[opensc-devel] Re: changes before 0.11.2?

Mon, 23 Apr 2007 08:12:41 -0700 


Andreas Jellinghaus wrote:

Am Sonntag, 22. April 2007 11:38 schrieb Nils Larsch:

does setting "lock_login = true" or "cache_pins = true" in the opensc
config help ?


cache_pins solves the problem. enable that by default?

if we change code/config before release anyway, what should
we do with the max_send_size issue / related code?

currently I edit opensc.conf to set max_send_size to 255 for cryptoflex.


max_send_size should default to 255, not 256.
max_recv_size should default to 256.


haven't tested if that breaks other cards. what would be a code equivalent?


Each card would set its limit similar to the card-miocos.c does:

    72      /* read_binary and friends shouldn't do more than 244 bytes
    73       * per operation */
    74      if (card->max_send_size > 244)
    75          card->max_send_size = 244;
    76      if (card->max_recv_size > 244)
    77          card->max_recv_size = 244;

grep max_send_size *

shows card-acos5.c, card-atrust-acos.c, card-gpk.c,
card-miocos.c, card-starcos.c, and pkcs15-gemsafe.c all enforce
some type of limit. I presume based on limitations of the card.



/* Beware: the following needs to be a multiple of 4
 * or else sc_update_binary will not work on GPK */


Note gpk.c enforces the multiple of 4:

   201      /* Make sure max send/receive size is 4 byte aligned. */
   202      card->max_send_size &= ~3;
   203      card->max_recv_size &= ~3;



/* increased to 256 on 2007-03-12 by aj so we have max size by default */
#define SC_APDU_CHOP_SIZE               256


The above should have been two defines for send and recv.



and that size is used for both recv and send size. recv size needs to be at
least 256 AFAIK, so we can get a full 2048 byte signature in one apdu?


Yes. Max_send_size should be 255,  and max_recv_size 256.




it also needs to be less for some readers, otherwise cryptoflex won't work in 
some readers. (ludovic mentioned the SCM readers can be fixed with a new 
firmware or the restriction can be ignored, but I need to search my old 
mails, what other readers had limitations too).


I don't know what readers have limitions.



Regards, Andreas
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel




--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel






















					Reply via email to