Comments (2)
Can you get an opensc-debug.log?
-
Show if FireFox is requesting probs for smart cards and at frequency
-
Show what card the card driver or drivers are sending the probs.
The first two APDUs like from card-piv.c checking for DISCOVERY OBJECT when PIV is active application.
The second looks SELECT AID for PIV application, with response Application not found.
The rest could be from card-piv.c trying to test for a CAC CCC object or from card-cac.c.
In all the cases status show the card not have the object or application.
Is this causing problems with with the card/token you are trying to use?
I have Firefox 115.9esr on Ubuntu 22.04 and it does not appear to be probing.
from opensc.
I think that constantly probing the card if it is an unrecognized one, should be contained in every version of OpenSC. However, previous versions had less applet-based card drivers and had simpler detection mechanisms, which may be the reason why this problem wasn't recognized earlier. Due to some compilation problem, the earliest version I was able to test is 0.24.0, which also contains this problem.
The problem lies within card_detect() from slot.c:
- If a token is present (
sc_detect_card_presence()
) - and the card is not already known (
p11card->card == NULL
- then a new connection is made (
sc_connect_card()
- and the card's PKCS#15 profile is bound.
- If one of steps 2 to 4 fails, then we go to
fail
, which callssc_pkcs11_card_free()
and leads tosc_pkcs11_card_free(p11card);
.
Step 1 to 5 are running in a loop, because we're not keeping track between the different runs.
I think, what should work now as a fix, would be setting pkcs11_enable_InitToken
to true
, because the token will then be kept inside some slot even though it was not recognized. This, however, may not always desirable, because, for example, some other process could not make an exclusive connection.
A different solution would be to create a second sc_context_t and use this to watch state changes of specific readers (sc_wait_for_event()
with timeout
set to 1
). Only when this context detects a new card, the card probing should be executed.
Why use a new context rather than the existing one? It is likely, that we will loose the event state somewhere in libopensc. For example, reader-pcsc.c uses sc_wait_for_event()
in many callbacks, which may accidentally drop events, that the PKCS#11 layer will not notice.
So again, I think this kind of problem should be present in all versions of OpenSC. If you think otherwise, please perform git bisect
to point to a specific commit that introduced this problem. If we have this kind of context, we maybe find some simpler resolution to the constant card probing.
from opensc.
Related Issues (20)
- pkcs11-tool should provide an option to get slot information as pkcs11-uri HOT 1
- pkcs11-tool: extend for printing the PKCS#11 URI for the objects
- Support D-Trust Card 5.1 (Std. RSA CardOS6.0) with CAN HOT 20
- Compilation error HOT 3
- SmartCard-HSM DKEK share error "error generating random number failed with transmit failed" HOT 1
- Chrome / Chromium crashes HOT 3
- crash in pcsc_transmit -> sc_apdu_log -> sc_hex_dump HOT 1
- Recursion too deep in piv_card_reader_lock_obtained HOT 12
- asymmetric key encryption in pkcs11 module does not work
- Use ccache to speed up CI builds
- Windows certificate caching in GIDS HOT 2
- OpenSC + Smartcard-HSM + secp521r1 + OpenSSH = signing failed for ECDSA "secp521r1": error in libcrypto HOT 12
- Unable to generate RSA key using piv-tool HOT 6
- OpenSC Minidriver with PIVApplet + ECC keys on Win11: error on slot 9c - public key does not match private key HOT 28
- MacOS S/MIME Outlook or Mail.app no certificates on Yubikey smartcard detected HOT 17
- OpenSC build for macOS M1 Pro HOT 10
- OpenSC 0.25.1 + SmartCard-HSM 3.6 + brainpoolP256t1 = `point is not on curve` HOT 3
- RSA padding in release 0.25.1 HOT 3
- French eID - reading HOT 1
- OpenSC Minidriver Does Not Display the Second Key Container of JPKI Card When certutil -scinfo Is Executed HOT 30
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.