf.example.in M src/libopensc/card-piv.c Log Message: ----------- card-piv.c - Do not enable PIV SM by default This is in response to: https://github.com/OpenSC/OpenSC/pull/2053#issuecomment-1638038085 configure.ac add --enable-piv-sm option with default disabled Changes to be committed: modified: configure.ac modified: doc/files/opensc.conf.5.xml.in modified: etc/opensc.conf.example.in modified: src/libopensc/card-piv.c Commit: 8f52f82f20e7381845c7e310275f4093d1c4a350 https://github.com/OpenSC/OpenSC/commit/8f52f82f20e7381845c7e310275f4093d1c4a350 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- card-piv.c add sc_log for verify failure over contactless See: https://github.com/OpenSC/OpenSC/pull/2053/files#r1267420364 On branch PIV-4-extensions Changes to be committed: modified: card-piv.c Commit: fde759aa113bfe667fbdb1c5bea6b5cb842ce79a https://github.com/OpenSC/OpenSC/commit/fde759aa113bfe667fbdb1c5bea6b5cb842ce79a Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/pkcs15-piv.c Log Message: ----------- pkcs15-piv.c fix memory leak of one pubkey found by valgrind The Secure Messaging Certificate Signer does not have a private key on the card. The public key was extracted from the certificate but never freed later while creating private key entries. On branch PIV-4-extensions Changes to be committed: modified: pkcs15-piv.c Commit: ccb6f3c71995e262487b764abb4b0b9d035d8431 https://github.com/OpenSC/OpenSC/commit/ccb6f3c71995e262487b764abb4b0b9d035d8431 Author: Frank Morgner <fra...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M doc/files/opensc.conf.5.xml.in M etc/opensc.conf.example.in M src/libopensc/card-piv.c Log Message: ----------- replace PIV_MAX_OBJECT_SIZE with MAX_FILE_SIZE simplify code and configuration options Commit: 6237ed7673f5b5d05f4c20eb8b001e017827d0eb https://github.com/OpenSC/OpenSC/commit/6237ed7673f5b5d05f4c20eb8b001e017827d0eb Author: Frank Morgner <fra...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M etc/opensc.conf.example.in Log Message: ----------- removed doc for PIV SM option that's likely to change Commit: 06d58f1fe581b03aab02670b04e133d859618458 https://github.com/OpenSC/OpenSC/commit/06d58f1fe581b03aab02670b04e133d859618458 Author: Frank Morgner <fra...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- PIV: move locking outside of piv_match_card_continued This fixes an erroneous call of sc_unlock in piv_match_card_continued in case of an error, which causes sc_unlock to be called more often than sc_lock. Commit: b5ee4184376c5653871fc7af03255538f7d647e8 https://github.com/OpenSC/OpenSC/commit/b5ee4184376c5653871fc7af03255538f7d647e8 Author: Frank Morgner <fra...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M etc/opensc.conf.example.in M src/libopensc/card-piv.c Log Message: ----------- Fixed compiler warnings Changes to be committed: modified: src/libopensc/card-piv.c Commit: f5b55ea81162256a3b250c0bc5b184c3a6e486d7 https://github.com/OpenSC/OpenSC/commit/f5b55ea81162256a3b250c0bc5b184c3a6e486d7 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- card-piv.c - restrict response buffer to 65K - 256 and minor changes The use of priv->max_object_size = MAX_FILE_SIZE; causes SM to exceed 65K when creating SM apdu from plain apdu. The plain apdu will have 65K, and SM apdu will add 40 bytes. f05eb3e0a "replace PIV_MAX_OBJECT_SIZE with MAX_FILE_SIZE" introduced the problem. pcsc internally will allocate another buffer the size of resplen. SCardTransmit will get a 0x80100008 error. Remove some TODO comments Use cipher vs cypher https://english.stackexchange.com/questions/147965/cipher-vs-cypher Remove a nit and combined two "#if"... #endif" sections into one. Remove piv_is_expected_tag and replace with inline code in 3 places. Changes to be committed: modified: src/libopensc/card-piv.c Commit: d43a199524728266c51c35b854d52c8f21f90bb1 https://github.com/OpenSC/OpenSC/commit/d43a199524728266c51c35b854d52c8f21f90bb1 Author: Jakub Jelen <jj...@re...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M .github/build.sh M .github/workflows/coverity.yml M .github/workflows/linux.yml Log Message: ----------- Run CI for PIV SM Commit: d0791b7fd08d914d5e7c5878c1fbda9a46c7017a https://github.com/OpenSC/OpenSC/commit/d0791b7fd08d914d5e7c5878c1fbda9a46c7017a Author: Jakub Jelen <jj...@re...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool: Avoid memory leaks with OSSL3 Commit: dfeeac68f9cc3b26fe434ef7cfe046905a54b1d5 https://github.com/OpenSC/OpenSC/commit/dfeeac68f9cc3b26fe434ef7cfe046905a54b1d5 Author: Doug Engert <dee...@gm...> Date: 2023-09-12 (Tue, 12 Sep 2023) Changed paths: M src/libopensc/card-piv.c Log Message: ----------- card-piv.c SM move check for no response data to after MAC is checked On branch PIV-4-extensions Changes to be committed: modified: card-piv.c Compare: https://github.com/OpenSC/OpenSC/compare/dc1d0196b41d...dfeeac68f9cc |
|
From: Alon Bar-L. <no...@gi...> - 2023-09-07 22:02:28
|
Branch: refs/heads/master Home: https://github.com/OpenSC/pkcs11-helper Commit: 7be7b30568f8f23dd529bacc6c7b13bcbf905fa4 https://github.com/OpenSC/pkcs11-helper/commit/7be7b30568f8f23dd529bacc6c7b13bcbf905fa4 Author: Alon Bar-Lev <alo...@gm...> Date: 2023-09-08 (Fri, 08 Sep 2023) Changed paths: M lib/pkcs11h-session.c Log Message: ----------- session: respect prompt_mask in context login |
|
From: Gianfranco C. <no...@gi...> - 2023-09-05 12:22:48
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: dc1d0196b41df5461a7187171effba96c6e692f5 https://github.com/OpenSC/OpenSC/commit/dc1d0196b41df5461a7187171effba96c6e692f5 Author: Gianfranco Costamagna <cos...@ya...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/libopensc/card-asepcos.c M src/libopensc/card-starcos.c M src/libopensc/iso7816.c M src/pkcs15init/pkcs15-asepcos.c M src/pkcs15init/pkcs15-cardos.c M src/pkcs15init/pkcs15-entersafe.c M src/pkcs15init/pkcs15-epass2003.c M src/pkcs15init/pkcs15-incrypto34.c M src/pkcs15init/pkcs15-lib.c M src/pkcs15init/pkcs15-myeid.c M src/pkcs15init/pkcs15-oberthur.c M src/pkcs15init/pkcs15-setcos.c M src/pkcs15init/pkcs15-starcos.c Log Message: ----------- libopensc, pkcs15init: silence some gcc errors spotted on Ubuntu 23.10 development release with gcc-13, lto and O3 optimization level E.g. of error: libtool: link: gcc -g -O0 -Wall -Wextra -Wno-unused-parameter -Werror -Wstrict-aliasing=2 -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fdebug-prefix-map=/<<PKGBUILDDIR>>=/usr/src/opensc-0.23.0-1 -Wno-error=deprecated-declarations -Wno-error=stringop-overflow -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z -Wl,relro -o fuzz_pkcs15init fuzz_pkcs15init.o fuzzer_reader.o fuzzer.o ../../../src/libopensc/.libs/libopensc.a -lz -lgio-2.0 -lgobject-2.0 -leac -lcrypto ../../../src/common/.libs/libscdl.a -ldl ../../../src/pkcs15init/.libs/libpkcs15init.a ../../../src/common/.libs/libcompat.a -pthread ../../../src/pkcs15init/pkcs15-lib.c: In function 'sc_pkcs15init_update_any_df': ../../../src/pkcs15init/pkcs15-lib.c:3247:21: error: 'bufsize' may be used uninitialized [-Werror=maybe-uninitialized] 3247 | r = sc_pkcs15init_update_file(profile, p15card, file, buf, bufsize); | ^ ../../../src/pkcs15init/pkcs15-lib.c:3234:25: note: 'bufsize' was declared here 3234 | size_t bufsize; | ^ lto1: all warnings being treated as errors |
|
From: Frank M. <no...@gi...> - 2023-09-05 11:01:34
