New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSC in Firefox constantly sending SELECT(AID) APDUs for probing #3107
Comments
Can you get an opensc-debug.log?
The first two APDUs like from card-piv.c checking for DISCOVERY OBJECT when PIV is active application. The rest could be from card-piv.c trying to test for a CAC CCC object or from card-cac.c. In all the cases status show the card not have the object or application. Is this causing problems with with the card/token you are trying to use? I have Firefox 115.9esr on Ubuntu 22.04 and it does not appear to be probing. |
I think that constantly probing the card if it is an unrecognized one, should be contained in every version of OpenSC. However, previous versions had less applet-based card drivers and had simpler detection mechanisms, which may be the reason why this problem wasn't recognized earlier. Due to some compilation problem, the earliest version I was able to test is 0.24.0, which also contains this problem. The problem lies within card_detect() from slot.c:
Step 1 to 5 are running in a loop, because we're not keeping track between the different runs. I think, what should work now as a fix, would be setting A different solution would be to create a second sc_context_t and use this to watch state changes of specific readers ( So again, I think this kind of problem should be present in all versions of OpenSC. If you think otherwise, please perform |
card_detect_all() is now used as global entry point even to reader specific card detection (card_detect() is removed). This enforces a constant update of reader_states so that no events are silently dropped. This removes the need for having a timer in C_GetSlotInfo() for avoiding too many queries. If the reader implementation (i.e. reader-*.c) does not implement wait_for_event, then all slots will be queried on request just like it used to be. fixes OpenSC#3107
Problem Description
Environment: OpenSC 0.25 on Debian Testing with Firefox ESR.
If the card inserted into the reader is not recognized by OpenSC, then SELECT(AID) APDUs are issued at a high frequency, probably for probing. This interferes with other applications accessing the card.
Most APDUs contain the ActivCard AID (A0 00 00 00 79):
Proposed Resolution
Probing should only happen when cards are inserted and unknown cards should be left alone.
Steps to reproduce
Run pcscd with "pcscd -a -d -f", start Firefox with OpenSc installed and watch the APDUs.
The text was updated successfully, but these errors were encountered: