Skip to content

[pkcs11-tool] CKO display serial number #2630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AlexandreGonzalo wants to merge 546 commits into from
Closed

[pkcs11-tool] CKO display serial number #2630

AlexandreGonzalo wants to merge 546 commits into from

Conversation

@AlexandreGonzalo
Copy link

@AlexandreGonzalo AlexandreGonzalo commented Oct 28, 2022

I am using the pkcs11-tool to list the certificates stored in my PKCS#11 token.
I have this patch which displays the certificate serial number and maybe that's something which could be merged to master.

Certificate Object; type = X.509 cert
subject: DN: C=FR, ST=PACA, L=Valbonne, O=Trustonic, CN=*.trustonic.com
serial: 54E67E7F3DB8F07D11D473717C71E057FD7D22C9
ID: 01

Checklist
  • Documentation is added or updated
  • New files have a LGPL 2.1 license statement
  • PKCS#11 module is tested
  • Windows minidriver is tested
  • macOS tokend is tested

@frankmorgner
Copy link
Member

frankmorgner commented Oct 30, 2022

can we do this without being dependant on OpenSSL?

@Jakuje
Copy link
Member

Jakuje commented Oct 30, 2022

can you rebase the changes on current master to remove the needless commits (adding support for SHA3, merge commits)?

xhanulik and others added 28 commits November 14, 2022 08:44
@xhanulik
Free file if it is not already in profile
21cb983 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45395
@xhanulik
Do not dereference NULL
d3cf7e2 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45394
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45411
@xhanulik
Free profile name and options in case of failure
40a5b4a 
Thank oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45396
@xhanulik
Free allocated memory for EC point Q
64ad2a1 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45400
@xhanulik
Set pointer before while and avoid cycle
4cd7fa8 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45404
@xhanulik
Set zero byte as string ending
81a29e4 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45459
@xhanulik
Free profile extension in EF list
612d7a0 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=45516
@xhanulik
Check file value length
d6405f5 
Thank oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46002
@xhanulik
Check length of path
a4b4aac 
Thanks oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46006
@Jakuje
ci: Add missing dependency for the new test-pkcs11-tool-unwrap-wrap-test
570f155
@Jakuje
ci: Remove bogus trailing -a
eef8d3c
@Jakuje
ci: Clone only one branch of OpenSSL to limit traffic
db65dba
@Jakuje
fuzz: Check return values
dc49c99 
Fixes CID 377385, Thanks coverity
@Jakuje
p11test: Fix typo in reading secret keys
91b8ab7 
Fixes CID 374845, Thanks coverity
@xhanulik
fuzzing: Remove static
9c5432b
@Jakuje
Unbreak yubico-piv-tool build
04900ba
@xhanulik
Add basic configuration for Packit
142690d
@xhanulik
Remove unused variable
55b6766
@xhanulik
Allow build of fuzz_pkcs15init only if static is enabled
cce3918 
fuzz_pkcs15init uses API that is not exported by libopensc.
@xhanulik
Remove failing tests in make check
50a5872 
Local build on RHEL8 and Fedora36 fails with errors
on these two tests.
@xhanulik
Remove unneeded parts of specfile
ce8c7fe
@frankmorgner
Windows changed readers (alternative) (OpenSC#2525)
9043168 
Issue OpenSC#2517 reports that minidriver may be presented with new handles
to PCSC, even if card is moved from one reader to another.

The previous code assumed a change in handles would always point at same reader.
and if reader was changed, caller would do two operations: card is removed from one
reader i.e. call CardDeleteContext and some time later when card is inserted,
call CardAcquireContext. Thus previous code would not to call reinit_card_for.

But this is not the case. So when handles change, the new handles are used to probe
the new reader to obtain reader name to compare to old reader name.
If they are the same returns to not call reinit_card.
If they are different returns to call reinit_card.

The assumption is if card is removed, it could be modified on another system
then inserted on original system which changed data.
@Jakuje
Use https to avoid redirect warnings
ff83323
@Jakuje
buildsys: Do not try to build shared libraries with --disable-shared
3fb30e5
@Jakuje
Reproducer for --disable-shared build configuration
512829d
@xhanulik
Add missing header
fd4ebe4
@xhanulik
Add functions for tool fuzzers
2f5ae01
@xhanulik
Allow print usage and not die
c4d6323
Eitot and others added 25 commits November 14, 2022 08:45
@Eitot
macOS: Update workflow to include MacOSX/ directory
0030e2a
@Eitot
macOS: Correct LaunchAgent paths in opensc-uninstall script
7245372 
This fixes an omission in e05574d. The names of these files have changed, so they are not deregistered from LaunchServices and uninstalled when running the opensc-uninstall script.
@Eitot
macOS: Fix LaunchAgent removal in opensc-uninstall script
30da752 
`launchctl remove` is executed by the root user. This will not affect loaded LaunchAgents of the logged-in user.
@xhanulik
Do not build npa-tool when OpenPACE is missing
97215e6
@xhanulik
Do not build sceac-example if OpenPACE is missing
a5d5aee
@xhanulik
Do not build opensc-notify when dependencies are missing
5864410
@xhanulik
Skip checking of GIO2 on Windows
1a762a1
@xhanulik
Add srpm build
1e65cd0
@xhanulik
Add RPM build
ff02d93
@xhanulik
Trigger GH actions on packit.yaml
0b7c9ae
@Jakuje
rpm: Remove the opensc-notify
f3c34e6
@xhanulik
Run CI with Ubuntu 20.04
f1a0dff
@xhanulik
Run all test on ubuntu-latest
2679aea
@xhanulik
Run OpenSSL 3.0 tests on Ubuntu 22.04
5c7e860
@xhanulik
Remove OpenSSL 3.0 setup scripts
5de1dad
@xhanulik
Remove containers with OpenSSL3
b7212f5
@xhanulik
Run build job on Ubuntu 20.04
fa3d8c2
Make certificationAuthorityReference optional (Fixes OpenSC#2634)
a464787
@sashashura
build: harden codespell.yml permissions
13c6d4d 
Signed-off-by: Alex <[email protected]>
@sashashura
build: harden coverity.yml permissions
c371f12 
Signed-off-by: Alex <[email protected]>
@sashashura
build: harden macos.yml permissions
06f3cd3 
Signed-off-by: Alex <[email protected]>
@sashashura
build: harden linux.yml permissions
15ae91a 
Signed-off-by: Alex <[email protected]>
@dengert
customactions.cpp - fix atrs before adding to registry
282ac2b 
Include a fix for OpenSC#2625

OpenSC definitions of ATRs have been lax in "sc_atr_table" entries by allowing
1 bits in the ATR that need to be 0 bits when used with Windows compare
Do the equivalent reduction of the table ATR done in card.c by "tbin[s] = (tbin[s] & mbin[s]);"
before adding to registry.

This will then allow lax definitions of ATRs to be copied to customactions.cpp
and fixed before adding to registry.

 Changes to be committed:
	modified:   win32/customactions.cpp
@Jakuje
OpenSC 0.23.0-rc2
3c2eebe
Merge branch 'trustonic_pkcs11_cko_serial' of https://github.com/Alex…
6431d95 
…andreGonzalo/OpenSC into trustonic_pkcs11_cko_serial
@AlexandreGonzalo AlexandreGonzalo deleted the trustonic_pkcs11_cko_serial branch November 14, 2022 08:10
@AlexandreGonzalo
Copy link
Author

AlexandreGonzalo commented Nov 14, 2022

I am using the pkcs11-tool to list the certificates stored in my PKCS#11 token. I have this patch which displays the certificate serial number and maybe that's something which could be merged to master.

Certificate Object; type = X.509 cert subject: DN: C=FR, ST=PACA, L=Valbonne, O=Trustonic, CN=*.trustonic.com serial: 54E67E7F3DB8F07D11D473717C71E057FD7D22C9 ID: 01

can you rebase the changes on current master to remove the needless commits (adding support for SHA3, merge commits)?

I created this new PR
#2641

@AlexandreGonzalo
Copy link
Author

AlexandreGonzalo commented Nov 14, 2022

can we do this without being dependant on OpenSSL?

I did the same as getSUBJECT() above and it is an easy win.
I don't think that it is worth to try to avoid OpenSSL.

@Jakuje Jakuje mentioned this pull request Nov 14, 2022
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.