Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 403545

Summary: app-crypt/coolkey does not work any more with ActiveKey
Product: Gentoo Linux Reporter: Uros <upalmin>
Component: Current packagesAssignee: Crypto team [DISABLED] <crypto+disabled>
Status: RESOLVED FIXED    
Severity: normal CC: zioalex
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=460662
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Fix-working-with-empty-certificates-in-not-zero-slot

Description Uros 2012-02-14 09:59:14 UTC 
Issue is appeared when CAC was implemented (coolkey-cac.patch). Some of key (include ActiveKey) can include empty certificate In this case we don't need to throw exception if this is not slot 0.

Reproducible: Always

Steps to Reproduce:
1. Install sys-apps/pcsc-lite app-crypt/coolkey attach ActivIdentity USB 
reader v3.0 
2. Load coolkey module in firefox 
3. Insert card point browser to https page where certificate is required
Actual Results:  
coolkey debug reports:

Connection Error = 0x0
cleared all sessions
refreshTokenState: Failed to load objects.
isTokenPresent, card state is 0x1
C_GetSlotList called
calling IsConnected


Expected Results:  
coolkey debug reports:

isTokenPresent, card state is 0x3e
C_GetSlotList called
calling IsConnected
IsConnected returned false
isTokenPresent, card state is 0x3e
Called C_GetSlotInfo
calling IsConnected


This bug is resolved by a patch. 

I have created local overlay based on ebuild app-crypt/coolkey-1.1.0-r4 and confirmed that patch is compatible with Gentoo and working.


---patch---
From f184e5a538caa9412fa3b0e99afe92473fbd6739 Mon Sep 17 00:00:00 2001
From: Vladimir Kravets <vova.kravets@gmail.com>
Date: Mon, 23 May 2011 17:17:43 +0300
Subject: [PATCH] Fix working with empty certificates in not zero slots.

---
 coolkey-1.1.0/src/coolkey/slot.cpp |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/coolkey-1.1.0/src/coolkey/slot.cpp b/coolkey-1.1.0/src/coolkey/slot.cpp
index 4c734b7..4c10e8a 100644
--- src/coolkey/slot.cpp
+++ src/coolkey/slot.cpp
@@ -2193,7 +2193,7 @@ Slot::readCACCertificateFirst(CKYBuffer *cert, CKYSize *nextSize,
            handleConnectionError();
        }
         
-        if(CKYBuffer_Size(cert) == 0) {
+        if(throwException && CKYBuffer_Size(cert) == 0) {
             handleConnectionError();
         }
        return status;
-- 
1.7.4.1
---patch---

Bug has already been reported to 
REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=688837

Ubuntu
https://bugs.launchpad.net/ubuntu/+source/coolkey/+bug/786682

Which provided solution with patch 
https://launchpad.net/ubuntu/+source/coolkey/1.1.0-8.1ubuntu1
Comment 1 Uros 2012-02-14 10:05:13 UTC 
Created attachment 301889 [details, diff]
Fix-working-with-empty-certificates-in-not-zero-slot

Issue is appeared when CAC was implemented (coolkey-cac.patch). Some of key (include ActiveKey) can include empty certificate In this case we don't need to throw exception if this is not slot 0.
Comment 2 Alon Bar-Lev (RETIRED) gentoo-dev 2012-12-22 00:34:21 UTC 
Fixed in coolkey-1.1.0-r5, thanks!