Check-in [dfc8252148]
Overview
Comment:Improve fetching large certificates
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1:dfc8252148672895dc7247560683d98c6ba2c914
User & Date: roykeene on 2021-11-02 22:56:30
Other Links: manifest | tags
Context
2021-11-03
10:46
CACKey 0.7.12 Leaf check-in: 1b3cf11b1b user: rkeene tags: trunk, 0.7.12
2021-11-02
22:56
Improve fetching large certificates check-in: dfc8252148 user: roykeene tags: trunk
2021-10-30
20:27
CACKey 0.7.11 check-in: e6b5859a01 user: rkeene tags: trunk, 0.7.11
Changes

Modified cackey.c from [e8309dfff8] to [781f56fb73].

   215    215   	static char buf_user[4096] = {0}; \
   216    216   	snprintf(buf_user, sizeof(buf_user), x); \
   217    217   	buf_user[sizeof(buf_user) - 1] = '\0'; \
   218    218   	fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, buf_user); \
   219    219   	fflush(cackey_debug_fd()); \
   220    220   }
   221    221   #  define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
   222         -	static char buf_user[8192] = {0}, *buf_user_p, *buf_user_print; \
          222  +	static char buf_user[65536] = {0}, *buf_user_p, *buf_user_print; \
   223    223   	unsigned long buf_user_size; \
   224    224   	unsigned char *TMPBUF; \
   225    225   	unsigned long idx; \
   226    226   	int snprintf_ret; \
   227    227   	TMPBUF = (unsigned char *) (x); \
   228    228   	buf_user[0] = 0; \
   229    229   	buf_user[2] = 0; \
................................................................................
  1731   1731   
  1732   1732   		bytes_to_copy = *respdata_len;
  1733   1733   
  1734   1734   		if (recv_len < bytes_to_copy) {
  1735   1735   			bytes_to_copy = recv_len;
  1736   1736   		}
  1737   1737   
  1738         -		CACKEY_DEBUG_PRINTF("Copying %lu bytes to the buffer (recv'd %lu bytes, but only %lu bytes left in our buffer)", (unsigned long) bytes_to_copy, (unsigned long) recv_len, (unsigned long) *respdata_len);
         1738  +		CACKEY_DEBUG_PRINTF("Copying %lu bytes to the buffer (recv'd %lu bytes, with %lu bytes left in our buffer)", (unsigned long) bytes_to_copy, (unsigned long) recv_len, (unsigned long) *respdata_len);
  1739   1739   
  1740   1740   		memcpy(respdata, recv_buf, bytes_to_copy);
  1741   1741   		respdata += bytes_to_copy;
  1742   1742   
  1743   1743   		*respdata_len = bytes_to_copy;
  1744   1744   		tmp_respdata_len -= bytes_to_copy;
  1745   1745   	} else {
  1746   1746   		if (recv_len != 0) {
  1747   1747   			CACKEY_DEBUG_PRINTF("Throwing away %lu bytes, nowhere to put them!", (unsigned long) recv_len);
  1748   1748   		}
  1749   1749   	}
  1750   1750   
  1751   1751   	if (major_rc == 0x61) {
         1752  +		unsigned int read_le;
  1752   1753   		/* We need to READ */
  1753   1754   		CACKEY_DEBUG_PRINTF("Buffer read required");
  1754   1755   
  1755         -		if (minor_rc == 0x00) {
  1756         -			minor_rc = CACKEY_APDU_MTU;
         1756  +		read_le = minor_rc;
         1757  +		if (read_le == 0x00) {
         1758  +			read_le = 256;
  1757   1759   		}
  1758   1760   
  1759         -		pcsc_getresp_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_GET_RESPONSE, 0x00, 0x00, 0, NULL, minor_rc, respcode, respdata, &tmp_respdata_len);
         1761  +		pcsc_getresp_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_GET_RESPONSE, 0x00, 0x00, 0, NULL, read_le, respcode, respdata, &tmp_respdata_len);
  1760   1762   
  1761   1763   		if (pcsc_getresp_ret != CACKEY_PCSC_S_OK) {
  1762   1764   			CACKEY_DEBUG_PRINTF("Buffer read failed!  Returning in failure");
  1763   1765   
  1764   1766   			/* End Smartcard Transaction */
  1765   1767   			cackey_end_transaction(slot);
  1766   1768   
................................................................................
