Last minute patching

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Last minute patching

Andreas Schwier (ML)
Hi all,

while doing some regression testing we've come across a problem that
once working code broke apart immediately before the 0.13 release was
finished.

We traced the problem down to a code change introduced by the MyEID
ECDSA patch [1] that went into the 0.13 version as one of the very final
patches.

Even though the code change is valid, it breaks existing code, rendering
the ECDSA key generation for the SmartCard-HSM in the 0.13 release
pretty much useless.

Can we for the future agree, that we don't squeeze such a large code
change in right before doing a release ?

We tested all the release candidates and they worked up and until the
very last patch.

Andreas


https://github.com/OpenSC/OpenSC/commit/457426543dfa02597895d57013dde94cc9e7d038

--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Last minute patching

Viktor Tarasov-3
Hello,

On Fri, Feb 15, 2013 at 2:41 PM, Andreas Schwier (ML) <[hidden email]> wrote:
while doing some regression testing we've come across a problem that
once working code broke apart immediately before the 0.13 release was
finished.

We traced the problem down to a code change introduced by the MyEID
ECDSA patch [1] that went into the 0.13 version as one of the very final
patches.

Even though the code change is valid, it breaks existing code, rendering
the ECDSA key generation for the SmartCard-HSM in the 0.13 release
pretty much useless.

Sorry, for these problems.
 

Can we for the future agree, that we don't squeeze such a large code
change in right before doing a release ?


Yes, in the future we'll be less hazardous.

This release was not as like the others -- 
first train after the long interruption of traffic: many passengers, new locomotive, equipage without experience, ...
 

We tested all the release candidates and they worked up and until the
very last patch.

Andreas

Kind regards,
Viktor.

 


https://github.com/OpenSC/OpenSC/commit/457426543dfa02597895d57013dde94cc9e7d038

--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone <a href="tel:%2B49%20571%2056149" value="+4957156149" target="_blank">+49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Last minute patching

Andreas Schwier (ML)
Dear Viktor,

the patch is attached to the pending pull request for CardContact/OpenSC.

Andreas

Am 15.02.2013 15:31, schrieb Viktor Tarasov:

> Hello,
>
> On Fri, Feb 15, 2013 at 2:41 PM, Andreas Schwier (ML)
> <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     while doing some regression testing we've come across a problem that
>     once working code broke apart immediately before the 0.13 release was
>     finished.
>
>     We traced the problem down to a code change introduced by the MyEID
>     ECDSA patch [1] that went into the 0.13 version as one of the very final
>     patches.
>
>     Even though the code change is valid, it breaks existing code, rendering
>     the ECDSA key generation for the SmartCard-HSM in the 0.13 release
>     pretty much useless.
>
>
> Sorry, for these problems.
>  
>
>
>     Can we for the future agree, that we don't squeeze such a large code
>     change in right before doing a release ?
>
>
>
> Yes, in the future we'll be less hazardous.
>
> This release was not as like the others --
> first train after the long interruption of traffic: many passengers, new
> locomotive, equipage without experience, ...
>  
>
>
>     We tested all the release candidates and they worked up and until the
>     very last patch.
>
>     Andreas
>
>
> Kind regards,
> Viktor.
>
>  
>
>
>
>     https://github.com/OpenSC/OpenSC/commit/457426543dfa02597895d57013dde94cc9e7d038
>
>     --
>
>         ---------    CardContact Software & System Consulting
>        |.##> <##.|   Andreas Schwier
>        |#       #|   Schülerweg 38
>        |#       #|   32429 Minden, Germany
>        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149>
>         ---------    http://www.cardcontact.de
>                      http://www.tscons.de
>                      http://www.openscdp.org
>
>
>     ------------------------------------------------------------------------------
>     Free Next-Gen Firewall Hardware Offer
>     Buy your Sophos next-gen firewall before the end March 2013
>     and get the hardware for free! Learn more.
>     http://p.sf.net/sfu/sophos-d2d-feb
>     _______________________________________________
>     Opensc-devel mailing list
>     [hidden email]
>     <mailto:[hidden email]>
>     https://lists.sourceforge.net/lists/listinfo/opensc-devel
>
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Last minute patching

Aventra - Hannu Honkanen
Hi,

First of all, I'm sorry for the problems you got due to a change we did.

At the time, it seemed for me that the OpenSC's ECC parts were very
incomplete,
especially key generation. We added these parts and tried to interpret
standards to get everything right.

I tried to look at the actual problem you got, but I cannot find the patch
you mentioned.
Could you post a direct link to the pull request?

Kind regards,
Toni

> -----Original Message-----
> From: Andreas Schwier (ML) [mailto:[hidden email]]
> Sent: 15. helmikuuta 2013 19:01
> To: Viktor Tarasov
> Cc: [hidden email]
> Subject: Re: [Opensc-devel] Last minute patching
>
> Dear Viktor,
>
> the patch is attached to the pending pull request for
> CardContact/OpenSC.
>
> Andreas
>
> Am 15.02.2013 15:31, schrieb Viktor Tarasov:
> > Hello,
> >
> > On Fri, Feb 15, 2013 at 2:41 PM, Andreas Schwier (ML)
> > <[hidden email]
> > <mailto:[hidden email]>> wrote:
> >
> >     while doing some regression testing we've come across a problem
> that
> >     once working code broke apart immediately before the 0.13 release
> was
> >     finished.
> >
> >     We traced the problem down to a code change introduced by the
> MyEID
> >     ECDSA patch [1] that went into the 0.13 version as one of the
> very final
> >     patches.
> >
> >     Even though the code change is valid, it breaks existing code,
> rendering
> >     the ECDSA key generation for the SmartCard-HSM in the 0.13
> release
> >     pretty much useless.
> >
> >
> > Sorry, for these problems.
> >
> >
> >
> >     Can we for the future agree, that we don't squeeze such a large
> code
> >     change in right before doing a release ?
> >
> >
> >
> > Yes, in the future we'll be less hazardous.
> >
> > This release was not as like the others -- first train after the long
> > interruption of traffic: many passengers, new locomotive, equipage
> > without experience, ...
> >
> >
> >
> >     We tested all the release candidates and they worked up and until
> the
> >     very last patch.
> >
> >     Andreas
> >
> >
> > Kind regards,
> > Viktor.
> >
> >
> >
> >
> >
> >
> >
> https://github.com/OpenSC/OpenSC/commit/457426543dfa02597895d57013dde9
> > 4cc9e7d038
> >
> >     --
> >
> >         ---------    CardContact Software & System Consulting
> >        |.##> <##.|   Andreas Schwier
> >        |#       #|   Schülerweg 38
> >        |#       #|   32429 Minden, Germany
> >        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149>
> >         ---------    http://www.cardcontact.de
> >                      http://www.tscons.de
> >                      http://www.openscdp.org
> >
> >
> >     -----------------------------------------------------------------
> -------------
> >     Free Next-Gen Firewall Hardware Offer
> >     Buy your Sophos next-gen firewall before the end March 2013
> >     and get the hardware for free! Learn more.
> >     http://p.sf.net/sfu/sophos-d2d-feb
> >     _______________________________________________
> >     Opensc-devel mailing list
> >     [hidden email]
> >     <mailto:[hidden email]>
> >     https://lists.sourceforge.net/lists/listinfo/opensc-devel
> >
> >
>
>
> --
>
>     ---------    CardContact Software & System Consulting
>    |.##> <##.|   Andreas Schwier
>    |#       #|   Schülerweg 38
>    |#       #|   32429 Minden, Germany
>    |'##> <##'|   Phone +49 571 56149
>     ---------    http://www.cardcontact.de
>                  http://www.tscons.de
>                  http://www.openscdp.org
>
>
> -----------------------------------------------------------------------
> -------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013 and get the
> hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
The Go Parallel Website, sponsored by Intel - in partnership with Geeknet,
is your hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials, tech docs,
whitepapers, evaluation guides, and opinion stories. Check out the most
recent posts - join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Last minute patching

Andreas Schwier (ML)
Hi Toni,

I've marked the change in [1] / pkcs15-pubkey.c / 658.

Your modification to the code is correct, but it breaks existing code as
it changes the format of the public key stored in ecpointQ. Before your
change it used to contain an OCTET-STRING, now it contains just the
plain public key (04|X|Y).

My point is not that we should not do this kind of fixes, we just should
allow a little more time for other to check implications of large code
changes. And we should certainly not introduce such large changes after
we verified 2 release candidates - I mean, what's the purpose of a
release candidate, if the final code looks completely different ?

Andreas


[1]
https://github.com/OpenSC/OpenSC/commit/457426543dfa02597895d57013dde94cc9e7d038

Am 18.02.2013 21:00, schrieb Toni Sjoblom - Aventra:

> Hi,
>
> First of all, I'm sorry for the problems you got due to a change we did.
>
> At the time, it seemed for me that the OpenSC's ECC parts were very
> incomplete,
> especially key generation. We added these parts and tried to interpret
> standards to get everything right.
>
> I tried to look at the actual problem you got, but I cannot find the patch
> you mentioned.
> Could you post a direct link to the pull request?
>
> Kind regards,
> Toni
>
>> -----Original Message-----
>> From: Andreas Schwier (ML) [mailto:[hidden email]]
>> Sent: 15. helmikuuta 2013 19:01
>> To: Viktor Tarasov
>> Cc: [hidden email]
>> Subject: Re: [Opensc-devel] Last minute patching
>>
>> Dear Viktor,
>>
>> the patch is attached to the pending pull request for
>> CardContact/OpenSC.
>>
>> Andreas
>>
>> Am 15.02.2013 15:31, schrieb Viktor Tarasov:
>>> Hello,
>>>
>>> On Fri, Feb 15, 2013 at 2:41 PM, Andreas Schwier (ML)
>>> <[hidden email]
>>> <mailto:[hidden email]>> wrote:
>>>
>>>     while doing some regression testing we've come across a problem
>> that
>>>     once working code broke apart immediately before the 0.13 release
>> was
>>>     finished.
>>>
>>>     We traced the problem down to a code change introduced by the
>> MyEID
>>>     ECDSA patch [1] that went into the 0.13 version as one of the
>> very final
>>>     patches.
>>>
>>>     Even though the code change is valid, it breaks existing code,
>> rendering
>>>     the ECDSA key generation for the SmartCard-HSM in the 0.13
>> release
>>>     pretty much useless.
>>>
>>>
>>> Sorry, for these problems.
>>>
>>>
>>>
>>>     Can we for the future agree, that we don't squeeze such a large
>> code
>>>     change in right before doing a release ?
>>>
>>>
>>>
>>> Yes, in the future we'll be less hazardous.
>>>
>>> This release was not as like the others -- first train after the long
>>> interruption of traffic: many passengers, new locomotive, equipage
>>> without experience, ...
>>>
>>>
>>>
>>>     We tested all the release candidates and they worked up and until
>> the
>>>     very last patch.
>>>
>>>     Andreas
>>>
>>>
>>> Kind regards,
>>> Viktor.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> https://github.com/OpenSC/OpenSC/commit/457426543dfa02597895d57013dde9
>>> 4cc9e7d038
>>>
>>>     --
>>>
>>>         ---------    CardContact Software & System Consulting
>>>        |.##> <##.|   Andreas Schwier
>>>        |#       #|   Schülerweg 38
>>>        |#       #|   32429 Minden, Germany
>>>        |'##> <##'|   Phone +49 571 56149 <tel:%2B49%20571%2056149>
>>>         ---------    http://www.cardcontact.de
>>>                      http://www.tscons.de
>>>                      http://www.openscdp.org
>>>
>>>
>>>     -----------------------------------------------------------------
>> -------------
>>>     Free Next-Gen Firewall Hardware Offer
>>>     Buy your Sophos next-gen firewall before the end March 2013
>>>     and get the hardware for free! Learn more.
>>>     http://p.sf.net/sfu/sophos-d2d-feb
>>>     _______________________________________________
>>>     Opensc-devel mailing list
>>>     [hidden email]
>>>     <mailto:[hidden email]>
>>>     https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>>
>>>
>>
>>
>> --
>>
>>     ---------    CardContact Software & System Consulting
>>    |.##> <##.|   Andreas Schwier
>>    |#       #|   Schülerweg 38
>>    |#       #|   32429 Minden, Germany
>>    |'##> <##'|   Phone +49 571 56149
>>     ---------    http://www.cardcontact.de
>>                  http://www.tscons.de
>>                  http://www.openscdp.org
>>
>>
>> -----------------------------------------------------------------------
>> -------
>> Free Next-Gen Firewall Hardware Offer
>> Buy your Sophos next-gen firewall before the end March 2013 and get the
>> hardware for free! Learn more.
>> http://p.sf.net/sfu/sophos-d2d-feb
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel