-
Notifications
You must be signed in to change notification settings - Fork 712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: Not issue enough GET_RESPONSE #147
Comments
The log is gone from the URL, but IIRC this was already discussed and the result was that the behavior of Gnuk device is not really standard in this context and thus the ISO7816 function is not supposed to work for it. Has something changed? |
Yes. The last discussion is about Gnuk did not return correct SW byte for GET RESPONSE. The author fixed it.
and makes
|
OK, I see it now. Indeed, current code in iso7816.c (the only implementation of get_response driver hook, which makes me question the usefulness of it) assumes that GET RESPONSE is only called once yet the code in apdu.c would call it until indicated as end of data by the card. Short term solution: fix iso7816.c. In the long run it might be meaningful to keep the ISO7816 conforming behavior in apdu.c and avoid a few table lookups going through the "generic" and "driver" ops... Do you have a patch? |
I don't have patch because I don't know how this change could affect other card drivers. |
I have two proposals for a patch:
|
Hi, |
Hi, I tried fixing iso7816.c (delete the line which changes SC_APDU_FLAGS_NO_GET_RESP flag). But now I found a new bug: The total response length is not accumulated via multiple GET_RESPONSE. Here is the log with additional logging: At the start of |
Happy debugging ;) |
I found the logic error. We will use Debug log: http:https://pastebin.com/UQvyEuKK What's difficult to fix is, there is no way to transfer Update 1: Update 2: |
That's why I said it might be a good idea to reap the call stack a bit and unite the functionality into a single location, where it is easier to follow, to bring some sense and understanding into it. The level of (useless) indirection in this specific location is way too high for no obvious benefit. |
Yes. You are right. |
Looking at your analysis I see you have it all figured out already ? :) |
Hi, Martin. Do I need to remove those unused get_response function? |
Without looking at any code you've written, I can suggest that keeping functions with sensible size is desired, so having a (static) sc_get_response separated from (public) sc_transmit() for readability is good. Given that sc_get_reponse already now would give an error (and thus render the card useless) if the card would respond with 61XX (and thus need get_reponse), I think it is safe to remove the hook. I'll review the drivers one more time. |
Hi, here is my code: The change is small and after change, the function is 56 lines long. So I think we don't need to split it out. |
Sorry, probably I do not understood your problem.
It's not true. I also have the read-public-key procedure that needs the get-response() procedure to be called two times (and other such cases), and ''it-works-for-me''. I would propose you to post here high level logs of your problem after the invalid SW has been fixed and with the current master sources (or with a few debug messages more in the code). |
Hello @martinpaljak and @viktorTarasov Which causes me to misunderstand this issue is one bug in OpenPGP driver, which did not provide enough buffer for "Short APDU" case. So, no need to change OpenSC's core implementation. I'm closing this issue. |
Nevertheless, removing the unused get_response hook and moving the actual get_response code closer to where it is used (apdu.c) is a justified move. |
Hello,
I'm reading long data from a card which only support short APDU (Gnuk card).
To read this, we need multiple GET_RESPONSE command but OpenSC only issued 1 then stop.
Here is the debug log: http:https://hastebin.com/pametuleki.md
At line 7, card returned
61 00
.At line 10, OpenSC checked SW and flags. They were all OK and GET_RESPONSE was issued.
The problem then came: The
iso7816_get_response()
function changed the flag: line 12 & 13.As a result, at line 46, the check was not OK and OpenSC did not issue GET_RESPONSE any more. We could not get enough data (line 53).
The text was updated successfully, but these errors were encountered: