Merge branch 'master' into 0.15.0

.travis.yml

@@ -9,13 +9,22 @@ env:
 matrix:
  include:
  - compiler: clang
+ os: osx
  - compiler: gcc
+ os: osx
+ - compiler: clang
+ os: linux
+ env: ENABLE_DOC=--enable-doc
+ - compiler: gcc
+ os: linux
+ env: ENABLE_DOC=--enable-doc
  - compiler: gcc
+ os: linux
  env: HOST=i686-w64-mingw32
 
 before_install:
  - if [ $TRAVIS_OS_NAME == linux ]; then
- sudo apt-get update;
+ sudo apt-get update || true;
  fi
 
 install:
@@ -30,11 +39,11 @@ install:
 before_script:
  - ./bootstrap
  - if [ -z "$HOST" ]; then
- ./configure --enable-pedantic --disable-strict --enable-doc --enable-dnie-ui;
+ ./configure $ENABLE_DOC --enable-dnie-ui;
  else
  unset CC;
  unset CXX;
- ./configure --enable-pedantic --disable-strict --host=$HOST --disable-openssl;
+ ./configure --host=$HOST --disable-openssl;
  fi
 
 addons:
@@ -48,9 +57,13 @@ addons:
 
 script:
  - if [ "${COVERITY_SCAN_BRANCH}" != 1 ]; then
- make;
+ if [ $TRAVIS_OS_NAME == osx ]; then
+ ./MacOSX/build;
+ else
+ make;
+ fi;
  fi
- - if [ -z "$HOST" -a "${COVERITY_SCAN_BRANCH}" != 1 ]; then
+ - if [ -z "$HOST" -a "${COVERITY_SCAN_BRANCH}" != 1 -a "$TRAVIS_OS_NAME" != "osx" ]; then
  make check;
  make dist;
  fi

MacOSX/build-package.in

@@ -70,7 +70,7 @@ fi
 test -L OpenSC.tokend/build/opensc-src || ln -sf ${BUILDPATH}/src OpenSC.tokend/build/opensc-src
 
 # Build and copy OpenSC.tokend
-xcodebuild -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj
+xcodebuild -target OpenSC -configuration Deployment -project OpenSC.tokend/Tokend.xcodeproj
 
 # Prepare target root
 # Copy Tokend

doc/tools/pkcs15-tool.1.xml

@@ -185,7 +185,21 @@
  </term>
  <listitem><para>Reads the public key with id <replaceable>id</replaceable>,
  writing the output in format suitable for
- <filename>$HOME/.ssh/authorized_keys</filename>.</para></listitem>
+ <filename>$HOME/.ssh/authorized_keys</filename>.</para> 
+
+ <para>The key label, if any will be shown in the 'Comment' field.</para>
+
+
+ <varlistentry>
+ <term>
+ <option>--rfc4716</option>
+ </term>
+ <listitem><para>When used in conjunction with option <option>--read-ssh-key</option> the
+ output format of the public key follows rfc4716.</para></listitem>
+ </varlistentry>
+ <para></para>
+ <para> The default output format is a single line (openssh).</para>
+ </listitem>
  </varlistentry>
 
  <varlistentry>

src/libopensc/card-iasecc.c

@@ -1801,12 +1801,14 @@ iasecc_chv_verify_pinpad(struct sc_card *card, struct sc_pin_cmd_data *pin_cmd,
  LOG_FUNC_RETURN(ctx, SC_ERROR_READER);
  }
 
- if (pin_cmd->pin1.min_length != pin_cmd->pin1.max_length) {
- sc_log(ctx, "Different values for PIN min and max lengths is not actually compatible with PinPAD.");
- LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,
- "Different values for PIN min and max lengths is not actually compatible with PinPAD.");
+ sc_log(ctx, "reader %s", card->reader->name);
+ if (strstr(card->reader->name, "Gemalto GemPC Pinpad") == card->reader->name) {
+ sc_log(ctx, "reader %s", card->reader->name);
+ if (pin_cmd->pin1.min_length != pin_cmd->pin1.max_length) {
+ sc_log(ctx, "Bogus Gemalto GemPC Pinpad do not accept different values for min and max PIN lengths.");
+ LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
+ }
  }
-
  pin_cmd->pin1.len = pin_cmd->pin1.min_length;
 
  memset(buffer, 0xFF, sizeof(buffer));
@@ -2037,8 +2039,10 @@ iasecc_chv_change_pinpad(struct sc_card *card, unsigned reference, int *tries_le
  rv = iasecc_pin_get_policy(card, &pin_cmd);
  LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
 
- if (pin_cmd.pin1.min_length != pin_cmd.pin1.max_length)
- LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Different values for PIN min and max lengths is not allowed with PinPAD.");
+ if (strstr(card->reader->name, "Gemalto GemPC Pinpad") == card->reader->name)
+ if (pin_cmd.pin1.min_length != pin_cmd.pin1.max_length)
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,
+ "Bogus Gemalto GemPC Pinpad do not accept different values for min and max PIN lengths.");
 
  if (pin_cmd.pin1.min_length < 4)
  pin_cmd.pin1.min_length = 4;
@@ -2083,8 +2087,10 @@ iasecc_chv_set_pinpad(struct sc_card *card, unsigned char reference)
  rv = iasecc_pin_get_policy(card, &pin_cmd);
  LOG_TEST_RET(ctx, rv, "Get 'PIN policy' error");
 
- if (pin_cmd.pin1.min_length != pin_cmd.pin1.max_length)
- LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "Different values for PIN min and max lengths is not allowed with PinPAD.");
+ if (strstr(card->reader->name, "Gemalto GemPC Pinpad") == card->reader->name)
+ if (pin_cmd.pin1.min_length != pin_cmd.pin1.max_length)
+ LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED,
+ "Bogus Gemalto GemPC Pinpad do not accept different values for min and max PIN lengths.");
 
  if (pin_cmd.pin1.min_length < 4)
  pin_cmd.pin1.min_length = 4;
@@ -3385,7 +3391,7 @@ iasecc_read_public_key(struct sc_card *card, unsigned type,
 
  iasecc_sdo_free_fields(card, &sdo);
 
- SC_FUNC_RETURN(ctx, SC_SUCCESS, rv);
+ LOG_FUNC_RETURN(ctx, SC_SUCCESS);
 }
 
 

src/libopensc/card-myeid.c

@@ -344,17 +344,20 @@ static int myeid_process_fci(struct sc_card *card, struct sc_file *file,
 }
 
 static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
- u8 *out, size_t *outlen)
+ u8 *buf, size_t *outlen)
 {
  const sc_acl_entry_t *read, *update, *delete, *generate;
- u8 buf[42];
  size_t i;
 
  LOG_FUNC_CALLED(card->ctx);
+
+ if (!buf || !outlen || *outlen < 45)
+ LOG_FUNC_RETURN(card->ctx, SC_ERROR_INTERNAL);
+
  /* PrivateKey
  * 0E0000019 6217 81020400 820111 83024B01 8603000000 85028000 8A0100 RESULT 6984
  * 6217 81020400 820111 83024B01 8603000000 85021000 8A0100 */
- memset(buf, 0x0, sizeof(buf));
+ memset(buf, 0x0, *outlen);
 
  buf[0] = 0x62;
  buf[1] = 0x17;
@@ -453,9 +456,9 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
  buf[26] = (u8)file->namelen;
 
  for(i=0;i < file->namelen;i++)
- buf[i + 26] = file->name[i];
+ buf[i + 27] = file->name[i];
 
- buf[1] = 0x19 + file->namelen + 2;
+ buf[1] = 27 + file->namelen;
  }
  break;
  default:
@@ -464,16 +467,15 @@ static int encode_file_structure(sc_card_t *card, const sc_file_t *file,
  }
 
  *outlen = buf[1]+2;
- memcpy(out, buf, *outlen);
 
- LOG_FUNC_RETURN(card->ctx, 0);
+ LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
 }
 
 static int myeid_create_file(struct sc_card *card, struct sc_file *file)
 {
  sc_apdu_t apdu;
- u8 sbuf[32];
- size_t buflen;
+ u8 sbuf[45];
+ size_t buflen = sizeof sbuf;
  int r;
 
  LOG_FUNC_CALLED(card->ctx);
@@ -808,7 +810,7 @@ static int
 myeid_convert_ec_signature(struct sc_context *ctx, size_t s_len, unsigned char *data, size_t datalen)
 {
  unsigned char *buf;
- size_t i, buflen;
+ size_t buflen;
  int r;
 
  assert(data && datalen);

src/libopensc/card-openpgp.c

@@ -305,7 +305,7 @@ pgp_init(sc_card_t *card)
  sc_file_t *file = NULL;
  struct do_info *info;
  int r;
- struct blob  *child = NULL;
+ struct blob *child = NULL;
 
  priv = calloc (1, sizeof *priv);
  if (!priv)
@@ -330,8 +330,14 @@ pgp_init(sc_card_t *card)
  return r;
  }
 
+ /* defensive programming check */
+ if (!file) {
+ pgp_finish(card);
+ return SC_ERROR_OBJECT_NOT_FOUND;
+ }
+
  /* read information from AID */
- if (file && file->namelen == 16) {
+ if (file->namelen == 16) {
  /* OpenPGP card spec 1.1 & 2.0, section 4.2.1 & 4.1.2.1 */
  priv->bcd_version = bebytes2ushort(file->name + 6);
  /* kludge: get card's serial number from manufacturer ID + serial number */
@@ -2166,7 +2172,9 @@ static int pgp_store_key(sc_card_t *card, sc_cardctl_openpgp_keystore_info_t *ke
 /* ABI: card ctl: perform special card-specific operations */
 static int pgp_card_ctl(sc_card_t *card, unsigned long cmd, void *ptr)
 {
+#ifdef ENABLE_OPENSSL
  int r;
+#endif /* ENABLE_OPENSSL */
 
  LOG_FUNC_CALLED(card->ctx);
 

src/libopensc/ctbcs.c

@@ -58,7 +58,7 @@ ctbcs_build_perform_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *d
  prompt = data->pin1.prompt;
  if (prompt && *prompt) {
  len = strlen(prompt);
- if (count + len + 2 > buflen || len > 254)
+ if (len + 2 > buflen)
  return SC_ERROR_BUFFER_TOO_SMALL;
  buf[count++] = CTBCS_TAG_PROMPT;
  buf[count++] = len;
@@ -126,7 +126,7 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
  prompt = data->pin1.prompt;
  if (prompt && *prompt) {
  len = strlen(prompt);
- if (count + len + 2 > buflen || len > 254)
+ if (len + 2 > buflen)
  return SC_ERROR_BUFFER_TOO_SMALL;
  buf[count++] = CTBCS_TAG_PROMPT;
  buf[count++] = len;

src/libopensc/iso7816.c

@@ -430,6 +430,10 @@ iso7816_process_fci(struct sc_card *card, struct sc_file *file,
  if (tag != NULL && taglen)
  sc_file_set_sec_attr(file, tag, taglen);
 
+ tag = sc_asn1_find_tag(ctx, p, len, 0x88, &taglen);
+ if (tag != NULL && taglen == 1)
+ file->sid = *tag;
+
  tag = sc_asn1_find_tag(ctx, p, len, 0x8A, &taglen);
  if (tag != NULL && taglen==1) {
  if (tag[0] == 0x01)
@@ -1012,8 +1016,7 @@ iso7816_build_pin_apdu(struct sc_card *card, struct sc_apdu *apdu,
  * but expect the new one to be entered on the keypad.
  */
  if (data->pin1.len && data->pin2.len == 0) {
- sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL,
- "Special case - initial pin provided - but new pin asked on keypad");
+ sc_log(card->ctx, "Special case - initial pin provided - but new pin asked on keypad");
  data->flags |= SC_PIN_CMD_IMPLICIT_CHANGE;
  };
  len += r;

src/libopensc/libopensc.exports

@@ -317,6 +317,7 @@ sc_pkcs15_convert_pubkey
 sc_sm_parse_answer
 sc_sm_update_apdu_response
 sc_sm_single_transmit
+sc_sm_stop
 iasecc_sm_create_file
 iasecc_sm_delete_file
 iasecc_sm_external_authentication

src/libopensc/log.c

@@ -73,9 +73,7 @@ static void sc_do_log_va(sc_context_t *ctx, int level, const char *file, int lin
  FILE *outf = NULL;
  int n;
 
- assert(ctx != NULL);
-
- if (ctx->debug < level)
+ if (!ctx || ctx->debug < level)
  return;
 
  p = buf;
@@ -167,9 +165,7 @@ void sc_hex_dump(struct sc_context *ctx, int level, const u8 * in, size_t count,
  char *p = buf;
  int lines = 0;
 
- assert(ctx != NULL);
-
- if (ctx->debug < level)
+ if (!ctx || ctx->debug < level)
  return;
 
  assert(buf != NULL && (in != NULL || count == 0));

src/libopensc/muscle-filesystem.c

@@ -42,6 +42,8 @@ static const u8* ignoredFiles[] = {
 
 mscfs_t *mscfs_new(void) {
  mscfs_t *fs = malloc(sizeof(mscfs_t));
+ if (!fs)
+ return NULL;
  memset(fs, 0, sizeof(mscfs_t));
  memcpy(fs->currentPath, "\x3F\x00", 2);
  return fs;