Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 403545 - app-crypt/coolkey does not work any more with ActiveKey
Summary: app-crypt/coolkey does not work any more with ActiveKey
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Crypto team [DISABLED]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-14 09:59 UTC by Uros
Modified: 2013-03-09 16:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Fix-working-with-empty-certificates-in-not-zero-slot (0001-Fix-working-with-empty-certificates-in-not-zero-slot.patch,808 bytes, patch)
2012-02-14 10:05 UTC, Uros 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Uros 2012-02-14 09:59:14 UTC 
Issue is appeared when CAC was implemented (coolkey-cac.patch). Some of key (include ActiveKey) can include empty certificate In this case we don't need to throw exception if this is not slot 0.

Reproducible: Always

Steps to Reproduce:
1. Install sys-apps/pcsc-lite app-crypt/coolkey attach ActivIdentity USB 
reader v3.0 
2. Load coolkey module in firefox 
3. Insert card point browser to https page where certificate is required
Actual Results:  
coolkey debug reports:

Connection Error = 0x0
cleared all sessions
refreshTokenState: Failed to load objects.
isTokenPresent, card state is 0x1
C_GetSlotList called
calling IsConnected


Expected Results:  
coolkey debug reports:

isTokenPresent, card state is 0x3e
C_GetSlotList called
calling IsConnected
IsConnected returned false
isTokenPresent, card state is 0x3e
Called C_GetSlotInfo
calling IsConnected


This bug is resolved by a patch. 

I have created local overlay based on ebuild app-crypt/coolkey-1.1.0-r4 and confirmed that patch is compatible with Gentoo and working.


---patch---
From f184e5a538caa9412fa3b0e99afe92473fbd6739 Mon Sep 17 00:00:00 2001
From: Vladimir Kravets <vova.kravets@gmail.com>
Date: Mon, 23 May 2011 17:17:43 +0300
Subject: [PATCH] Fix working with empty certificates in not zero slots.

---
 coolkey-1.1.0/src/coolkey/slot.cpp |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/coolkey-1.1.0/src/coolkey/slot.cpp b/coolkey-1.1.0/src/coolkey/slot.cpp
index 4c734b7..4c10e8a 100644
--- src/coolkey/slot.cpp
+++ src/coolkey/slot.cpp
@@ -2193,7 +2193,7 @@ Slot::readCACCertificateFirst(CKYBuffer *cert, CKYSize *nextSize,
            handleConnectionError();
        }
         
-        if(CKYBuffer_Size(cert) == 0) {
+        if(throwException && CKYBuffer_Size(cert) == 0) {
             handleConnectionError();
         }
        return status;
-- 
1.7.4.1
---patch---

Bug has already been reported to 
REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=688837

Ubuntu
https://bugs.launchpad.net/ubuntu/+source/coolkey/+bug/786682

Which provided solution with patch 
https://launchpad.net/ubuntu/+source/coolkey/1.1.0-8.1ubuntu1
Comment 1 Uros 2012-02-14 10:05:13 UTC 
Created attachment 301889 [details, diff]
Fix-working-with-empty-certificates-in-not-zero-slot

Issue is appeared when CAC was implemented (coolkey-cac.patch). Some of key (include ActiveKey) can include empty certificate In this case we don't need to throw exception if this is not slot 0.
Comment 2 Alon Bar-Lev (RETIRED) gentoo-dev 2012-12-22 00:34:21 UTC 
Fixed in coolkey-1.1.0-r5, thanks!