Hello,
>if C_Initialize is called the second card blocks if there is already an
open session. C_Initialize looks at all readers, whether in use or not.
>The calling chain is:
>C_Initialize
>-> __card_detect_all
>-> card_detect
>-> pkcs15_bind
>-> sc_pkcs15_bind
>-> sc_lock
>-> pcsc_lock
>-> SCardBeginTransaction
>-> SYS_Usleep
>-> _nanosleep_nocancel
>is there a way to find out if a reader is already in use?
>or is there an option so pcsc_lock could fail if the reader is locked,
rather than wait?
I made a workaround. The idea is to pre select a reader while loading the
engine. The openssl engine works only with the pre selected
reader. It's little bit dirty, but it is working. SELECT_READER command
works with one or more readers.
If you don't use it, all readers will be used (as usual).
The changes are in engine_pkcs11 and libp11.
Juergen
Example :
openssl
>engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre
ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:/usr/lib/opensc-pkcs11.so -pre SELECT_READER:0
or
>engine -t dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre
ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre
MODULE_PATH:/usr/lib/opensc-pkcs11.so -pre SELECT_READER:0,2
Based on libp11-0.2.1
############################################################################
########
diff -udrNPpr libp11-0.2.1/rsaref/pkcs11f.h ../libp11-0.2.1/rsaref/pkcs11f.h
--- libp11-0.2.1/rsaref/pkcs11f.h 2005-10-30 13:48:02.000000000 +0100
+++ ../libp11-0.2.1/rsaref/pkcs11f.h 2006-04-21 09:11:40.000000000 +0200
@@ -910,3 +910,10 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEve
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
);
#endif
+
+CK_PKCS11_FUNCTION_INFO(C_PreInitialize)
+#ifdef CK_NEED_ARG_LIST
+(
+ int *piPreInit /* reserved. Should be NULL_PTR */
+);
+#endif
diff -udrNPpr libp11-0.2.1/src/libp11.h ../libp11-0.2.1/src/libp11.h
--- libp11-0.2.1/src/libp11.h 2005-11-23 21:37:39.000000000 +0100
+++ ../libp11-0.2.1/src/libp11.h 2006-04-21 09:01:57.000000000 +0200
@@ -117,6 +117,9 @@ extern PKCS11_CTX *PKCS11_CTX_new(void);
*/
extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident);
+extern int PKCS11_CTX_preinit_readers(int *readers);
+
+
/**
* Unload a PKCS#11 module
*
diff -udrNPpr libp11-0.2.1/src/p11_load.c ../libp11-0.2.1/src/p11_load.c
--- libp11-0.2.1/src/p11_load.c 2005-10-30 13:48:03.000000000 +0100
+++ ../libp11-0.2.1/src/p11_load.c 2006-04-21 09:03:55.000000000 +0200
@@ -21,6 +21,11 @@
static void *handle = NULL;
+#define SC_MAX_READERS 16
+
+int preinit_reader[SC_MAX_READERS];
+int preinit_readers=0;
+
/*
* Create a new context
*/
@@ -39,6 +44,18 @@ PKCS11_CTX *PKCS11_CTX_new(void)
return ctx;
}
+int PKCS11_CTX_preinit_readers(int *readers)
+{
+ preinit_readers=0;
+ if ( readers!=NULL )
+ {
+ preinit_readers=1;
+ }
+
+ return 0;
+}
+
+
/*
* Load the shared library, and initialize it.
*/
@@ -58,6 +75,9 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, co
return -1;
}
+ if ( preinit_readers==1)
+ rv = priv->method->C_PreInitialize(preinit_reader);
+
/* Tell the PKCS11 to initialize itself */
rv = priv->method->C_Initialize(NULL);
CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv);
@@ -72,6 +92,7 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, co
return 0;
}
+
/*
* Unload the shared library
*/
diff -udrNPpr libp11-0.2.1/src/p11_slot.c ../libp11-0.2.1/src/p11_slot.c
--- libp11-0.2.1/src/p11_slot.c 2005-10-30 13:48:03.000000000 +0100
+++ ../libp11-0.2.1/src/p11_slot.c 2006-01-25 14:22:55.000000000 +0100
@@ -128,10 +128,12 @@ int PKCS11_login(PKCS11_SLOT * slot, int
if (PKCS11_open_session(slot, so))
return -1;
}
+
+
rv = CRYPTOKI_call(ctx, C_Login(priv->session,
so ? CKU_SO : CKU_USER,
- (CK_UTF8CHAR *) pin, strlen(pin)));
+ (CK_UTF8CHAR *) pin, pin ?