  2597   2599    *     ...
  2598   2600    *
  2599   2601    */
  2600   2602   static struct cackey_pcsc_identity *cackey_read_certs(struct cackey_slot *slot, struct cackey_pcsc_identity *certs, unsigned long *count) {
  2601   2603   	cackey_pcsc_id_type check_id_type;
  2602   2604   	struct cackey_pcsc_identity *curr_id;
  2603   2605   	struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
         2606  +	struct x509_object check_certificate;
  2604   2607   	unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
  2605   2608   	unsigned char curr_aid[7];
  2606   2609   	unsigned char buffer[1024 * 32], *buffer_p, *tmpbuf;
  2607   2610   	unsigned long outidx = 0;
  2608   2611   	char *piv_label;
  2609   2612   	cackey_ret transaction_ret;
  2610         -	ssize_t read_ret;
         2613  +	ssize_t read_ret, x509te_ret, x509tk_ret;
  2611   2614   	size_t buffer_len, tmpbuflen;
  2612   2615   	int certs_resizable;
  2613   2616   	int send_ret, select_ret;
  2614   2617   	int piv_key, piv = 0;
  2615   2618   	int cached_certs_valid;
  2616   2619   	int idx;
  2617   2620   	cackey_pcsc_id_type id_type;
................................................................................
  2816   2819   
  2817   2820   						curr_id->certificate = tmpbuf;
  2818   2821   						curr_id->certificate_len = tmpbuflen;
  2819   2822   					} else {
  2820   2823   						CACKEY_DEBUG_PRINTF("Decompressing failed! uncompress() returned %i", uncompress_ret);
  2821   2824   
  2822   2825   						free(tmpbuf);
         2826  +
         2827  +						curr_id->certificate = NULL;
         2828  +
         2829  +						outidx--;
         2830  +
         2831  +						continue;
  2823   2832   					}
  2824   2833   #else
  2825   2834   					CACKEY_DEBUG_PRINTF("Error.  We got a compressed certificate but we do not have zlib.  Hoping for the best.");
         2835  +
         2836  +					curr_id->certificate = NULL;
         2837  +
         2838  +					outidx--;
         2839  +
         2840  +					continue;
  2826   2841   #endif
         2842  +				} else {
         2843  +					CACKEY_DEBUG_PRINTF("We got an uncompressed certificate");
  2827   2844   				}
  2828   2845   			}
         2846  +
         2847  +			/*
         2848  +			 * Fit the length of the certificate appropriately
         2849  +			 */
         2850  +			x509te_ret = x509_to_exponent(curr_id->certificate, curr_id->certificate_len, NULL);
         2851  +			x509tk_ret = x509_to_keysize(curr_id->certificate, curr_id->certificate_len);
         2852  +			if (x509tk_ret < 0 || x509te_ret < 0) {
         2853  +				CACKEY_DEBUG_PRINTF("We got an unparsable certificate, skipping (exponent size is %lli, public key size is %lli)", (long long) x509te_ret, (long long) x509tk_ret);
         2854  +
         2855  +				curr_id->certificate = NULL;
         2856  +
         2857  +				outidx--;
         2858  +
         2859  +				continue;
         2860  +			}
         2861  +
         2862  +
         2863  +			CACKEY_DEBUG_PRINTF("Size of certificate %llu read, size of actual object %llu", (unsigned long long) curr_id->certificate_len, (unsigned long long) check_certificate.wholething.size);
  2829   2864   		}
  2830   2865   	} else {
  2831   2866   		/* Read all the applets from the CCC's TLV */
  2832   2867   		ccc_tlv = cackey_read_tlv(slot);
  2833   2868   
  2834   2869   		/* Look for CARDURLs that coorespond to PKI applets */
  2835   2870   		for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {