Strange issue in framework-pkcs15.c / pkcs15_gen_keypair

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Strange issue in framework-pkcs15.c / pkcs15_gen_keypair

Andreas Schwier (ML)
Dear all,

we've come a across a strange issue in OpenSC. When we try to generate a
key pair with parameters not supported by the card, then the framework
code still tries to allocate private/public key objects rather than
returning an error code.

The questionable code is in line 2675 of framework-pkcs15.c /
pkcs15_gen_keypair.

Is that an intended behaviour or a plain bug ?

Andreas

--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Strange issue in framework-pkcs15.c / pkcs15_gen_keypair

Douglas E. Engert


On 9/25/2012 5:01 AM, Andreas Schwier (ML) wrote:

> Dear all,
>
> we've come a across a strange issue in OpenSC. When we try to generate a
> key pair with parameters not supported by the card, then the framework
> code still tries to allocate private/public key objects rather than
> returning an error code.
>
> The questionable code is in line 2675 of framework-pkcs15.c /
> pkcs15_gen_keypair.
>
> Is that an intended behaviour or a plain bug ?

Same problem as before. No one has had a PKCS#15 card that supports ECC.

The original ECC code added to OpenSC was for client use only, and used
the PIV card. For testing the piv-tool could tell the card to generate
a key pair, but that was not via and PKCS standards.

>
> Andreas
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Strange issue in framework-pkcs15.c / pkcs15_gen_keypair

Andreas Schwier
Hi Douglas,

the same problem exists for RSA keys. If you specify an invalid key
size, the code tries to generate invalid objects.

Our fix ist at

https://github.com/CardContact/OpenSC/commit/a9682fd704dca5abc028b32e5ec577aa1c12ee78

Andreas

Am 25.09.2012 16:31, schrieb Douglas E. Engert:

>
> On 9/25/2012 5:01 AM, Andreas Schwier (ML) wrote:
>> Dear all,
>>
>> we've come a across a strange issue in OpenSC. When we try to generate a
>> key pair with parameters not supported by the card, then the framework
>> code still tries to allocate private/public key objects rather than
>> returning an error code.
>>
>> The questionable code is in line 2675 of framework-pkcs15.c /
>> pkcs15_gen_keypair.
>>
>> Is that an intended behaviour or a plain bug ?
> Same problem as before. No one has had a PKCS#15 card that supports ECC.
>
> The original ECC code added to OpenSC was for client use only, and used
> the PIV card. For testing the piv-tool could tell the card to generate
> a key pair, but that was not via and PKCS standards.
>
>> Andreas
>>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Strange issue in framework-pkcs15.c / pkcs15_gen_keypair

Viktor Tarasov-3
Hi,

On Tue, Sep 25, 2012 at 4:39 PM, Andreas Schwier <[hidden email]> wrote:
Hi Douglas,

the same problem exists for RSA keys. If you specify an invalid key
size, the code tries to generate invalid objects.

Our fix ist at

https://github.com/CardContact/OpenSC/commit/a9682fd704dca5abc028b32e5ec577aa1c12ee78


Thanks for patch and testing.

It was a bug. 
It appeared in 9a63e03e when support of the soft-generated keys was removed from pkcs15-init and pkcs11.

 
Andreas

Kind regards,
Viktor.
 

Am <a href="tel:25.09.2012%2016" value="+12509201216">25.09.2012 16:31, schrieb Douglas E. Engert:
>
> On 9/25/2012 5:01 AM, Andreas Schwier (ML) wrote:
>> Dear all,
>>
>> we've come a across a strange issue in OpenSC. When we try to generate a
>> key pair with parameters not supported by the card, then the framework
>> code still tries to allocate private/public key objects rather than
>> returning an error code.
>>
>> The questionable code is in line 2675 of framework-pkcs15.c /
>> pkcs15_gen_keypair.
>>
>> Is that an intended behaviour or a plain bug ?
> Same problem as before. No one has had a PKCS#15 card that supports ECC.
>
> The original ECC code added to OpenSC was for client use only, and used
> the PIV card. For testing the piv-tool could tell the card to generate
> a key pair, but that was not via and PKCS standards.
>
>> Andreas
>>


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone <a href="tel:%2B49%20571%2056149" value="+4957156149">+49 571 56149
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel