Leopard Bugs

This page is intended to document the problems with smartcard usage on MacOSX10.5 (Leopard). We provide the Apple's Problem ID, if available, and workarounds. Feel free to submit your problems directly to this wiki page, or via the mailing-list.

ATR reporting error (1)

  • Description

The ATR reported for example by /Library/OpenSC/bin/opensc-tool --atr (doing it a least twice because sometimes, at the first run the ATR is correctly reported...) is appended by 0x00. This intereferes with the card type recognition.

You can also use the Mac OS X tool pcsctest to display the card ATR. The result is the same and does not involve any OpenSC program.

  • Problem ID

5757100, 5485550, 5479263

  • Workaround
  1. Use the last version of experimental SCA.
    OR
  1. Create an entry in /Library/OpenSC/etc/opensc.conf with something like this: 
    card_atr 3B:7D:11:00:00...... {
    driver = your_card_driver
    type = value
    }

Sometimes you need to define a type too. Check for your card in this file to get this value.

ATR reporting error (2)

  • Description

Insert a first card, then remove it and reinsert a second different card. The ATR displayed by /Library/OpenSC/bin/opensc-tool --atr after the second card is a mix of the ATR of the second card and the ATR of the first card. This intereferes with the card type recognition.

You can also use the Mac OS X tool pcsctest to display the card ATR. The result is the same and does not involve any OpenSC program.

  • Problem ID

5759329

  • Workaround

Disconnect the card reader between the 2 cards.

Pcscd choose a bad communication protocol

  • Description

For some card, the card requests T=0 protocol for communicating, and pcscd uses T=1. This is documented with SetCOS 4.4.1 (ATR: 3B 9F 94 80 1F C3 00 68 11 44 05 01 46 49 53 45 31 C8 07 90 00 19). With some readers (ACR38U), the card simply doesn't answer to any APDU.

  • Problem ID

5757076

  • Workaround

None

Pcscd choose a bad communication protocol

  • Description

For some card pcscd uses the wrong prorocol. Bug reported in http://lists.apple.com/archives/Apple-cdsa/2008/Mar/msg00017.html with a GemPC Twin USB and an Aladdin eToken Pro card (ATR: 3B F2 18 00 02 C1 0A 31 FE 58 C8 09 75). pcsctest returns Testing SCardConnect : Card protocol mismatch.

  • Problem ID

5818373

  • Workaround

Install a working driver like this CCID driver http://pcsclite.alioth.debian.org/ccid.html#MacOSX

Token unlock in KeyChainAccess

  • Description

By clicking on the lock icon in KeyChainAccess, and after a correct PIN in the dialog box, the lock didn't get unlocked. This is probably just a cosmetic bug.

  • Problem ID

None

  • Workaround

None

SCardIsValidContext

  • Description

The PCSC framework library provides the SCardIsValidContext() function but this function is not declared in the PCSC framework header file /System/Library/Frameworks/PCSC.framework/Versions/A/Headers/winscard.h

  • Problem ID

5612527

  • Workaround

Declare the function yourself using: 

#ifdef __APPLE__
#ifdef __cplusplus
extern "C"
{
#endif
    int32_t SCardIsValidContext(SCARDHANDLE hCard);
#ifdef __cplusplus
}
#endif
#endif

multi-slot smart card readers

  • Description

If I use a smart card reader with 2 slots (and a driver supporting this feature) then the PCSC framework creates 2 readers (one for each slot) and also create a non-existing reader.

This non-existing reader is still present after removing the multi-slot reader.

  • Problem ID

5697379

  • Workaround

None

TAG_IFD_THREAD_SAFE

  • Description

pcscd does not correctly implement the TAG_IFD_THREAD_SAFE feature of a smart card reader. Connecting a second reader will crash pcscd

  • Problem ID

5697388

  • Workaround

Ludovic Rousseau CCID driver http://pcsclite.alioth.debian.org/ccid.html already includes a patch to avoid this bug. TAG_IFD_THREAD_SAFE is just not supported on Leopard.

Keychain services collapsing

  • Descritpion

Plugging/unplugging the reader and using some applications that access keychain result in a crash that takes down all Keychain using applications on PPC 

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000c1080000
Crashed Thread:  0

Thread 0 Crashed:
0   libSystem.B.dylib             	0x945082a0 tiny_malloc_from_free_list + 80
1   libSystem.B.dylib             	0x94501ba8 szone_malloc + 200
2   libSystem.B.dylib             	0x94501a8c malloc_zone_malloc + 112
3   libSystem.B.dylib             	0x945019ec malloc + 64
4   libstdc++.6.dylib             	0x93f120cc operator new(unsigned long) + 112
5   libstdc++.6.dylib             	0x93ef5d94 std::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Rep::_S_create(unsigned long, unsigned long, std::allocator<char> const&) + 172
6   libstdc++.6.dylib             	0x93ef618c char* std::basic_string<char, std::char_traits<char>, std::allocator<char> >::_S_construct<char const*>(char const*, char const*, std::allocator<char> const&, std::forward_iterator_tag) + 112
7   libstdc++.6.dylib             	0x93ef62a4 std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) + 64
8   com.apple.security            	0x93056bdc Security::DLDbListCFPref::loadPropertyList(bool) + 104
9   com.apple.security            	0x93056f8c Security::DLDbListCFPref::revert(bool) + 20
10  com.apple.security            	0x9308974c Security::KeychainCore::StorageManager::getSearchList(std::vector<Security::KeychainCore::Keychain, std::allocator<Security::KeychainCore::Keychain> >&) + 84
11  com.apple.security            	0x9307a794 SecKeychainCopySearchList + 128
12  com.apple.CFNetwork           	0x913051b0 _KeychainListChanged + 32
13  com.apple.CFNetwork           	0x913059e8 _WatchKeychainCallback + 264
14  com.apple.security            	0x9304db54 Security::KeychainCore::CCallbackMgr::AlertClients(std::list<Security::KeychainCore::CallbackInfo, std::allocator<Security::KeychainCore::CallbackInfo> > const&, unsigned long, int, Security::KeychainCore::Keychain const&, Security::KeychainCore::Item const&) + 168
15  com.apple.security            	0x9304df08 Security::KeychainCore::CCallbackMgr::consume(unsigned int, unsigned int, Security::CssmData const&) + 552
16  com.apple.security            	0x931487ac Security::SecurityServer::NotificationPort::receive(Security::MachPlusPlus::Message const&) + 284
17  com.apple.security            	0x9316a758

Another one when testing today, and the activity can be traced to numerous plug-removals of the reader/card: 

 4 ??? [0xe0bec]
   4 ??? [0xe0b70]
     4 _SecKeychainFindGenericPassword + 388 (in Security) [0x9307aec8]
       4 __ZN8Security12KeychainCore8ItemImpl7getDataERNS_17CssmDataContainerE + 108 (in Security) [0x9305f044]
         4 __ZN8Security12KeychainCore15KCEventNotifier17PostKeychainEventEmRKNS0_8KeychainERKNS0_4ItemE + 172 (in Security) [0x930615d4]
           4 __ZN8Security12KeychainCore15KCEventNotifier17PostKeychainEventEmRKNS_14DLDbIdentifierERKNS0_10PrimaryKeyE + 304 (in Security) [0x930614d4]
  • Problem ID

None

  • Workaround

None