- add robert to Authors as contributor of bug fixes

- configure code finally working.
   engine is detected and path to libcrypto.a is also set.
 - roberts fix for reader-usbtoken.c
 - card-gpk.c migraton to DES_ routines with #define for 0.9.6 openssl.
 - man pages: do not ship pkcs15-profile.5 (.in is in the tarfile)
 - assuan: replace "strcpy(stpcpy(.., ..), ..)" with
   "strcat(strcpy(.., ..), ..)" which looks good, but nobody uses
   assuan I guess ?
 - declaration of sc_pkcs15init_set_lifecycle kills a warning
 - #include <openssl/bn.h> kills a warning (or compile problem?)
 - removed unused txt[256]; from p15_eid (kills a warning)
 - now "ln -s" the signer plugin to the plugin directory.
 - moved key_out direction to the beginning of a function (kills
   a warning or compile error)
 - changed pkcs11-tool option "quiet" to "verbose" to conform to
   other tools.
 - made algo argument to wrap_unwrap a "const" (kills several warnings)


git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1063 c6295689-39f2-0310-b995-f0e70906c6a9

AUTHORS

@@ -8,6 +8,7 @@ Olaf Kirch <okir@suse.de>
 Contributors:
 Stef Hoeben <Hoeben.S@Zetes.com> (pkcs11, libopensc, win32 port)
 Andreas Jellinghaus <aj@dungeon.inka.de> (usbtoken, tools, auto{conf,make})
+Robert Bihlmeyer <r.bihlmeyer@internet-security.at> (bug fixes)
 
 Contributors to usbtoken:
 Matthias Brüstle 

configure.in

@@ -478,8 +478,9 @@ saved_LIBS="$LIBS"
 saved_LDFLAGS="$LDFLAGS"
 saved_CPPFLAGS="$CPPFLAGS"
 AC_SUBST(LIBCRYPTO)
+AC_SUBST(LIBCRYPTOA)
 AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
-	for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+	for ssldir in $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
 		# Skip directories if they don't exist
 		if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
 			continue;
@@ -528,14 +529,21 @@ int main(void)
 			],
 			[
 				found_crypto=1
-				break;
 			], []
 		)
 
 
-		if test ! -z "$found_crypto" ; then
+		if test -n "$found_crypto" ; then
 			# we found openssl, lets see if it 
 			# has an engine
+			CPPFLAGS="$saved_CPPFLAGS"
+			LDFLAGS="$saved_LDFLAGS"
+			if test -d "$ssldir/lib" ; then
+				LIBCRYPTOA="$ssldir/lib/libcrypto.a -ldl"
+			else
+				LIBCRYPTOA="$ssldir/libcrypto.a -ldl"
+			fi
+			LIBS="$saved_LIBS $LIBCRYPTOA"
 			AC_TRY_RUN(
 			[
 #include <string.h>
@@ -547,13 +555,8 @@ int main(void)
 	char a[2048];
 	ENGINE *e;
 
-	if (OPENSSL_VERSION_NUMBER < 0x0090701fL)
+	e = ENGINE_new();
-	{
+	ENGINE_load_dynamic();
-		printf("openssl too old, please update to 0.9.7 or newer");
-		return 1;
-	}
-
-	e = ENGINE_NEW();
 	if (!e) return 1;
 	memset(a, 0, sizeof(a));
 	RAND_add(a, sizeof(a), sizeof(a));
@@ -562,12 +565,11 @@ int main(void)
 			],
 			[
 				found_engine=1
-				break;
 			], []
 		)
 		fi
 
-		if test ! -z "$found_crypto" ; then
+		if test -n "$found_crypto" ; then
 			break;
 		fi
 	done
@@ -615,10 +617,10 @@ if test "x$SSL_MSG" = "xyes" ; then
   AC_DEFINE(HAVE_OPENSSL, 1, [Have OpenSSL libraries])
 fi
 AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes")
-AM_CONDITIONAL(HAVE_ENGINE, test ! -z "$found_engine")
+AM_CONDITIONAL(HAVE_ENGINE, test -n "$found_engine")
 
 ENGINE_MSG="no"
-if test !  -z "$found_engine"
+if test -n "$found_engine"
 then
 	ENGINE_MSG="yes"
 fi

docs/Makefile.am

@@ -2,14 +2,13 @@
 
 MAINTAINERCLEANFILES = Makefile.in pkcs15-profile.5 usbtoken.html
 
-man_MANS	= pkcs15-crypt.1 \
+MANSRC  	= pkcs15-crypt.1 \
 	   	  pkcs15-init.1 \
 		  cryptoflex-tool.1 \
 		  opensc-config.1 \
 		  opensc-explorer.1 \
 		  opensc-tool.1 \
 		  pkcs15-tool.1 \
-	   	  pkcs15-profile.5 \
 		  opensc.7 \
 		  pkcs15.7 \
 		  sc_connect_card.3 \
@@ -25,7 +24,8 @@ man_MANS	= pkcs15-crypt.1 \
 		  sc_read_record.3 \
 		  sc_release_context.3 \
 		  sc_select_file.3
-EXTRA_DIST	= $(man_MANS) pkcs15-profile.5.in pkcs-15v1_1.asn \
+man_MANS	= $(MANSRC) pkcs15-profile.5
+EXTRA_DIST	= $(MANSRC) pkcs15-profile.5.in pkcs-15v1_1.asn \
 	     	  usbtoken.xml usbtoken.html doxygen.conf
 
 STYLESHEET=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/xhtml/docbook.xsl

src/libopensc/card-gpk.c

@@ -33,6 +33,8 @@
 # define des_cleanse(k)	OPENSSL_cleanse(k.ks, sizeof(k.ks))
 #else
 # define des_cleanse(k)	memset(&k, 0, sizeof(k))
+# define DES_set_key_unchecked(a,b) des_set_key_unchecked(a,*b)
+# define DES_ecb3_encrypt(a,b,c,d,e,f) des_ecb3_encrypt(a,b,*c,*d,*e,f)
 #endif
 
 /* Gemplus card variants */
@@ -804,8 +806,8 @@ gpk_compute_crycks(struct sc_card *card, struct sc_apdu *apdu,
 	unsigned int	len = 0, i, j;
 
 	/* Set the key schedule */
-	des_set_key_unchecked((des_cblock *) priv->key, k1);
+	DES_set_key_unchecked((des_cblock *) priv->key, &k1);
-	des_set_key_unchecked((des_cblock *) (priv->key+8), k2);
+	DES_set_key_unchecked((des_cblock *) (priv->key+8), &k2);
 
 	/* Fill block with 0x00 and then with the data. */
 	memset(block, 0x00, sizeof(block));
@@ -825,9 +827,9 @@ gpk_compute_crycks(struct sc_card *card, struct sc_apdu *apdu,
 	for (j = 0; j < len; ) {
 		for (i = 0; i < 8; i++, j++)
 			in[i] ^= block[j];
-		des_ecb3_encrypt((des_cblock *)in,
+		DES_ecb3_encrypt((des_cblock *)in,
 				 (des_cblock *)out,
-				 k1, k2, k1, DES_ENCRYPT);
+				 &k1, &k2, &k1, DES_ENCRYPT);
 		memcpy(in, out, 8);
 	}
 
@@ -960,23 +962,23 @@ gpk_set_filekey(const u8 *key, const u8 *challenge,
 	des_cblock		out;
 	int			r = 0;
 
-	des_set_key_unchecked((des_cblock *) key, k1);
+	DES_set_key_unchecked((des_cblock *) key, &k1);
-	des_set_key_unchecked((des_cblock *) (key+8), k2);
+	DES_set_key_unchecked((des_cblock *) (key+8), &k2);
 
-	des_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) kats,
+	DES_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) kats,
-			k1, k2, k1, DES_ENCRYPT);
+			&k1, &k2, &k1, DES_ENCRYPT);
-	des_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) (kats+8),
+	DES_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) (kats+8),
-			k2, k1, k2, DES_ENCRYPT);
+			&k2, &k1, &k2, DES_ENCRYPT);
 
 	/* Verify Cryptogram presented by the card terminal
 	 * XXX: what is the appropriate error code to return
 	 * here? INVALID_ARGS doesn't seem quite right
 	 */
-	des_set_key_unchecked((des_cblock *) kats, k1);
+	DES_set_key_unchecked((des_cblock *) kats, &k1);
-	des_set_key_unchecked((des_cblock *) (kats+8), k2);
+	DES_set_key_unchecked((des_cblock *) (kats+8), &k2);
 
-	des_ecb3_encrypt((des_cblock *) challenge, &out,
+	DES_ecb3_encrypt((des_cblock *) challenge, &out,
-			k1, k2, k1, DES_ENCRYPT );
+			&k1, &k2, &k1, DES_ENCRYPT );
 	if (memcmp(r_rn, out+4, 4) != 0)
 		r = SC_ERROR_INVALID_ARGUMENTS;
 
@@ -1567,8 +1569,8 @@ gpk_pkfile_load(struct sc_card *card, struct sc_cardctl_gpk_pkload *args)
 		error(card->ctx, "No secure messaging key set!\n");
 		return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
 	}
-	des_set_key_unchecked((des_cblock *) priv->key, k1);
+	DES_set_key_unchecked((des_cblock *) priv->key, &k1);
-	des_set_key_unchecked((des_cblock *) (priv->key+8), k2);
+	DES_set_key_unchecked((des_cblock *) (priv->key+8), &k2);
 	for (n = 0; n < args->datalen; n += 8) {
 		des_ecb2_encrypt((des_cblock *) (args->data + n),
 				 (des_cblock *) (temp + n),

src/libopensc/reader-usbtoken.c

@@ -94,6 +94,7 @@ int usbtoken_reader_init(struct sc_context *ctx, void **priv_data) {
 		bzero(myprivslot,sizeof(struct usbtoken_privslot));
 		myreader->slot[0].drv_data=myprivslot;
 	
+		myprivslot->fd = -1;
 		myprivslot->sa_un.sun_family=AF_UNIX;
 		snprintf(myprivslot->sa_un.sun_path,
 			sizeof(myprivslot->sa_un.sun_path), SRVSOCKET, i);
@@ -127,7 +128,8 @@ int usbtoken_reader_release(struct sc_reader *reader) {
 	SC_FUNC_CALLED(reader->ctx, 4);
 	myprivslot = reader->slot[0].drv_data;
 	if (myprivslot) {
-		close (myprivslot->fd);
+		if (myprivslot->fd >= 0)
+			close (myprivslot->fd);
 		free(myprivslot);
 	}
 	
@@ -162,7 +164,8 @@ int usbtoken_reader_unix_cmd(struct sc_reader *reader,
 
 	SC_FUNC_CALLED(reader->ctx, 4);
 	myprivslot = slot->drv_data;
-	
+
+	assert(myprivslot->fd >= 0);
 	rc = write(myprivslot->fd, &cmd, sizeof(cmd));
 	if (rc != sizeof(cmd)) {
 		error(reader->ctx, "usbtoken_reader_unix_cmd write failed\n");
@@ -200,7 +203,7 @@ int usbtoken_reader_connect(struct sc_reader *reader,
 
 	if (rc < 0) {
 		close(myprivslot->fd);
-		myprivslot->fd=0;
+		myprivslot->fd=-1;
 		error(reader->ctx, "usbtoken_reader_connect connect failed\n");
 		return SC_ERROR_CARD_NOT_PRESENT;
 	} 
@@ -226,7 +229,10 @@ int usbtoken_reader_disconnect(struct sc_reader *reader,
 
 	SC_FUNC_CALLED(reader->ctx, 4);
 	myprivslot = slot->drv_data;
-	close (myprivslot->fd);
+	if (myprivslot->fd >= 0) {
+		close (myprivslot->fd);
+		myprivslot->fd = -1;
+	}
 
 	return SC_NO_ERROR;
 }
@@ -241,6 +247,7 @@ int usbtoken_reader_transmit(struct sc_reader *reader,
 	SC_FUNC_CALLED(reader->ctx, 4);
 	myprivslot = slot->drv_data;
 
+	assert(myprivslot->fd >= 0);
 	if (sendsize > 1023) {
 		error(reader->ctx, "usbtoken_reader_transmit sendsize %d too big\n", sendsize);
 		return SC_ERROR_READER;

src/pkcs15init/pkcs15-init.h

@@ -159,6 +159,7 @@ extern void	sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *);
 extern int	sc_pkcs15init_bind(struct sc_card *, const char *,
 				struct sc_profile **);
 extern void	sc_pkcs15init_unbind(struct sc_profile *);
+extern int	sc_pkcs15init_set_lifecycle(sc_card_t *card, int lcycle);
 extern int	sc_pkcs15init_erase_card(struct sc_card *,
 				struct sc_profile *);
 extern int	sc_pkcs15init_add_app(struct sc_card *,

src/pkcs15init/pkcs15-lib.c

@@ -41,6 +41,7 @@
 #endif
 #include <assert.h>
 #ifdef HAVE_OPENSSL
+#include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>

src/scam/p15_eid.c

@@ -286,7 +286,7 @@ int p15_eid_auth(scam_context * sctx, int argc, const char **argv,
 		 const char *user, const char *password)
 {
 	scam_method_data *data = (scam_method_data *) sctx->method_data;
-	u8 random_data[20], chg[256], txt[256];
+	u8 random_data[20], chg[256];
 	int r, err = SCAM_FAILED, chglen;
 	EVP_PKEY *pubkey = NULL;
 	X509 *cert = NULL;

src/signer/Makefile.am

@@ -1,6 +1,7 @@
 ## Makefile.am -- Process this file with automake to produce Makefile.in
 
 plugindir = $(PLUGINDIR)
+openscdir = @libdir@/opensc
 
 MAINTAINERCLEANFILES = Makefile.in
 
@@ -12,7 +13,7 @@ INCLUDES = @CFLAGS_OPENSC@ @CFLAGS_ASSUAN@
 
 if HAVE_SSL
 if HAVE_ASSUAN
-plugin_LTLIBRARIES = opensc-signer.la
+opensc_LTLIBRARIES = opensc-signer.la
 endif
 endif
 
@@ -26,5 +27,5 @@ noinst_HEADERS		 = opensc-crypto.h opensc-support.h \
 			   npinclude/jritypes.h npinclude/npapi.h \
 			   npinclude/npupp.h npinclude/npunix.c
 
-install-exec-local: install-pluginLTLIBRARIES
+install-exec-local: install-openscLTLIBRARIES
-	-rm -f $(DESTDIR)$(plugindir)/opensc-signer.a $(DESTDIR)$(plugindir)/opensc-signer.la
+	-$(LN_S) -f $(openscdir)/opensc-signer.so $(DESTDIR)$(plugindir)/

src/tools/pkcs11-tool.c

@@ -59,7 +59,7 @@ const struct option options[] = {
 	{ "input-file",		1, 0,		'i' },
 	{ "output-file",	1, 0,		'o' },
 	{ "module",		1, 0,		OPT_MODULE },
-	{ "verbose",		0, 0,		'v' },
+	{ "quiet",		0, 0,		'q' },
 
 	{ "test",		0, 0,		't' },
 	{ 0, 0, 0, 0 }
@@ -82,14 +82,14 @@ const char *option_help[] = {
 	"Specify the input file",
 	"Specify the output file",
 	"Specify the module to load",
-	"Verbose output",
+	"Quiet operation",
 
        "Test (best used with the --login or --pin option)",
 };
 
 const char *		app_name = "pkcs11-tool"; /* for utils.c */
 
-static int		opt_verbose = 0;
+static int		opt_quiet = 0;
 static const char *	opt_input = NULL;
 static const char *	opt_output = NULL;
 static const char *	opt_module = NULL;
@@ -168,7 +168,7 @@ main(int argc, char * const argv[])
 	CK_RV rv;
 
 	while (1) {
-               c = getopt_long(argc, argv, "ILMOhi:lm:o:p:scvt",
+               c = getopt_long(argc, argv, "ILMOhi:lm:o:p:scqt",
 					options, &long_optind);
 		if (c == -1)
 			break;
@@ -227,8 +227,8 @@ main(int argc, char * const argv[])
 			do_test = 1;
 			action_count++;
 			break;
-		case 'v':
+		case 'q':
-			opt_verbose++;
+			opt_quiet++;
 			break;
 		case OPT_SLOT:
 			opt_slot = (CK_SLOT_ID) atoi(optarg);
@@ -406,13 +406,13 @@ list_slots(void)
 			printf("(GetSlotInfo failed, error %u)\n", (unsigned int) rv);
 			continue;
 		}
-		if (!opt_verbose && !(info.flags & CKF_TOKEN_PRESENT)) {
+		if (opt_quiet && !(info.flags & CKF_TOKEN_PRESENT)) {
 			printf("(empty)\n");
 			continue;
 		}
 		printf("%s\n", p11_utf8_to_local(info.slotDescription,
 					sizeof(info.slotDescription)));
-		if (opt_verbose) {
+		if (!opt_quiet) {
 			printf("  manufacturer:  %s\n", p11_utf8_to_local(info.manufacturerID,
 						sizeof(info.manufacturerID)));
 			printf("  hardware ver:  %u.%u\n",
@@ -435,7 +435,7 @@ show_token(CK_SLOT_ID slot)
 
 	get_token_info(slot, &info);
 
-	if (!(info.flags & CKF_TOKEN_INITIALIZED) && !opt_verbose) {
+	if (!(info.flags & CKF_TOKEN_INITIALIZED) && opt_quiet) {
 		printf("  token state:   uninitialized\n");
 		return;
 	}
@@ -1453,7 +1453,7 @@ test_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
 
 static int
 wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
-	    EVP_CIPHER *algo, CK_OBJECT_HANDLE privKeyObject)
+	    const EVP_CIPHER *algo, CK_OBJECT_HANDLE privKeyObject)
 {
 #ifndef HAVE_OPENSSL
 	printf("No OpenSSL support, unable to validate C_Unwrap\n");