Dear Eric
You wrote me this on last October (see besides)
I'm asking you what I've to do in order to install and use this new version
of patch.
Thank you in advance
Paolo
----------------------------------------------------------------------------
---------
Hi Paolo,
Paolo Rossi wrote:
>
> I'm trying to compile the software in win32 environment (NT4SP4)
> with no result (I would like to interface a gemplus smart-card with
> gclib.dll).
> I 've installed openssl-engine-0.9.6, and unzipped your files (not
> the patch) in : c:\open...\crpypto\pkcs11.
> When I run mingw32.bat (I use gcc-2.95.2-msvcrt compiler ) there is
> a problem and the compilation fails.
> I've only modified mkfiles.pl, by adding the follow line :
> "crypto/pkcs11",
> What is wrong?
You need somehow to apply the provided 'patch'
pkcs11.openssl.adnovum.20010615.patch.gz (either by using GNU 'patch'
or manually). If you 'gunzip' the file, you will get a human-readable
'unified' 'diff' (generated by GNU 'diff -u').
Let me explain how to apply the changes manually, by a sample:
* change apps/progs.h:
These four lines are meta info, identifying files, timestamps, and
locations in the file.
diff -ur openssl-SNAP-20010613/apps/progs.h OpenSSL/openssl/apps/progs.h
--- openssl-SNAP-20010613/apps/progs.h Mon Feb 19 18:00:26 2001
+++ OpenSSL/openssl/apps/progs.h Fri Jun 15 00:00:00 2001
@@ -37,6 +37,7 @@
Lines beginning with ' ' are 'context' lines, used as an orientation.
don't add/delete/change these!
extern int rand_main(int argc,char *argv[]);
extern int engine_main(int argc,char *argv[]);
extern int ocsp_main(int argc,char *argv[]);
Add lines beginning with '+', e.g. this line:
+extern int pkcs11_main(int argc,char *argv[]);
More context lines:
#define FUNC_TYPE_GENERAL 1
#define FUNC_TYPE_MD 2
Delete lines beginning with '-', change '-'/'+' line pairs
accordingly.
In the specific patch, changes are done mainly on makefiles, and some
code is added to ssl/ssl_rsa.c.
Hope this helps.
Regards,
Eric
----------------------------------------------------------------------------
----------------------------------
----- Original Message -----
From: "Eric Laroche" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 12, 2001 1:18 PM
Subject: [PATCH] PKCS#11 code update
>
> Hi developers,
>
> I reworked some of our (AdNovum's) previously posted OpenSSL PKCS#11
> code. Code robustness has been enhanced and the code is (so I hope)
> clearer, and better layered (into a core PKCS#11 part and a PKCS#11
> token object finding (keys, certs) part).
>
> The object finding logic has been enhanced to allow 'denormalized(?)'
> keys and certificates to be found and loaded (e.g. private keys
> missing modulus attribute, or certificates missing the (rsa) key
> type...).
>
> The token object specification format has been widened. It is now
> more powerful and more intuitive, using name/value pairs, e.g.:
> "pkcs11:library=cryptoki&tokenlabel=eric&objectlabel=two&dologin=true"
>
> The object specification format is now open to allow the notation of
> such things as: 'should a sign/verify request be handled by the token
> or by openssl?' (non-extractable/sensitive keys vs. speed issues...).
> however, that has not been implemented yet; sensitive operations such
> as signatures are generally done by the token, verifies are done by
> OpenSSL (which is faster, in most cases).
>
> Some open issues are:
>
> - Thread safeness issues are not exhaustively done.
>
> - There are still some (minor) TODOs scattered in the code.
>
> - It needs, of course, more test cases, with more use patterns.
>
> Best regards,
> Eric
>
> --
> Eric Laroche <[EMAIL PROTECTED]>, AdNovum Informatik AG
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
