Re: [opensc-devel] OpenSC svn build on Windows rutoken issues
On 4/16/08, Aktiv Co. Aleksey Samsonov <[EMAIL PROTECTED]> wrote: > Alon Bar-Lev: > > Please also explain why the pkcs15-prkey-rutoken.c is needed, there is > > not prkey specific file for any other card. > > This file is necessary to avoid redoubling of code. I don't understand why the emulation layer cannot provide this as standard pkcs15 elements. And why rutoken is the only one which has this kind of stuff. > Alon Bar-Lev: > > Also at libopensc.exports you can see that only rutoken has card > > specific exports, this should also be modified. > > Patch opensc-0.11.4.trunk-r3476_rutoken-0.3.2_2.diff (for > opensc-0.11.4.trunk-r3476-0.11.4.trunk-r3476_rutoken-0.3.2.diff) > is > draft. This patch solves the problem with exported functions. (Instead of > pkcs15-prkey-rutoken.c it'll be rutoken-prkey.h). If this solution is better > than previous one, but it's inappropriate to use line '#include > "../libopensc/rutoken-prkey.h"' in the file > src/pkcs15init/pkcs15-rutoken.c, then I can fully split the > file rutoken-prkey.h. Having code in include file is worse. Please try to convert the rutoken specific stuff into pkcs15 data structures. Alon ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Some MSVC build issues
On 4/16/08, Douglas E. Engert <[EMAIL PROTECTED]> wrote: > OK, I am willing to try and build with a cross compile using mingw > as that appears to be the consensus of opensc-project members. Great! > I have an Ubuntu system with the mingw32, mingw32-binutils, and > mingw-runtime. Good to test this on other distros :) > But I don't see in the opensc configure how to tell it to build the cross > compile win32 version. It looks like the scb create-using-mingw, so I > assume > I should try and use it... It is standard cross compile: ./configure --host= You can see this in the create-using-mingw script. > > I've added a script opensc-install.bat that installs the package. > > All you need to do is extract the files to their final location and > > run this script. > > > > I see the script, its a start, but I though NSIS was the direction? > You could still consider Sure! But I find nobody who wish to help. And I won't maintain this... > > No graphical installer, but it is doing the same... > > > > The create-using-mingw in scb trunk builds the file structure. > > > > I tried that, but it is trying to load openssl-SNAP-20080403, > which is not available, so I tried 20080415. (Why do you need > the snapshot? Is it related to your OpenSSL rt#1552?) I've updated the snapshot. openssl-0.9.9 will be the first version capable of cross compile. Also the mingw support is broken, so fixup is required. > It also tries to load libp11-0.2.4 that is not created yet, > and opensc-0.11.4 that does not have any of your changes yet. > So I stopped at the downloads for now. You should export trunk of opensc, libp11, engine_pkcs11 and: autoreconf -i -v -f && ./configure && make dist And copy the tarballs into distfiles directory where create-using-mingw is located. In the future, after next release, it will download correct version directly from site. I use: $ ls distfiles/ engine_pkcs11-0.1.4-svn.tar.gz libtool-1.5.26.tar.gz openssl-SNAP-20080415.tar.gz libp11-0.2.3-svn.tar.gz opensc-0.11.4-svn.tar.gz zlib-1.2.3.tar.gz CHOST=i686-pc-mingw32 CBUILD=i686-pc-linux-gnu ./create-using-mingw Alon ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC svn build on Windows rutoken issues
On Fri, Apr 11, 2008 at 11:40 AM, Aktiv Co. Aleksey Samsonov wrote: We are going to release tested patch for the current version of your code in a couple of days. It fixes a number of bugs in Rutoken code and changes card-rutoken.c file to meet OpenSC coding standards. Patch for trunk revision 3476 is in attachment. I believe that whitespace changes to existing code in this patch is are necessary because otherwise some files will not be formatted properly. Alon Bar-Lev: > Please also explain why the pkcs15-prkey-rutoken.c is needed, there is > not prkey specific file for any other card. This file is necessary to avoid redoubling of code. Alon Bar-Lev: > Also at libopensc.exports you can see that only rutoken has card > specific exports, this should also be modified. Patch opensc-0.11.4.trunk-r3476_rutoken-0.3.2_2.diff (for opensc-0.11.4.trunk-r3476-0.11.4.trunk-r3476_rutoken-0.3.2.diff) is draft. This patch solves the problem with exported functions. (Instead of pkcs15-prkey-rutoken.c it'll be rutoken-prkey.h). If this solution is better than previous one, but it's inappropriate to use line '#include "../libopensc/rutoken-prkey.h"' in the file src/pkcs15init/pkcs15-rutoken.c, then I can fully split the file rutoken-prkey.h. opensc-0.11.4.trunk-r3476-0.11.4.trunk-r3476_rutoken-0.3.2.diff.gz Description: application/gzip opensc-0.11.4.trunk-r3476_rutoken-0.3.2_2.diff.gz Description: application/gzip ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Some MSVC build issues
Alon Bar-Lev wrote: > On 4/9/08, Douglas E. Engert <[EMAIL PROTECTED]> wrote: >> As I said before, if you can create an installable SCB from ming, that >> can work on XP and Vista with OpenSSL and zip, that can work for login >> and browsers, then the MSVC build could be dropped. >> >> Until then, it would be a good idea to keep MSVC build around. > OK, I am willing to try and build with a cross compile using mingw as that appears to be the consensus of opensc-project members. I have an Ubuntu system with the mingw32, mingw32-binutils, and mingw-runtime. But I don't see in the opensc configure how to tell it to build the cross compile win32 version. It looks like the scb create-using-mingw, so I assume I should try and use it... > I've added a script opensc-install.bat that installs the package. > All you need to do is extract the files to their final location and > run this script. I see the script, its a start, but I though NSIS was the direction? You could still consider > > No graphical installer, but it is doing the same... > > The create-using-mingw in scb trunk builds the file structure. I tried that, but it is trying to load openssl-SNAP-20080403, which is not available, so I tried 20080415. (Why do you need the snapshot? Is it related to your OpenSSL rt#1552?) It also tries to load libp11-0.2.4 that is not created yet, and opensc-0.11.4 that does not have any of your changes yet. So I stopped at the downloads for now. > > Alon. > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] engine_pkcs11: Slot selecting
Hi, engine_pkcs11 uses a special format to identify a key or cert stored on a token in a specific slot. This is the parameter "s_slot_cert_id" for "pkcs11_load_cert" and "s_slot_key_id" for "pkcs11_load_key". If this parameter is left empty, it means "use the first key/cert on the first token found". But what I (and maybe others) need is "use the first key/cert on a given slot". This cannot be achieved with the current code, because if one gives a slot-id, a cert-id has to be given too (e.g. "1:45"). The following diff is my approach to allow e.g. "1:", which in this case means "use the first key/cert on slot 1": *** config/patch/engine_pkcs11-0.1.4/engine_pkcs11.c2008-04-03 16:41:26.0 +0200 --- engine_pkcs11-0.1.4/src/engine_pkcs11.c 2007-07-04 02:18:31.0 +0200 *** *** 461,471 if (verbose) { fprintf(stderr, "Found %u cert%s:\n", count, (count <= 1) ? "" : "s"); } ! if (cert_id_len != 0) { for (n = 0; n < count; n++) { PKCS11_CERT *k = certs + n; if (cert_id_len != 0 && k->id_len == cert_id_len && memcmp(k->id, cert_id, cert_id_len) == 0) { --- 461,471 if (verbose) { fprintf(stderr, "Found %u cert%s:\n", count, (count <= 1) ? "" : "s"); } ! if ((s_slot_cert_id && *s_slot_cert_id) || (cert_id_len == 0)) { for (n = 0; n < count; n++) { PKCS11_CERT *k = certs + n; if (cert_id_len != 0 && k->id_len == cert_id_len && memcmp(k->id, cert_id, cert_id_len) == 0) { *** *** 700,710 if (verbose) { fprintf(stderr, "Found %u key%s:\n", count, (count <= 1) ? "" : "s"); } ! if (key_label || (key_id_len != 0)) { for (n = 0; n < count; n++) { PKCS11_KEY *k = keys + n; if (verbose) { fprintf(stderr, " %2u %c%c %s\n", n + 1, --- 700,710 if (verbose) { fprintf(stderr, "Found %u key%s:\n", count, (count <= 1) ? "" : "s"); } ! if (s_slot_key_id && *s_slot_key_id) { for (n = 0; n < count; n++) { PKCS11_KEY *k = keys + n; if (verbose) { fprintf(stderr, " %2u %c%c %s\n", n + 1, I'm using this code for a while now, and it seems to work fine. Can the engine_pkcs11 developers take this change into consideration? Greetings, Stefan Blomen ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] SCardStatus returncode evaluation
Hi, opensc (reader-pcsc.c) uses the following code to determine that a smartcard was removed and (another card) inserted again: /* If we aren't sure if the card state changed, check if * the card handle is still valid. If the card changed, * the handle will be invalid. */ slot->flags &= ~SC_SLOT_CARD_CHANGED; if (maybe_changed) { if (old_flags & SC_SLOT_CARD_PRESENT) { DWORD readers_len = 0, state, prot, atr_len = 32; unsigned char atr[32]; LONG rv = SCardStatus(pslot->pcsc_card, NULL, &readers_len, &state, &prot, atr, &atr_len); if (rv == (LONG)SCARD_W_REMOVED_CARD) slot->flags |= SC_SLOT_CARD_CHANGED; } else slot->flags |= SC_SLOT_CARD_CHANGED; On Windows, SCardStatus (realised by MS) returns SCARD_W_REMOVED_CARD, and everything is fine. On Linux, SCardStatus (realised by pcsc-lite) returns SCARD_W_RESET_CARD. Does anybody have an idea which implementation "is right"? Is it an issue of pcsc (return SCARD_W_REMOVED_CARD in any case), or opensc which has to evaluate both (or maybe even other) returncodes? Here is my environment: Windows: SPR 532 Cardreader, vendor supplied PC/SC-Driver for Windows, opensc, engine-pkcs11, openssl Linux: SPR 532 Cardreader, pcsc-lite using vendor supplied PC/SC-Driver for Linux, opensc, engine-pkcs11, openssl Greetings, Stefan Blomen ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel