Hi On 07.04.2009, at 20:44, Robert Konklewski wrote: > A few years ago I submitted a patch that enabled the use of > smartcard readers with pinpad on Windows. I'm happy to see that most > of the changes were integrated into mainstream opensc. However, > there is a part concerning PIN insertions offsets that's been left > out. I was wondering, why? Checking the archives I see that the main portion of your "quick and dirty" patch was the ioctl+ioctl_finish mechanism (which is implemented by CCID drivers provided by reader vendors and not implemented by the open source CCID driver). The rest has probably been left out because it was not mentioned specifically as fixing something.
> Obviously, leaving the bInsertionOffsetNew at 0x00 is wrong. Please > google it. You will find that every example with > PIN_MODIFY_STRUCTURE sets this field to a non-zero value. Maybe some > pinpad readers are able to fix requests and pin modification works > in your tests. Unfortunately, mine doesn't. It's not totally wrong:) But it's obviously wrong for most cases. 0x00 belongs to the "magical feature" that allows to use cards which use variable length PIN-s (which is the Estonian eID card, which I use for testing, where the length of the APDU sent for PIN modification is not known in advance, it depends on the length of entered PINs). This relates to the "Class 1" handling in APDU building http://www.opensc-project.org/opensc/browser/trunk/src/libopensc/reader-pcsc.c#L1242 Fixed in [3679] > There is also another issue. The file "pkcs11-tool.c" unnecessarily > includes "openssl/engine.h". It doesn't use any functions defined in > this header, so removing it won't cause any harm. However, if you > have compiled openssl without engine (no-engine), then including > this header will break the build. It's important to fix this, > because omitting the engine is the easiest way to build openssl on > windows with msys/mingw. Thanks, fixed. > > Best regards > > Robert Konklewski > > diff -rup opensc-svn/src/tools/pkcs11-tool.c opensc-svn- > openssl_engine/src/tools/pkcs11-tool.c > --- opensc-svn/src/tools/pkcs11-tool.c 2009-04-07 16:55:42 +0000 > +++ opensc-svn-openssl_engine/src/tools/pkcs11-tool.c 2009-04-07 > 16:57:04 +0000 > @@ -31,7 +31,6 @@ > #include "openssl/evp.h" > #include "openssl/x509.h" > #include "openssl/rsa.h" > -#include "openssl/engine.h" > #include "openssl/bn.h" > #include "openssl/err.h" > #endif > diff -rup opensc-svn/src/libopensc/reader-pcsc.c opensc-svn- > pin_modify/src/libopensc/reader-pcsc.c > --- opensc-svn/src/libopensc/reader-pcsc.c 2009-04-07 16:55:54 +0000 > +++ opensc-svn-pin_modify/src/libopensc/reader-pcsc.c 2009-04-07 > 17:00:12 +0000 > @@ -1205,15 +1205,9 @@ static int part10_build_modify_pin_block > } > pin_modify->bmPINLengthFormat = tmp; /* bmPINLengthFormat */ > > - pin_modify->bInsertionOffsetOld = 0x00; /* bOffsetOld */ > + pin_modify->bInsertionOffsetOld = data->pin1.offset - 5; > + pin_modify->bInsertionOffsetNew = data->pin2.offset - 5; > > - /* bInsertionOffsetNew */ > - tmp = 0x00; > - if (data->pin1.encoding == SC_PIN_ENCODING_GLP) { > - tmp = 0x08; > - } > - pin_modify->bInsertionOffsetNew = tmp; /* bOffsetNew */ > - > if (!data->pin1.min_length || !data->pin1.max_length) > return SC_ERROR_INVALID_ARGUMENTS; > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
