Re: [opensc-devel] Upper limit for file size to upload into 'contrib'

2010-09-27 Thread Viktor TARASOV 

Martin Paljak wrote:

Some time ago I made a fileserver (fileser...@opensc-project.org)
SSH account where every developer can plug in with a SSH key and
upload files [1] which are not really related to releases or anything.
Your public key is not on the list.


[1] http://www.opensc-project.org/downloads/
  


Thanks,
can the following public key be added to the authorized key lists,  please?


On Sun, Sep 26, 2010 at 17:24, Andreas Jellinghaus a...@dungeon.inka.de wrote:
  

Am Sonntag 26 September 2010, um 14:52:58 schrieb Viktor TARASOV:


Hi,

what is the maximal possible size of the file to commit into the
'svn/files/trunk/contrib/' ?

My attempt to upload the MSI of the opensc-sm, that weights a little bit
more the 2M,
was refused with error '413 Request Entity Too Large'.
  

many files in the files svn are 10mb or larger.
so 2mb shouldn't be an issue.

also there is pletty of disk space left and we have no hook scripts
to enforce any limites.

so maybe this is a client issue? do you use a web proxy? http or https
connection?

Regards,Andreas



Kind wishes,
Viktor.
ssh-dss 
B3NzaC1kc3MAAACBANx6pWMpRk6k5yqEZrtJh6im8BIqPsZRw68K2n29ObPcQUKFfHgkQgLdi9QU6XGX+mQ5zL/poozMCXQSoBFPJbmtMEcZc3UWkWhZKcTlGvhUORCrEcU/U+F9yvcspD59O6eN5ywreRtKXg891DmaJ189Cvv8u4NJD5ERxONp6QfbFQDW39bFLEK3yeBq+chZ0Oq3c2qXIwAAAIEArx+/GbF9WsUpseagWf7dL2ak4lRrMLdTTvjDuBpBBLcjxL7v7sw85uOrl+TausS6tOdNYL8fmzrRzN2TY6FP8zQcZTq3v+jS2lgNvCmYt44eBMT51QE417J88mJfMzxuZgujEZELEsOyJ2CVFZsQZlZLRsCl6hcC3CeQyCVX4n0AAACANr4LjHa9K9WWr0dPC9UwIvr97C1mm8v3zWiRwy/51OXxhsIdzpOWvDd2ypP69JXVn+Asc/jaTbLCe5WMAtByxGWft7R00igW2wZeZ9ivT8jeRNWE4b0EN22zDBEffqH2OezzwfUXh1Bf/T/Hk7OIJyjwnT65RDdy+Xkv/Ctt4+w=
 vtara...@sapin
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Visual Studio Integration

2010-09-27 Thread JEAN Guillaume 
Hello,

I can't put my zip file because its size is larger than 2MB.

Regards,
Guillaume JEAN


-Message d'origine-
De : Martin Paljak [mailto:mar...@paljak.pri.ee] 
Envoyé : lundi 27 septembre 2010 00:10
À : JEAN Guillaume
Cc : opensc-devel@lists.opensc-project.org
Objet : Re: [opensc-devel] Visual Studio Integration

Hello,
On Sep 26, 2010, at 7:13 PM, JEAN Guillaume wrote:

 Hello,
 
 Patch :
 Is not patch it's folder group with configuration file for use Visual studio 
 (.vsproject, .sln).
...
 Where I can deposit my zip file for you to view? 

You should start by upgrading the longstanding ticket [1] and attach your zip 
file for review.

[1] http://www.opensc-project.org/opensc/ticket/105
-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Visual Studio Integration

2010-09-27 Thread Martin Paljak 
Hello,
On Sep 27, 2010, at 11:06 AM, JEAN Guillaume wrote:
 I can't put my zip file because its size is larger than 2MB.
What exactly do you put into that zip file then? There are plenty of file 
hosting services around, but I suspect the content of that ZIP is not correct, 
build instructions usually are not 2MB, compressed.

Please send the zip file for inspection.

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4776] Don't dump wiki content into distribution package.

2010-09-27 Thread Alon Bar-Lev 
On Mon, Sep 27, 2010 at 7:52 AM, Martin Paljak mar...@paljak.pri.ee wrote:
 But it is working correctly, that patch was incorrect.
 Leaving the possible changed logic for ChangeLog generation aside, what was 
 incorrect in that patch?

The changes in the docs, exactly what you request next.

 Please explain in some more details what is the problem with current
 trunk, so I can fix it.
 I'd like to clean up doc directory, the api directory and the symlinking in 
 doc/Makefile.am are not needed for manpage generation.

 That was one of the changes in my original patch that actually triggered the 
 distcheck problem, removing wiki dumping was not a problem.

 If you could also fix my original root cause would be great.

I worked very hard to make it work in the past, I do not think there
is a simpler shorter way to do this.

The problem is that automake assume you seldom provide generated files
within the source tarball, as you can always generate the files when
you build the package.

What we are trying to do is to provide pre-generated document files
within the tarball, I don't like it, but this was the requirement.

Doing so, when we need to support separate build directory is somewhat
complex, as we cannot make the source directory dirty.

But... the only dependency we require is xsltproc, so maybe we can
rethink this... Provided you agree that building the package with
--enable-doc or --enable-man requires xsltproc available on build
machine, we can remove all this useless generation and hacks.

Alon.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4776] Don't dump wiki content into distribution package.

2010-09-27 Thread Martin Paljak 
Hello,

On Sep 27, 2010, at 12:06 PM, Alon Bar-Lev wrote:

 On Mon, Sep 27, 2010 at 7:52 AM, Martin Paljak mar...@paljak.pri.ee wrote:
 Please explain in some more details what is the problem with current
 trunk, so I can fix it.
 I'd like to clean up doc directory, the api directory and the symlinking in 
 doc/Makefile.am are not needed for manpage generation.
 
 That was one of the changes in my original patch that actually triggered the 
 distcheck problem, removing wiki dumping was not a problem.
 
 If you could also fix my original root cause would be great.
 
 I worked very hard to make it work in the past, I do not think there
 is a simpler shorter way to do this.
 
 The problem is that automake assume you seldom provide generated files
 within the source tarball, as you can always generate the files when
 you build the package.
 
 What we are trying to do is to provide pre-generated document files
 within the tarball, I don't like it, but this was the requirement.
 
 Doing so, when we need to support separate build directory is somewhat
 complex, as we cannot make the source directory dirty.
Does this actually break anything in real life, other than make distcheck?

make dist from a svn checkout works, generates the man files and they are 
present in the distribution targzip. make install from the same targzip also 
works. What exactly does make distcheck help (I tried reading the explanation 
in their manual [1] but that did not make anything much clearer) ?

As the fail comes from a cp command and not xsltproc command, I assume the 
comment in doc/Makefile.am [2] is not correct?
It seems like an automake issue, not xsltproc, which just requires correct 
parameters?


 But... the only dependency we require is xsltproc, so maybe we can
 rethink this... Provided you agree that building the package with
 --enable-doc or --enable-man requires xsltproc available on build
 machine, we can remove all this useless generation and hacks.

I think it is not a huge problem to require xsltproc, it is quite common and 
small. What bothers me more is docbook-xsl. But the target audience of people 
who run make dist and who run make install is different.
But maybe there's more in the autotools philosophy that I don't fully get.

As the only documentation other than man pages is tools.html (should that be 
placed on the  website somewhere?) one of --enable-doc or --enable-man is 
redundant.

[1] 
http://www.gnu.org/software/hello/manual/automake/Checking-the-Distribution.html#Checking-the-Distribution
[2] http://www.opensc-project.org/opensc/browser/trunk/doc/Makefile.am#L45

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4776] Don't dump wiki content into distribution package.

2010-09-27 Thread Alon Bar-Lev 
On Mon, Sep 27, 2010 at 12:34 PM, Martin Paljak mar...@paljak.pri.ee wrote:
 Does this actually break anything in real life, other than make distcheck?

