scd: ccid-driver improvement

NIIBE Yutaka gniibe at
Thu Mar 14 08:01:30 CET 2013

Sending same patch here, again.  This time, my intention is to include
this change to both of STABLE-BRANCH-2-0 and master.

In January 2012, I changed the same line of ccid_transceive_apdu_level.
The git commit ID is: 5988c8bfb7eafaca53c8abeb793f189acd3177c6

At that time, Gnuk used extended APDU level exchange, and the magic
number 289 came from its 2048-bit key import communication.

For a reader which supports extended APDU level exchange, 289 is not
enough for a key > 2048-bit (key import and decryption).  Thus, I'd
like to fix the checking again.

As we discussed in 2012, this is a kind of ad hoc change; It works for
now, but it won't work for 8192-bit key.  It would be good to support
full of extended APDU exchange level communication.

My opinion is that full support of extended APDU exchange level
communication is still not worth now.  This change is OK for me.

Any comments?

diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index ccf579c..dd9fabe 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -2840,7 +2840,7 @@ ccid_transceive_apdu_level (ccid_driver_t handle,
   /* The maximum length for a short APDU T=1 block is 261.  For an
      extended APDU T=1 block the maximum length 65544; however
      extended APDU exchange level is not fully supported yet.  */
-  if (apdulen > 289)
+  if (apdulen > sizeof (send_buffer) - 10)
     return CCID_DRIVER_ERR_INV_VALUE; /* Invalid length. */
   msg[0] = PC_to_RDR_XfrBlock;

More information about the Gnupg-devel mailing list