Re: [opensc-devel] BSD ifd_sysdep_usb_poll_presensce() incorrect
Is the ioctl blocking? On Fri, May 22, 2009 at 5:37 PM, David Imhoff wrote: > Hi, > > When running OpenCT on OpenBSD the kernel output a "ugenpoll: no edesc" every > second to the main console. This seems to be caused by the fact that ugen > doesn't support polling on a control endpoint. Normally this is harmless > except that the log is spammed, but if the kernel isn't compiled with > diagnostics enabled this will lead to a NULL pointer dereference. > > The ifd_sysdep_usb_poll_presence() function in src/ifd/sys-bsd.c caused the > mainloop to poll on a control endpoint. Therefor I modified this function to > use an ioctl instead to determine if the device is still presence. > > Tested with OpenBSD 4.3 and a Omnikey 6121. > > David > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] engine_pkcs11/libp11 slot identification issue
Andreas Jellinghaus wrote:
Am Mittwoch 10 Juni 2009 21:29:22 schrieb Douglas E. Engert:
Here is a revised version of the note I sent earlier with a patch to libp11
and one to engine_pkcs11.
ok. shall I apply them? I would need to bumb the 2nd interface number for
libp11, since we add a new function, and I also have to change engine_pkcs11
to require the new interface version.
then I would also revert those changes to the slot parsing code, where I
found a bug recently.
I would vote yes, but with a warning in the release notes as it is possible that
someone might have gotten around this by changing their slot numbers to
circumvent
this bug.
Attached is a new version of the engine_pkcs11.slot.2.patch. If verbose
is set it will print actual slot id, rather then the loop counter.
Regards, Andreas
--
Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
--- ./src/,engine_pkcs11.c Thu Jul 31 09:49:08 2008
+++ ./src/engine_pkcs11.c Thu Jun 11 09:42:34 2009
@@ -388,6 +388,7 @@
static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id)
{
PKCS11_SLOT *slot_list, *slot;
+ PKCS11_SLOT *found_slot = NULL;
PKCS11_TOKEN *tok;
PKCS11_CERT *certs, *selected_cert = NULL;
X509 *x509;
@@ -451,8 +452,11 @@
flags[m - 2] = '\0';
}
+ if (slot_nr != -1 && slot_nr == PKCS11_get_slotid_from_slot(slot))
+ found_slot = slot;
+
if (verbose) {
- fprintf(stderr, "[%u] %-25.25s %-16s", n,
+ fprintf(stderr, "[%lu] %-25.25s %-16s", PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
fprintf(stderr, " (%s)",
@@ -466,8 +470,8 @@
if (slot_nr == -1) {
if (!(slot = PKCS11_find_token(ctx, slot_list, count)))
fail("didn't find any tokens\n");
- } else if (slot_nr >= 0 && slot_nr < count)
- slot = slot_list + slot_nr;
+ } else if (found_slot)
+ slot = found_slot;
else {
fprintf(stderr, "Invalid slot number: %d\n", slot_nr);
PKCS11_release_all_slots(ctx, slot_list, count);
@@ -543,6 +547,7 @@
int isPrivate)
{
PKCS11_SLOT *slot_list, *slot;
+ PKCS11_SLOT *found_slot = NULL;
PKCS11_TOKEN *tok;
PKCS11_KEY *keys, *selected_key = NULL;
PKCS11_CERT *certs;
@@ -607,8 +612,11 @@
flags[m - 2] = '\0';
}
+ if (slot_nr != -1 && slot_nr == PKCS11_get_slotid_from_slot(slot))
+ found_slot = slot;
+
if (verbose) {
- fprintf(stderr, "[%u] %-25.25s %-16s", n,
+ fprintf(stderr, "[%lu] %-25.25s %-16s", PKCS11_get_slotid_from_slot(slot),
slot->description, flags);
if (slot->token) {
fprintf(stderr, " (%s)",
@@ -622,8 +630,8 @@
if (slot_nr == -1) {
if (!(slot = PKCS11_find_token(ctx, slot_list, count)))
fail("didn't find any tokens\n");
- } else if (slot_nr >= 0 && slot_nr < count)
- slot = slot_list + slot_nr;
+ } else if (found_slot)
+ slot = found_slot;
else {
fprintf(stderr, "Invalid slot number: %d\n", slot_nr);
PKCS11_release_all_slots(ctx, slot_list, count);
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problems compiling OpenSC in Solaris 10 SPARC architecture
Its still using the cc compiler, not gcc. Try setting in your enviroment
CC=gcc
and making sure /usr/sfw/bin is in your path.(It looks like it is.)
Then run configure again.
I thing cc vs gcc is your problem, but I also had to add a patch to the
libtool script created by configure with OpenSC. The patch for the
libtool 2.2.6 with OpenSC-0.11.8.
