New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pkcs11-tool fails with (GetSlotInfo failed, CKR_MECHANISM_INVALID) since 0.24 when built with --disable-openssl #3087
Comments
I think we will need more logs to be clever. Likely it is an issue of the max length APDU detection, but both cards and opensc should be able to split the long APDUs and responses mostly transparently. Can you provide the logs from the APDU that is sending larger amount of data than allowed? Also version of the working 0.23.0 if possible. |
This sounds like related to the discussion item in #3004. This should have been solved by recent commits in 0.25.0, but if not, we need current debug log from 0.25.0 (at least the affected parts around the failure). |
Did not want to close this one. From the debug logs I got from @rliebscher over email, it looks like the issue of the APDU lengths as all the init finalizes correctly, but the failure comes from the
The function does not have any logging, the 0x70 is |
I suspect it will come from I opened #3092 to improve logging in the function where I suspect the issue happens. Can you try to install the package from that PR and provide debug log from this part (should not contain any sensitive information). |
Did not test it yet, but reading OpenSSL in your previous comment, reminds me that I used --disable-openssl with configure (as written in the wiki) |
Thanks for the pointer. This might be helpful to guess the location of the issue. Looking at the code, it looks like it will be likely the RSA-PSS mechanisms, that are not behind the Let me update the PR with this fix and then you can take time to retry. Regarding the CI, I think most of all or all the tests now build with openssl. Added on too. |
I tried this commit 2fa13f5 and it resolves the problem. |
Thank you for testing. I completely forgot about this while putting together the 0.25.1 so it will certainly be in the next release, unsure if 0.25.2 (it there will be some more issues) or 0.26.0 later this year. |
It fails in here (rv is 112 then)
sc_pkcs11_find_mechanism(struct sc_pkcs11_card *p11card, CK_MECHANISM_TYPE mech, CK_FLAGS flags) |
Problem Description
Since 0.24 pkcs11-tool -L fails with following error:
0.23 did work.
Both versions were build on cygwin with
./configure --disable-openssl --disable-notify --disable-zlib --disable-readline --disable-shared
0.23 outputs "token manufacturer : www.CardContact.de", and the reader itself is "Identiv uTrust 3522 embd SE Token 0"
When running with OPENSC_DEBUG I see a difference very early in log. (There is some corresponding code in 0.23 but did not made a log output when running.)
I also see that later in the log 0.23 has some
Incoming APDU (258 bytes)
where 0.25 only has 256 bytes.(Trying to set max_send_size and max_recv_size to 258 in void detect_reader_features(sc_reader_t *reader, SCARDHANDLE card_handle) gives also these larger ADPU but does not resolve the problem, so the wrong sizes might be also some symptom not the cause.)
Proposed Resolution
Steps to reproduce
Logs
I have logs for a run with 0.23 and 0.25, but I do not want to provide them here, just ask me for them.
The text was updated successfully, but these errors were encountered: