Re: [opensc-devel] BSD ifd_sysdep_usb_poll_presensce() incorrect
Is the ioctl blocking? On Fri, May 22, 2009 at 5:37 PM, David Imhoff wrote: > Hi, > > When running OpenCT on OpenBSD the kernel output a "ugenpoll: no edesc" every > second to the main console. This seems to be caused by the fact that ugen > doesn't support polling on a control endpoint. Normally this is harmless > except that the log is spammed, but if the kernel isn't compiled with > diagnostics enabled this will lead to a NULL pointer dereference. > > The ifd_sysdep_usb_poll_presence() function in src/ifd/sys-bsd.c caused the > mainloop to poll on a control endpoint. Therefor I modified this function to > use an ioctl instead to determine if the device is still presence. > > Tested with OpenBSD 4.3 and a Omnikey 6121. > > David > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] engine_pkcs11/libp11 slot identification issue
Andreas Jellinghaus wrote: Am Mittwoch 10 Juni 2009 21:29:22 schrieb Douglas E. Engert: Here is a revised version of the note I sent earlier with a patch to libp11 and one to engine_pkcs11. ok. shall I apply them? I would need to bumb the 2nd interface number for libp11, since we add a new function, and I also have to change engine_pkcs11 to require the new interface version. then I would also revert those changes to the slot parsing code, where I found a bug recently. I would vote yes, but with a warning in the release notes as it is possible that someone might have gotten around this by changing their slot numbers to circumvent this bug. Attached is a new version of the engine_pkcs11.slot.2.patch. If verbose is set it will print actual slot id, rather then the loop counter. Regards, Andreas -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 --- ./src/,engine_pkcs11.c Thu Jul 31 09:49:08 2008 +++ ./src/engine_pkcs11.c Thu Jun 11 09:42:34 2009 @@ -388,6 +388,7 @@ static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id) { PKCS11_SLOT *slot_list, *slot; + PKCS11_SLOT *found_slot = NULL; PKCS11_TOKEN *tok; PKCS11_CERT *certs, *selected_cert = NULL; X509 *x509; @@ -451,8 +452,11 @@ flags[m - 2] = '\0'; } + if (slot_nr != -1 && slot_nr == PKCS11_get_slotid_from_slot(slot)) + found_slot = slot; + if (verbose) { - fprintf(stderr, "[%u] %-25.25s %-16s", n, + fprintf(stderr, "[%lu] %-25.25s %-16s", PKCS11_get_slotid_from_slot(slot), slot->description, flags); if (slot->token) { fprintf(stderr, " (%s)", @@ -466,8 +470,8 @@ if (slot_nr == -1) { if (!(slot = PKCS11_find_token(ctx, slot_list, count))) fail("didn't find any tokens\n"); - } else if (slot_nr >= 0 && slot_nr < count) - slot = slot_list + slot_nr; + } else if (found_slot) + slot = found_slot; else { fprintf(stderr, "Invalid slot number: %d\n", slot_nr); PKCS11_release_all_slots(ctx, slot_list, count); @@ -543,6 +547,7 @@ int isPrivate) { PKCS11_SLOT *slot_list, *slot; + PKCS11_SLOT *found_slot = NULL; PKCS11_TOKEN *tok; PKCS11_KEY *keys, *selected_key = NULL; PKCS11_CERT *certs; @@ -607,8 +612,11 @@ flags[m - 2] = '\0'; } + if (slot_nr != -1 && slot_nr == PKCS11_get_slotid_from_slot(slot)) + found_slot = slot; + if (verbose) { - fprintf(stderr, "[%u] %-25.25s %-16s", n, + fprintf(stderr, "[%lu] %-25.25s %-16s", PKCS11_get_slotid_from_slot(slot), slot->description, flags); if (slot->token) { fprintf(stderr, " (%s)", @@ -622,8 +630,8 @@ if (slot_nr == -1) { if (!(slot = PKCS11_find_token(ctx, slot_list, count))) fail("didn't find any tokens\n"); - } else if (slot_nr >= 0 && slot_nr < count) - slot = slot_list + slot_nr; + } else if (found_slot) + slot = found_slot; else { fprintf(stderr, "Invalid slot number: %d\n", slot_nr); PKCS11_release_all_slots(ctx, slot_list, count); ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problems compiling OpenSC in Solaris 10 SPARC architecture
Its still using the cc compiler, not gcc. Try setting in your enviroment CC=gcc and making sure /usr/sfw/bin is in your path.(It looks like it is.) Then run configure again. I thing cc vs gcc is your problem, but I also had to add a patch to the libtool script created by configure with OpenSC. The patch for the libtool 2.2.6 with OpenSC-0.11.8. --- ,libtoolMon Jun 8 16:04:31 2009 +++ libtool Mon Jun 8 16:13:01 2009 @@ -314,7 +314,7 @@ # Commands used to build a loadable module if different from building # a shared archive. -module_cmds="" +module_cmds="$archive_cmds \${wl}-B \${wl}direct \${wl}-z \${wl}defs" module_expsym_cmds="" # Whether we are building with GNU ld or not. This add the -B direct -z defs I don't remember all the details why, but I think it has to do with loading pkcs11_spy and opensc-pkcs11. Marc Rios Valles wrote: > Hi, > > > I have started from the begining with opensc-0.11.8 and now I get this > error installing the libs: > > > > libtool: install: warning: relinking `opensc-pkcs11.la' > libtool: install: (cd /export/home/c3po/opensc-0.11.8/src/pkcs11; > /bin/bash /export/home/c3po/opensc-0.11.8/libtool --tag CC --mode=relink > cc -I/usr/sfw/include -D_REENTRANT -I/usr/include -I/usr/sfw/include > -I/opt/sfw/include -I/opt/libassuan/include -I/usr/include/smartcard > -D_TS_ERRNO -export-symbols ./opensc-pkcs11.exports -module -shared > -avoid-version -no-undefined -L/usr/lib -R/usr/lib -L/usr/local/lib > -R/usr/local/lib -L/usr/sfw/lib -R/usr/sfw/lib -L/opt/sfw/lib > -L/opt/libassuan/lib -R/opt/libassuan/lib -L/usr/include/smartcard/ > -lintl -R/usr/ucblib/ -I/usr/ucblib/ -L/usr/local/lib -R/usr/local/lib > -o opensc-pkcs11.la -rpath /usr/local/lib pkcs11-global.lo > pkcs11-session.lo pkcs11-object.lo misc.lo slot.lo mechanism.lo > openssl.lo secretkey.lo framework-pkcs15.lo framework-pkcs15init.lo > debug.lo hack-disabled.lo -L/usr/sfw/lib -R/usr/sfw/lib -lssl -lcrypto > -lsocket -lnsl -ldl -lpthread ../../src/pkcs15init/libpkcs15init.la > ../../src/libopensc/libopensc.la ../../src/scconf/libscconf.la -lsocket > -lresolv ) > libtool: relink: echo "{ global:" > .libs/opensc-pkcs11.so.exp > libtool: relink: cat ./opensc-pkcs11.exports | /opt/sfw/bin/sed -e > "s/\(.*\)/\1;/" >> .libs/opensc-pkcs11.so.exp > libtool: relink: echo "local: *; };" >> .libs/opensc-pkcs11.so.exp > libtool: relink: cc -G -z defs -M .libs/opensc-pkcs11.so.exp -h > opensc-pkcs11.so -o .libs/opensc-pkcs11.so .libs/pkcs11-global.o > .libs/pkcs11-session.o .libs/pkcs11-object.o .libs/misc.o .libs/slot.o > .libs/mechanism.o .libs/openssl.o .libs/secretkey.o > .libs/framework-pkcs15.o .libs/framework-pkcs15init.o .libs/debug.o > .libs/hack-disabled.o -R/usr/local/lib -R/usr/lib -R/usr/sfw/lib > -R/opt/libassuan/lib -R/usr/ucblib/ > -L/export/home/c3po/opensc-0.11.8/src/libopensc/.libs > -L/export/home/c3po/opensc-0.11.8/src/scconf/.libs -L/usr/lib > -L/usr/local/lib -L/usr/sfw/lib -L/opt/sfw/lib -L/opt/libassuan/lib > -L/usr/include/smartcard/ -lpthread -lpkcs15init -L/usr/openwin/lib > -L/usr/local/ssl/lib -L/usr/local/BerkeleyDB.4.2/lib -lopensc -lssl > -lcrypto -lnsl -lz -liconv -lltdl -ldl -lscconf -lintl -lsocket -lresolv > -lc > Undefined first referenced > symbol in file > sc_debug /usr/lib/libpkcs15init.so > sc_error /usr/lib/libpkcs15init.so > ld: fatal: Symbol referencing errors. No output written to > .libs/opensc-pkcs11.so > libtool: install: error: relink `opensc-pkcs11.la' with the above > command before installing it > The line I have for this follows Note it uses gcc. libtool: install: (cd /afs/anl.gov/appl/OpenSC-dev/build/opensc/@sys/src/pkcs11; /bin/bash /afs/anl.gov/appl/OpenSC-dev/build/opensc/@sys/libtool --tag CC --mode=relink gcc -I/usr/sfw/include -D_REENTRANT -pthreads -fno-strict-aliasing -g -export-symbols ../../../src/src/pkcs11/opensc-pkcs11.exports -module -shared -avoid-version -no-undefined -g -R/opt/smartcard/lib -R/usr/sfw/lib -L/afs/anl.gov/appl/libtool-1.5.14/sun4x_510/lib -L/usr/local/lib -R/usr/local/lib -o opensc-pkcs11.la -rpath /opt/smartcard/lib pkcs11-global.lo pkcs11-session.lo pkcs11-object.lo misc.lo slot.lo mechanism.lo openssl.lo secretkey.lo framework-pkcs15.lo framework-pkcs15init.lo debug.lo hack-disabled.lo -L/usr/sfw/lib -lcrypto ../../src/pkcs15init/libpkcs15init.la ../../src/libopensc/libopensc.la ../../src/scconf/libscconf.la -lsocket -lresolv -inst-prefix-dir /afs/.anl.gov/appl/smartcard/sun4x_510) > > The configure is this: > ICONV_LIBS="-liconv" ./configure --enable-pcsc > checking for a BSD-compatible install... /opt/sfw/bin/install -c > checking whether build environment is sane... yes > checking for a thread-safe mkdir -p... /opt/sfw/bin/mkdir -p > checking for gawk... gawk > checking whether make sets $(MAKE)... yes > checking build system type... sparc-sun-solaris2.10 > checking host system type... sparc-sun-solaris2.10 > checking for gcc... cc Its using cc not gcc > checkin
Re: [opensc-devel] engine_pkcs11/libp11 slot identification issue
On 11 Jun 2009, at 10:28, Andreas Jellinghaus wrote: > Am Mittwoch 10 Juni 2009 21:29:22 schrieb Douglas E. Engert: >> Here is a revised version of the note I sent earlier with a patch >> to libp11 >> and one to engine_pkcs11. > > ok. shall I apply them? I would need to bumb the 2nd interface > number for > libp11, since we add a new function, and I also have to change > engine_pkcs11 > to require the new interface version. I have applied Douglas' patches to my environment and they work for me :) Regards Stu -- Stuart Northfield +44 (0) 1223 566759 (Direct), +44 (0) 1223 566727 (Fax) Metanate Limited. Registered in England No 4046086 at: Lincoln House, Station Court, Great Shelford, Cambridge CB22 5NE, UK www.metanate.com (Consultancy) www.schemus.com (Data synchronisation) ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] engine_pkcs11/libp11 slot identification issue
Am Mittwoch 10 Juni 2009 21:29:22 schrieb Douglas E. Engert: > Here is a revised version of the note I sent earlier with a patch to libp11 > and one to engine_pkcs11. ok. shall I apply them? I would need to bumb the 2nd interface number for libp11, since we add a new function, and I also have to change engine_pkcs11 to require the new interface version. then I would also revert those changes to the slot parsing code, where I found a bug recently. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Software Token
I've a soft-token pkcs11 lib sources building on linux and windows If you are interested, ask me Regards François. -Message d'origine- De : opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Benoit Badrignans Envoyé : jeudi 26 mars 2009 16:26 À : opensc-u...@lists.opensc-project.org; opensc-devel@lists.opensc-project.org Objet : [opensc-devel] Software Token Hi, I'm an openSC user and in order to perform tests without breaking smartcards I'm looking for a pkcs#11 software token. To my knowledge their is at least 3 suitable implementations : - soft pkcs#11 : but it just can do anything - gpkcs#11 : that seems to be abandoned, since last changes was in 2000. I compile it with the last version of GCC and so I need to modify few lines of C code. When I finally succeed to compile it, the resulting pkcs#11 library does'nt work very well : I can list slots and mechanisms using pkcs11-tool but that's all, when I try to generate or create key it fails : seg fault :-( . I try to contact the developpers last week unsuccessfully. - NSS soft-token that is a part of mozilla project. However it doesn't work with standard PKCS#11 applications such as pkcs11-tool since C_initialize must be called using particular parameters : see https://developer.mozilla.org/en/FC_Initialize So today I think that there is no software token that can be used with opensc. So to solve this problem their is at least 3 solutions : -1 add an option to pkcs11-tool to allow NSS softtoken to be loaded -2 make gpkcs#11 working and integrate it into openSC -3 create a new project of soft-token inside openSC project (maybe by reusing some parts of gpkcs11 code) I can help to modify pkcs11-tool for the first solution. But I think that is not a good solution since mozilla project is a big project and building only the soft-token seems pretty difficult. So it is not easy to modify the code of the soft token. I can help also on gpkcs#11 if you think it should be integrated into openSC. Best regards Benoît Badrignans ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel