Andreas Jellinghaus wrote:
+ /* need to limit to 248 */
+ if (card->max_send_size > 248)
+ card->max_send_size = 248;
+ if (card->max_recv_size > 248)
+ card->max_recv_size = 248;
+
+
can we put something like this in the generic code for
all cards and drivers? or in the openct specific code?
for example with cryptoflex card, openct, ccid driver (in openct)
some readers work, some won't as soon as I use 2048 bit keys.
with 1024 bit rsa they are all fine.
any suggeston where to place some code like this?
I would then re-test all readers I have access to
and see if it helps.
Thanks, Andreas
I also agree Nils comments in this thread.
First, it is unclear what number 248 represents. The lowest common
denominator? T=1 adds 4 bytes of headers+checksum, which gives us 252:
still smaller than 255 or 254 that one might expect to see...
What about the readers that support larger packets? I don't think we
need to restricted all the readers this way.
This change prevents extended APDU support, right? Some cards may insist
on extended APDU command sets for operations such as 2048 bit RSA signing.
Which generic reader classes we worry about? It seems to me that only
ccid class is an issue. If this is the case, would it be better to
special-case a few readers by their USB vendorID:prodID in ifd-ccid.c?
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
