merge 563671 564321 thanks * Jean-Michel Pouré ([email protected]) wrote: > Package: opensc > Version : 0.11.9 > Severity : grave > > OpenSC 0.11.12 released, fixing an important regression: > http://www.opensc-project.org/pipermail/opensc-announce/2009-December/000030.html > > The problem > ----------- > > OpenSC 0.11.4 and earlier did not encode integers properly in ASN.1 structures > including the on-card format for directory files. This issue was was fixed > in OpenSC 0.11.5. However in december 2009 it was discovered, that as a > result some cards initialized with OpenSC 0.11.4 and earlier will not > properly > work with OpenSC 0.11.5 and later. > > So far texting showed only problems with "Starcos" cards. The integers > keyReference and pinReference are read as negative numbers, instead > of the positive number (value+256) they should represent. > > PKCS#15 dictates that both values need to be positive Integers if > specified in the directory files on the card. Thus code can automatically > detect the wrong (negative) values and fix the issue by adding 256. > > In OpenSC 0.11.12 such code was implmeneted and successfully tested. > Starcos cards initialized with OpenSC 0.11.4 and earlier can now be used > with OpenSC 0.11.12 and later. Cards initialized with OpenSC 0.11.5 and later > continue to work fine. > > Changes to the code were implemented to keep the ABI compatible with > earlier versions, so that applications using the internal OpenSC API > such as OpenSSH do not need to be recompiled. > > Still the format on the Starcos cards initialited with OpenSC 0.11.4 > continues to be wrong. If necessary a tool can be written to convert > such old cards, please report to the OpenSC mailing lists. Creating > or storing additional private keys and PIN objects will also update > the directory files and thus should writte the correct ASN.1 values > on the cards. > > Other changes > ------------- > > The Entersafe driver in OpenSC was enhanced so it does now support > private data objects. > > >
-- Eric Dorland <[email protected]> ICQ: #61138586, Jabber: [email protected]
signature.asc
Description: Digital signature
