Am Mittwoch 21 Oktober 2009 09:20:59 schrieb Alessandro Premoli:
> Douglas E. Engert ha scritto:
> > Attached is a patch that compiles on Solaris 10 using the
> > /usr/sfw/ version of OpenSSL-0.9.7 (which has security patches.)
> >
> > It tests the version of openssl and uses the old RSA_gererate_key
> > if older the 0.9.8. Someone needs to try in on a system with 0.9.8.
>
> It compiles, but does it work? It seems to me that the generated key is
> lost and not stored in the 'rsa' variable.
true. here is a new patch on top of douglas patch.
what do you think?
Regards, Andreas
diff -udrNPp --exclude=.svn opensc.orig/src/pkcs15init/pkcs15-westcos.c opensc/src/pkcs15init/pkcs15-westcos.c
--- opensc.orig/src/pkcs15init/pkcs15-westcos.c 2009-10-21 10:13:31.000000000 +0200
+++ opensc/src/pkcs15init/pkcs15-westcos.c 2009-10-21 10:13:25.000000000 +0200
@@ -265,25 +265,28 @@ static int westcos_pkcs15init_generate_k
sc_pkcs15_object_t *obj,
sc_pkcs15_pubkey_t *pubkey)
{
- int r = SC_ERROR_UNKNOWN;
+#ifndef ENABLE_OPENSSL
+ return SC_ERROR_NOT_SUPPORTED;
+#else
+ int r = SC_ERROR_UNKNOWN;
long lg;
char *p;
sc_pkcs15_prkey_info_t *key_info = (sc_pkcs15_prkey_info_t *) obj->data;
-#ifdef ENABLE_OPENSSL
- RSA *rsa = RSA_new();
- BIGNUM *bn = BN_new();
- BIO *mem = BIO_new(BIO_s_mem());
-#endif
+ RSA *rsa = NULL;
+ BIGNUM *bn = NULL;
+ BIO *mem = NULL;
-#ifndef ENABLE_OPENSSL
- r = SC_ERROR_NOT_SUPPORTED;
-#else
sc_file_t *prkf = NULL;
if (obj->type != SC_PKCS15_TYPE_PRKEY_RSA) {
return SC_ERROR_NOT_SUPPORTED;
}
+#if OPENSSL_VERSION_NUMBER>=0x00908000L
+ rsa = RSA_new();
+ bn = BN_new();
+ mem = BIO_new(BIO_s_mem());
+
if(rsa == NULL || bn == NULL || mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
@@ -291,19 +294,27 @@ static int westcos_pkcs15init_generate_k
}
/* pkcs11 re-route routine cryptage vers la carte fixe default to use openssl */
- rsa->meth = RSA_PKCS1_SSLeay();
-
-#if OPENSSL_VERSION_NUMBER>=0x00908000L
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
#else
- if (!RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL))
+ mem = BIO_new(BIO_s_mem());
+
+ if(mem == NULL)
+ {
+ r = SC_ERROR_OUT_OF_MEMORY;
+ goto out;
+ }
+
+ rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL);
+ if (!rsa)
#endif
{
r = SC_ERROR_UNKNOWN;
goto out;
}
+ rsa->meth = RSA_PKCS1_SSLeay();
+
if(pubkey != NULL)
{
if(!i2d_RSAPublicKey_bio(mem, rsa))
@@ -354,9 +365,9 @@ out:
RSA_free(rsa);
if(prkf)
sc_file_free(prkf);
-#endif
return r;
+#endif
}
static int westcos_pkcs15init_finalize_card(sc_card_t *card)
diff -udrNPp --exclude=.svn opensc.orig/src/tools/westcos-tool.c opensc/src/tools/westcos-tool.c
--- opensc.orig/src/tools/westcos-tool.c 2009-10-21 10:13:31.000000000 +0200
+++ opensc/src/tools/westcos-tool.c 2009-10-21 10:13:13.000000000 +0200
@@ -361,15 +361,9 @@ int main(int argc, char *argv[])
sc_context_t *ctx = NULL;
sc_file_t *file = NULL;
sc_path_t path;
- RSA *rsa = RSA_new();
- BIGNUM *bn = BN_new();
- BIO *mem = BIO_new(BIO_s_mem());
-
- if(rsa == NULL || bn == NULL || mem == NULL)
- {
- fprintf(stderr,"Not enougth memory.\n");
- goto out;
- }
+ RSA *rsa = NULL;
+ BIGNUM *bn = NULL;
+ BIO *mem = NULL;
while(i<argc)
{
@@ -671,10 +665,29 @@ int main(int argc, char *argv[])
printf("Generate key of length %d.\n", keylen);
#if OPENSSL_VERSION_NUMBER>=0x00908000L
+ rsa = RSA_new();
+ bn = BN_new();
+ mem = BIO_new(BIO_s_mem());
+
+ if(rsa == NULL || bn == NULL || mem == NULL)
+ {
+ fprintf(stderr,"Not enougth memory.\n");
+ goto out;
+ }
+
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, keylen, bn, NULL))
#else
- if (!RSA_generate_key(keylen, RSA_F4, NULL, NULL))
+ rsa = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
+ mem = BIO_new(BIO_s_mem());
+
+ if(mem == NULL)
+ {
+ fprintf(stderr,"Not enougth memory.\n");
+ goto out;
+ }
+
+ if (!rsa)
#endif
{
fprintf(stderr,
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
