Tarasov Viktor wrote:
Andreas Jellinghaus a écrit :
It would be good to have opensc 0.11.2 soon, so I made another
pre-release with current trunk available:
http://www.opensc-project.org/files/opensc/testing/
http://www.opensc-project.org/files/opensc/testing/opensc-0.11.2-pre4.tar.gz
Please test this and give feedback.
I'm sorry, currently I find next to no time for opensc.
There is a little patch for Oberthur card:
- some ACLs forgotten;
- in compute_signature() limit the Le to 256 bytes.
Are you sure that is an error?
It is possible for a card to return data with 61XX indicating there
is more data. The PIV cards can and some of our test cards are Oberthur
but don't use this code.
The original olen is also used in line 1157:
apdu.resplen = olen;
The fix would be somethiung like line 1154:
apdu.le = olen > 256 ? 256 : olen;
By the way,
for some libopensc card drivers, in compute_signature() procedure,
the output length is assigned to Le of the Compute Signature APDU.
So, when the length of the reserved output buffer is more then 256 bytes
(that's the case of tools/pkcs15-crypt),
the APDU is considered as invalid (libopensc/apdu.c +270)
I've tested crypto regression tests -- for me it's OK.
Regards, Andreas
Kind wishes,
Viktor.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
------------------------------------------------------------------------
--- src/libopensc/card-oberthur.c (revision 3120)
+++ src/libopensc/card-oberthur.c (working copy)
@@ -890,6 +890,10 @@
ops[4] = SC_AC_OP_PIN_SET; /* SC_AC_OP_SET_REFERENCE */
ops[5] = SC_AC_OP_PIN_CHANGE; /* SC_AC_OP_CHANGE_REFERENCE */
ops[6] = SC_AC_OP_PIN_RESET; /* SC_AC_OP_RESET_COUNTER */
+#else
+ ops[4] = SC_AC_OP_LIST_FILES; /* SC_AC_OP_SET_REFERENCE */
+ ops[5] = SC_AC_OP_LIST_FILES; /* SC_AC_OP_CHANGE_REFERENCE */
+ ops[6] = SC_AC_OP_LIST_FILES; /* SC_AC_OP_RESET_COUNTER */
#endif
}
else if (file->type == SC_FILE_TYPE_WORKING_EF) {
@@ -1148,6 +1152,11 @@
SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, "Illegal input
length");
}
+ if (olen > 256) {
+ sc_debug(card->ctx, "Output length reduced to 256 bytes");
+ olen = 256;
+ }
+
sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, 0x9A);
apdu.datalen = ilen;
apdu.data = in;
------------------------------------------------------------------------
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
