[git] GnuPG - branch, STABLE-BRANCH-2-0, updated. gnupg-2.0.28-11-g0227196
by NIIBE Yutaka
cvs at cvs.gnupg.org
Tue Jun 23 03:48:59 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, STABLE-BRANCH-2-0 has been updated
via 022719695e3900005d78564dfe4b2154fe0537a5 (commit)
via 9200bf1babd1398a07202b530a255912d0ffdd71 (commit)
from be348579397797bdf814c41e3cbd086156f77dd6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 022719695e3900005d78564dfe4b2154fe0537a5
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Tue Jun 23 10:10:15 2015 +0900
scd: pinpad workaround for PC/SC implementations.
* scd/adpu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Bigger buffer
for TPDU card reader.
--
(backport from 2.1 commit 5e1d2fe6555d06f9dcd2daac713b2edfbc0428a5)
GnuPG-bug-id: 2003, 2004
This is needed for PC/SC on Debian Jessie. Note that it's not only
for Cherry ST-2000, but also, for any TPDU card readers.
diff --git a/scd/apdu.c b/scd/apdu.c
index a2880f8..f9a1a2d 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -2252,8 +2252,16 @@ pcsc_pinpad_verify (int slot, int class, int ins, int p0, int p1,
int sw;
unsigned char *pin_verify;
int len = PIN_VERIFY_STRUCTURE_SIZE + pininfo->fixedlen;
- unsigned char result[2];
- pcsc_dword_t resultlen = 2;
+ /*
+ * The result buffer is only expected to have two-byte result on
+ * return. However, some implementation uses this buffer for lower
+ * layer too and it assumes that there is enough space for lower
+ * layer communication. Such an implementation fails for TPDU
+ * readers with "insufficient buffer", as it needs header and
+ * trailer. Six is the number for header + result + trailer (TPDU).
+ */
+ unsigned char result[6];
+ pcsc_dword_t resultlen = 6;
int no_lc;
if (!reader_table[slot].atrlen
@@ -2327,8 +2335,8 @@ pcsc_pinpad_modify (int slot, int class, int ins, int p0, int p1,
int sw;
unsigned char *pin_modify;
int len = PIN_MODIFY_STRUCTURE_SIZE + 2 * pininfo->fixedlen;
- unsigned char result[2];
- pcsc_dword_t resultlen = 2;
+ unsigned char result[6]; /* See the comment at pinpad_verify. */
+ pcsc_dword_t resultlen = 6;
int no_lc;
if (!reader_table[slot].atrlen
commit 9200bf1babd1398a07202b530a255912d0ffdd71
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Mon Jun 22 14:31:25 2015 +0900
scd: Fix Cherry ST-2000 support for pinpad input.
* scd/apdu.c (pcsc_vendor_specific_init): Set pinmax to 15.
* scd/ccid-driver.c (ccid_transceive_secure): Add zero for the
template of APDU.
--
(backport from 2.1 commit 444e9232aa9e00aacd939cbf7bdb881b550dfebe)
GnuPG-bug-id: 2003, 2004
diff --git a/scd/apdu.c b/scd/apdu.c
index 72b291e..a2880f8 100644
--- a/scd/apdu.c
+++ b/scd/apdu.c
@@ -1784,8 +1784,12 @@ pcsc_vendor_specific_init (int slot)
reader_table[slot].is_spr532 = 1;
reader_table[slot].pinpad_varlen_supported = 1;
}
- else if (strstr (reader_table[slot].rdrname, "ST-2xxx")
- || strstr (reader_table[slot].rdrname, "cyberJack")
+ else if (strstr (reader_table[slot].rdrname, "ST-2xxx"))
+ {
+ reader_table[slot].pcsc.pinmax = 15;
+ reader_table[slot].pinpad_varlen_supported = 1;
+ }
+ else if (strstr (reader_table[slot].rdrname, "cyberJack")
|| strstr (reader_table[slot].rdrname, "DIGIPASS")
|| strstr (reader_table[slot].rdrname, "Gnuk")
|| strstr (reader_table[slot].rdrname, "KAAN"))
@@ -1850,8 +1854,12 @@ pcsc_vendor_specific_init (int slot)
reader_table[slot].is_spr532 = 1;
reader_table[slot].pinpad_varlen_supported = 1;
}
- else if ((vendor == 0x046a && product == 0x003e) /* Cherry ST-2xxx */
- || vendor == 0x0c4b /* Tested with Reiner cyberJack GO */
+ else if (vendor == 0x046a && product == 0x003e) /* Cherry ST-2xxx */
+ {
+ reader_table[slot].pcsc.pinmax = 15;
+ reader_table[slot].pinpad_varlen_supported = 1;
+ }
+ else if (vendor == 0x0c4b /* Tested with Reiner cyberJack GO */
|| vendor == 0x1a44 /* Tested with Vasco DIGIPASS 920 */
|| vendor == 0x234b /* Tested with FSIJ Gnuk Token */
|| vendor == 0x0d46 /* Tested with KAAN Advanced??? */)
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index 490569f..8a68a44 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -3355,6 +3355,7 @@ ccid_transceive_secure (ccid_driver_t handle,
size_t dummy_nresp;
int testmode;
int cherry_mode = 0;
+ int add_zero = 0;
int enable_varlen = 0;
testmode = !resp && !nresp;
@@ -3396,7 +3397,7 @@ ccid_transceive_secure (ccid_driver_t handle,
enable_varlen = 1;
break;
case VENDOR_CHERRY:
- pininfo->maxlen = 25;
+ pininfo->maxlen = 15;
enable_varlen = 1;
/* The CHERRY XX44 keyboard echos an asterisk for each entered
character on the keyboard channel. We use a special variant
@@ -3405,6 +3406,7 @@ ccid_transceive_secure (ccid_driver_t handle,
Lc byte to the APDU. It seems that it will be replaced with
the actual length instead of being appended before the APDU
is send to the card. */
+ add_zero = 1;
if (handle->id_product != CHERRY_ST2000)
cherry_mode = 1;
break;
@@ -3527,7 +3529,7 @@ ccid_transceive_secure (ccid_driver_t handle,
msg[msglen++] = apdu_buf[1]; /* INS */
msg[msglen++] = apdu_buf[2]; /* P1 */
msg[msglen++] = apdu_buf[3]; /* P2 */
- if (cherry_mode)
+ if (add_zero)
msg[msglen++] = 0;
else if (pininfo->fixedlen != 0)
{
-----------------------------------------------------------------------
Summary of changes:
scd/apdu.c | 32 ++++++++++++++++++++++++--------
scd/ccid-driver.c | 6 ++++--
2 files changed, 28 insertions(+), 10 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list