Menu
▾
▴
opensc-commits — commit notifications
You can subscribe to this list here.
| 2013 |
Jan
(18) |
Feb
(20) |
Mar
(15) |
Apr
(5) |
May
(7) |
Jun
(3) |
Jul
(4) |
Aug
(20) |
Sep
(10) |
Oct
(12) |
Nov
(12) |
Dec
(7) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2014 |
Jan
(12) |
Feb
(8) |
Mar
(3) |
Apr
(7) |
May
(12) |
Jun
(19) |
Jul
(1) |
Aug
(5) |
Sep
(9) |
Oct
(11) |
Nov
(13) |
Dec
(20) |
| 2015 |
Jan
(12) |
Feb
(25) |
Mar
(33) |
Apr
(37) |
May
(36) |
Jun
(2) |
Jul
(18) |
Aug
(31) |
Sep
(98) |
Oct
(50) |
Nov
(25) |
Dec
(34) |
| 2016 |
Jan
(95) |
Feb
(35) |
Mar
(78) |
Apr
(12) |
May
(11) |
Jun
(20) |
Jul
(28) |
Aug
(21) |
Sep
(30) |
Oct
(29) |
Nov
(15) |
Dec
(15) |
| 2017 |
Jan
(29) |
Feb
(17) |
Mar
(34) |
Apr
(28) |
May
(12) |
Jun
(25) |
Jul
(39) |
Aug
(14) |
Sep
(12) |
Oct
(38) |
Nov
(28) |
Dec
(6) |
| 2018 |
Jan
(15) |
Feb
(22) |
Mar
(27) |
Apr
(71) |
May
(78) |
Jun
(47) |
Jul
(24) |
Aug
(63) |
Sep
(43) |
Oct
(34) |
Nov
(27) |
Dec
(18) |
| 2019 |
Jan
(51) |
Feb
(17) |
Mar
(48) |
Apr
(46) |
May
(25) |
Jun
(9) |
Jul
(14) |
Aug
(46) |
Sep
(18) |
Oct
(25) |
Nov
(26) |
Dec
(25) |
| 2020 |
Jan
(28) |
Feb
(30) |
Mar
(20) |
Apr
(69) |
May
(40) |
Jun
(16) |
Jul
(13) |
Aug
(9) |
Sep
(17) |
Oct
(40) |
Nov
(55) |
Dec
(6) |
| 2021 |
Jan
(44) |
Feb
(13) |
Mar
(33) |
Apr
(31) |
May
(32) |
Jun
(10) |
Jul
(9) |
Aug
(27) |
Sep
(33) |
Oct
(7) |
Nov
(14) |
Dec
(17) |
| 2022 |
Jan
(25) |
Feb
(11) |
Mar
(42) |
Apr
(14) |
May
(18) |
Jun
(3) |
Jul
(10) |
Aug
(41) |
Sep
(12) |
Oct
(13) |
Nov
(18) |
Dec
(9) |
| 2023 |
Jan
(10) |
Feb
(18) |
Mar
(25) |
Apr
(27) |
May
(16) |
Jun
(26) |
Jul
(9) |
Aug
(29) |
Sep
(17) |
Oct
(24) |
Nov
(18) |
Dec
(16) |
| 2024 |
Jan
(23) |
Feb
(55) |
Mar
(40) |
Apr
(17) |
May
(15) |
Jun
(12) |
Jul
(12) |
Aug
(6) |
Sep
(15) |
Oct
(16) |
Nov
(29) |
Dec
(26) |
| 2025 |
Jan
(29) |
Feb
(37) |
Mar
(24) |
Apr
(35) |
May
(38) |
Jun
(20) |
Jul
(7) |
Aug
(10) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Doug E. <no...@gi...> - 2021-04-27 08:50:33
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 19611682bdc9d37804de144dabc2da96fe7ecb28 https://github.com/OpenSC/OpenSC/commit/19611682bdc9d37804de144dabc2da96fe7ecb28 Author: Doug Engert <dee...@gm...> Date: 2021-04-27 (Tue, 27 Apr 2021) Changed paths: M src/libopensc/pkcs15-sec.c Log Message: ----------- Fix for #2283 C_Sign fails ECDSA when card can do HASH on card Do not truncate ECDSA input to size of key if card or driver will do HASH. On branch Fix_for_2283_ECDSA Changes to be committed: modified: src/libopensc/pkcs15-sec.c |
|
From: Vincent J. <no...@gi...> - 2021-04-26 19:38:09
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: e93bd3983ca135f63dc8860febca3ee7f702853a https://github.com/OpenSC/OpenSC/commit/e93bd3983ca135f63dc8860febca3ee7f702853a Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/Gemalto: add support Add support for Gemalto's IAS ECC Dual ID One Cosmo using samples from: http://cartesapuce-discount.com/fr/cartes-a-puce-ias-ecc/146-cartes-a-puce-protiva-ias-ecc-tpc.html Some suppots were already available (ATR, init, etc.), but the select_file was missing the proper cases. Commit: a21bcf4b4124968849a1280ae71026089008df7e https://github.com/OpenSC/OpenSC/commit/a21bcf4b4124968849a1280ae71026089008df7e Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/dir.c Log Message: ----------- IASECC/Gemalto: register application Register application for Gemalto Dual ID ONE Cosmo. Compare: https://github.com/OpenSC/OpenSC/compare/3f199915563e...a21bcf4b4124 |
|
From: Frank M. <no...@gi...> - 2021-04-26 16:14:24
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 2063a1d334619eeb2163b17eecefe93bb56fb6ad https://github.com/OpenSC/OpenSC/commit/2063a1d334619eeb2163b17eecefe93bb56fb6ad Author: Frank Morgner <fra...@gm...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M doc/files/Makefile.am M doc/tools/Makefile.am M etc/Makefile.am M src/tools/Makefile.am Log Message: ----------- silince generation of files Commit: 75f24d2af7465eb34dce04c47b6413b86a5caffc https://github.com/OpenSC/OpenSC/commit/75f24d2af7465eb34dce04c47b6413b86a5caffc Author: Frank Morgner <fra...@gm...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/tools/egk-tool-cmdline.c Log Message: ----------- regenerated egk-tool cmdline Commit: 4ecb4b39ac7aa015cad9f514eb75ea98016b0689 https://github.com/OpenSC/OpenSC/commit/4ecb4b39ac7aa015cad9f514eb75ea98016b0689 Author: Frank Morgner <fra...@gm...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M doc/files/files.html M doc/tools/tools.html Log Message: ----------- updated documentation Commit: 3f199915563edd5896248dcffc60e6683bb1fca0 https://github.com/OpenSC/OpenSC/commit/3f199915563edd5896248dcffc60e6683bb1fca0 Author: Frank Morgner <fra...@gm...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M NEWS Log Message: ----------- updated NEWS Compare: https://github.com/OpenSC/OpenSC/compare/e3a3722ad138...3f199915563e |
|
From: Vincent J. <no...@gi...> - 2021-04-26 13:55:49
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: fcd2e665fedf38ee633ff67ea7a3e3d24c6d96f4 https://github.com/OpenSC/OpenSC/commit/fcd2e665fedf38ee633ff67ea7a3e3d24c6d96f4 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: fix APDU errors for SE get data On a CPX, this object needs to be read from 3F00. For instance: $ opensc-explorer -r 2 OpenSC [3F00]> cd 0002 OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Received (SW1=0x6A, SW2=0x88) Failure: Data object not found OpenSC [3F00/0002]> apdu 00 A4 09 04 02 3F 00 Sending: 00 A4 09 04 02 3F 00 Received (SW1=0x90, SW2=0x00) Success! OpenSC [3F00/0002]> apdu 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Sending: 00 CB 3F FF 0A 4D 08 70 06 BF FB 05 02 7B 80 Received (SW1=0x90, SW2=0x00) Success! Currently, this patch limits to the CPX cards since I cannot know the behaviour for the other cards. I could not find any reference from the standard. Fix: issue #2275 Commit: e3a3722ad138cd8a33ebdfd3bd2b98ef4ae14d09 https://github.com/OpenSC/OpenSC/commit/e3a3722ad138cd8a33ebdfd3bd2b98ef4ae14d09 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: Fix SDO path Some objects need to be read from a specific path. IASECC_SDO_PRVKEY_TAG: from 3F00:0001 IASECC_SDO_CHV_TAG: from 3F00 Compare: https://github.com/OpenSC/OpenSC/compare/405ecfc40275...e3a3722ad138 |
|
From: Vincent J. <no...@gi...> - 2021-04-26 13:52:42
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 396cbc46cf5c19b9e011558505f16640b9fce8a3 https://github.com/OpenSC/OpenSC/commit/396cbc46cf5c19b9e011558505f16640b9fce8a3 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: set default flags The CPX has the standard capabilities of the IASECC standard. Let's be carefull with memory leakage, see the previous commit 83162c5c8 Fix: issue #2270 Commit: 39b4472f38f784bc4546f541428d5310e2225e80 https://github.com/OpenSC/OpenSC/commit/39b4472f38f784bc4546f541428d5310e2225e80 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/iasecc.h M src/libopensc/pkcs15-iasecc.c M src/pkcs15init/pkcs15-iasecc.c A src/pkcs15init/pkcs15-iasecc.h Log Message: ----------- IASECC/CPX: export pkcs15init for missing features Some cards, such as the CPX are missing features that should have been initialized using: iasecc_pkcs15_encode_supported_algos() Let's export this function in order to build a fixup when the DF should be parsed. When OPENSSL is missing, an error should be rised since this workaround for the CPX cards cannot work. It means that any environments that use the CPX cards must be compiled with ENABLE_OPENSSL. Suggested-by: Doug Engert <dee...@gm...> Fix: issue #2270 Commit: 137286858f71bbd47633df9ab0fdb7ef2d251f54 https://github.com/OpenSC/OpenSC/commit/137286858f71bbd47633df9ab0fdb7ef2d251f54 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/pkcs15-syn.c Log Message: ----------- IASECC/CPX: enable calls thru pkcs15-iasecc.c Same than Gemalto's IASECC, the CPX cards need a workaround since the PrKey does not have its Algo_regs. We get: pkcs15-tool -k --verify-pin --pin 1234 Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00 Private RSA Key [CPS_PRIV_SIG] Object Flags : [0x01], private Usage : [0x200], nonRepudiation Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_cds:01; ModLength : 2048 Key ref : 129 (0x81) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001001 MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349 Private RSA Key [CPS_PRIV_AUT] Object Flags : [0x07], private, modifiable Usage : [0x06], decrypt, sign Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_decrypt:01; int_auth:01; ModLength : 2048 Key ref : 130 (0x82) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001002 MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543 We need to get Algo_regs to be set to something that is not 0. Fix: issue #2267 Commit: 544aa4cc6b349b097fa9d112d0d23fff5da2d0c2 https://github.com/OpenSC/OpenSC/commit/544aa4cc6b349b097fa9d112d0d23fff5da2d0c2 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/libopensc/pkcs15-iasecc.c Log Message: ----------- IASECC/CPX: Fix up prkeyinfo/algo_ref Extend the current support from 9abf8ee04cd6fff9d1f0835d638c779a7648ed44 in order to add a fixup for the CPx cards. Since the data is not properly encoded when the card is initialized let's re-build it for each run time from the DF. Suggested-by: Doug Engert <dee...@gm...> Fix: issue #2270 Commit: 405ecfc402759381fe2f30bf1caef40f7a7fd69a https://github.com/OpenSC/OpenSC/commit/405ecfc402759381fe2f30bf1caef40f7a7fd69a Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-26 (Mon, 26 Apr 2021) Changed paths: M src/pkcs15init/pkcs15-iasecc.c Log Message: ----------- IASECC: proper pkcs15init of Algo_refs For some Private RSA Keys, their Algo_refs remain empty: $ pkcs15-tool -k --verify-pin --pin 1234 Using reader with a card: ACS ACR33U-A1 3SAM ICC Reader 00 00 Private RSA Key [CPS_PRIV_SIG] Object Flags : [0x01], private Usage : [0x200], nonRepudiation Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 0 Access Rules : pso_cds:01; ModLength : 2048 Key ref : 129 (0x81) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001001 MD:guid : e7aab727-f2af-e673-37bb-7d43867a6349 Private RSA Key [CPS_PRIV_AUT] Object Flags : [0x07], private, modifiable Usage : [0x06], decrypt, sign Access Flags : [0x0D], sensitive, alwaysSensitive, neverExtract Algo_refs : 6, 3, 4 Access Rules : pso_decrypt:01; int_auth:01; ModLength : 2048 Key ref : 130 (0x82) Native : yes Path : e828bd080f8025000001ff0010:: Auth ID : 01 ID : e828bd080f8025000001ff001002 MD:guid : 2b6bf284-225c-80bc-8cbe-1c791db33543 Based on Usage : [0x200], nonRepudiation the SC_PKCS15_PRKEY_USAGE_NONREPUDIATION may be set but not the SC_PKCS15_PRKEY_USAGE_SIGN so line 801 is never tested. Having just SC_PKCS15_PRKEY_USAGE_NONREPUDIATION set and not doing anything does not make any sense for any card. Suggested-by: Doug Engert <dee...@gm...> Fix: issue #2270 Compare: https://github.com/OpenSC/OpenSC/compare/4912f05701ef...405ecfc40275 |
|
From: Frank M. <no...@gi...> - 2021-04-25 10:04:39
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 4912f05701efba9ee4370b5327e9ebd085044bad https://github.com/OpenSC/OpenSC/commit/4912f05701efba9ee4370b5327e9ebd085044bad Author: Frank Morgner <fra...@gm...> Date: 2021-04-25 (Sun, 25 Apr 2021) Changed paths: M MacOSX/build-package.in M appveyor.yml Log Message: ----------- use OpenPACE 1.1.1 |
|
From: Peter M. <no...@gi...> - 2021-04-20 12:27:10
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 344ac0abe6608acfc57f1e1c2fde26c033faa9c6 https://github.com/OpenSC/OpenSC/commit/344ac0abe6608acfc57f1e1c2fde26c033faa9c6 Author: Peter Marschall <pe...@ad...> Date: 2021-04-20 (Tue, 20 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- iasec: use proper printf format specifiers for size_t Do not hard-code the printf format specifier for size_t: use the macro instead. This fixes compliation on 32-bit architectures. |
|
From: Frank M. <no...@gi...> - 2021-04-16 12:16:30
|
Branch: refs/heads/new_algs Home: https://github.com/OpenSC/OpenSC Commit: 70c16f128e296ab4f10bfe25e40f39518a40f98d https://github.com/OpenSC/OpenSC/commit/70c16f128e296ab4f10bfe25e40f39518a40f98d Author: Frank Morgner <fra...@gm...> Date: 2021-04-16 (Fri, 16 Apr 2021) Changed paths: M .travis.yml Log Message: ----------- fixed git syntax |
|
From: Jakub J. <no...@gi...> - 2021-04-15 16:00:08
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: d6ec00c8707d565df156eaefe54377105a51c72c https://github.com/OpenSC/OpenSC/commit/d6ec00c8707d565df156eaefe54377105a51c72c Author: Jakub Jelen <jj...@re...> Date: 2021-04-15 (Thu, 15 Apr 2021) Changed paths: M src/libopensc/card-cardos.c M win32/customactions.cpp Log Message: ----------- cardos: Add ATR for CardOS 5.4 Hopefully fixes #2296 |
|
From: Frank M. <no...@gi...> - 2021-04-15 14:12:50
|
Branch: refs/heads/new_algs Home: https://github.com/OpenSC/OpenSC Commit: c48b2195e5daff1618b93674e35b6c87ee790f43 https://github.com/OpenSC/OpenSC/commit/c48b2195e5daff1618b93674e35b6c87ee790f43 Author: Frank Morgner <fra...@gm...> Date: 2021-04-15 (Thu, 15 Apr 2021) Changed paths: M .travis.yml Log Message: ----------- test macos |
|
From: Peter P. <no...@gi...> - 2021-04-14 14:16:08
