From a7766b3de36adf2c50fa463ddeb3548dbb1ff140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B3=20=C3=81gila=20Bitsch?= Date: Sat, 20 Jul 2019 23:04:57 +0200 Subject: [PATCH] allow chaining for pkcs15-init --store-private-key EC keys when importing a private key onto a pkcs15 card, if the card does not support extended APDUs, we need to use chaining to store keys longer than 255 bytes. While for RSA keys, this check was included, it was missing for EC keys. This patch adds the SC_APDU_FLAGS_CHAINING flag to apdu.flags if data length is greater than 255 and the card caps does not include SC_CARD_CAP_APDU_EXT. Fixes #1747 --- src/libopensc/card-isoApplet.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libopensc/card-isoApplet.c b/src/libopensc/card-isoApplet.c index c323d922..430cb30d 100644 --- a/src/libopensc/card-isoApplet.c +++ b/src/libopensc/card-isoApplet.c @@ -928,6 +928,10 @@ isoApplet_put_data_prkey_ec(sc_card_t *card, sc_cardctl_isoApplet_import_key_t * apdu.lc = p - sbuf; apdu.datalen = p - sbuf; apdu.data = sbuf; + if ((apdu.datalen > 255) && !(card->caps & SC_CARD_CAP_APDU_EXT)) + { + apdu.flags |= SC_APDU_FLAGS_CHAINING; + } r = sc_transmit_apdu(card, &apdu); if(r < 0) {