On 4/13/2011 8:20 AM, Viktor TARASOV wrote: > Hi, > > the number of APDUs used by PIV's driver to get the object data can be > reduced. > > Actually before getting object data, PIV driver tries to get it's size. > For that it reads the first 8 bytes of the object data. Usually card responds > with '61xx' return code, > that's why one (useless) 'GET RESPONSE' APDU is sended by APDU transmit level > (in apdu.c). > > So, there are two not-necessary APDUs for each getting of the object data .
The intent was to get the length, then allocate a buffer and don't read the objects unless needed. Unfortunately, the way PKCS#11 applications work, one ends up reading all the certificates anyway. I argued with NIST over the years that they needed a directory. The answer was always, that you could get the length of the object from the object. So as you point out the method of reading to get the length, does not work very well. NIST 800-73 lists some "Max Bytes" for the sizes of the objects, but I have seen objects which are are larger and 800-73-3 now says these are recommended. It looks like your buffer is only 8K, and this could cause a problem, the "Cardholder Facial Image" object, "Max Bytes" is 12704. So any buffer should be 64K to be on the safe side to avoid ever getting the "Need to increase the size of internal receive buffer" message. > > In proposed patch all object data are read at once into the statically > allocated buffer. Its not static, it looks like it is on the stack. Maybe it should be allocated, as part of the piv_private_data. > > Have you any objections? As long as the buffer is 64K and not on the stack... > > Kind wishes, > Viktor. > > > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
