Douglas E. Engert a écrit :
>
>
> Tarasov Viktor wrote:
>> Andreas Jellinghaus a écrit :
>>> It would be good to have opensc 0.11.2 soon, so
I made another
>>> pre-release with current trunk available:
>>>
>>> h
ttp://www.opensc-project.org/files/opensc/testing/
>>> http://www.opensc-project.org/files/
opensc/testing/opensc-0.11.2-pre4.tar.gz
>>>
>>>
>>> Please test this and give feedback.
>>> I'm sorry, currently I find next to no time for
opensc.
>> There is a little patch for Oberthur card:
>> - some ACLs forgotten;
>> - in compute_signature() limit the Le to 256
bytes.
>
> Are you sure that is an error?
> It is possible for a card to return data with 61XX
indicating there
> is more data. The PIV cards can and some of our test
cards are Oberthur
> but don't use this code.
The reason is in APDU validity checking by sc_check_apdu()
(libopensc/apdu.c +270) .
APDU is invalid, if it's Le value is greater then 256.
As far as I see, now, it concerns incrypto34, cardos,
openpgp, ...
>
> The original olen is also used in line 1157:
> apdu.resplen = olen;
>
> The fix would be somethiung like line 1154:
> apdu.le = olen > 256 ? 256 : olen;
OK,
in this particular case it doesn't matter,
but I agree, your style will be cleaner.
I've committed to trunk a new version.
Kind wishes,
Viktor.
>
>
>
>>
>> By the way,
>> for some libopensc card drivers, in
compute_signature() procedure,
>> the output length is assigned to Le of the Compute
Signature APDU.
>> So, when the length of the reserved output buffer
is more then 256 bytes
>> (that's the case of tools/pkcs15-crypt),
>> the APDU is considered as invalid (libopensc/apdu.c
+270)
>>
>> I've tested crypto regression tests -- for me it's
OK.
>>
>>
>>> Regards, Andreas
>>>
>> Kind wishes,
>> Viktor.
>>
>>>
_______________________________________________
>>> opensc-devel mailing list
>>> opensc-devel lists.opensc-project.org
>>> http://www.opensc-project.org/mailman/listinfo/opensc
-devel
>>>
>>>
>>
>>
>>
------------------------------------------------------------
------------
>>
>> --- src/libopensc/card-oberthur.c (revision
3120)
>> +++ src/libopensc/card-oberthur.c (working
copy)
>> -890,6 +890,10
>> ops[4] = SC_AC_OP_PIN_SET; /*
SC_AC_OP_SET_REFERENCE */
>> ops[5] = SC_AC_OP_PIN_CHANGE; /*
>> SC_AC_OP_CHANGE_REFERENCE */
>> ops[6] = SC_AC_OP_PIN_RESET; /*
>> SC_AC_OP_RESET_COUNTER */
>> +#else
>> + ops[4] = SC_AC_OP_LIST_FILES; /*
>> SC_AC_OP_SET_REFERENCE */
>> + ops[5] = SC_AC_OP_LIST_FILES; /*
>> SC_AC_OP_CHANGE_REFERENCE */
>> + ops[6] = SC_AC_OP_LIST_FILES; /*
>> SC_AC_OP_RESET_COUNTER */
>> #endif
>> } else if (file->type ==
SC_FILE_TYPE_WORKING_EF) {
>> -1148,6 +1152,11
>> SC_TEST_RET(card->ctx,
SC_ERROR_INVALID_ARGUMENTS,
>> "Illegal input length");
>> }
>>
>> + if (olen > 256) {
>> + sc_debug(card->ctx, "Output
length reduced to 256
>> bytes");
>> + olen = 256;
>> + }
>> +
>> sc_format_apdu(card, &apdu,
SC_APDU_CASE_4_SHORT, 0x2A, 0x9E,
>> 0x9A);
>> apdu.datalen = ilen;
>> apdu.data = in;
>>
>>
>>
------------------------------------------------------------
------------
>>
>> _______________________________________________
>> opensc-devel mailing list
>> opensc-devellists.opensc-project.org
>> http://www.opensc-project.org/mailman/listinfo/opensc
-devel
>
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|
