Ludovic Rousseau wrote:
On Thu, Oct 9, 2008 at 12:10 AM, Douglas E. Engert <[EMAIL PROTECTED]> wrote:
Ludovic Rousseau wrote:
Hello,
On Mon, Oct 6, 2008 at 8:48 PM, Douglas E. Engert <[EMAIL PROTECTED]>
wrote:
OpenSC will show a slot is present if there is a reader, but
will segfault if C_GetMechanismList is called for an unused
virtual slot. I submitted to OpenSC ticket number #181
You have not responded to my comment in the bug report [1]
I think your patch is not the correct solution and that the real
problem is elsewhere.
After doing some debugging, I think I might see the problem.
Virtual slots are created and cleared to zero.
Thus slot->reader = 0;
As I understand it, virtual slots are assigned to a reader.
But the slot->reader is not set by card_initialize.
Thus all the extra slots appear to be for reader 0.
I only have one reader, but 8 virtual slots are the default,
with 4 slots per card/reader.
While getting slot information for slot 4,
In slot.c, slot_get_token() calls
rv = card_detect(*(slot)->reader)
which returns 0, as there is a card in reader 0,
but it should be looking at reader 1.
Thus get_slot_token returns CKR_OK rather then
CKR_TOKEN_NOT_PRESENT for the slot 4.
Attached is a possible solution.
This has some debugging and is not well tested.
Patch applied. Thanks.
One strange thing is that C_GetTokenInfo(), C_GetMechanismList() does
not return CKR_TOKEN_NOT_PRESENT for slots 1 to 3 even if the flag
CKF_TOKEN_PRESENT is not set in C_GetSlotInfo()
It looks like CKF_TOKEN_PRESENT is set in framework-pkcs15init.c
(if initilizing cards), and in framework-pkcs15.c.
pkcs15_create_tokens calls in pkcs15_create_slot
for the first slot which sets the flag. pkcs15_create_tokens
will set the flag for read/write slots if in hide_empty_tokens is not set.
So what I think should also happen is in slot_get_token, after
calling card_detect, it should test CKF_TOKEN_PRESENT
and return CKR_TOKEN_NOT_PRESENT if not set.
The attached patch does this. It includes yesterdays patch as well.
Some other comments on slots and readers.
It appears that num_virtual_slots should equal the number of
readers * num_slots.
SC_MAX_READERS is 16, SC_PKCS11_DEF_SLOTS_PER_CARD is 4.
SC_PKCS11_DEF_VIRTUAL_SLOTS is 8.
The defaults in the opensc.conf have:
reader_drivers = openct, pcsc, ctapi;
reader_driver openct { readers = 5; }
num_virtual_slots = 8;
num_slots = 4;
With num_virtual_slots = 8 and num_slots = 4 you can really only
have 2 readers.
Should SC_PKCS11_DEF_VIRTUAL_SLOTS =
SC_MAX_READERS * SC_PKCS11_DEF_SLOTS_PER_CARD?
Maybe include some text in opensc.conf.in?
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--- ,slot.c Thu Jul 31 07:19:57 2008
+++ slot.c Thu Oct 9 10:38:00 2008
@@ -48,6 +48,7 @@
{
struct sc_pkcs11_card *card = card_table + reader;
unsigned int avail;
+ int i;
if (reader < 0 || reader >= SC_PKCS11_MAX_READERS)
return CKR_FUNCTION_FAILED;
@@ -69,6 +70,12 @@
card->max_slots = avail;
card->num_slots = 0;
+ for (i = 0; i < card->max_slots; i++) {
+ struct sc_pkcs11_slot *slot = virtual_slots + card->first_slot
+ i;
+ slot->reader = reader;
+ }
+
+
first_free_slot += card->max_slots;
return CKR_OK;
}
@@ -265,6 +272,11 @@
rv = card_detect((*slot)->reader);
if (rv != CKR_OK)
return CKR_TOKEN_NOT_PRESENT;
+ }
+
+ if (!((*slot)->slot_info.flags & CKF_TOKEN_PRESENT)) {
+ sc_debug(context,"card detected, but slot not presenting
token");
+ return CKR_TOKEN_NOT_PRESENT;
}
return CKR_OK;
}
--- ,opensc.conf.in Wed Aug 27 01:22:39 2008
+++ opensc.conf.in Thu Oct 9 11:16:25 2008
@@ -304,6 +304,9 @@
# the remaining number of slots will be empty.
num_slots = 4;
+ # max_virtual_slots/num_slots limits the number of readers
+ # that can be used on the system.
+
# Normally, the pkcs11 module will create
# the full number of slots defined above by
# num_slots. If there are fewer pins/keys on
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
