giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

iso-sm: fixed too short response APDU data length 

one byte off error in calculation of ASN.1 length
This commit is contained in:
Frank Morgner 2020-04-08 02:13:24 +02:00
parent 2c26b7392d
commit f9b31e50dd
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/sm/sm-iso.c
View File

@ -469,16 +469,17 @@ static int sm_encrypt(const struct iso_sm_ctx *ctx, sc_card_t *card,
sm_apdu->datalen = sm_data_len;
sm_apdu->lc = sm_data_len;
sm_apdu->le = 0;
/* for encrypted APDUs we usually get authenticated status bytes (4B), a
* MAC (2B without data) and a cryptogram with padding indicator (2B tag
* and indicator, max. 2B/3B ASN.1 length, without data). The cryptogram is
* always padded to the block size. */
if (apdu->cse & SC_APDU_EXT) {
sm_apdu->cse = SC_APDU_CASE_4_EXT;
sm_apdu->resplen = 4 + 2 + mac_len + 2 + 3 + ((apdu->resplen+1)/ctx->block_length+1)*ctx->block_length;
} else {
sm_apdu->cse = SC_APDU_CASE_4_SHORT;
sm_apdu->resplen = 4 + 2 + mac_len + 2 + 2 + ((apdu->resplen+1)/ctx->block_length+1)*ctx->block_length;
}
/* for encrypted APDUs we usually get authenticated status bytes
* (4B), a MAC (2B without data) and a cryptogram with padding
* indicator (3B without data). The cryptogram is always padded to
* the block size. */
sm_apdu->resplen = 4 + 2 + mac_len + 3 + ((apdu->resplen+1)/ctx->block_length+1)*ctx->block_length;
resp_data = calloc(sm_apdu->resplen, 1);
if (!resp_data) {
r = SC_ERROR_OUT_OF_MEMORY;