pkcs15: pin references are always positive integers ...

In the OpenSC versions previous to 0.11.5 the references greater then 127 were erroneously encoded by one byte (negative value ecording to the ASN.1 rules). Actually some other proprietary PKCS#15 cards have also this infirmity. Actual commit makes general the application of the hack used for 'starcos' card. http://www.opensc-project.org/pipermail/opensc-devel/2011-February/016062.html git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5220 c6295689-39f2-0310-b995-f0e70906c6a9
2011-03-06 12:35:35 +00:00 · 2011-03-06 12:35:35 +00:00 · 33f44f8dc1
parent 763c0bcefe
commit 33f44f8dc1
6 changed files with 10 additions and 38 deletions
--- a/etc/opensc.conf.in
+++ b/etc/opensc.conf.in
@ -329,23 +329,6 @@ app default {
 			# The location of the driver library
 			# module = /usr/lib/opensc/drivers/p15emu_custom.so;
 		# }
-		
-		# workaround: fix keyReference and pinReference values
-		# OpenSC 0.11.4 and older have a bug: integers were not
-		# properly encoded in asn.1 structures. So far only
-		# starcos cards were found to have a problem with this,
-		# and only these two values were found to be filled with
-		# the wrong value.
-		#
-		# Fortunatly those values (if present) need to be positive.
-		# Thus we can check if these are available and negative,
-		# and if so fix them by adding 256 to get the correct value.
-		#
-		# To be on the safe side, this workaround/fix can be turned
-		# off.
-		#
-		# Default: yes
-		# enable_fix_asn1_integers = no;
 	}
 }

--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@ -115,10 +115,11 @@ int sc_pkcs15_decode_aodf_entry(struct sc_pkcs15_card *p15card,

 	/* OpenSC 0.11.4 and older encoded "pinReference" as a negative
 	   value. Fixed in 0.11.5 we need to add a hack, so old cards
-	   continue to work. */
-	if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS)
-		if (info.reference < 0)
-			info.reference += 256;
+	   continue to work. 
+	   The same invalid encoding has some models of the proprietary PKCS#15 cards.
+	*/
+	if (info.reference < 0)
+		info.reference += 256;

 	info.auth_method = SC_AC_CHV;

--- a/src/libopensc/pkcs15-prkey.c
+++ b/src/libopensc/pkcs15-prkey.c
@ -222,11 +222,8 @@ int sc_pkcs15_decode_prkdf_entry(struct sc_pkcs15_card *p15card,
        /* OpenSC 0.11.4 and older encoded "keyReference" as a negative
           value. Fixed in 0.11.5 we need to add a hack, so old cards
           continue to work. */
-        if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) {
-                if (info.key_reference < -1) {
-                        info.key_reference += 256;
-                }
-        }
+      	if (info.key_reference < -1)
+		info.key_reference += 256;

 	obj->data = malloc(sizeof(info));
 	if (obj->data == NULL) {
--- a/src/libopensc/pkcs15-pubkey.c
+++ b/src/libopensc/pkcs15-pubkey.c
@ -217,11 +217,8 @@ int sc_pkcs15_decode_pukdf_entry(struct sc_pkcs15_card *p15card,
        /* OpenSC 0.11.4 and older encoded "keyReference" as a negative
           value. Fixed in 0.11.5 we need to add a hack, so old cards
           continue to work. */
-        if (p15card->flags & SC_PKCS15_CARD_FLAG_FIX_INTEGERS) {
-                if (info.key_reference < -1) {
-                        info.key_reference += 256;
-                }
-        }
+	if (info.key_reference < -1)
+        	info.key_reference += 256;

 	obj->data = malloc(sizeof(info));
 	if (obj->data == NULL) {
--- a/src/libopensc/pkcs15.c
+++ b/src/libopensc/pkcs15.c
@ -285,11 +285,6 @@ static void fix_starcos_pkcs15_card(struct sc_pkcs15_card *p15card)
 	struct sc_context *ctx = p15card->card->ctx;
 	scconf_block *conf_block = sc_get_conf_block(ctx, "framework", "pkcs15", 1);

-	/* for starcos cards only: fix asn1 integers */
-	if (!strcmp(p15card->card->driver->short_name,"starcos")
-		&& scconf_get_bool(conf_block, "enable_fix_asn1_integers", 1))
-		p15card->flags |= SC_PKCS15_CARD_FLAG_FIX_INTEGERS;
-
 	/* set special flags based on card meta data */
 	if (strcmp(p15card->card->driver->short_name,"cardos") == 0) {

@ -681,7 +676,7 @@ struct sc_app_info * sc_find_app(struct sc_card *card, struct sc_aid *aid)
 		return NULL;

 	if (!aid || !aid->len)
-		return card->app[0];
+		return card->app[card->app_count - 1];

 	for (ii=0; ii < card->app_count; ii++) {
 		if (card->app[ii]->aid.len != aid->len)
--- a/src/libopensc/pkcs15.h
+++ b/src/libopensc/pkcs15.h
@ -502,7 +502,6 @@ typedef struct sc_pkcs15_card {

 /* flags suitable for sc_pkcs15_card_t */
 #define SC_PKCS15_CARD_FLAG_EMULATED			0x02000000
-#define SC_PKCS15_CARD_FLAG_FIX_INTEGERS		0x04000000

 /* sc_pkcs15_bind:  Binds a card object to a PKCS #15 card object
 * and initializes a new PKCS #15 card object.  Will return