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 00214628a08f65ccf6597b6c9c2c02f5f2feffa9 https://github.com/OpenSC/OpenSC/commit/00214628a08f65ccf6597b6c9c2c02f5f2feffa9 Author: Frank Morgner <fra...@gm...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M NEWS Log Message: ----------- Added missing CVEs to NEWS (#2855) * Added missing CVEs to NEWS fixes https://github.com/OpenSC/OpenSC/issues/2841 * added CVE-2021-34193 as duplicate |
|
From: Kaarle R. <no...@gi...> - 2023-09-05 10:56:12
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 90a15d4757b42ee5573bab92acc6553f4d88e002 https://github.com/OpenSC/OpenSC/commit/90a15d4757b42ee5573bab92acc6553f4d88e002 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c Log Message: ----------- p11test: fix memory leak with OpenSSL 3 when the public key is successfully saved for future use Commit: f2e6f919a64bf85b98548e1b97af153051ada1f4 https://github.com/OpenSC/OpenSC/commit/f2e6f919a64bf85b98548e1b97af153051ada1f4 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c Log Message: ----------- p11test: free EC param objects in one place Commit: 44f9c86b82042165bf312aae82817bffe8584ff2 https://github.com/OpenSC/OpenSC/commit/44f9c86b82042165bf312aae82817bffe8584ff2 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c M src/tests/p11test/p11test_case_ec_derive.c M src/tests/p11test/p11test_case_readonly.c Log Message: ----------- p11test: fix spelling errors Commit: d6836796b7fc72d771662bf03bae756d61b22224 https://github.com/OpenSC/OpenSC/commit/d6836796b7fc72d771662bf03bae756d61b22224 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c Log Message: ----------- p11test: rename ASN.1 octet string variable Commit: 9730c93cfb4f8ed34b9f15f4ae5ab76983c41f7c https://github.com/OpenSC/OpenSC/commit/9730c93cfb4f8ed34b9f15f4ae5ab76983c41f7c Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c Log Message: ----------- p11test: simplify EC cert parsing Commit: 9773ed3cde1bd299f88f006d348fb059ad3c1fd3 https://github.com/OpenSC/OpenSC/commit/9773ed3cde1bd299f88f006d348fb059ad3c1fd3 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c Log Message: ----------- p11test: fix curve_name with OpenSSL 3 It cannot be read from the new EC key instance where it is to be written later. Commit: f8eb3d31021f6513bcf91a2e07e0f5e9159028a4 https://github.com/OpenSC/OpenSC/commit/f8eb3d31021f6513bcf91a2e07e0f5e9159028a4 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_common.c Log Message: ----------- p11test: fix pubkey with OpenSSL 3 It cannot be read from the new EC key instance where it is to be written later. Commit: b36754bc0d58452778ca6fb5c624edfef435f81f https://github.com/OpenSC/OpenSC/commit/b36754bc0d58452778ca6fb5c624edfef435f81f Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-09-05 (Tue, 05 Sep 2023) Changed paths: M src/tests/p11test/p11test_case_ec_derive.c Log Message: ----------- p11test: fix ECDH test sc_pkcs15init_init_skdf fails unless the key length has been set. Compare: https://github.com/OpenSC/OpenSC/compare/a6efa69f4683...b36754bc0d58 |
|
From: Jakub J. <no...@gi...> - 2023-08-31 14:13:58
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: a6efa69f4683a7731d5ffe345776b1d8d1423804 https://github.com/OpenSC/OpenSC/commit/a6efa69f4683a7731d5ffe345776b1d8d1423804 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-iasecc.c Log Message: ----------- iasecc: Avoid double free Thanks coverity. CID399716 CID399717 |
|
From: Veronika H. <no...@gi...> - 2023-08-31 11:38:12