Yes. Whatever broken during distcheck will probably break somewhere.
Major check of distcheck is separate build directory, this is used by
many builders.

  But... the only dependency we require is xsltproc, so maybe we can
  rethink this... Provided you agree that building the package with
  --enable-doc or --enable-man requires xsltproc available on build
  machine, we can remove all this useless generation and hacks.

 I think it is not a huge problem to require xsltproc, it is quite common and 
 small. What bothers me more is docbook-xsl. But the target audience of people 
 who run make dist and who run make install is different.
 But maybe there's more in the autotools philosophy that I don't fully get.

OK I will modify the build so that the file will be generated on
builder. Much simpler!

 As the only documentation other than man pages is tools.html (should that be 
 placed on the  website somewhere?) one of --enable-doc or --enable-man is 
 redundant.

I do not follow...
Do you want to remove the tools.html from build?
Or install both man and htmls using one option?
I don't think that installing to mandir and htmldir should be enforced
as single option.

Alon.
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] Visual Studio Integration

2010-09-27 Thread Martin Paljak 
Hello,
On Sep 27, 2010, at 11:06 AM, JEAN Guillaume wrote:
 I can't put my zip file because its size is larger than 2MB.
After unpacking the zip file I get:

  inflating: Install-OpenSC/Install/Install-ENG.bat  
  inflating: Install-OpenSC/Install/Install-FR.bat  
  inflating: Install-OpenSC/Install/Install.bat  
  inflating: Install-OpenSC/Install/opensc-Debug.reg  
  inflating: Install-OpenSC/Install/opensc-Release.reg  
  inflating: Install-OpenSC/Install/Readme-ENG.txt  
  inflating: Install-OpenSC/Install/Readme-FR.txt  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/cardmod-westcos.reg  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/cardmod.inf  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/c_rehash  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/iconv.exe  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libcharset-1.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libeay32.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libiconv-2.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libltdl-3.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libltdl3.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libopensc-3.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libp11-1.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libtool  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/libtoolize  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/opensc-install.bat  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/openssl.exe  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/piv-tool.exe  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/ssleay32.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/bin/zlib1.dll  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/opensc.conf  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/CA.pl  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/CA.sh  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/c_hash  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/c_info  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/c_issuer  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/c_name  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/misc/tsget  
  inflating: Install-OpenSC/OpenSC-VC/Debug/etc/ssl/openssl.cnf  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/iconv.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/libcharset.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/libp11.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/localcharset.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/ltdl.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/aes.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/asn1.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/asn1t.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/asn1_mac.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/bio.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/blowfish.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/bn.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/buffer.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/camellia.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/cast.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/cms.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/comp.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/conf.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/conf_api.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/crypto.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/des.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/des_old.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/dh.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/dsa.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/dso.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/dtls1.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/ebcdic.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/ec.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/ecdh.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/ecdsa.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/engine.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/err.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/evp.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/e_os2.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/hmac.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/idea.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/krb5_asn.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/kssl.h  
  inflating: Install-OpenSC/OpenSC-VC/Debug/include/openssl/lhash.h  
  inflating:

Re: [opensc-devel] [opensc-commits] svn opensc changed[4776] Don't dump wiki content into distribution package.

2010-09-27 Thread Martin Paljak 
On Sep 27, 2010, at 1:56 PM, Alon Bar-Lev wrote:

 On Mon, Sep 27, 2010 at 12:34 PM, Martin Paljak mar...@paljak.pri.ee wrote:
 Does this actually break anything in real life, other than make distcheck?
 
 Yes. Whatever broken during distcheck will probably break somewhere.
 Major check of distcheck is separate build directory, this is used by
 many builders.
OK. 


 But... the only dependency we require is xsltproc, so maybe we can
 rethink this... Provided you agree that building the package with
 --enable-doc or --enable-man requires xsltproc available on build
 machine, we can remove all this useless generation and hacks.
 
 I think it is not a huge problem to require xsltproc, it is quite common and 
 small. What bothers me more is docbook-xsl. But the target audience of 
 people who run make dist and who run make install is different.
 But maybe there's more in the autotools philosophy that I don't fully get.
 