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 7d274a0d720d43a7aa4e7d28120aa9a491399d48 https://github.com/OpenSC/OpenSC/commit/7d274a0d720d43a7aa4e7d28120aa9a491399d48 Author: Peter Popovec <pop...@gm...> Date: 2021-04-14 (Wed, 14 Apr 2021) Changed paths: M .travis.yml Log Message: ----------- travis-ci: Try to run the tests on Ubuntu 20 (Focal Fossa) Commit: dd48facd38a9618bbe6ec035453433f5a24c6316 https://github.com/OpenSC/OpenSC/commit/dd48facd38a9618bbe6ec035453433f5a24c6316 Author: Peter Popovec <pop...@gm...> Date: 2021-04-14 (Wed, 14 Apr 2021) Changed paths: M tests/test-pkcs11-tool-allowed-mechanisms.sh Log Message: ----------- travis CI: testsuite fix (tests/test-pkcs11-tool-allowed-mechanisms.sh) Ubuntu (focal) softhsm2 workaround - mechanism listing incorrect Compare: https://github.com/OpenSC/OpenSC/compare/ef17b3fb89c4...dd48facd38a9 |
|
From: Jakub J. <no...@gi...> - 2021-04-14 13:08:51
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 4b3c6dec07c2bd81b4989e378829e1124abff134 https://github.com/OpenSC/OpenSC/commit/4b3c6dec07c2bd81b4989e378829e1124abff134 Author: Jakub Jelen <jj...@re...> Date: 2021-04-13 (Tue, 13 Apr 2021) Changed paths: M .travis.yml Log Message: ----------- .travis: Fail if tests fail Commit: cae5c71f90cc5b364efe14040923fd5aa3b5dd90 https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 Author: Jakub Jelen <jj...@re...> Date: 2021-04-13 (Tue, 13 Apr 2021) Changed paths: M src/libopensc/pkcs15-oberthur.c Log Message: ----------- oberthur: Handle 1B OIDs Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32807 Commit: ef17b3fb89c433de049953cc967f8ac62292bb41 https://github.com/OpenSC/OpenSC/commit/ef17b3fb89c433de049953cc967f8ac62292bb41 Author: Jakub Jelen <jj...@re...> Date: 2021-04-13 (Tue, 13 Apr 2021) Changed paths: M tests/test-duplicate-symbols.sh Log Message: ----------- tests: Fix comparison for osx Compare: https://github.com/OpenSC/OpenSC/compare/991bb8a1414c...ef17b3fb89c4 |
|
From: commonism <no...@gi...> - 2021-04-11 20:33:03
|
Branch: refs/heads/master Home: https://github.com/OpenSC/libp11 Commit: bfcd96a58ad3535a68a3b599a11e9f9f2e568e59 https://github.com/OpenSC/libp11/commit/bfcd96a58ad3535a68a3b599a11e9f9f2e568e59 Author: Markus Koetter <ko...@lu...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/eng_back.c M src/eng_front.c M src/engine.h Log Message: ----------- add re-numeration of slots as engine ctrl command This was broken in 14cd0d328fff96b79fabcc30257e358399c8ad25. Previously, the engine would re-enumerate before loading keys/certs Not re-enumerating the slots results in un-awareness of changes in slots and tokens. This awareness is required to be able to change the token in a slot at runtime, else you use invalid sessions (PKCS#11 module:pkcs11_find_keys:Session handle invalid:p11_key.c:512) The patch adds the command RE_ENUMERATE as engine control, providing the ability to re-enumerate on demand/when required. Commit: 709f964f4e89502167aaa3e5782229331ee2b401 https://github.com/OpenSC/libp11/commit/709f964f4e89502167aaa3e5782229331ee2b401 Author: commonism <com...@us...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M README.md Log Message: ----------- Update README.md add RE_ENUMERATE Compare: https://github.com/OpenSC/libp11/compare/5125b7834e2b...709f964f4e89 |
|
From: Timo T. <no...@gi...> - 2021-04-11 20:31:21
|
Branch: refs/heads/master Home: https://github.com/OpenSC/libp11 Commit: 9f1bb3803980a149acab4e8a54894ed5ff343236 https://github.com/OpenSC/libp11/commit/9f1bb3803980a149acab4e8a54894ed5ff343236 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/p11_pkey.c Log Message: ----------- Simplify pkcs11_try_pkey_rsa_sign() to not hold lock over calls The long term lock keeping was originally added in commit e81e3355 "NULL sig support #178" to support querying the size of the signature with sig=NULL. However, this commit was immediately followed up by 7a1fca41 "EVP_PKEY_FLAG_AUTOARGLEN for EVP_PKEY_meth_new()" which refers to same issue too. The EVP_PKEY_FLAG_AUTOARGLEN makes OpenSSL core handle sig=NULL case before calling the algorithm specific sign function. Thus we never get the sig=NULL call in the current code. Thus the original hack is unneeded. This effectively reverts e81e3355 and adds an error handling if sig=NULL would happen. Commit: 586cd12d14f2cbda451c56094d6a4f5dc87ab03c https://github.com/OpenSC/libp11/commit/586cd12d14f2cbda451c56094d6a4f5dc87ab03c Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/libp11-int.h M src/p11_load.c M src/p11_pkey.c Log Message: ----------- Simplify pkcs11_try_pkey_rsa_decrypt() to not hold lock over calls This was originally added in commit 8356d568 "Add support for RSA-OAEP and RSA-PKCS encryption for PIV and HSM tokens" which just cloned the same pattern from pkcs11_try_pkey_rsa_sign(). Remove it as unneeded for the same reason: OpenSSL core handles the special case for us. Commit: f0c2ac1ef24753b0ef9624a6a5324f619c93537d https://github.com/OpenSC/libp11/commit/f0c2ac1ef24753b0ef9624a6a5324f619c93537d Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/libp11-int.h M src/p11_load.c M src/p11_pkey.c Log Message: ----------- Simplify pkcs11_try_pkey_ec_sign() to not hold lock over calls This was added in 592b71ae "Add EC signing through EVP api" and it just seems to have followed the pattern set by pkcs11_try_pkey_rsa_sign(). In fact here the code never worked correctly, because the *siglen is tested early with "if (*siglen < (size_t)ECDSA_size(eckey))" which breaks the size inquiry. Often *siglen would be uninitialized, or initialized to zero causing failure. This adds the proper code used by OpenSSL core to do the size inquiry, and removes the stateful handling of lock. Commit: 2cb52a2f5a763d4f5be2c1eeb3e48674819e5db4 https://github.com/OpenSC/libp11/commit/2cb52a2f5a763d4f5be2c1eeb3e48674819e5db4 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/p11_atfork.c Log Message: ----------- Remove legacy cruft from atfork code This removes the __sun cruft which is never used. The #pragma init(lib_init) makes a function named "lib_init" an initializer, but we don't have such function. This is likely copy-paste cruft from where this code was taken from. Remove also the usage of "inline" and related checks. They add no value in .c file as the defined functions are used. Normally "inline" is used in header inline function definitions to remove compiler warning of unused function (as the function might not be used in all the C files including the header). Commit: 5df3b1bdb8ac98fce5d04293a79ad78d863f228e https://github.com/OpenSC/libp11/commit/5df3b1bdb8ac98fce5d04293a79ad78d863f228e Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M configure.ac A m4/ax_pthread.m4 M src/p11_atfork.c Log Message: ----------- Use pthread_atfork instead of __register_atfork Modify build system to detect pthreads, and use pthread_atfork for fork handling if available. It is conforming to POSIX.1-2001 and available widely instead of the non-standard __register_atfork. This is especially useful on musl c-library which does not ship the non-standard variant. Using the atfork callbacks is prefered as the last resort alternative adds a syscall, getpid(), to many fast path places. Commit: 079b9cf3a0badfd350f847a914a17ed11cd59423 https://github.com/OpenSC/libp11/commit/079b9cf3a0badfd350f847a914a17ed11cd59423 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/p11_atfork.c Log Message: ----------- Refactor atfork logic to elide locking on fast path The atfork infrastructure is modified so that on Windows it optimizes practically to nothing. Otherwise the forkid is kept in a global variable, which is updated exactly once per check round (to minimize syscalls). A fast path to avoid locking is added. When the atfork check is done, it is guaranteed that the P11_forkid does not change (it can change only for the after-fork child process). Only if a fork is detected, the locks are taken. Each object's forkid is again checked in each of the check_*_int calls, so they get updated only once even if the child is multithreaded. This already improves performance measurably, but is even more important to avoid lock contention after session pooling support is added. Commit: d28387ae41b171def20b9e2bbaa20b29df67e727 https://github.com/OpenSC/libp11/commit/d28387ae41b171def20b9e2bbaa20b29df67e727 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/libp11-int.h M src/libp11.h M src/p11_atfork.c M src/p11_ckr.c M src/p11_front.c M src/p11_slot.c Log Message: ----------- Remove complexity from slot reinitialization after fork After fork the context handler will reset the PKCS#11 module by calling C_Initialize. After this all handles from the module should be considered invalidated. This combines the session opening and logging after fork to single function, and removes the relogin flag from functions where it's not needed. The new pkcs11_reload_slot() properly update the state so the normal functions operate as expected. This also fixes a memory leak after fork: if the slot was in logged-in state, a session was leaked from