Andreas Jellinghaus wrote:
Am Dienstag 20 Oktober 2009 17:08:31 schrieb Alessandro Premoli:
Andreas Jellinghaus ha scritto:
OpenSC 0.11.10 released today now includes a new driver "westcos"
This raised the requirements with OpenSSL 0.9.8, while previously opensc
could be compiled also with 0.9.7. Is it intentional?
thanks for reporting, I was not aware of that. Can you post the error messages
you get, if openssl 0.9.7 is used for compiling?
if we can make a small work around to enable 0.9.7 again, most likely we will.
Attached is a patch that compiles on Solaris 10 using the
/usr/sfw/ version of OpenSSL-0.9.7 (which has security patches.)
It tests the version of openssl and uses the old RSA_gererate_key
if older the 0.9.8. Someone needs to try in on a system with 0.9.8.
On the other hand openssl 0.9.8 was released july 2005, so if major changes
are required, we will most likely not invest the time to support software
older than 4 years.
I am interested in doing this as long as major vendors use this software
and keep up the security patches. Since OpenSC is likely to be called at login,
via PAM which calls who knows what else, using the vendor's version of
standard libraries when ever possible is a good idea.
but lets see facts and problems first, so we have a valid base for discussion.
thanks!
Regards, Andreas
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Index: src/tools/westcos-tool.c
===================================================================
--- src/tools/westcos-tool.c (revision 3778)
+++ src/tools/westcos-tool.c (working copy)
@@ -32,6 +32,7 @@
#include <opensc/pkcs15.h>
#include <opensc/cardctl.h>
+#include <openssl/opensslv.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -669,8 +670,12 @@
printf("Generate key of length %d.\n", keylen);
+#if OPENSSL_VERSION_NUMBER>=0x00908000L
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, keylen, bn, NULL))
+#else
+ if (!RSA_generate_key(keylen, RSA_F4, NULL, NULL))
+#endif
{
fprintf(stderr,
"RSA_generate_key_ex return %d\n",
ERR_get_error());
Index: src/pkcs15init/pkcs15-westcos.c
===================================================================
--- src/pkcs15init/pkcs15-westcos.c (revision 3778)
+++ src/pkcs15init/pkcs15-westcos.c (working copy)
@@ -32,6 +32,7 @@
#include "profile.h"
#ifdef ENABLE_OPENSSL
+#include <openssl/opensslv.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -292,8 +293,12 @@
/* pkcs11 re-route routine cryptage vers la carte fixe default to use
openssl */
rsa->meth = RSA_PKCS1_SSLeay();
+#if OPENSSL_VERSION_NUMBER>=0x00908000L
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
+#else
+ if (!RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL))
+#endif
{
r = SC_ERROR_UNKNOWN;
goto out;
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