--- ,libtoolMon Jun 8 16:04:31 2009
+++ libtool Mon Jun 8 16:13:01 2009
@@ -314,7 +314,7 @@
# Commands used to build a loadable module if different from building
# a shared archive.
-module_cmds=""
+module_cmds="$archive_cmds \${wl}-B \${wl}direct \${wl}-z \${wl}defs"
module_expsym_cmds=""
# Whether we are building with GNU ld or not.
This add the -B direct -z defs
I don't remember all the details why, but I think it has to do
with loading pkcs11_spy and opensc-pkcs11.
Marc Rios Valles wrote:
> Hi,
>
>
> I have started from the begining with opensc-0.11.8 and now I get this
> error installing the libs:
>
>
>
> libtool: install: warning: relinking `opensc-pkcs11.la'
> libtool: install: (cd /export/home/c3po/opensc-0.11.8/src/pkcs11;
> /bin/bash /export/home/c3po/opensc-0.11.8/libtool --tag CC --mode=relink
> cc -I/usr/sfw/include -D_REENTRANT -I/usr/include -I/usr/sfw/include
> -I/opt/sfw/include -I/opt/libassuan/include -I/usr/include/smartcard
> -D_TS_ERRNO -export-symbols ./opensc-pkcs11.exports -module -shared
> -avoid-version -no-undefined -L/usr/lib -R/usr/lib -L/usr/local/lib
> -R/usr/local/lib -L/usr/sfw/lib -R/usr/sfw/lib -L/opt/sfw/lib
> -L/opt/libassuan/lib -R/opt/libassuan/lib -L/usr/include/smartcard/
> -lintl -R/usr/ucblib/ -I/usr/ucblib/ -L/usr/local/lib -R/usr/local/lib
> -o opensc-pkcs11.la -rpath /usr/local/lib pkcs11-global.lo
> pkcs11-session.lo pkcs11-object.lo misc.lo slot.lo mechanism.lo
> openssl.lo secretkey.lo framework-pkcs15.lo framework-pkcs15init.lo
> debug.lo hack-disabled.lo -L/usr/sfw/lib -R/usr/sfw/lib -lssl -lcrypto
> -lsocket -lnsl -ldl -lpthread ../../src/pkcs15init/libpkcs15init.la
> ../../src/libopensc/libopensc.la ../../src/scconf/libscconf.la -lsocket
> -lresolv )
> libtool: relink: echo "{ global:" > .libs/opensc-pkcs11.so.exp
> libtool: relink: cat ./opensc-pkcs11.exports | /opt/sfw/bin/sed -e
> "s/\(.*\)/\1;/" >> .libs/opensc-pkcs11.so.exp
> libtool: relink: echo "local: *; };" >> .libs/opensc-pkcs11.so.exp
> libtool: relink: cc -G -z defs -M .libs/opensc-pkcs11.so.exp -h
> opensc-pkcs11.so -o .libs/opensc-pkcs11.so .libs/pkcs11-global.o
> .libs/pkcs11-session.o .libs/pkcs11-object.o .libs/misc.o .libs/slot.o
> .libs/mechanism.o .libs/openssl.o .libs/secretkey.o
> .libs/framework-pkcs15.o .libs/framework-pkcs15init.o .libs/debug.o
> .libs/hack-disabled.o -R/usr/local/lib -R/usr/lib -R/usr/sfw/lib
> -R/opt/libassuan/lib -R/usr/ucblib/
> -L/export/home/c3po/opensc-0.11.8/src/libopensc/.libs
> -L/export/home/c3po/opensc-0.11.8/src/scconf/.libs -L/usr/lib
> -L/usr/local/lib -L/usr/sfw/lib -L/opt/sfw/lib -L/opt/libassuan/lib
> -L/usr/include/smartcard/ -lpthread -lpkcs15init -L/usr/openwin/lib
> -L/usr/local/ssl/lib -L/usr/local/BerkeleyDB.4.2/lib -lopensc -lssl
> -lcrypto -lnsl -lz -liconv -lltdl -ldl -lscconf -lintl -lsocket -lresolv
> -lc
> Undefined first referenced
> symbol in file
> sc_debug /usr/lib/libpkcs15init.so
> sc_error /usr/lib/libpkcs15init.so
> ld: fatal: Symbol referencing errors. No output written to
> .libs/opensc-pkcs11.so
> libtool: install: error: relink `opensc-pkcs11.la' with the above
> command before installing it
>
The line I have for this follows Note it uses gcc.
libtool: install: (cd
/afs/anl.gov/appl/OpenSC-dev/build/opensc/@sys/src/pkcs11;
/bin/bash /afs/anl.gov/appl/OpenSC-dev/build/opensc/@sys/libtool
--tag CC --mode=relink gcc -I/usr/sfw/include -D_REENTRANT -pthreads
-fno-strict-aliasing -g -export-symbols
../../../src/src/pkcs11/opensc-pkcs11.exports
-module -shared -avoid-version -no-undefined -g -R/opt/smartcard/lib
-R/usr/sfw/lib
-L/afs/anl.gov/appl/libtool-1.5.14/sun4x_510/lib -L/usr/local/lib
-R/usr/local/lib
-o opensc-pkcs11.la -rpath /opt/smartcard/lib pkcs11-global.lo pkcs11-session.lo
pkcs11-object.lo misc.lo slot.lo mechanism.lo openssl.lo secretkey.lo
framework-pkcs15.lo
framework-pkcs15init.lo debug.lo hack-disabled.lo -L/usr/sfw/lib -lcrypto
../../src/pkcs15init/libpkcs15init.la ../../src/libopensc/libopensc.la
../../src/scconf/libscconf.la -lsocket -lresolv -inst-prefix-dir
/afs/.anl.gov/appl/smartcard/sun4x_510)
>
> The configure is this:
> ICONV_LIBS="-liconv" ./configure --enable-pcsc
> checking for a BSD-compatible install... /opt/sfw/bin/install -c
> checking whether build environment is sane... yes
> checking for a thread-safe mkdir -p... /opt/sfw/bin/mkdir -p
> checking for gawk... gawk
> checking whether make sets $(MAKE)... yes
> checking build system type... sparc-sun-solaris2.10
> checking host system type... sparc-sun-solaris2.10
> checking for gcc... cc
Its using cc not gcc
> checkin
Re: [opensc-devel] engine_pkcs11/libp11 slot identification issue
On 11 Jun 2009, at 10:28, Andreas Jellinghaus wrote: > Am Mittwoch 10 Juni 2009 21:29:22 schrieb Douglas E. Engert: >> Here is a revised version of the note I sent earlier with a patch >> to libp11 >> and one to engine_pkcs11. > > ok. shall I apply them? I would need to bumb the 2nd interface > number for > libp11, since we add a new function, and I also have to change > engine_pkcs11 > to require the new interface version. I have applied Douglas' patches to my environment and they work for me :) Regards Stu -- Stuart Northfield +44 (0) 1223 566759 (Direct), +44 (0) 1223 566727 (Fax) Metanate Limited. Registered in England No 4046086 at: Lincoln House, Station Court, Great Shelford, Cambridge CB22 5NE, UK www.metanate.com (Consultancy) www.schemus.com (Data synchronisation) ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] engine_pkcs11/libp11 slot identification issue
Am Mittwoch 10 Juni 2009 21:29:22 schrieb Douglas E. Engert: > Here is a revised version of the note I sent earlier with a patch to libp11 > and one to engine_pkcs11. ok. shall I apply them? I would need to bumb the 2nd interface number for libp11, since we add a new function, and I also have to change engine_pkcs11 to require the new interface version. then I would also revert those changes to the slot parsing code, where I found a bug recently. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Software Token
I've a soft-token pkcs11 lib sources building on linux and windows If you are interested, ask me Regards François. -Message d'origine- De : opensc-devel-boun...@lists.opensc-project.org [mailto:opensc-devel-boun...@lists.opensc-project.org] De la part de Benoit Badrignans Envoyé : jeudi 26 mars 2009 16:26 À : opensc-u...@lists.opensc-project.org; opensc-devel@lists.opensc-project.org Objet : [opensc-devel] Software Token Hi, I'm an openSC user and in order to perform tests without breaking smartcards I'm looking for a pkcs#11 software token. To my knowledge their is at least 3 suitable implementations : - soft pkcs#11 : but it just can do anything - gpkcs#11 : that seems to be abandoned, since last changes was in 2000. I compile it with the last version of GCC and so I need to modify few lines of C code. When I finally succeed to compile it, the resulting pkcs#11 library does'nt work very well : I can list slots and mechanisms using pkcs11-tool but that's all, when I try to generate or create key it fails : seg fault :-( . I try to contact the developpers last week unsuccessfully. - NSS soft-token that is a part of mozilla project. However it doesn't work with standard PKCS#11 applications such as pkcs11-tool since C_initialize must be called using particular parameters : see https://developer.mozilla.org/en/FC_Initialize So today I think that there is no software token that can be used with opensc. So to solve this problem their is at least 3 solutions : -1 add an option to pkcs11-tool to allow NSS softtoken to be loaded -2 make gpkcs#11 working and integrate it into openSC -3 create a new project of soft-token inside openSC project (maybe by reusing some parts of gpkcs11 code) I can help to modify pkcs11-tool for the first solution. But I think that is not a good solution since mozilla project is a big project and building only the soft-token seems pretty difficult. So it is not easy to modify the code of the soft token. I can help also on gpkcs#11 if you think it should be integrated into openSC. Best regards Benoît Badrignans ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
