Extend the p11test to support kryoptic #3141
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Jakuje
force-pushed
the
p11test-kryoptic
branch
5 times, most recently
from
640e101 to
a875fdd
Compare
frankmorgner
requested changes
May 15, 2024
In the past the queries for the interface were passed through directly to the underlying pkcs11 module. But this could cause an issue if the caller requested specific version reported by the GetInterfaceList. This changes improves faking of the version numbers and maps the minor versions to the correct major versions of the API.
The invalid or unknown RSA OAEP decryption parameters caused the session kept holding the operation as started and all following operations failed as other operation was in progress.
frankmorgner
approved these changes
May 17, 2024
Member
Author
|
Merging. Thank you for the reviews! |
dangowrt
added a commit
to dangowrt/packages
that referenced
this pull request
Apr 26, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248)
Signed-off-by: Daniel Golle <[email protected]>
dangowrt
added a commit
to dangowrt/packages
that referenced
this pull request
Apr 26, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248)
Signed-off-by: Daniel Golle <[email protected]>
dangowrt
added a commit
to dangowrt/packages
that referenced
this pull request
Apr 26, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC#openwrt#3248)
Signed-off-by: Daniel Golle <[email protected]>
dangowrt
added a commit
to openwrt/packages
that referenced
this pull request
Apr 27, 2025
New in 0.26.1; 2025-01-14
General improvements
Align allocations of sc_mem_secure_alloc (OpenSC/OpenSC#3281)
Fix -O3 gcc optimization failure on amd64 and ppc64el (OpenSC/OpenSC#3299)
pkcs11-spy
Avoid crash while spying C_GetInterface() (OpenSC/OpenSC#3275)
TCOS
Fix reading certificate (OpenSC/OpenSC#3296)
New in 0.26.0; 2024-11-13
Security
CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (OpenSC/OpenSC#3225)
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (OpenSC/OpenSC#3225)
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (OpenSC/OpenSC#3219)
General improvements
Fix reselection of DF after error in PKCSOpenSC/OpenSC#15 layer (OpenSC/OpenSC#3067)
Unify OpenSSL logging throughout code (OpenSC/OpenSC#2922)
Extend the p11test to support kryoptic (OpenSC/OpenSC#3141)
Fix for error in PCSC reconnection (OpenSC/OpenSC#3150)
Fixed various issues reported by OSS-Fuzz and Coverity in drivers, PKCS#11 and PKCS#15 layer
PKCS#15
Documentation for PKCS#15 profile files (OpenSC/OpenSC#3132)
minidriver
Support PinCacheAlwaysPrompt usable for PIV cards (OpenSC/OpenSC#3167)
pkcs11-tool
Show URI when listing token information (OpenSC/OpenSC#3125) and objects (OpenSC/OpenSC#3130)
Do not limit size of objects to 5000 bytes (OpenSC/OpenSC#3174)
Add support for AES CMAC (OpenSC/OpenSC#3184)
Add support for AES GCM encryption (OpenSC/OpenSC#3195)
Add support for RSA OAEP encryption (OpenSC/OpenSC#3175)
Add support for HKDF (OpenSC/OpenSC#3193)
Implement better support for wrapping and unwrapping (OpenSC/OpenSC#3198)
Add support for EdDSA sign and verify (OpenSC/OpenSC#2979)
pkcs15-crypt
Fix PKCS#1 encoding function to correctly detect padding type (OpenSC/OpenSC#3075)
piv-tool
Fix RSA key generation (OpenSC/OpenSC#3158)
Avoid possible state change when matching unknown card (OpenSC/OpenSC#3112)
sc-hsm-tool
Cleanse buffer with plaintext key share (OpenSC/OpenSC#3226)
pkcs11-register
Fix pkcs11-register defaults on macOS and Windows (OpenSC/OpenSC#3053)
IDPrime
Fix identification of IDPrime 840 cards (OpenSC/OpenSC#3146)
Fix container mapping for IDPrime 940 cards (OpenSC/OpenSC#3220)
Reorder ATRs for matching cards (OpenSC/OpenSC#3154)
OpenPGP
Fix state tracking after erasing card (OpenSC/OpenSC#3024)
Belpic
Disable Applet V1.8 (OpenSC/OpenSC#3109)
MICARDO
Deactivate driver (OpenSC/OpenSC#3152)
SmartCard-HSM
Fix signing with secp521r1 signature (OpenSC/OpenSC#3157)
eOI
Set model via sc_card_ctl function (OpenSC/OpenSC#3189)
Rutoken
increase the minimum PIN size to support Rutoken ECP BIO (OpenSC/OpenSC#3208)
JPKI
Adjust parameters for public key in PKCS#15 emulator (OpenSC/OpenSC#3182)
D-Trust
Add support for ECDSA signatures and ECDH key agreement for D-Trust Signatures Cards 4.1/4.4 (OpenSC/OpenSC#3240, OpenSC/OpenSC##3248)
Signed-off-by: Daniel Golle <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This mostly fixes some corner case of the p11test that were caught while running it against kryoptic, adding new mechanisms and verifying the work as expected (while fixing some bugs on the kryoptic side too).