 OK I will modify the build so that the file will be generated on
 builder. Much simpler!
Will this get rid of the symlink magic, and allow:

make dist: require xsltproc, docbook-xsl, don't require playing with symlinks 
(assumes/requires running from version control checkout)
make, make install: don't require xsltproc and docbook-xsl, use the 
pre-generated man files.

 As the only documentation other than man pages is tools.html (should that be 
 placed on the  website somewhere?) one of --enable-doc or --enable-man is 
 redundant.
 
 I do not follow...
 Do you want to remove the tools.html from build?
 Or install both man and htmls using one option?
 I don't think that installing to mandir and htmldir should be enforced
 as single option.
I did not notice that the tools.html is distributed (dist_html_DATA).

But does it make sense to install two competing copies of tool usage options? 
If you use the tools, you use the command line, thus using man should be a 
known activity.

If using a web browser, wiki has much more detailed information than in the 
htmlified man pages copy.


-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] card-max_recv_size problem

2010-09-27 Thread Martin Paljak 
Hello,
On Sep 26, 2010, at 2:55 PM, Andre Zepezauer wrote:

 On Sun, 2010-09-26 at 09:22 +0300, Martin Paljak wrote:
 Hello,
 On Sun, Sep 26, 2010 at 08:47, Andre Zepezauer
 andre.zepeza...@student.uni-halle.de wrote:
 With the current trunk 2048b keys on CardOS are working again. Therefore
 the max_*_size patches work for me. But I have two suggestions:
 
 [1] The intended overriding will not work, if the card has a default
 value of zero for max_*_size. If this is the case, then limitations
 imposed by the reader are not honoured.
 It would be a programming error, which does not make sense. Śetting
 this to 0 would mean I'm a card and I can't receive or send data, but
 here is my 1K LOC driver nevertheless.
 
 The value of max_*_size actually defaults to zero [3] and will stay so,
 if not overridden by the card driver. See how it is used in the
 iso-driver. IMHO zero is a legal value and means that no restrictions
 are imposed by the card. Same is true for reader drivers.
I managed to mis-explain my own idea.
Yes, you are right, the values default to zero which means no limitations 
(not zero bytes)
And yes, the overriding check is bogus if card does not impose limitations 
before the reader does. Will fix.

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [opensc-commits] svn opensc changed[4776] Don't dump wiki content into distribution package.

2010-09-27 Thread Alon Bar-Lev 
On Mon, Sep 27, 2010 at 1:07 PM, Martin Paljak mar...@paljak.pri.ee wrote:
 But... the only dependency we require is xsltproc, so maybe we can
 rethink this... Provided you agree that building the package with
 --enable-doc or --enable-man requires xsltproc available on build
 machine, we can remove all this useless generation and hacks.

 I think it is not a huge problem to require xsltproc, it is quite common 
 and small. What bothers me more is docbook-xsl. But the target audience of 
 people who run make dist and who run make install is different.
 But maybe there's more in the autotools philosophy that I don't fully get.

 OK I will modify the build so that the file will be generated on
 builder. Much simpler!
 Will this get rid of the symlink magic, and allow:

 make dist: require xsltproc, docbook-xsl, don't require playing with symlinks 
 (assumes/requires running from version control checkout)

make dist *WILL NOT* require xsltproc, docbook-xsl.
It will actually only distribute the sources, no generation of files.

 make, make install: don't require xsltproc and docbook-xsl, use the 
 pre-generated man files.

make *WILL* require xsltproc and docbook-xsl if and only if
--enable-man and/or --enable-doc is specified at configure.

If you want to avoid xsltproc dependency from make install, we back to
square one (current trunk).


 As the only documentation other than man pages is tools.html (should that 
 be placed on the  website somewhere?) one of --enable-doc or --enable-man 
 is redundant.

 I do not follow...
 Do you want to remove the tools.html from build?
 Or install both man and htmls using one option?
 I don't think that installing to mandir and htmldir should be enforced
 as single option.
 I did not notice that the tools.html is distributed (dist_html_DATA).

 But does it make sense to install two competing copies of tool usage options? 
 If you use the tools, you use the command line, thus using man should be a 
 known activity.

 If using a web browser, wiki has much more detailed information than in the 
 htmlified man pages copy.


Your call... :)
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] card-max_recv_size problem

2010-09-27 Thread Andre Zepezauer 
Hello Martin,

automatically detecting the value of max_recv_size is an option too. The
following snippet of code can manage this. But it depends on the
capabilities of the get_challenge operation. For CardOS it could be
enabled, because it results in a value of 300 for CardOS 4.3b with
Omnikey reader. Please note that extended APDU:s are used. Therefore a
detection of this capability is required too.

Regards
Andre

u8 buf[1024];
sc_apdu_t apdu;
sc_format_apdu(card, apdu, SC_APDU_CASE_2_EXT, 0x84, 0x00, 0x00);

int i = 0;
while (1) {
int j = 0;
apdu.resplen = i + j;
while (apdu.resplen == i + j) {
if (j == 0)
j = 1;
else
j*=2;
apdu.le = i + j;
apdu.resp = buf;
apdu.resplen = sizeof(buf);
sc_transmit_apdu(card, apdu);
}
if (j == 1)
break;
i+=j/2;
}

printf(max_recv_size: %d\n, i);


___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [RFC] Proposal For Restructuring 'struct sc_pkcs15_card'

2010-09-27 Thread Andre Zepezauer 
Dear OpenSC developers,

the patch I proposed is mostly complete. The total count of lines is
huge, but individual changes are trivial. An exception to this is the
pkcs15 emulation related to the Oberthur cards. It makes heavy use of
flags before writing the TokenInfo to the card. Since the two different
kinds of flags are now divided, this required more changes than on other
places. Therefore it would be helpful if someone could test the
initialisation of oberthur cards after applying the attached patch.

For now I would like to know, if there are any complains about the patch
and your opinion about renaming the TokenInfo related flags to something
like SC_TOKENINFO_FLAGS.

Kind Regards
Andre Zepezauer
Index: src/tools/pkcs15-crypt.c
===
--- src/tools/pkcs15-crypt.c	(revision 4777)
+++ src/tools/pkcs15-crypt.c	(working copy)
@@ -583,7 +583,7 @@
 		goto end;
 	}
 	if (verbose)
-		fprintf(stderr, Found %s!\n, p15card-label);
+		fprintf(stderr, Found %s!\n, p15card-tokeninfo-label);
 
 	if (do_decipher) {
 		if ((err = get_key(SC_PKCS15_PRKEY_USAGE_DECRYPT, key))
Index: src/tools/pkcs15-init.c
===
--- src/tools/pkcs15-init.c	(revision 4777)
+++ src/tools/pkcs15-init.c	(working copy)
@@ -462,7 +462,7 @@
 			 * sure we're not messing things up */
 
 			if (verbose)
-printf(Found %s\n, p15card-label);
+printf(Found %s\n, p15card-tokeninfo-label);
 
 			sc_pkcs15init_set_p15card(profile, p15card);
 
@@ -627,7 +627,7 @@
 
 	p15card = sc_pkcs15_card_new();
 	p15card-card = in_card;
-	p15card-label = strdup(Dummy PKCS#15 object);
+	p15card-tokeninfo-label = strdup(Dummy PKCS#15 object);
 
 	ignore_cmdline_pins++;
 	r = sc_pkcs15init_erase_card(p15card, profile);
Index: src/tools/pkcs15-tool.c
===
--- src/tools/pkcs15-tool.c	(revision 4777)
+++ src/tools/pkcs15-tool.c	(working copy)
@@ -1105,17 +1105,17 @@
 
 	int i, count = 0;
 
-	printf(PKCS#15 Card [%s]:\n, p15card-label);
-	printf(\tVersion: %d\n, p15card-version);
-	printf(\tSerial number  : %s\n, p15card-serial_number);
-	printf(\tManufacturer ID: %s\n, p15card-manufacturer_id);
-	if (p15card-last_update)
-		printf(\tLast update: %s\n, p15card-last_update);
-	if (p15card-preferred_language)
-		printf(\tLanguage   : %s\n, p15card-preferred_language);
+	printf(PKCS#15 Card [%s]:\n, p15card-tokeninfo-label);
+	printf(\tVersion: %d\n, p15card-tokeninfo-version);
+	printf(\tSerial number  : %s\n, p15card-tokeninfo-serial_number);
+	printf(\tManufacturer ID: %s\n, p15card-tokeninfo-manufacturer_id);
+	if (p15card-tokeninfo-last_update)
+		printf(\tLast update: %s\n, p15card-tokeninfo-last_update);
+	if (p15card-tokeninfo-preferred_language)
+		printf(\tLanguage   : %s\n, p15card-tokeninfo-preferred_language);
 	printf(\tFlags  : );
 	for (i = 0; i  4; i++) {
-		if ((p15card-flags  i)  1) {
+		if ((p15card-tokeninfo-flags  i)  1) {
 			if (count)
 printf(, );
 			printf(%s, flags[i]);
@@ -1731,7 +1731,7 @@
 	if (opt_no_cache)
 		p15card-opts.use_file_cache = 0;
 	if (verbose)
-		fprintf(stderr, Found %s!\n, p15card-label);
+		fprintf(stderr, Found %s!\n, p15card-tokeninfo-label);
 	
 	if (do_verify_pin)
 		if ((err = verify_pin()))
Index: src/pkcs11/framework-pkcs15.c
===
--- src/pkcs11/framework-pkcs15.c	(revision 4777)
+++ src/pkcs11/framework-pkcs15.c	(working copy)
@@ -192,7 +192,7 @@
 
 static void pkcs15_init_token_info(struct sc_pkcs15_card *p15card, CK_TOKEN_INFO_PTR pToken)
 {
-	strcpy_bp(pToken-manufacturerID, p15card-manufacturer_id, 32);
+	strcpy_bp(pToken-manufacturerID, p15card-tokeninfo-manufacturer_id, 32);
 	if (p15card-flags  SC_PKCS15_CARD_FLAG_EMULATED)
 		strcpy_bp(pToken-model, PKCS#15 emulated, 16);
 	else
@@ -203,13 +203,13 @@
 	 * _Assuming_ that the serial number is a Big Endian counter, this
 	 * will assure that the serial within each type of card will be
 	 * unique in pkcs11 (at least for the first 8^16 cards :-) */
-	if (p15card-serial_number != NULL) {
-		int sn_start = strlen(p15card-serial_number) - 16;
+	if (p15card-tokeninfo-serial_number != NULL) {
+		int sn_start = strlen(p15card-tokeninfo-serial_number) - 16;
 
 		if (sn_start  0)
 			sn_start = 0;
 		strcpy_bp(pToken-serialNumber,
-			p15card-serial_number + sn_start,
+			p15card-tokeninfo-serial_number + sn_start,
 			16);
 	}
 
@@ -791,13 +791,13 @@
 
 		if (auth-label[0]) {
 			snprintf(tmp, sizeof(tmp), %s (%s),
-p15card-label, auth-label);
+p15card-tokeninfo-label, auth-label);
 		} else {
-			snprintf(tmp, sizeof(tmp), %s, p15card-label);
+			snprintf(tmp, sizeof(tmp), %s, p15card-tokeninfo-label);
 		}
 		slot-token_info.flags |= CKF_LOGIN_REQUIRED;
 	} else
-		snprintf(tmp, sizeof(tmp), %s, p15card-label);
+		snprintf(tmp, sizeof(tmp), %s,

[opensc-devel] OpenSC with or without OpenSSL - What is the direction?

2010-09-27 Thread Douglas E. Engert 
There has been a effort to be able to build OpenSC without the use
of OpenSSL. Yet there is newer code that keeps creeping in to the
trunk that requires OpenSSL.

