Douglas E. Engert a écrit : > > > Tarasov Viktor wrote: >> Andreas Jellinghaus a écrit : >>> It would be good to have opensc 0.11.2 soon, so I made another >>> pre-release with current trunk available: >>> >>> http://www.opensc-project.org/files/opensc/testing/ >>> http://www.opensc-project.org/files/opensc/testing/opensc-0.11.2-pre4.tar.gz >>> >>> >>> Please test this and give feedback. >>> I'm sorry, currently I find next to no time for opensc. >> There is a little patch for Oberthur card: >> - some ACLs forgotten; >> - in compute_signature() limit the Le to 256 bytes. > > Are you sure that is an error? > It is possible for a card to return data with 61XX indicating there > is more data. The PIV cards can and some of our test cards are Oberthur > but don't use this code. The reason is in APDU validity checking by sc_check_apdu() (libopensc/apdu.c +270) . APDU is invalid, if it's Le value is greater then 256. As far as I see, now, it concerns incrypto34, cardos, openpgp, ...
> > The original olen is also used in line 1157: > apdu.resplen = olen; > > The fix would be somethiung like line 1154: > apdu.le = olen > 256 ? 256 : olen; OK, in this particular case it doesn't matter, but I agree, your style will be cleaner. I've committed to trunk a new version. Kind wishes, Viktor. > > > >> >> By the way, >> for some libopensc card drivers, in compute_signature() procedure, >> the output length is assigned to Le of the Compute Signature APDU. >> So, when the length of the reserved output buffer is more then 256 bytes >> (that's the case of tools/pkcs15-crypt), >> the APDU is considered as invalid (libopensc/apdu.c +270) >> >> I've tested crypto regression tests -- for me it's OK. >> >> >>> Regards, Andreas >>> >> Kind wishes, >> Viktor. >> >>> _______________________________________________ >>> opensc-devel mailing list >>> opensc-devel@lists.opensc-project.org >>> http://www.opensc-project.org/mailman/listinfo/opensc-devel >>> >>> >> >> >> ------------------------------------------------------------------------ >> >> --- src/libopensc/card-oberthur.c (revision 3120) >> +++ src/libopensc/card-oberthur.c (working copy) >> @@ -890,6 +890,10 @@ >> ops[4] = SC_AC_OP_PIN_SET; /* SC_AC_OP_SET_REFERENCE */ >> ops[5] = SC_AC_OP_PIN_CHANGE; /* >> SC_AC_OP_CHANGE_REFERENCE */ >> ops[6] = SC_AC_OP_PIN_RESET; /* >> SC_AC_OP_RESET_COUNTER */ >> +#else >> + ops[4] = SC_AC_OP_LIST_FILES; /* >> SC_AC_OP_SET_REFERENCE */ >> + ops[5] = SC_AC_OP_LIST_FILES; /* >> SC_AC_OP_CHANGE_REFERENCE */ >> + ops[6] = SC_AC_OP_LIST_FILES; /* >> SC_AC_OP_RESET_COUNTER */ >> #endif >> } else if (file->type == SC_FILE_TYPE_WORKING_EF) { >> @@ -1148,6 +1152,11 @@ >> SC_TEST_RET(card->ctx, SC_ERROR_INVALID_ARGUMENTS, >> "Illegal input length"); >> } >> >> + if (olen > 256) { >> + sc_debug(card->ctx, "Output length reduced to 256 >> bytes"); >> + olen = 256; >> + } >> + >> sc_format_apdu(card, &apdu, SC_APDU_CASE_4_SHORT, 0x2A, 0x9E, >> 0x9A); >> apdu.datalen = ilen; >> apdu.data = in; >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
