Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Hello,
Aktiv Co. Aleksey Samsonov:
I think, we need to rollback:
Index: src/pkcs15init/keycache.c
===
--- src/pkcs15init/keycache.c (revision 3765)
+++ src/pkcs15init/keycache.c (working copy)
@@ -259,17 +259,11 @@
}
if (ref = 0) {
- int r;
/* Create the named PIN if it doesn't exist */
if (!(s = find_entry(path, SC_AC_CHV, ref, 0))) {
s = new_entry(path, SC_AC_CHV, ref);
if (s == NULL)
return SC_ERROR_OUT_OF_MEMORY;
-
- r = sc_keycache_get_key(path, SC_AC_CHV, -1,
s-value, MAX_SECRET);
- if(r 0)
- return SC_ERROR_OBJECT_NOT_FOUND;
- s-len = r;
}
/* Set the pin name */
---
Do you mind if I roll back? (for a new 0.11.* release)
Thanks
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Am Mittwoch 07 Oktober 2009 11:34:36 schrieb Aktiv Co. Aleksey Samsonov: I think, we need to rollback: propably the best idea. the old code was working, I don't understand why the new code is necessary (ok, I don't understand the whole keycache stuff I admit), so going back to the old code that worked for almost everyone ist the best plan I think. thanks a lot for all your testing and debugging! Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Hello, Andreas Jellinghaus wrote: Am Mittwoch 07 Oktober 2009 11:34:36 schrieb Aktiv Co. Aleksey Samsonov: I think, we need to rollback: propably the best idea. the old code was working, I don't understand why the new code is necessary (ok, I don't understand the whole keycache stuff I admit), so going back to the old code that worked for almost everyone ist the best plan I think. thanks a lot for all your testing and debugging! Thanks! Committed in revision 3771. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Hello, Thanks for the answer. I think that this code is become obsolete and it needs to review, however I haven't detailed information about it. Martin Paljak: Hello Aleksey and others, Those of you who have used pkcs15init API, can anyone explain the way keycache works? There is some extra magic happening that does not only USER_PIN/SO_PIN - PIN value mapping but deals with naming PINs? What is this used for in keycache.c: libopensc/opensc.h:#define SC_AC_SYMBOLIC 0x0010 /* internal use only */ I've checked how card initialization works with KEYCACHE_DEBUG enabled but I can't really make conclusions as I've never directly worked with src/pkcs15init ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Hello,
Andreas Jellinghaus:
Am Dienstag 06 Oktober 2009 16:06:52 schrieb Aktiv Co. Aleksey Samsonov:
Aktiv Co. Aleksey Samsonov:
Hello,
Rutoken initialization failed after
http://www.opensc-project.org/opensc/changeset/3765#file8
$ pkcs15-init -l Rutoken ECP User PIN -a 02 --pin 12345678 --puk
-P --so-pin 87654321 -F
Failed to store PIN: Requested object not found
=
new_entry - calloc
...
sc_keycache_get_key - search_key - if (s-len != 0) then error
Any idea?
Thanks.
Cause: http://www.opensc-project.org/opensc/changeset/3741
hmm. I'm not 100% sure how keycache works either. but
that code is bogus - int is returned from the function,
written into an unsigned int, which is then checked 0
which can't ever happen to unsigned int.
thus I fixed the code to get the value as int,
compare 0 and only write it into the unsigned int
len field if it is = 0.
Your patch is good, bug in
http://www.opensc-project.org/opensc/changeset/3741
Alternative:
Index: src/pkcs15init/keycache.c
===
--- src/pkcs15init/keycache.c (revision 3765)
+++ src/pkcs15init/keycache.c (working copy)
@@ -267,9 +267,8 @@
return SC_ERROR_OUT_OF_MEMORY;
r = sc_keycache_get_key(path, SC_AC_CHV, -1,
s-value, MAX_SECRET);
- if(r 0)
- return SC_ERROR_OBJECT_NOT_FOUND;
- s-len = r;
+ if (r 0)
+ s-len = r;
}
/* Set the pin name */
---
but I think this is not good idea.
I think, we need to rollback:
Index: src/pkcs15init/keycache.c
===
--- src/pkcs15init/keycache.c (revision 3765)
+++ src/pkcs15init/keycache.c (working copy)
@@ -259,17 +259,11 @@
}
if (ref = 0) {
- int r;
/* Create the named PIN if it doesn't exist */
if (!(s = find_entry(path, SC_AC_CHV, ref, 0))) {
s = new_entry(path, SC_AC_CHV, ref);
if (s == NULL)
return SC_ERROR_OUT_OF_MEMORY;
-
- r = sc_keycache_get_key(path, SC_AC_CHV, -1,
s-value, MAX_SECRET);
- if(r 0)
- return SC_ERROR_OBJECT_NOT_FOUND;
- s-len = r;
}
/* Set the pin name */
---
but no idea when keycache code is actually used.
can you post a backtrace? or does anyone else know?
Rainbow iKey 3000 initialization failed also:
$ pkcs15-init -E -C --so-pin 87654321 --so-puk
Using reader with a card: Rainbow iKey 3000
$ gdb pkcs15-init
(gdb) set args -l User PIN -a 02 --pin 12345678 --puk -P --so-pin
87654321 -F
(gdb) break sc_keycache_set_pin_name
(gdb) run
Starting program: /usr/local/bin/pkcs15-init -l User PIN -a 02 --pin
12345678 --puk -P --so-pin 87654321 -F
Breakpoint 2 at 0xb7e62649: file keycache.c, line 251.
Pending breakpoint sc_keycache_set_pin_name resolved
Using reader with a card: Rainbow iKey 3000
Breakpoint 2, sc_keycache_set_pin_name (path=0x8141bf8, ref=1, name=0)
at keycache.c:251
251 if (name 0 || name = SC_PKCS15INIT_NPINS)
(gdb) n
248 {
(gdb)
251 if (name 0 || name = SC_PKCS15INIT_NPINS)
(gdb)
256 if ((old = named_pin[name]) != NULL) {
(gdb)
261 if (ref = 0) {
(gdb)
264 if (!(s = find_entry(path, SC_AC_CHV, ref, 0))) {
(gdb)
265 s = new_entry(path, SC_AC_CHV, ref);
(gdb)
266 if (s == NULL)
(gdb) p/x *s
$2 = {next = 0x0, path = {value = {0x3f, 0x0, 0x50, 0x15, 0x0 repeats
12 times}, len = 0x4,
index = 0x0, count = 0x, type = 0x2}, type = 0x1, ref =
0x1, named_pin = 0x,
len = 0x0, value = {0x0 repeats 32 times}}
(gdb) bt
#0 sc_keycache_set_pin_name (path=0x8141bf8, ref=1, name=0) at
keycache.c:266
#1 0xb7e59618 in set_so_pin_from_card (p15card=Variable p15card is
not available.
) at pkcs15-lib.c:3213
#2 0xb7e5a775 in sc_pkcs15init_store_pin (p15card=0x8140dd0,
profile=0x813fe38, args=0xbfa9a1f8)
at pkcs15-lib.c:1017
#3 0x0804e142 in main (argc=Cannot access memory at address 0x0
) at pkcs15-init.c:716
(gdb) n
269 r = sc_keycache_get_key(path, SC_AC_CHV,
-1, s-value, MAX_SECRET);
(gdb) s
sc_keycache_get_key (path=0x8141bf8, type=1, ref=-1, key=0x8143254 ,
size=32) at keycache.c:222
(gdb)
222 if (!(s = search_key(path, type, ref)))
(gdb)
search_key (path=0x8141bf8, type=1, ref=-1) at keycache.c:126
126 if (type == SC_AC_SYMBOLIC) {
(gdb) n
123 {
(gdb)
126 if (type == SC_AC_SYMBOLIC) {
(gdb)
134 for (s = secret_cache; s; s = s-next) {
(gdb)
135 if (s-len != 0
(gdb) p/x *s
$3 =
[opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Hello,
Rutoken initialization failed after
http://www.opensc-project.org/opensc/changeset/3765#file8
only (trunk/src/pkcs15init/keycache.c)
Example:
$ pkcs15-init -E -C --so-pin 87654321 --so-puk
OK!
$ pkcs15-init -l Rutoken ECP User PIN -a 02 --pin 12345678 --puk
-P --so-pin 87654321 -F
Failed to store PIN: Requested object not found
Breakpoint 2, sc_keycache_set_pin_name (path=0x8140590, ref=1, name=0)
at keycache.c:251
251 if (name 0 || name = SC_PKCS15INIT_NPINS)
(gdb) n
248 {
(gdb)
251 if (name 0 || name = SC_PKCS15INIT_NPINS)
(gdb)
256 if ((old = named_pin[name]) != NULL) {
(gdb)
261 if (ref = 0) {
(gdb)
264 if (!(s = find_entry(path, SC_AC_CHV, ref, 0))) {
(gdb)
265 s = new_entry(path, SC_AC_CHV, ref);
(gdb) s
new_entry (path=0x8140590, type=1, ref=1) at keycache.c:154
154 {
(gdb) n
157 s = (struct secret *) calloc(1, sizeof(*s));
(gdb) finish
Run till exit from #0 new_entry (path=0x8140590, type=1, ref=1) at
keycache.c:157
0xb7fa5703 in sc_keycache_set_pin_name (path=0x8140590, ref=1, name=0)
at keycache.c:265
265 s = new_entry(path, SC_AC_CHV, ref);
Value returned is $1 = (struct secret *) 0x8144790
(gdb) n
266 if (s == NULL)
(gdb)
269 r = sc_keycache_get_key(path, SC_AC_CHV,
-1, s-value, MAX_SECRET);
(gdb)
270 if(r 0)
(gdb)
292 }
(gdb) p r
$2 = -1407
=
new_entry - calloc
...
sc_keycache_get_key - search_key - if (s-len != 0) then error
Any idea?
Thanks.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Aktiv Co. Aleksey Samsonov: Hello, Rutoken initialization failed after http://www.opensc-project.org/opensc/changeset/3765#file8 $ pkcs15-init -l Rutoken ECP User PIN -a 02 --pin 12345678 --puk -P --so-pin 87654321 -F Failed to store PIN: Requested object not found = new_entry - calloc ... sc_keycache_get_key - search_key - if (s-len != 0) then error Any idea? Thanks. Cause: http://www.opensc-project.org/opensc/changeset/3741 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Hello Aleksey and others, Those of you who have used pkcs15init API, can anyone explain the way keycache works? There is some extra magic happening that does not only USER_PIN/SO_PIN - PIN value mapping but deals with naming PINs? What is this used for in keycache.c: libopensc/opensc.h:#define SC_AC_SYMBOLIC 0x0010 /* internal use only */ I've checked how card initialization works with KEYCACHE_DEBUG enabled but I can't really make conclusions as I've never directly worked with src/pkcs15init Thanks, On 06.10.2009, at 17:06, Aktiv Co. Aleksey Samsonov wrote: Aktiv Co. Aleksey Samsonov: Hello, Rutoken initialization failed after http://www.opensc-project.org/opensc/changeset/3765#file8 $ pkcs15-init -l Rutoken ECP User PIN -a 02 --pin 12345678 -- puk -P --so-pin 87654321 -F Failed to store PIN: Requested object not found = new_entry - calloc ... sc_keycache_get_key - search_key - if (s-len != 0) then error Any idea? Thanks. Cause: http://www.opensc-project.org/opensc/changeset/3741 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] changeset 3765 and sc_keycache_set_pin_name
Am Dienstag 06 Oktober 2009 16:06:52 schrieb Aktiv Co. Aleksey Samsonov: Aktiv Co. Aleksey Samsonov: Hello, Rutoken initialization failed after http://www.opensc-project.org/opensc/changeset/3765#file8 $ pkcs15-init -l Rutoken ECP User PIN -a 02 --pin 12345678 --puk -P --so-pin 87654321 -F Failed to store PIN: Requested object not found = new_entry - calloc ... sc_keycache_get_key - search_key - if (s-len != 0) then error Any idea? Thanks. Cause: http://www.opensc-project.org/opensc/changeset/3741 hmm. I'm not 100% sure how keycache works either. but that code is bogus - int is returned from the function, written into an unsigned int, which is then checked 0 which can't ever happen to unsigned int. thus I fixed the code to get the value as int, compare 0 and only write it into the unsigned int len field if it is = 0. but no idea when keycache code is actually used. can you post a backtrace? or does anyone else know? Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
