- add robert to Authors as contributor of bug fixes
- configure code finally working. engine is detected and path to libcrypto.a is also set. - roberts fix for reader-usbtoken.c - card-gpk.c migraton to DES_ routines with #define for 0.9.6 openssl. - man pages: do not ship pkcs15-profile.5 (.in is in the tarfile) - assuan: replace "strcpy(stpcpy(.., ..), ..)" with "strcat(strcpy(.., ..), ..)" which looks good, but nobody uses assuan I guess ? - declaration of sc_pkcs15init_set_lifecycle kills a warning - #include <openssl/bn.h> kills a warning (or compile problem?) - removed unused txt[256]; from p15_eid (kills a warning) - now "ln -s" the signer plugin to the plugin directory. - moved key_out direction to the beginning of a function (kills a warning or compile error) - changed pkcs11-tool option "quiet" to "verbose" to conform to other tools. - made algo argument to wrap_unwrap a "const" (kills several warnings) git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1063 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
2de518de2d
commit
131719b8c6
1
AUTHORS
1
AUTHORS
|
@ -8,6 +8,7 @@ Olaf Kirch <okir@suse.de>
|
|||
Contributors:
|
||||
Stef Hoeben <Hoeben.S@Zetes.com> (pkcs11, libopensc, win32 port)
|
||||
Andreas Jellinghaus <aj@dungeon.inka.de> (usbtoken, tools, auto{conf,make})
|
||||
Robert Bihlmeyer <r.bihlmeyer@internet-security.at> (bug fixes)
|
||||
|
||||
Contributors to usbtoken:
|
||||
Matthias Brüstle
|
||||
|
|
30
configure.in
30
configure.in
|
@ -478,8 +478,9 @@ saved_LIBS="$LIBS"
|
|||
saved_LDFLAGS="$LDFLAGS"
|
||||
saved_CPPFLAGS="$CPPFLAGS"
|
||||
AC_SUBST(LIBCRYPTO)
|
||||
AC_SUBST(LIBCRYPTOA)
|
||||
AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
|
||||
for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
|
||||
for ssldir in $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
|
||||
# Skip directories if they don't exist
|
||||
if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
|
||||
continue;
|
||||
|
@ -528,14 +529,21 @@ int main(void)
|
|||
],
|
||||
[
|
||||
found_crypto=1
|
||||
break;
|
||||
], []
|
||||
)
|
||||
|
||||
|
||||
if test ! -z "$found_crypto" ; then
|
||||
if test -n "$found_crypto" ; then
|
||||
# we found openssl, lets see if it
|
||||
# has an engine
|
||||
CPPFLAGS="$saved_CPPFLAGS"
|
||||
LDFLAGS="$saved_LDFLAGS"
|
||||
if test -d "$ssldir/lib" ; then
|
||||
LIBCRYPTOA="$ssldir/lib/libcrypto.a -ldl"
|
||||
else
|
||||
LIBCRYPTOA="$ssldir/libcrypto.a -ldl"
|
||||
fi
|
||||
LIBS="$saved_LIBS $LIBCRYPTOA"
|
||||
AC_TRY_RUN(
|
||||
[
|
||||
#include <string.h>
|
||||
|
@ -547,13 +555,8 @@ int main(void)
|
|||
char a[2048];
|
||||
ENGINE *e;
|
||||
|
||||
if (OPENSSL_VERSION_NUMBER < 0x0090701fL)
|
||||
{
|
||||
printf("openssl too old, please update to 0.9.7 or newer");
|
||||
return 1;
|
||||
}
|
||||
|
||||
e = ENGINE_NEW();
|
||||
e = ENGINE_new();
|
||||
ENGINE_load_dynamic();
|
||||
if (!e) return 1;
|
||||
memset(a, 0, sizeof(a));
|
||||
RAND_add(a, sizeof(a), sizeof(a));
|
||||
|
@ -562,12 +565,11 @@ int main(void)
|
|||
],
|
||||
[
|
||||
found_engine=1
|
||||
break;
|
||||
], []
|
||||
)
|
||||
fi
|
||||
|
||||
if test ! -z "$found_crypto" ; then
|
||||
if test -n "$found_crypto" ; then
|
||||
break;
|
||||
fi
|
||||
done
|
||||
|
@ -615,10 +617,10 @@ if test "x$SSL_MSG" = "xyes" ; then
|
|||
AC_DEFINE(HAVE_OPENSSL, 1, [Have OpenSSL libraries])
|
||||
fi
|
||||
AM_CONDITIONAL(HAVE_SSL, test "x$SSL_MSG" = "xyes")
|
||||
AM_CONDITIONAL(HAVE_ENGINE, test ! -z "$found_engine")
|
||||
AM_CONDITIONAL(HAVE_ENGINE, test -n "$found_engine")
|
||||
|
||||
ENGINE_MSG="no"
|
||||
if test ! -z "$found_engine"
|
||||
if test -n "$found_engine"
|
||||
then
|
||||
ENGINE_MSG="yes"
|
||||
fi
|
||||
|
|
|
@ -2,14 +2,13 @@
|
|||
|
||||
MAINTAINERCLEANFILES = Makefile.in pkcs15-profile.5 usbtoken.html
|
||||
|
||||
man_MANS = pkcs15-crypt.1 \
|
||||
MANSRC = pkcs15-crypt.1 \
|
||||
pkcs15-init.1 \
|
||||
cryptoflex-tool.1 \
|
||||
opensc-config.1 \
|
||||
opensc-explorer.1 \
|
||||
opensc-tool.1 \
|
||||
pkcs15-tool.1 \
|
||||
pkcs15-profile.5 \
|
||||
opensc.7 \
|
||||
pkcs15.7 \
|
||||
sc_connect_card.3 \
|
||||
|
@ -25,7 +24,8 @@ man_MANS = pkcs15-crypt.1 \
|
|||
sc_read_record.3 \
|
||||
sc_release_context.3 \
|
||||
sc_select_file.3
|
||||
EXTRA_DIST = $(man_MANS) pkcs15-profile.5.in pkcs-15v1_1.asn \
|
||||
man_MANS = $(MANSRC) pkcs15-profile.5
|
||||
EXTRA_DIST = $(MANSRC) pkcs15-profile.5.in pkcs-15v1_1.asn \
|
||||
usbtoken.xml usbtoken.html doxygen.conf
|
||||
|
||||
STYLESHEET=/usr/share/sgml/docbook/stylesheet/xsl/nwalsh/xhtml/docbook.xsl
|
||||
|
|
|
@ -33,6 +33,8 @@
|
|||
# define des_cleanse(k) OPENSSL_cleanse(k.ks, sizeof(k.ks))
|
||||
#else
|
||||
# define des_cleanse(k) memset(&k, 0, sizeof(k))
|
||||
# define DES_set_key_unchecked(a,b) des_set_key_unchecked(a,*b)
|
||||
# define DES_ecb3_encrypt(a,b,c,d,e,f) des_ecb3_encrypt(a,b,*c,*d,*e,f)
|
||||
#endif
|
||||
|
||||
/* Gemplus card variants */
|
||||
|
@ -804,8 +806,8 @@ gpk_compute_crycks(struct sc_card *card, struct sc_apdu *apdu,
|
|||
unsigned int len = 0, i, j;
|
||||
|
||||
/* Set the key schedule */
|
||||
des_set_key_unchecked((des_cblock *) priv->key, k1);
|
||||
des_set_key_unchecked((des_cblock *) (priv->key+8), k2);
|
||||
DES_set_key_unchecked((des_cblock *) priv->key, &k1);
|
||||
DES_set_key_unchecked((des_cblock *) (priv->key+8), &k2);
|
||||
|
||||
/* Fill block with 0x00 and then with the data. */
|
||||
memset(block, 0x00, sizeof(block));
|
||||
|
@ -825,9 +827,9 @@ gpk_compute_crycks(struct sc_card *card, struct sc_apdu *apdu,
|
|||
for (j = 0; j < len; ) {
|
||||
for (i = 0; i < 8; i++, j++)
|
||||
in[i] ^= block[j];
|
||||
des_ecb3_encrypt((des_cblock *)in,
|
||||
DES_ecb3_encrypt((des_cblock *)in,
|
||||
(des_cblock *)out,
|
||||
k1, k2, k1, DES_ENCRYPT);
|
||||
&k1, &k2, &k1, DES_ENCRYPT);
|
||||
memcpy(in, out, 8);
|
||||
}
|
||||
|
||||
|