The OpenSSL dependent code can be divided into 3 areas:

(1) Code that tries to get some information from a certificate, such
   as the public key, or the basic constraints. For example
   sc_pkcs15_pubkey_from_cert in pkcs15-pubkey.c

   Much of this code appears to have been added because parse_x509_cert
   in pkcs15-cert.c does not do a good enough job in supporting more
   then RSA, and does not parse options like basic constraint that one
   card driver needs.

(2) Code that deals with symmetric keys for example in, pkcs15-wrap.c
   It is not clear if the project wants to add native crypto to OpenSC
   code or continue to use OpenSSL, or some other package. (The gost
   code appears to introduce a dependency on the gost external engine,
   to do its crypto.) Any Secure Messaging or some card initialization
   that needs to authenticate to the card, needs this.

(3) Old code that is not being used. p15card-helper.c for example
   in not used at all. It was introduced by a third party for use
   with the PIV card, but is no longer used, and in my option could
   be removed.

I bring this up as I am interested in adding ECC support (with named
curves only) to OpenSC for the PIV card. No ECC crypto needs to be
done, but support for getting the EC pubkey from a cert and saving
a pubkey generated by the card is needed.

(As an attempt to not require OpenSSL, last week I committed changes
that allowed the PIV driver to be built without OpenSSL. OpenSSL
is still needed for card administration, as a 3DES Decrypt is still
needed. But the administration code and piv-tool are not
used by the ordinary users. This type of code falls into (2))

So what is the direction?

  (A) Continue to use OpenSSL but only in the most limited cases?

  (B) Try and stamp it out, but this would then require adding some
  crypto for symmetric keys and maybe other hash functions?

  (C) Embrace it, and use its crypto, key and cert structures
  and simplify OpenSC code?

  (D) Use some other crypto package?

-- 

  Douglas E. Engert  deeng...@anl.gov
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Re: [opensc-devel] [RFC] Proposal For Restructuring 'struct sc_pkcs15_card'

2010-09-27 Thread Martin Paljak 
Hello,

On Sep 27, 2010, at 9:59 PM, Andre Zepezauer wrote:
 the patch I proposed is mostly complete. The total count of lines is
 huge, but individual changes are trivial. An exception to this is the
 pkcs15 emulation related to the Oberthur cards. It makes heavy use of
 flags before writing the TokenInfo to the card. Since the two different
 kinds of flags are now divided, this required more changes than on other
 places. Therefore it would be helpful if someone could test the
 initialisation of oberthur cards after applying the attached patch.
Great, I think this is a good example of separating sometimes a little bit 
obscure OpenSC specific data structures and specification related data 
structures.

I have a few recommendations that could be fixed in the same change:
 - Fix abuse of pkcs15card-(tokeninfo-)version. PKCS#15 v1.1 tells that 
version == 0 means this version of the PKCS#15 spec which is v1.1. 
   Which means the +1/-1 trickery in pkcs15.c for parsing/decoding 
tokeninfo-version should be removed, as should be removed emulation driver 
overloading for version info.
   Only 0 should be encoded and only 0 should be handled/displayed by internal 
code.
 - Change the flag names of PKCS#15 flags and pkcs15_card_t flags (as noted 
below). SC_TOKENINFO_RNG would be OK, there would be no other SC_TOKENINFO_* 
constants so the extra _FLAGS_ would just eat up bytes. Or maybe prepend the 
internal flags with _. Ideally, the verbosity of C should not exceed the 
verbosity of Java.
 - Maybe change the granularity of some memory allocations and required 
matching free()-s by card drivers. Or make set_string use common by more 
drivers and move it to some internal implementation file instead (currently 
copied from pkcs15-esteid.c to 5 other files). Maybe DEVELOPER FIX CARD NAME 
would be better for the default name for a PKCS#15 card, or an assert somewhere?
 For now I would like to know, if there are any complains about the patch
 and your opinion about renaming the TokenInfo related flags to something
 like SC_TOKENINFO_FLAGS.


Some more additional improvements will make this a great patch. Cleaning up the 
internals of OpenSC is a good thing.

-- 
@MartinPaljak.net
+3725156495

___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel