Hi all,
While testing an OpenSC compiled by myself, I've found a strange
behaviour when using a smart card with a PIN greater than 8 bytes.
Any verify_pin or C_Login function returned Wrong PIN, but I was sure
I've entered it correctly.
All functionality except from it, works perfectly. Same smart card with
a PIN equal or lower than 8 bytes was accepted as a good one.
After debugging OpenSC code and googling I've found out that function
"getpass" on Solaris only returns the first 8 bytes of read buffer, and
instead of that it should be used "getpassphrase" that accepts until 256
bytes.
I've modified all getpass functions to getpassphrase and now PIN is
accepted on Solaris despite of being greater than 8 bytes.
I attach a patch fixing all getpass to getpassphrase.
I am aware that you are on a release candidate and I am not really sure
if it can still enter on it, due to, I suppose you will want to have a
look at my patch, discuss and test it.
Any suggestions will be gratefully accepted.
Best Regards,
--
Albert Solana
[EMAIL PROTECTED]
C3PO, S.L.
http://www.c3po.es
C/ Bertran, 113 - 08023 Barcelona
Tel. 93 417 99 55 - Fax 93 253 12 80
diff -Naur trunk_revision_3140/src/common/getpass.c trunk/src/common/getpass.c
--- trunk_revision_3140/src/common/getpass.c 2007-03-19 22:12:06.000000000 +0100
+++ trunk/src/common/getpass.c 2007-03-19 22:18:22.000000000 +0100
@@ -3,7 +3,7 @@
#endif
#include <stdio.h>
-char *getpass(const char *prompt)
+char *getpassphrase(const char *prompt)
{
static char buf[128];
size_t i;
diff -Naur trunk_revision_3140/src/include/winconfig.h trunk/src/include/winconfig.h
--- trunk_revision_3140/src/include/winconfig.h 2007-03-19 22:12:06.000000000 +0100
+++ trunk/src/include/winconfig.h 2007-03-19 22:19:20.000000000 +0100
@@ -75,6 +75,6 @@
#endif
/* src/common/getpass.c */
-extern char *getpass(const char *prompt);
+extern char *getpassphrase(const char *prompt);
#endif
diff -Naur trunk_revision_3140/src/libopensc/ui.c trunk/src/libopensc/ui.c
--- trunk_revision_3140/src/libopensc/ui.c 2007-03-19 22:12:09.000000000 +0100
+++ trunk/src/libopensc/ui.c 2007-03-19 22:18:40.000000000 +0100
@@ -299,7 +299,7 @@
snprintf(buffer, sizeof(buffer),
"Please enter %s: ", label);
- if ((pin = getpass(buffer)) == NULL)
+ if ((pin = getpassphrase(buffer)) == NULL)
return SC_ERROR_INTERNAL;
len = strlen(pin);
@@ -328,7 +328,7 @@
if (!(flags & SC_UI_PIN_RETYPE))
break;
- pin = getpass("Please type again to verify: ");
+ pin = getpassphrase("Please type again to verify: ");
if (!strcmp(*out, pin)) {
sc_mem_clear(pin, len);
break;
diff -Naur trunk_revision_3140/src/tests/pintest.c trunk/src/tests/pintest.c
--- trunk_revision_3140/src/tests/pintest.c 2007-03-19 22:12:06.000000000 +0100
+++ trunk/src/tests/pintest.c 2007-03-19 22:18:02.000000000 +0100
@@ -57,7 +57,7 @@
}
sprintf(prompt, "Please enter PIN code [%s]: ", obj->label);
- pass = (u8 *) getpass(prompt);
+ pass = (u8 *) getpassphrase(prompt);
sc_lock(card);
i = sc_pkcs15_verify_pin(p15card, pin, pass, strlen((char *) pass));
diff -Naur trunk_revision_3140/src/tools/pkcs11-tool.c trunk/src/tools/pkcs11-tool.c
--- trunk_revision_3140/src/tools/pkcs11-tool.c 2007-03-19 22:12:05.000000000 +0100
+++ trunk/src/tools/pkcs11-tool.c 2007-03-19 22:17:21.000000000 +0100
@@ -771,7 +771,7 @@
} else
if (info.flags & CKF_LOGIN_REQUIRED || need_to_be_so) {
if (need_to_be_so ? !opt_so_pin : !opt_pin)
- pin = getpass(need_to_be_so ?
+ pin = getpassphrase(need_to_be_so ?
"Please enter SO PIN: " :
"Please enter User PIN: ");
else
@@ -806,11 +806,11 @@
get_token_info(slot, &info);
if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) {
if (opt_so_pin == NULL) {
- new_pin = getpass("Please enter the new SO PIN: ");
+ new_pin = getpassphrase("Please enter the new SO PIN: ");
if (!new_pin || !*new_pin || strlen(new_pin) > 20)
fatal("Invalid SO PIN\n");
strcpy(new_buf, new_pin);
- new_pin = getpass("Please enter the new SO PIN "
+ new_pin = getpassphrase("Please enter the new SO PIN "
"(again): ");
if (!new_pin || !*new_pin ||
strcmp(new_buf, new_pin) != 0)
@@ -840,11 +840,11 @@
if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) {
if (opt_pin == NULL) {
- new_pin = getpass("Please enter the new PIN: ");
+ new_pin = getpassphrase("Please enter the new PIN: ");
if (!new_pin || !*new_pin || strlen(new_pin) > 20)
fatal("Invalid User PIN\n");
strcpy(new_buf, new_pin);
- new_pin = getpass("Please enter the new PIN again: ");
+ new_pin = getpassphrase("Please enter the new PIN again: ");
if (!new_pin || !*new_pin ||
strcmp(new_buf, new_pin) != 0)
fatal("Different new User PINs, exiting\n");
@@ -871,16 +871,16 @@
get_token_info(slot, &info);
if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH)) {
- old_pin = getpass("Please enter the current PIN: ");
+ old_pin = getpassphrase("Please enter the current PIN: ");
if (!old_pin || !*old_pin || strlen(old_pin) > 20)
return 1;
strcpy(old_buf, old_pin);
old_pin = old_buf;
- new_pin = getpass("Please enter the new PIN: ");
+ new_pin = getpassphrase("Please enter the new PIN: ");
if (!new_pin || !*new_pin || strlen(new_pin) > 20)
return 1;
strcpy(new_buf, new_pin);
- new_pin = getpass("Please enter the new PIN again: ");
+ new_pin = getpassphrase("Please enter the new PIN again: ");
if (!new_pin || !*new_pin || strcmp(new_buf, new_pin) != 0) {
printf(" different new PINs, exiting\n");
return -1;
diff -Naur trunk_revision_3140/src/tools/pkcs15-crypt.c trunk/src/tools/pkcs15-crypt.c
--- trunk_revision_3140/src/tools/pkcs15-crypt.c 2007-03-19 22:12:05.000000000 +0100
+++ trunk/src/tools/pkcs15-crypt.c 2007-03-19 22:16:28.000000000 +0100
@@ -129,7 +129,7 @@
sprintf(buf, "Enter PIN [%s]: ", obj->label);
while (1) {
- pincode = getpass(buf);
+ pincode = getpassphrase(buf);
if (strlen(pincode) == 0)
return NULL;
if (strlen(pincode) < pinfo->min_length ||
@@ -196,7 +196,7 @@
if (pass)
return SC_ERROR_INTERNAL;
- pass = getpass("Please enter pass phrase "
+ pass = getpassphrase("Please enter pass phrase "
"to unlock secret key: ");
if (!pass || !*pass)
break;
diff -Naur trunk_revision_3140/src/tools/pkcs15-init.c trunk/src/tools/pkcs15-init.c
--- trunk_revision_3140/src/tools/pkcs15-init.c 2007-03-19 22:12:05.000000000 +0100
+++ trunk/src/tools/pkcs15-init.c 2007-03-19 22:16:59.000000000 +0100
@@ -1692,7 +1692,7 @@
#ifdef GET_KEY_ECHO_OFF
/* Read key with echo off - will users really manage? */
- key = getpass(prompt);
+ key = getpassphrase(prompt);
#else
printf("%s: ", prompt);
fflush(stdout);
@@ -1761,7 +1761,7 @@
if (d)
pass = (char *)d;
else
- pass = getpass("Please enter passphrase "
+ pass = getpassphrase("Please enter passphrase "
"to unlock secret key: ");
if (!pass)
return 0;
@@ -1867,7 +1867,7 @@
* the PEM interface
* see OpenSSL: crypto/pkcs12/p12_kiss.c
*/
- passphrase = getpass("Please enter passphrase "
+ passphrase = getpassphrase("Please enter passphrase "
"to unlock secret key: ");
r = do_read_pkcs12_private_key(filename,
passphrase, pk, certs, max_certs);
diff -Naur trunk_revision_3140/src/tools/pkcs15-tool.c trunk/src/tools/pkcs15-tool.c
--- trunk_revision_3140/src/tools/pkcs15-tool.c 2007-03-19 22:12:05.000000000 +0100
+++ trunk/src/tools/pkcs15-tool.c 2007-03-19 22:16:07.000000000 +0100
@@ -824,7 +824,7 @@
sprintf(buf, "%s [%s]: ", prompt, pin_obj->label);
while (1) {
- pincode = getpass(buf);
+ pincode = getpassphrase(buf);
if (strlen(pincode) == 0)
return NULL;
if (strlen(pincode) < pinfo->min_length) {
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