check_slot_fork_int because: 1. the "if loggedIn" clears state, and calls pkcs11_relogin() which also implicitly opens a session 2. the next "if haveSession" block fires also, and clears state, and calls pkcs11_reopen_session. This function will explicitly call C_OpenSession overwriting and leaking the session from step #1 Commit: 5ffebc4b52bc88237733c9f94fd32a9de64e4377 https://github.com/OpenSC/libp11/commit/5ffebc4b52bc88237733c9f94fd32a9de64e4377 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/libp11-int.h M src/libp11.h M src/p11_atfork.c M src/p11_cert.c M src/p11_ckr.c Log Message: ----------- Implement atfork handling for certificates This removes a search operation from pkcs11_remove_certificate() and simplifies it greatly. This makes also the handling of certificates similar to other objects, as only this was lacking the fork handling. Also fixed the memory leaks on error paths of pkcs11_remove_certificate() in case the certificate search failed. The equivalent code in pkcs11_reload_certificate() was refactored to always free allocated resources. Commit: 4bd92da60a670e3c25d9cb69fca3363f47a225c7 https://github.com/OpenSC/libp11/commit/4bd92da60a670e3c25d9cb69fca3363f47a225c7 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M README.md M make.rules.mak M src/libp11-int.h M src/libp11.h M src/p11_attr.c M src/p11_cert.c M src/p11_ckr.c M src/p11_ec.c M src/p11_key.c M src/p11_pkey.c A src/p11_pthread.h M src/p11_rsa.c M src/p11_slot.c Log Message: ----------- Refactor internal code to use session pooling This gets rid of locking in the crypto operation paths, and allows concurrent use of multiple threads by making sure that each session is not used by any two threads. Additionally this fixes cases where it was possible that the PKCS#11 was called from different threads with the one per-slot session. The default session pool size is selected as 16, but it is dynamically shrunk if the maximum supported session count is reached. Further knobs to tune the session pool size can be added later. The pool is implemented with mutex+condition mechanism, and thus a simple wrapper to implement pthreads API on Windows Vista and later is added. This bumps the Windows requirement to a bit higher, but considering Vista is already EOL, this should be acceptable. A FIFO style queue was chosen to support even load-balancing between sessions. This is helps pkcs#11 libraries which in turn are load-balancing sessions to different units in a cluster. Commit: dcfc9cf7ecbaf4eaacb3ccdd8a9b74a69be93f79 https://github.com/OpenSC/libp11/commit/dcfc9cf7ecbaf4eaacb3ccdd8a9b74a69be93f79 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/libp11-int.h M src/p11_atfork.c M src/p11_load.c Log Message: ----------- Replace the context rwlock with a mutex The only remaining user for this is the after-fork code, so rename the lock also as fork_lock. Commit: aaccad6e116acf0109a9a3f473704379070dad53 https://github.com/OpenSC/libp11/commit/aaccad6e116acf0109a9a3f473704379070dad53 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/eng_back.c M src/libp11-int.h M src/p11_misc.c Log Message: ----------- Convert and fix engine context locking Optimize also ctx_init_libp11 to elide locking if the one time intialization is completed already. Basic locking to key and certificate loading is added, because the underlying functions they use are not thread safe. Also remove the old compat functions which are no longer needed. add simple locking Commit: 5125b7834e2b14c47e915faa8231f07ac67bcf61 https://github.com/OpenSC/libp11/commit/5125b7834e2b14c47e915faa8231f07ac67bcf61 Author: Timo Teräs <tim...@ik...> Date: 2021-04-11 (Sun, 11 Apr 2021) Changed paths: M src/libp11-int.h M src/p11_attr.c M src/p11_cert.c M src/p11_ec.c M src/p11_key.c M src/p11_rsa.c Log Message: ----------- Refactor attribute getting to include session handle This avoids one thread to get two sessions from the pool, and speeds up operation as locking is not needed to get the attribute. Compare: https://github.com/OpenSC/libp11/compare/13f61606fabb...5125b7834e2b |
|
From: Frank M. <no...@gi...> - 2021-04-08 13:40:49
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 991bb8a1414c98916b3f67301e8217d505eef806 https://github.com/OpenSC/OpenSC/commit/991bb8a1414c98916b3f67301e8217d505eef806 Author: Frank Morgner <fra...@gm...> Date: 2021-04-08 (Thu, 08 Apr 2021) Changed paths: M win32/Make.rules.mak Log Message: ----------- add CPDK include flags |
|
From: Frank M. <no...@gi...> - 2021-04-08 09:26:04
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: a83069b89fe6eda34edf2f334ea902069678c1cc https://github.com/OpenSC/OpenSC/commit/a83069b89fe6eda34edf2f334ea902069678c1cc Author: Frank Morgner <fra...@gm...> Date: 2021-04-08 (Thu, 08 Apr 2021) Changed paths: M appveyor.yml Log Message: ----------- updated to Microsoft Cryptographic Provider Development Kit (CPDK) Version 8.0 |
|
From: carblue <no...@gi...> - 2021-04-07 08:26:25
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: edb7ed25e4593c8c7c06fc2141d019023bddabc8 https://github.com/OpenSC/OpenSC/commit/edb7ed25e4593c8c7c06fc2141d019023bddabc8 Author: Carsten Blüggel <ca...@us...> Date: 2021-04-07 (Wed, 07 Apr 2021) Changed paths: M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool: disable wrap/unwrap test until OpenSC#1796 is resolved |
|
From: Frank M. <no...@gi...> - 2021-04-06 11:43:46
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 545e47b29e4772ebf31a83866d33066cd8eb8b66 https://github.com/OpenSC/OpenSC/commit/545e47b29e4772ebf31a83866d33066cd8eb8b66 Author: Frank Morgner <fra...@gm...> Date: 2021-04-06 (Tue, 06 Apr 2021) Changed paths: M NEWS M appveyor.yml M configure.ac Log Message: ----------- preparation for 0.22.0 |
|
From: Michał T. <no...@gi...> - 2021-04-06 07:28:24
|
Branch: refs/heads/master Home: https://github.com/OpenSC/libp11 Commit: 13f61606fabba7acc0c85dcbb780eab1490fcce6 https://github.com/OpenSC/libp11/commit/13f61606fabba7acc0c85dcbb780eab1490fcce6 Author: Michał Trojnara <Mic...@st...> Date: 2021-04-06 (Tue, 06 Apr 2021) Changed paths: M appveyor.yml Log Message: ----------- Bump AppVeyor OpenSSL version to 1.1.1k |
|
From: Vincent J. <no...@gi...> - 2021-04-01 09:20:55
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 0df0f80b552d99e42082121035281b8c70fad2dd https://github.com/OpenSC/OpenSC/commit/0df0f80b552d99e42082121035281b8c70fad2dd Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-01 (Thu, 01 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC: log any APDU Incorrect parameters >From the logs, we can detect many 6A 86 (Incorrect P1 or P2 paremeters). A deeper analysis will be required, but the best option to check them is to start emitting any Warning for such events. Commit: 1a3666364dc434f4bbfd4154012c5d4e4dc23cb2 https://github.com/OpenSC/OpenSC/commit/1a3666364dc434f4bbfd4154012c5d4e4dc23cb2 Author: Vincent JARDIN <vj...@fr...> Date: 2021-04-01 (Thu, 01 Apr 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- IASECC/CPX: Avoid APDU Incorrect Parameters Without this patch, we would get from the logs: Outgoing APDU (18 bytes): 00 A4 04 00 0D E8 28 BD 08 0F 80 25 00 00 01 FF ......(....%.... 00 10 .. [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 6A 86 j. [opensc-pkcs11] apdu.c:382:sc_single_transmit: returning with: 0 (Success) [opensc-pkcs11] apdu.c:537:sc_transmit: returning with: 0 (Success) [opensc-pkcs11] card.c:523:sc_unlock: called [opensc-pkcs11] iso7816.c:128:iso7816_check_sw: Incorrect parameters P1-P2 [opensc-pkcs11] card-iasecc.c:1064:iasecc_select_file: Warning: SC_ERROR_INCORRECT_PARAMETERS for SC_PATH_TYPE_DF_NAME, try again with P2=0x0C [opensc-pkcs11] apdu.c:548:sc_transmit_apdu: called [opensc-pkcs11] card.c:473:sc_lock: called [opensc-pkcs11] card.c:513:sc_lock: returning with: 0 (Success) [opensc-pkcs11] apdu.c:515:sc_transmit: called [opensc-pkcs11] apdu.c:363:sc_single_transmit: called [opensc-pkcs11] apdu.c:367:sc_single_transmit: CLA:0, INS:A4, P1:4, P2:C, data(13) 0x7fff4b339b20 [opensc-pkcs11] reader-pcsc.c:323:pcsc_transmit: reader 'Ingenico TL TELIUM (25005334) 00 02' [opensc-pkcs11] reader-pcsc.c:324:pcsc_transmit: Outgoing APDU (18 bytes): 00 A4 04 0C 0D E8 28 BD 08 0F 80 25 00 00 01 FF ......(....%.... 00 10 .. [opensc-pkcs11] reader-pcsc.c:242:pcsc_internal_transmit: called [opensc-pkcs11] reader-pcsc.c:333:pcsc_transmit: Incoming APDU (2 bytes): 90 00 .. Let's align it with the behaviour of the other IASECC cards. Compare: https://github.com/OpenSC/OpenSC/compare/b9c0addf882e...1a3666364dc4 |
|
From: Philip P. <no...@gi...> - 2021-04-01 09:10:03
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: b9c0addf882e074d3072a98bf2358d78c7169b5c https://github.com/OpenSC/OpenSC/commit/b9c0addf882e074d3072a98bf2358d78c7169b5c Author: Philip Prindeville <ph...@re...> Date: 2021-04-01 (Thu, 01 Apr 2021) Changed paths: M configure.ac M src/common/simclist.c M src/pkcs11/pkcs11-spy.c M src/pkcs15init/pkcs15-lib.c Log Message: ----------- update configure.ac to be less noisy Signed-off-by: Philip Prindeville <ph...@re...> |
|
From: Frank M. <no...@gi...> - 2021-04-01 08:30:06
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: c3c5f2d518c6edb36fb519807fd85cbc043cb0d3 https://github.com/OpenSC/OpenSC/commit/c3c5f2d518c6edb36fb519807fd85cbc043cb0d3 Author: yehj <ja...@ke...> Date: 2021-04-01 (Thu, 01 Apr 2021) Changed paths: M src/libopensc/pkcs15-sc-hsm.c Log Message: ----------- Add criteria to check if card capability SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH is available The code segment checks the response to determine if the SC_CARD_CAP_PROTECTED_AUTHENTICATION_PATH is available. >From the APDU manual of the sc-hsm, there's one status word: SC_ERROR_REF_DATA_NOT_USABLE(0x6984) that should also be taken into account. |
|
From: Frank M. <no...@gi...> - 2021-03-24 22:27:34
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: ce0d4092052ad049380d0ed30cf5cc798ad69860 https://github.com/OpenSC/OpenSC/commit/ce0d4092052ad049380d0ed30cf5cc798ad69860 Author: Frank Morgner <fra...@gm...> Date: 2021-03-24 (Wed, 24 Mar 2021) Changed paths: M src/tools/opensc-explorer.c Log Message: ----------- Avoid accessing Uninitialized scalar variable regression of c581d1b26 coverity scan CID 367545 Commit: 83162c5c87e88a5f911ca5349320938a52dbc1df https://github.com/OpenSC/OpenSC/commit/83162c5c87e88a5f911ca5349320938a52dbc1df Author: Frank Morgner <fra...@gm...> Date: 2021-03-24 (Wed, 24 Mar 2021) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- fixed memory leak fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32324 sc_enum_apps() causes card->cache.current_ef to be allocated for IAS/ECC, but not freed if any other error occurs during initialization. since sc_enum_apps() is called anyway during PKCS#15 initialization. Having this at the card driver level (instead of the PKCS#15 level) is not needed. Compare: https://github.com/OpenSC/OpenSC/compare/7114fb71b54d...83162c5c87e8 |
|
From: Jakub J. <no...@gi...> - 2021-03-24 15:25:55
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 370eda4bd8011259fcfb249a33c0e381876caf9e https://github.com/OpenSC/OpenSC/commit/370eda4bd8011259fcfb249a33c0e381876caf9e Author: Jakub Jelen <jj...@re...> Date: 2021-03-24 (Wed, 24 Mar 2021) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15: Avoid strict aliasing issues Commit: 7d0abdc192d49db735197ab8e65ce969466e5bce https://github.com/OpenSC/OpenSC/commit/7d0abdc192d49db735197ab8e65ce969466e5bce Author: Jakub Jelen <jj...@re...> Date: 2021-03-24 (Wed, 24 Mar 2021) Changed paths: M src/tests/p11test/p11test_case_usage.c Log Message: ----------- p11test: Remove unnecessary spaces in JSON output Commit: 9cc942fd4721c59d60788579f6b33bc094095fce https://github.com/OpenSC/OpenSC/commit/9cc942fd4721c59d60788579f6b33bc094095fce Author: Jakub Jelen <jj...@re...> Date: 2021-03-24 (Wed, 24 Mar 2021) Changed paths: M src/pkcs11/framework-pkcs15.c Log Message: ----------- framework-pkcs15: Fix PKCS#11 semantics while encoding EC pubkey params Commit: 7114fb71b54ddfe06ce5dfdab013f4c38f129d14 https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 Author: Jakub Jelen <jj...@re...> Date: 2021-03-24 (Wed, 24 Mar 2021) Changed paths: M src/libopensc/pkcs15-coolkey.c Log Message: ----------- coolkey: Initialize potentially uninitialized memory Thanks oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28855 Compare: https://github.com/OpenSC/OpenSC/compare/5f9085fedb5f...7114fb71b54d |
|
From: Paul W. <no...@gi...> - 2021-03-23 13:20:24
|
Branch: refs/heads/master Home: https://github.com/OpenSC/pam_pkcs11 Commit: 385bab141d5c59585cba2e338d0566907eaee459 https://github.com/OpenSC/pam_pkcs11/commit/385bab141d5c59585cba2e338d0566907eaee459 Author: AngusMcGyver <568...@us...> Date: 2020-08-07 (Fri, 07 Aug 2020) Changed paths: M src/common/pkcs11_lib.c Log Message: ----------- change for issue 46 see https://github.com/OpenSC/pam_pkcs11/issues/46 Commit: 240e2eb675534d8030df3bc2b02607bdb19af1ff https://github.com/OpenSC/pam_pkcs11/commit/240e2eb675534d8030df3bc2b02607bdb19af1ff Author: Paul Wolneykien <wol...@gm...> Date: 2021-03-23 (Tue, 23 Mar 2021) Changed paths: M src/common/pkcs11_lib.c Log Message: ----------- Merge pull request #47 from AngusMcGyver/master Seems rational. Compare: https://github.com/OpenSC/pam_pkcs11/compare/25f843d923e6...240e2eb67553 |
