On 24/04/2011 13:17, Viktor TARASOV wrote:
The using of SC_PKCS15INIT_MAX_OPTIONS is not appropriate in this context.
SC_PKCS15INIT_MAX_OPTIONS is the number of profile options that can be defined
as an argument for the pkcs15init operations .
So I can use up to 16 +'option' ? :)
If you want to 'marconize' the raw value, you should introduce a new macro,
something like
Ok. Done that. Attached.
I think that's always better to use symbolic constants instead of
literal ones.
It's different from SC_MAX_AC_OPS -- maximal number of distinct card operations
that can be protected by some access condition.
Yup. For these I usually use a typedef enum instead of a series of
#define so that any constant can be included anywhere in the sequence
and the limit stays updated automatically.
Another patch for that is attached.
BYtE,
Diego.
--- src/pkcs15init/pkcs15-lib.c.ori 2010-12-22 18:14:39.000000000 +0100
+++ src/pkcs15init/pkcs15-lib.c 2011-04-24 21:04:25.000000000 +0200
@@ -79,6 +79,9 @@
#define TEMPLATE_INSTANTIATE_MIN_INDEX 0x0
#define TEMPLATE_INSTANTIATE_MAX_INDEX 0xFE
+/* Maximal number of access conditions that can be defined for one card
operation. */
+#define SC_MAX_OP_ACS 16
+
/* Handle encoding of PKCS15 on the card */
typedef int (*pkcs15_encoder)(struct sc_context *,
struct sc_pkcs15_card *, u8 **, size_t *);
@@ -3296,14 +3296,14 @@
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
for (op = 0; r == 0 && op < SC_MAX_AC_OPS; op++) {
- struct sc_acl_entry acls[16];
+ struct sc_acl_entry acls[SC_MAX_OP_ACS];
const struct sc_acl_entry *acl;
const char *what;
int added = 0, num, ii;
/* First, get original ACLs */
acl = sc_file_get_acl_entry(file, op);
- for (num = 0; num < 16 && acl; num++, acl = acl->next)
+ for (num = 0; num < SC_MAX_OP_ACS && acl; num++, acl =
acl->next)
acls[num] = *acl;
sc_file_clear_acl_entries(file, op);
--- src/libopensc/types.h.ori 2010-12-22 18:14:47.000000000 +0100
+++ src/libopensc/types.h 2011-04-24 21:44:31.000000000 +0200
@@ -86,35 +86,36 @@
#define SC_AC_NEVER 0xFFFFFFFF
/* Operations relating to access control */
-#define SC_AC_OP_SELECT 0
-#define SC_AC_OP_LOCK 1
-#define SC_AC_OP_DELETE 2
-#define SC_AC_OP_CREATE 3
-#define SC_AC_OP_REHABILITATE 4
-#define SC_AC_OP_INVALIDATE 5
-#define SC_AC_OP_LIST_FILES 6
-#define SC_AC_OP_CRYPTO 7
-#define SC_AC_OP_DELETE_SELF 8
-#define SC_AC_OP_PSO_DECRYPT 9
-#define SC_AC_OP_PSO_ENCRYPT 10
-#define SC_AC_OP_PSO_COMPUTE_SIGNATURE 11
-#define SC_AC_OP_PSO_VERIFY_SIGNATURE 12
-#define SC_AC_OP_PSO_COMPUTE_CHECKSUM 13
-#define SC_AC_OP_PSO_VERIFY_CHECKSUM 14
-#define SC_AC_OP_INTERNAL_AUTHENTICATE 15
-#define SC_AC_OP_EXTERNAL_AUTHENTICATE 16
-#define SC_AC_OP_PIN_DEFINE 17
-#define SC_AC_OP_PIN_CHANGE 18
-#define SC_AC_OP_PIN_RESET 19
-#define SC_AC_OP_ACTIVATE 20
-#define SC_AC_OP_DEACTIVATE 21
-#define SC_AC_OP_READ 22
-#define SC_AC_OP_UPDATE 23
-#define SC_AC_OP_WRITE 24
-#define SC_AC_OP_RESIZE 25
-#define SC_AC_OP_GENERATE 26
-/* If you add more OPs here, make sure you increase SC_MAX_AC_OPS*/
-#define SC_MAX_AC_OPS 27
+typedef enum {
+ SC_AC_OP_SELECT=0,
+ SC_AC_OP_LOCK,
+ SC_AC_OP_DELETE,
+ SC_AC_OP_CREATE,
+ SC_AC_OP_REHABILITATE,
+ SC_AC_OP_INVALIDATE,
+ SC_AC_OP_LIST_FILES,
+ SC_AC_OP_CRYPTO,
+ SC_AC_OP_DELETE_SELF,
+ SC_AC_OP_PSO_DECRYPT,
+ SC_AC_OP_PSO_ENCRYPT,
+ SC_AC_OP_PSO_COMPUTE_SIGNATURE,
+ SC_AC_OP_PSO_VERIFY_SIGNATURE,
+ SC_AC_OP_PSO_COMPUTE_CHECKSUM,
+ SC_AC_OP_PSO_VERIFY_CHECKSUM,
+ SC_AC_OP_INTERNAL_AUTHENTICATE,
+ SC_AC_OP_EXTERNAL_AUTHENTICATE,
+ SC_AC_OP_PIN_DEFINE,
+ SC_AC_OP_PIN_CHANGE,
+ SC_AC_OP_PIN_RESET,
+ SC_AC_OP_ACTIVATE,
+ SC_AC_OP_DEACTIVATE,
+ SC_AC_OP_READ,
+ SC_AC_OP_UPDATE,
+ SC_AC_OP_WRITE,
+ SC_AC_OP_RESIZE,
+ SC_AC_OP_GENERATE,
+ SC_MAX_AC_OPS /* This *MUST* remain the *last* one */
+} _sc_ac_ops;
/* the use of SC_AC_OP_ERASE is deprecated, SC_AC_OP_DELETE should be used
* instead */
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel