Re: [opensc-devel] Fixed bug in 0.12.0
On Thu, 2010-12-23 at 09:54 +0200, Martin Paljak wrote: > Hello, > On Dec 23, 2010, at 5:40 AM, Andre Zepezauer wrote: > > On Thu, 2010-12-23 at 03:10 +0100, Peter Stuge wrote: > >>> That bug always occurs if there is an EF (i.e. EF.PrKD, EF.PuKD, EF.SKD) > >>> that contains either broken ASN.1 or uses an encoding that OpenSC isn't > >>> able to decode. The committed message [1] contains all the details about > >>> the bug and the fix. > >> > >> Maybe you can mention something about known failure cases? > > > > A profile that stores some x509Certificates and one pgpCertificate aka > > PGP public key. See PKCS#15 section 6.6 Certificates. > Is it a common scenario? Should this only affect cards which are not > initialized with OpenSC? Interestingly this bug isn't that new. It only becomes triggered now, because the search operation continues on partial failure. It only affects cards which already encountered problems before #266 was fixed. For these cards, the search operation __sc_pkcs15_search_objects() may now return successfully even if decoding of some EFs failed. Continued searches may trigger that bug. The number of effected cards should be small to zero. Cards working flawlessly in the past are not effected. The profile with pgpCertificates is local experimental stuff only. Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Fixed bug in 0.12.0
Hello, On Dec 23, 2010, at 5:40 AM, Andre Zepezauer wrote: > On Thu, 2010-12-23 at 03:10 +0100, Peter Stuge wrote: >>> That bug always occurs if there is an EF (i.e. EF.PrKD, EF.PuKD, EF.SKD) >>> that contains either broken ASN.1 or uses an encoding that OpenSC isn't >>> able to decode. The committed message [1] contains all the details about >>> the bug and the fix. >> >> Maybe you can mention something about known failure cases? > > A profile that stores some x509Certificates and one pgpCertificate aka > PGP public key. See PKCS#15 section 6.6 Certificates. Is it a common scenario? Should this only affect cards which are not initialized with OpenSC? > Decoding of x509Certificates is processed without error. Each > x509Certificate is appended to p15card->obj_list. When the last object > in EF.CD (pgpCert) is processed then the ASN.1 decoder fails with: > > asn1.c:1279:asn1_decode: returning with: -1402 (Required ASN.1 object not > found) > > In that case, the function sc_pkcs15_parse_df returns also -1402 and > *doesn't* flag df as enumerated (df->enumerated == 0). On the next > invocation of __sc_pkcs15_search_objects the EF.CD is processed again. > And all the x509Certificates are appended to obj_list again and again > and again -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Fixed bug in 0.12.0
Hello Peter, On Thu, 2010-12-23 at 03:10 +0100, Peter Stuge wrote: > Andre Zepezauer wrote: > > Hello, > > > > today I encountered a new bug that was introduced with the fix of > > #266. A working patch was committed in r4983. > > Please be careful about wording in the subject. It is very much > unclear what the version number means. :\ Agreed. Up to now, there was no official announcement of a 0.12.0 release. > > That bug always occurs if there is an EF (i.e. EF.PrKD, EF.PuKD, EF.SKD) > > that contains either broken ASN.1 or uses an encoding that OpenSC isn't > > able to decode. The committed message [1] contains all the details about > > the bug and the fix. > > Maybe you can mention something about known failure cases? A profile that stores some x509Certificates and one pgpCertificate aka PGP public key. See PKCS#15 section 6.6 Certificates. Decoding of x509Certificates is processed without error. Each x509Certificate is appended to p15card->obj_list. When the last object in EF.CD (pgpCert) is processed then the ASN.1 decoder fails with: asn1.c:1279:asn1_decode: returning with: -1402 (Required ASN.1 object not found) In that case, the function sc_pkcs15_parse_df returns also -1402 and *doesn't* flag df as enumerated (df->enumerated == 0). On the next invocation of __sc_pkcs15_search_objects the EF.CD is processed again. And all the x509Certificates are appended to obj_list again and again and again Regards Andre ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Fixed bug in 0.12.0
Andre Zepezauer wrote: > Hello, > > today I encountered a new bug that was introduced with the fix of > #266. A working patch was committed in r4983. Please be careful about wording in the subject. It is very much unclear what the version number means. :\ > That bug always occurs if there is an EF (i.e. EF.PrKD, EF.PuKD, EF.SKD) > that contains either broken ASN.1 or uses an encoding that OpenSC isn't > able to decode. The committed message [1] contains all the details about > the bug and the fix. Maybe you can mention something about known failure cases? //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Fixed bug in 0.12.0
Hello, today I encountered a new bug that was introduced with the fix of #266. A working patch was committed in r4983. That bug always occurs if there is an EF (i.e. EF.PrKD, EF.PuKD, EF.SKD) that contains either broken ASN.1 or uses an encoding that OpenSC isn't able to decode. The committed message [1] contains all the details about the bug and the fix. Regards Andre [1] http://www.opensc-project.org/opensc/changeset/4983 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
