[Opensc-commits] [OpenSC/OpenSC] 08a02e: Fix PKCS#11 Object Restrictions

[GitHub <no...@gi...>]

  Branch: refs/heads/master
  Home:   https://github.com/OpenSC/OpenSC
  Commit: 08a02ed5d21afcdae76d2d18d0d643d07f581d09
      https://github.com/OpenSC/OpenSC/commit/08a02ed5d21afcdae76d2d18d0d643d07f581d09
  Author: Doug Engert <dee...@gm...>
  Date:   2019-01-15 (Tue, 15 Jan 2019)

  Changed paths:
    M src/pkcs11/framework-pkcs15.c

  Log Message:
  -----------
  Fix PKCS#11 Object Restrictions

Framework-pkcs15.c silently ignores adding objects if MAX_OBJECTS
is exceeded while creating the fw_data objects. This simple fix
is to change the MAX_OBJECTS from 64 to 128. A better fix would
be to realloc the objects arrays as needed.

__pkcs15_create_data_object and __pkcs15_create_secret_key_object
now return rv like the other  __pkcs15_create_*_object routines.

pkcs15_dobj_get_value now calls sc_pkcs15_read_data_object just like
the other pkcs15_*_get_value routines. The problem was introduced
in 0c3412bb 2018-04-09 which added:
 `return sc_to_cryptoki_error(SC_SUCCESS, "C_GetAttributeValue");`
before trying to read the data object.

The MAX_OBJECT problem was discovered while trying to use a new PIV
card with 24 standard cert objects and 10 other objects for a total
of 106 objects. Each cert object corresponds to a cert, pubkey,
private key, and the cert object itself for a possible 112 data objects.

The pkcs15_dobj_get_value was found while running:
running pkcs11-tool -r -y data --application-id 2.16.840.1.101.3.7.2.1.1
using git bisect to locate the bad commit.  The pkcs11 data objects are
created last from the pkcs15 objects which are a linked list with no limits.

 On branch fix-object-restrictions
	modified:   src/pkcs11/framework-pkcs15.c



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.