Comments (5)
On 4/19/2014 9:13 AM, lucag73 wrote:
I have found that the opensc-pkcs11 plugin induces memory corruption in firefox 28 on a Feora 20 system.
This happens both with the distribution package AND with a recompiled version of the latest git checkout.Authentication with the smartcard is succesful and the browser prompts correctly for the certificate therein stored; however, as soon as the certificate is shown it seems that the memory gets
corrupted and I get eithera) a segmentation fault on part of the browser
b) first the error message
Received incorrect handshakes hash values from peer. (Error code: ssl_error_bad_handshake_hash_value)
followed by
security library: memory allocation failure. (Error code: sec_error_no_memory)
Some additional debugging output would be helpful:
(1) OpenSC trace using the opensc.conf debug = 9; or the OPENSC_DEBUG=9 env variable.
(2) Use the OpenSC pkcs11-spy.so as the Firefox security device.
Note:For both of the above see:
https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
(3) Mozilla NSS debugging:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables
(But this might require a debugging build of Firefox.)
(4) Run Firefox under gdb, to catch the seg fault, and find the certificate.
The most useful and easiest to start with would be (1) and (2).
The problem could be in OpenSC, Firefox or in the OpenSc card specific code for you card.
The reference for the bug on fedora bugzilla is
https://bugzilla.redhat.com/show_bug.cgi?id=1089476—
Reply to this email directly or view it on GitHub #232.
Douglas E. Engert [email protected]
from opensc.
I attempted (1) and (2); I am no expert on the format of the traces, but I have not seen anything which appears to be obviously wrong with them (the certificates are actually read from the smart card and used "appropriately" and I can also recognize the relevant data) however the browser is left unable to perform ssl negotiation afterwards.
I could post an extract, if needs be.
I also suppose the problem might be with firefox (I shall have to try running it under gdb or possibly a strong malloc() checker), even if an attempt with its pre-beta version (aurora) gave exactly the same behaviour (i.e. authentication successful and connection broken).
from opensc.
The module works with google chrome (stable: 34.0.1847.116) and I do not see the corruption I outlined before; this leaves either firefox or some extra library being used by firefox as culprits.
[I suspect it might be firefox NSS interface to blame]
from opensc.
Is the problem still present? The report on bugzilla is "CLOSED UPSTREAM" (whatever that means).
from opensc.
I guess so, reopen if not
from opensc.
Related Issues (20)
- How to Check if PKCS11 module is valid or not HOT 1
- OpenPGP card v3.4 pkcs15-init reports not supported private key HOT 13
- Use of biometrics to un-lock smart card HOT 5
- Automate provisioning of WinGet package for OpenSC HOT 8
- Using OpenSC enabled token for signing PDF documents in Adobe HOT 2
- Card misidentification HOT 13
- OpenSC in Firefox constantly sending SELECT(AID) APDUs for probing HOT 2
- Avoid non SELECT(AID) commands for probing HOT 28
- Install p11-kit configuration file HOT 1
- JPKI SELECT AID not following ISO standards HOT 1
- OpenSC 0.25.1 dmg not notarized correctly HOT 2
- SmartCard-HSM issue with Windows AD Smart Card Logon & Micrsoft Encrypting File System HOT 4
- SmartCard-HSM issue with Microsoft Word 2019 & Outlook 2019 HOT 2
- Receiving "No slots" output from pkcs11-tool at boot time HOT 4
- Importing encrypted RSA and plain RSA private keys in SmartCard-HSM HOT 6
- SmartCard-HSM Error creating HSM backup smart card HOT 2
- OpenPGP card v3.4 DestroyObject returns as ok, but does nothing HOT 1
- pkcs11-tool should provide an option to get slot information as pkcs11-uri HOT 1
- pkcs11-tool: extend for printing the PKCS#11 URI for the objects
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.