@ -960,23 +962,23 @@ gpk_set_filekey(const u8 *key, const u8 *challenge,
|
|||
des_cblock out;
|
||||
int r = 0;
|
||||
|
||||
des_set_key_unchecked((des_cblock *) key, k1);
|
||||
des_set_key_unchecked((des_cblock *) (key+8), k2);
|
||||
DES_set_key_unchecked((des_cblock *) key, &k1);
|
||||
DES_set_key_unchecked((des_cblock *) (key+8), &k2);
|
||||
|
||||
des_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) kats,
|
||||
k1, k2, k1, DES_ENCRYPT);
|
||||
des_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) (kats+8),
|
||||
k2, k1, k2, DES_ENCRYPT);
|
||||
DES_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) kats,
|
||||
&k1, &k2, &k1, DES_ENCRYPT);
|
||||
DES_ecb3_encrypt((des_cblock *)(r_rn+4), (des_cblock *) (kats+8),
|
||||
&k2, &k1, &k2, DES_ENCRYPT);
|
||||
|
||||
/* Verify Cryptogram presented by the card terminal
|
||||
* XXX: what is the appropriate error code to return
|
||||
* here? INVALID_ARGS doesn't seem quite right
|
||||
*/
|
||||
des_set_key_unchecked((des_cblock *) kats, k1);
|
||||
des_set_key_unchecked((des_cblock *) (kats+8), k2);
|
||||
DES_set_key_unchecked((des_cblock *) kats, &k1);
|
||||
DES_set_key_unchecked((des_cblock *) (kats+8), &k2);
|
||||
|
||||
des_ecb3_encrypt((des_cblock *) challenge, &out,
|
||||
k1, k2, k1, DES_ENCRYPT );
|
||||
DES_ecb3_encrypt((des_cblock *) challenge, &out,
|
||||
&k1, &k2, &k1, DES_ENCRYPT );
|
||||
if (memcmp(r_rn, out+4, 4) != 0)
|
||||
r = SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
||||
|
@ -1567,8 +1569,8 @@ gpk_pkfile_load(struct sc_card *card, struct sc_cardctl_gpk_pkload *args)
|
|||
error(card->ctx, "No secure messaging key set!\n");
|
||||
return SC_ERROR_SECURITY_STATUS_NOT_SATISFIED;
|
||||
}
|
||||
des_set_key_unchecked((des_cblock *) priv->key, k1);
|
||||
des_set_key_unchecked((des_cblock *) (priv->key+8), k2);
|
||||
DES_set_key_unchecked((des_cblock *) priv->key, &k1);
|
||||
DES_set_key_unchecked((des_cblock *) (priv->key+8), &k2);
|
||||
for (n = 0; n < args->datalen; n += 8) {
|
||||
des_ecb2_encrypt((des_cblock *) (args->data + n),
|
||||
(des_cblock *) (temp + n),
|
||||
|
|
|
@ -94,6 +94,7 @@ int usbtoken_reader_init(struct sc_context *ctx, void **priv_data) {
|
|||
bzero(myprivslot,sizeof(struct usbtoken_privslot));
|
||||
myreader->slot[0].drv_data=myprivslot;
|
||||
|
||||
myprivslot->fd = -1;
|
||||
myprivslot->sa_un.sun_family=AF_UNIX;
|
||||
snprintf(myprivslot->sa_un.sun_path,
|
||||
sizeof(myprivslot->sa_un.sun_path), SRVSOCKET, i);
|
||||
|
@ -127,6 +128,7 @@ int usbtoken_reader_release(struct sc_reader *reader) {
|
|||
SC_FUNC_CALLED(reader->ctx, 4);
|
||||
myprivslot = reader->slot[0].drv_data;
|
||||
if (myprivslot) {
|
||||
if (myprivslot->fd >= 0)
|
||||
close (myprivslot->fd);
|
||||
free(myprivslot);
|
||||
}
|
||||
|
@ -163,6 +165,7 @@ int usbtoken_reader_unix_cmd(struct sc_reader *reader,
|
|||
SC_FUNC_CALLED(reader->ctx, 4);
|
||||
myprivslot = slot->drv_data;
|
||||
|
||||
assert(myprivslot->fd >= 0);
|
||||
rc = write(myprivslot->fd, &cmd, sizeof(cmd));
|
||||
if (rc != sizeof(cmd)) {
|
||||
error(reader->ctx, "usbtoken_reader_unix_cmd write failed\n");
|
||||
|
@ -200,7 +203,7 @@ int usbtoken_reader_connect(struct sc_reader *reader,
|
|||
|
||||
if (rc < 0) {
|
||||
close(myprivslot->fd);
|
||||
myprivslot->fd=0;
|
||||
myprivslot->fd=-1;
|
||||
error(reader->ctx, "usbtoken_reader_connect connect failed\n");
|
||||
return SC_ERROR_CARD_NOT_PRESENT;
|
||||
}
|
||||
|
@ -226,7 +229,10 @@ int usbtoken_reader_disconnect(struct sc_reader *reader,
|
|||
|
||||
SC_FUNC_CALLED(reader->ctx, 4);
|
||||
myprivslot = slot->drv_data;
|
||||
if (myprivslot->fd >= 0) {
|
||||
close (myprivslot->fd);
|
||||
myprivslot->fd = -1;
|
||||
}
|
||||
|
||||
return SC_NO_ERROR;
|
||||
}
|
||||
|
@ -241,6 +247,7 @@ int usbtoken_reader_transmit(struct sc_reader *reader,
|
|||
SC_FUNC_CALLED(reader->ctx, 4);
|
||||
myprivslot = slot->drv_data;
|
||||
|
||||
assert(myprivslot->fd >= 0);
|
||||
if (sendsize > 1023) {
|
||||
error(reader->ctx, "usbtoken_reader_transmit sendsize %d too big\n", sendsize);
|
||||
return SC_ERROR_READER;
|
||||
|
|
|
@ -159,6 +159,7 @@ extern void sc_pkcs15init_set_callbacks(struct sc_pkcs15init_callbacks *);
|
|||
extern int sc_pkcs15init_bind(struct sc_card *, const char *,
|
||||
struct sc_profile **);
|
||||
extern void sc_pkcs15init_unbind(struct sc_profile *);
|
||||
extern int sc_pkcs15init_set_lifecycle(sc_card_t *card, int lcycle);
|
||||
extern int sc_pkcs15init_erase_card(struct sc_card *,
|
||||
struct sc_profile *);
|
||||
extern int sc_pkcs15init_add_app(struct sc_card *,
|
||||
|
|
|
@ -41,6 +41,7 @@
|
|||
#endif
|
||||
#include <assert.h>
|
||||
#ifdef HAVE_OPENSSL
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
|
|
|
@ -286,7 +286,7 @@ int p15_eid_auth(scam_context * sctx, int argc, const char **argv,
|
|||
const char *user, const char *password)
|
||||
{
|
||||
scam_method_data *data = (scam_method_data *) sctx->method_data;
|
||||
u8 random_data[20], chg[256], txt[256];
|
||||
u8 random_data[20], chg[256];
|
||||
int r, err = SCAM_FAILED, chglen;
|
||||
EVP_PKEY *pubkey = NULL;
|
||||
X509 *cert = NULL;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
## Makefile.am -- Process this file with automake to produce Makefile.in
|
||||
|
||||
plugindir = $(PLUGINDIR)
|
||||
openscdir = @libdir@/opensc
|
||||
|
||||
MAINTAINERCLEANFILES = Makefile.in
|
||||
|
||||
|
@ -12,7 +13,7 @@ INCLUDES = @CFLAGS_OPENSC@ @CFLAGS_ASSUAN@
|
|||
|
||||
if HAVE_SSL
|
||||
if HAVE_ASSUAN
|
||||
plugin_LTLIBRARIES = opensc-signer.la
|
||||
opensc_LTLIBRARIES = opensc-signer.la
|
||||
endif
|
||||
endif
|
||||
|
||||
|
@ -26,5 +27,5 @@ noinst_HEADERS = opensc-crypto.h opensc-support.h \
|
|||
npinclude/jritypes.h npinclude/npapi.h \
|
||||
npinclude/npupp.h npinclude/npunix.c
|
||||
|
||||
install-exec-local: install-pluginLTLIBRARIES
|
||||
-rm -f $(DESTDIR)$(plugindir)/opensc-signer.a $(DESTDIR)$(plugindir)/opensc-signer.la
|
||||
install-exec-local: install-openscLTLIBRARIES
|
||||
-$(LN_S) -f $(openscdir)/opensc-signer.so $(DESTDIR)$(plugindir)/
|
||||
|
|
|
@ -59,7 +59,7 @@ const struct option options[] = {
|
|||
{ "input-file", 1, 0, 'i' },
|
||||
{ "output-file", 1, 0, 'o' },
|
||||
{ "module", 1, 0, OPT_MODULE },
|
||||
{ "verbose", 0, 0, 'v' },
|
||||
{ "quiet", 0, 0, 'q' },
|
||||
|
||||
{ "test", 0, 0, 't' },
|
||||
{ 0, 0, 0, 0 }
|
||||
|
@ -82,14 +82,14 @@ const char *option_help[] = {
|
|||
"Specify the input file",
|
||||
"Specify the output file",
|
||||
"Specify the module to load",
|
||||
"Verbose output",
|
||||
"Quiet operation",
|
||||
|
||||
"Test (best used with the --login or --pin option)",
|
||||
};
|
||||
|
||||
const char * app_name = "pkcs11-tool"; /* for utils.c */
|
||||
|
||||
static int opt_verbose = 0;
|
||||
static int opt_quiet = 0;
|
||||
static const char * opt_input = NULL;
|
||||
static const char * opt_output = NULL;
|
||||
static const char * opt_module = NULL;
|
||||
|
@ -168,7 +168,7 @@ main(int argc, char * const argv[])
|
|||
CK_RV rv;
|
||||
|
||||
while (1) {
|
||||
c = getopt_long(argc, argv, "ILMOhi:lm:o:p:scvt",
|
||||
c = getopt_long(argc, argv, "ILMOhi:lm:o:p:scqt",
|
||||
options, &long_optind);
|
||||
if (c == -1)
|
||||
break;
|
||||
|
@ -227,8 +227,8 @@ main(int argc, char * const argv[])
|
|||
do_test = 1;
|
||||
action_count++;
|
||||
break;
|
||||
case 'v':
|
||||
opt_verbose++;
|
||||
case 'q':
|
||||
opt_quiet++;
|
||||
break;
|
||||
case OPT_SLOT:
|
||||
opt_slot = (CK_SLOT_ID) atoi(optarg);
|
||||
|
@ -406,13 +406,13 @@ list_slots(void)
|
|||
printf("(GetSlotInfo failed, error %u)\n", (unsigned int) rv);
|
||||
continue;
|
||||
}
|
||||
if (!opt_verbose && !(info.flags & CKF_TOKEN_PRESENT)) {
|
||||
if (opt_quiet && !(info.flags & CKF_TOKEN_PRESENT)) {
|
||||
printf("(empty)\n");
|
||||
continue;
|
||||
}
|
||||
printf("%s\n", p11_utf8_to_local(info.slotDescription,
|
||||
sizeof(info.slotDescription)));
|
||||
if (opt_verbose) {
|
||||
if (!opt_quiet) {
|
||||
printf(" manufacturer: %s\n", p11_utf8_to_local(info.manufacturerID,
|
||||
sizeof(info.manufacturerID)));
|
||||
printf(" hardware ver: %u.%u\n",
|
||||
|
@ -435,7 +435,7 @@ show_token(CK_SLOT_ID slot)
|
|||
|
||||
get_token_info(slot, &info);
|
||||
|
||||
if (!(info.flags & CKF_TOKEN_INITIALIZED) && !opt_verbose) {
|
||||
if (!(info.flags & CKF_TOKEN_INITIALIZED) && opt_quiet) {
|
||||
printf(" token state: uninitialized\n");
|
||||
return;
|
||||
}
|
||||
|
@ -1453,7 +1453,7 @@ test_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session)
|
|||
|
||||
static int
|
||||
wrap_unwrap(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
||||
EVP_CIPHER *algo, CK_OBJECT_HANDLE privKeyObject)
|
||||
const EVP_CIPHER *algo, CK_OBJECT_HANDLE privKeyObject)
|
||||
{
|
||||
#ifndef HAVE_OPENSSL
|
||||
printf("No OpenSSL support, unable to validate C_Unwrap\n");
|
||||
|
|
Loading…
Reference in New Issue