security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00
Code Activity

scd:p15: Fix reading certificates without length info.

Browse Source 
* scd/app-p15.c (readcert_by_cdf): Do not use extended mode if the CDF
object has no length info.  Add debug output when reading a cert.
(read_p15_info): No more need to disable extended mode for GeNUA cards.
This commit is contained in:
Werner Koch 2022-05-05 13:39:03 +02:00
parent d60f930d9b
commit 7f029eef6c
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
scd/app-p15.c
View File

@ -3574,14 +3574,10 @@ read_p15_info (app_t app)
if (IS_CARDOS_5 (app) if (IS_CARDOS_5 (app)
&& app->app_local->manufacturer_id && app->app_local->manufacturer_id
&& !ascii_strcasecmp (app->app_local->manufacturer_id, "GeNUA mbH") && !ascii_strcasecmp (app->app_local->manufacturer_id, "GeNUA mbH"))
&& !app->app_local->no_extended_mode)
{ {
if (!app->app_local->card_product) if (!app->app_local->card_product)
app->app_local->card_product = CARD_PRODUCT_GENUA; app->app_local->card_product = CARD_PRODUCT_GENUA;
if (opt.verbose)
log_info ("p15: disabling extended mode based on TokenInfo\n");
app->app_local->no_extended_mode = 1;
} }
/* Read the ODF so that we know the location of all directory /* Read the ODF so that we know the location of all directory
@ -4288,6 +4284,27 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
return 0; return 0;
} }
if (DBG_CARD)
{
log_info ("p15: Reading CDF: id=");
for (i=0; i < cdf->objidlen; i++)
log_printf ("%02X", cdf->objid[i]);
if (cdf->label)
log_printf (" (%s)", cdf->label);
log_info ("p15: path=");
for (i=0; i < cdf->pathlen; i++)
log_printf ("%s%04hX", i?"/":"", cdf->path[i]);
if (cdf->have_off)
log_printf ("[%lu/%lu]", cdf->off, cdf->len);
if (cdf->authid)
{
log_printf (" authid=");
for (i=0; i < cdf->authidlen; i++)
log_printf ("%02X", cdf->authid[i]);
}
log_printf ("\n");
}
/* Read the entire file. fixme: This could be optimized by first /* Read the entire file. fixme: This could be optimized by first
reading the header to figure out how long the certificate reading the header to figure out how long the certificate
actually is. */ actually is. */
@ -4295,7 +4312,7 @@ readcert_by_cdf (app_t app, cdf_object_t cdf,
if (err) if (err)
goto leave; goto leave;
if (app->app_local->no_extended_mode) if (app->app_local->no_extended_mode || !cdf->len)
err = iso7816_read_binary_ext (app_get_slot (app), 0, cdf->off, 0, err = iso7816_read_binary_ext (app_get_slot (app), 0, cdf->off, 0,
&buffer, &buflen, NULL); &buffer, &buflen, NULL);
else else