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: e7b9306329809939bef718f5c6996fe6345a925b https://github.com/OpenSC/OpenSC/commit/e7b9306329809939bef718f5c6996fe6345a925b Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-iasecc.c Log Message: ----------- iasecc: Fix memory leaks when creating key Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61547 Commit: 78be048f478c40f49a970342261229ffa2c78817 https://github.com/OpenSC/OpenSC/commit/78be048f478c40f49a970342261229ffa2c78817 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-authentic.c Log Message: ----------- authentic: Fix memory leaks when creating keys Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61563 Commit: fa8ad362852dbefad5b6796c32f2a33859b8a8e0 https://github.com/OpenSC/OpenSC/commit/fa8ad362852dbefad5b6796c32f2a33859b8a8e0 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/libopensc/card-idprime.c Log Message: ----------- idprime: Store container guid as string Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61750 Commit: 2a4921ab23fd0853f327517636c50de947548161 https://github.com/OpenSC/OpenSC/commit/2a4921ab23fd0853f327517636c50de947548161 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/libopensc/iasecc-sdo.c Log Message: ----------- iasecc: Check length of data when parsing crt Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61797 Compare: https://github.com/OpenSC/OpenSC/compare/c74ab646af27...2a4921ab23fd |
|
From: Kaarle R. <no...@gi...> - 2023-08-31 11:35:26
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 42d32d350dfdcb4008546479ba6859a1bdec92d9 https://github.com/OpenSC/OpenSC/commit/42d32d350dfdcb4008546479ba6859a1bdec92d9 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/tests/p11test/runtest.sh Log Message: ----------- p11test: fix init for myeid Commit: 36ce2724cab8a06216072571342f7f9ccdc68f75 https://github.com/OpenSC/OpenSC/commit/36ce2724cab8a06216072571342f7f9ccdc68f75 Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/tests/p11test/runtest.sh Log Message: ----------- p11test: use ECDH key on myeid Commit: c74ab646af2767417d03e1a5679c40f806a7649c https://github.com/OpenSC/OpenSC/commit/c74ab646af2767417d03e1a5679c40f806a7649c Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/tests/p11test/runtest.sh Log Message: ----------- p11test: add AES128 key for myeid Compare: https://github.com/OpenSC/OpenSC/compare/245efe608d08...c74ab646af27 |
|
From: Jakub J. <no...@gi...> - 2023-08-31 11:34:03
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 38f437f182475ec01c52ff1bce725c14dfcbdf92 https://github.com/OpenSC/OpenSC/commit/38f437f182475ec01c52ff1bce725c14dfcbdf92 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-setcos.c Log Message: ----------- setcos: Reformat for readability Commit: ef42ab7c2f0159b45963a04927c754f4453d94c2 https://github.com/OpenSC/OpenSC/commit/ef42ab7c2f0159b45963a04927c754f4453d94c2 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-setcos.c Log Message: ----------- setcos: Avoid use after free This issue can happen only in case the sc_select_file() would return positive value, which should never happen. Resetting the value to NULL should resolve even this theoretical use after free. Thanks coverity CID 398496 Commit: 010d3f4a5b3fdbf9c393b1a85d261fcb3ff5d207 https://github.com/OpenSC/OpenSC/commit/010d3f4a5b3fdbf9c393b1a85d261fcb3ff5d207 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/profile.c Log Message: ----------- profile: Reformat for readability Commit: ce7fcdaa35196706a83fe982900228e15464f928 https://github.com/OpenSC/OpenSC/commit/ce7fcdaa35196706a83fe982900228e15464f928 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-oberthur.c Log Message: ----------- oberthur: Avoid heap buffer overflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60650 Commit: 440ca666eff10cc7011901252d20f3fc4ea23651 https://github.com/OpenSC/OpenSC/commit/440ca666eff10cc7011901252d20f3fc4ea23651 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-setcos.c Log Message: ----------- setcos: Avoid buffer underflow Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60672 Commit: 245efe608d083fd4e4ec96793fdefd218e26fde7 https://github.com/OpenSC/OpenSC/commit/245efe608d083fd4e4ec96793fdefd218e26fde7 Author: Jakub Jelen <jj...@re...> Date: 2023-08-31 (Thu, 31 Aug 2023) Changed paths: M src/libopensc/pkcs15.c Log Message: ----------- pkcs15: Avoid buffer overflow when getting last update Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60769 Compare: https://github.com/OpenSC/OpenSC/compare/c60410c5c4aa...245efe608d08 |
|
From: Kaarle R. <no...@gi...> - 2023-08-30 12:03:51
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: c60410c5c4aaab96a0893ea34eedf4498dfdc08d https://github.com/OpenSC/OpenSC/commit/c60410c5c4aaab96a0893ea34eedf4498dfdc08d Author: Kaarle Ritvanen <kaa...@da...> Date: 2023-08-30 (Wed, 30 Aug 2023) Changed paths: M src/pkcs11/mechanism.c Log Message: ----------- sc_pkcs11_en/decrypt: do not add to null pointer which might then get dereferenced by the card driver |
|
From: Frank M. <no...@gi...> - 2023-08-17 13:21:42
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 33351d91aa22fa8077847ba3f19abb5a00b04600 https://github.com/OpenSC/OpenSC/commit/33351d91aa22fa8077847ba3f19abb5a00b04600 Author: Frank Morgner <fra...@gm...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M src/libopensc/sc-ossl-compat.h Log Message: ----------- fixed detection of SHA3 compatibility fixes https://github.com/OpenSC/OpenSC/issues/2836 |
|
From: Jakub J. <no...@gi...> - 2023-08-17 08:41:19
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: f895de895e4c743251516f611b117b2a4f4df237 https://github.com/OpenSC/OpenSC/commit/f895de895e4c743251516f611b117b2a4f4df237 Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M doc/tools/pkcs15-init.1.xml Log Message: ----------- doc: Remove wrong copy&paste configuration option Commit: 0864d1cab15451135c910df5d68c048173fac92c https://github.com/OpenSC/OpenSC/commit/0864d1cab15451135c910df5d68c048173fac92c Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M .github/test-packit.sh Log Message: ----------- ci: Fix building packit action and improve error reporting Commit: afd768b924e82340875106fb71330a5f47e20b63 https://github.com/OpenSC/OpenSC/commit/afd768b924e82340875106fb71330a5f47e20b63 Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M src/tests/unittests/Makefile.am M tests/Makefile.am Log Message: ----------- tests: Do not use valgrind-related environment when running without valgrind Commit: 4393910602376b2da9225b568562884a8e17d0aa https://github.com/OpenSC/OpenSC/commit/4393910602376b2da9225b568562884a8e17d0aa Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M packaging/opensc.spec Log Message: ----------- packaging: dump logs on failure during RPM build Commit: fe5b82f0c1b4649d53ebf420af7a6bf5169a1daa https://github.com/OpenSC/OpenSC/commit/fe5b82f0c1b4649d53ebf420af7a6bf5169a1daa Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M tests/test-pkcs11-tool-sign-verify.sh Log Message: ----------- tests: Use openssl pkeyutl instead of deprecated rsautl Commit: 8b197fc455dc7fb5ca4bdccaec89cb7e27845253 https://github.com/OpenSC/OpenSC/commit/8b197fc455dc7fb5ca4bdccaec89cb7e27845253 Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M tests/test-pkcs11-tool-sign-verify.sh Log Message: ----------- tests: Make the sign/verify test aware of the OS and expect the SHA1 operations to fail Commit: f8f0356bc7ed3c1ffad49e723d3b5814dca1a2ca https://github.com/OpenSC/OpenSC/commit/f8f0356bc7ed3c1ffad49e723d3b5814dca1a2ca Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M src/pkcs11/Makefile.am Log Message: ----------- pkcs11: Create relative symlinks when installing compat onepin Commit: abdfcdddcb93b7ec916774d7769b7892f666c342 https://github.com/OpenSC/OpenSC/commit/abdfcdddcb93b7ec916774d7769b7892f666c342 Author: Jakub Jelen <jj...@re...> Date: 2023-08-17 (Thu, 17 Aug 2023) Changed paths: M packaging/opensc.spec Log Message: ----------- Revert "remove onepin module from packaging" This reverts commit 55c40af86e791ace1a14ab56c38bbeb3d1ad7191. Compare: https://github.com/OpenSC/OpenSC/compare/ffbff25ec6c6...abdfcdddcb93 |
|
From: Veronika H. <no...@gi...> - 2023-08-15 08:24:02
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 02b37bf38d5cfbe68088de647553c36e00b5b02e https://github.com/OpenSC/OpenSC/commit/02b37bf38d5cfbe68088de647553c36e00b5b02e Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/libopensc/pkcs15.c Log Message: ----------- pkcs15.c: Fix memory leaks in sc_pkcs15_get_lastupdate Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60497 Commit: 638a5007a5d240d6fa901aa822cfeef94fe36e85 https://github.com/OpenSC/OpenSC/commit/638a5007a5d240d6fa901aa822cfeef94fe36e85 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- pkcs15-pubkey.c: Avoid double-free Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60616 Commit: 6287fe3dfc7b44982b341150a56cb769655b6fb8 https://github.com/OpenSC/OpenSC/commit/6287fe3dfc7b44982b341150a56cb769655b6fb8 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/libopensc/card-oberthur.c Log Message: ----------- card-oberthur.c: Free file before overwritting Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60667 Commit: aa4b47e33c43716877b8fa6e671125530d5b12ec https://github.com/OpenSC/OpenSC/commit/aa4b47e33c43716877b8fa6e671125530d5b12ec Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-setcos.c Log Message: ----------- pkcs15-setcos.c: Free file in case of error Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6067 Commit: 6085994384a7171c5c68f6718d9db10ed77c5af1 https://github.com/OpenSC/OpenSC/commit/6085994384a7171c5c68f6718d9db10ed77c5af1 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/libopensc/card-entersafe.c Log Message: ----------- card-entersafe.c: Free modulus buffer in case of error Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60680 Commit: 1443ff6cc76a9cf7f72d0b670f366a5ac07255f1 https://github.com/OpenSC/OpenSC/commit/1443ff6cc76a9cf7f72d0b670f366a5ac07255f1 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/libopensc/muscle.c Log Message: ----------- muscle.c: Free modulus in case of error Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60717 Commit: 04be2e6799cd33dcdad9d88df76493d5e80440b3 https://github.com/OpenSC/OpenSC/commit/04be2e6799cd33dcdad9d88df76493d5e80440b3 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/pkcs15init/pkcs15-oberthur.c Log Message: ----------- pkcs15-oberthur.c: Fix memory leaks when generating key Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60754 Commit: ffbff25ec6c6d0ad3f8df76f57210698f7947fc3 https://github.com/OpenSC/OpenSC/commit/ffbff25ec6c6d0ad3f8df76f57210698f7947fc3 Author: Veronika Hanulíková <vha...@re...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/tests/fuzzing/fuzz_pkcs11.c Log Message: ----------- fuzz_pkcs11.c: Use valid data for verify Thanks OSS-Fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=60971 Compare: https://github.com/OpenSC/OpenSC/compare/330ef0bcb351...ffbff25ec6c6 |
|
From: Frank M. <no...@gi...> - 2023-08-15 00:17:55
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: f7e5c05d1217c2c62835ad4416454e0ee7879cf0 https://github.com/OpenSC/OpenSC/commit/f7e5c05d1217c2c62835ad4416454e0ee7879cf0 Author: dlegault <dle...@bl...> Date: 2023-05-12 (Fri, 12 May 2023) Changed paths: M .github/workflows/linux.yml Log Message: ----------- CI: tie ix86 to ubuntu-20.04 to avoid dependency problem in github image Commit: b9b354ea3bd8408088be5f59c1d5cd01b91b2e2d https://github.com/OpenSC/OpenSC/commit/b9b354ea3bd8408088be5f59c1d5cd01b91b2e2d Author: dlegault <dle...@bl...> Date: 2023-05-12 (Fri, 12 May 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool: add cipher test mode Add support for non-AEAD ciphers to the tool test mode to assert that Encrypt/Decrypt APIs work correctly using established test vectors. Commit: f863110149c5b66aba70fd9efa2b3a3efc182b82 https://github.com/OpenSC/OpenSC/commit/f863110149c5b66aba70fd9efa2b3a3efc182b82 Author: dlegault <dle...@bl...> Date: 2023-05-12 (Fri, 12 May 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- rework for missing function and binary data declaration Commit: 009a2329945d5d317bc7455722a774442db92c1c https://github.com/OpenSC/OpenSC/commit/009a2329945d5d317bc7455722a774442db92c1c Author: dlegault <dle...@bl...> Date: 2023-05-12 (Fri, 12 May 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- change MIN macro declaration Commit: f0a5c62b85ae93a73c97c353f481e66f97c7395f https://github.com/OpenSC/OpenSC/commit/f0a5c62b85ae93a73c97c353f481e66f97c7395f Author: dlegault <dle...@bl...> Date: 2023-05-12 (Fri, 12 May 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- missed a min -> MIN Commit: 330ef0bcb351e8b8f596f43340bf454eab862c10 https://github.com/OpenSC/OpenSC/commit/330ef0bcb351e8b8f596f43340bf454eab862c10 Author: Frank Morgner <fra...@gm...> Date: 2023-08-15 (Tue, 15 Aug 2023) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- Merge pull request #2780 from dlegaultbbry/develop/pkcs11_tool_cipher_test pkcs11-tool: add cipher test mode Compare: https://github.com/OpenSC/OpenSC/compare/720de5ddaca0...330ef0bcb351 |
|
From: bkuhls <no...@gi...> - 2023-08-14 10:51:24
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 720de5ddaca089c093e20ce3ad5fbba982e0bf92 https://github.com/OpenSC/OpenSC/commit/720de5ddaca089c093e20ce3ad5fbba982e0bf92 Author: Bernd Kuhls <be...@ku...> Date: 2023-08-14 (Mon, 14 Aug 2023) Changed paths: M configure.ac M src/Makefile.am Log Message: ----------- configure: add option to disable tests |
|
From: Raul M. <no...@gi...> - 2023-08-14 10:09:59
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 47e7e4f31affc6852e082b2b1fc28877ab36459f https://github.com/OpenSC/OpenSC/commit/47e7e4f31affc6852e082b2b1fc28877ab36459f Author: Raul Metsma <ra...@me...> Date: 2023-08-14 (Mon, 14 Aug 2023) Changed paths: M MacOSX/build-package.in M configure.ac Log Message: ----------- According configure.ac minumum OpenSSL is 1.1.1 Signed-off-by: Raul Metsma <ra...@me...> |
|
From: Frank M. <no...@gi...> - 2023-08-14 10:01:40
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 5a95275ff06d55182c6203fa88a82d40dc74c032 https://github.com/OpenSC/OpenSC/commit/5a95275ff06d55182c6203fa88a82d40dc74c032 Author: Andreas Schwier <and...@ca...> Date: 2023-08-14 (Mon, 14 Aug 2023) Changed paths: M src/libopensc/card-sc-hsm.c Log Message: ----------- Indicate supported hashes and MGF1s (Fixes #2826) Commit: a5b4950c623d465ea46a06856cdcd55d0a8d0820 https://github.com/OpenSC/OpenSC/commit/a5b4950c623d465ea46a06856cdcd55d0a8d0820 Author: Andreas Schwier <and...@ca...> Date: 2023-08-14 (Mon, 14 Aug 2023) Changed paths: M src/libopensc/card-sc-hsm.c Log Message: ----------- Reject unsupported MGF/hash combinations Compare: https://github.com/OpenSC/OpenSC/compare/772a0acad980...a5b4950c623d |