strlen(pin) : 0 ));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGIN, rv);
priv->loggedIn = 1;
return 0;
[EMAIL PROTECTED]:~/newopensc/org# diff -udrNPpr libp11-0.2.1 ../libp11-0.2.1
diff -udrNPpr libp11-0.2.1/rsaref/pkcs11f.h ../libp11-0.2.1/rsaref/pkcs11f.h
--- libp11-0.2.1/rsaref/pkcs11f.h 2005-10-30 13:48:02.000000000 +0100
+++ ../libp11-0.2.1/rsaref/pkcs11f.h 2006-04-21 09:11:40.000000000 +0200
@@ -910,3 +910,10 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEve
CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
);
#endif
+
+CK_PKCS11_FUNCTION_INFO(C_PreInitialize)
+#ifdef CK_NEED_ARG_LIST
+(
+ int *piPreInit /* reserved. Should be NULL_PTR */
+);
+#endif
diff -udrNPpr libp11-0.2.1/src/libp11.h ../libp11-0.2.1/src/libp11.h
--- libp11-0.2.1/src/libp11.h 2005-11-23 21:37:39.000000000 +0100
+++ ../libp11-0.2.1/src/libp11.h 2006-04-21 09:01:57.000000000 +0200
@@ -117,6 +117,9 @@ extern PKCS11_CTX *PKCS11_CTX_new(void);
*/
extern int PKCS11_CTX_load(PKCS11_CTX * ctx, const char * ident);
+extern int PKCS11_CTX_preinit_readers(int *readers);
+
+
/**
* Unload a PKCS#11 module
*
diff -udrNPpr libp11-0.2.1/src/p11_load.c ../libp11-0.2.1/src/p11_load.c
--- libp11-0.2.1/src/p11_load.c 2005-10-30 13:48:03.000000000 +0100
+++ ../libp11-0.2.1/src/p11_load.c 2006-04-21 09:03:55.000000000 +0200
@@ -21,6 +21,11 @@
static void *handle = NULL;
+#define SC_MAX_READERS 16
+
+int preinit_reader[SC_MAX_READERS];
+int preinit_readers=0;
+
/*
* Create a new context
*/
@@ -39,6 +44,18 @@ PKCS11_CTX *PKCS11_CTX_new(void)
return ctx;
}
+int PKCS11_CTX_preinit_readers(int *readers)
+{
+ preinit_readers=0;
+ if ( readers!=NULL )
+ {
+ preinit_readers=1;
+ }
+
+ return 0;
+}
+
+
/*
* Load the shared library, and initialize it.
*/
@@ -58,6 +75,9 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, co
return -1;
}
+ if ( preinit_readers==1)
+ rv = priv->method->C_PreInitialize(preinit_reader);
+
/* Tell the PKCS11 to initialize itself */
rv = priv->method->C_Initialize(NULL);
CRYPTOKI_checkerr(PKCS11_F_PKCS11_CTX_LOAD, rv);
@@ -72,6 +92,7 @@ int PKCS11_CTX_load(PKCS11_CTX * ctx, co
return 0;
}
+
/*
* Unload the shared library
*/
diff -udrNPpr libp11-0.2.1/src/p11_slot.c ../libp11-0.2.1/src/p11_slot.c
--- libp11-0.2.1/src/p11_slot.c 2005-10-30 13:48:03.000000000 +0100
+++ ../libp11-0.2.1/src/p11_slot.c 2006-01-25 14:22:55.000000000 +0100
@@ -128,10 +128,12 @@ int PKCS11_login(PKCS11_SLOT * slot, int
if (PKCS11_open_session(slot, so))
return -1;
}
+
+
rv = CRYPTOKI_call(ctx, C_Login(priv->session,
so ? CKU_SO : CKU_USER,
- (CK_UTF8CHAR *) pin, strlen(pin)));
+ (CK_UTF8CHAR *) pin, pin ?
strlen(pin) : 0 ));
CRYPTOKI_checkerr(PKCS11_F_PKCS11_LOGIN, rv);
priv->loggedIn = 1;
return 0;
############################################################################
########
Based on engine_pkcs11-0.1.3
############################################################################
########
diff -udrNPpr engine_pkcs11-0.1.3/src/engine_pkcs11.c
../engine_pkcs11-0.1.3/src/engine_pkcs11.c
--- engine_pkcs11-0.1.3/src/engine_pkcs11.c 2005-11-23
21:43:53.000000000 +0100
+++ ../engine_pkcs11-0.1.3/src/engine_pkcs11.c 2006-04-26
17:12:48.591449504 +0200
@@ -41,6 +41,7 @@
/** The maximum length of an internally-allocated PIN */
#define MAX_PIN_LENGTH 12
+#define SC_MAX_READERS 16
PKCS11_CTX *ctx;
@@ -57,6 +58,33 @@ int verbose = 0;
char *module = NULL;
int default_module = 1;
+int preinit_readers = 0;
+
+int preinit_reader[SC_MAX_READERS];
+
+int set_pre_select(const char *reader)
+{
+int i=0;
+ preinit_readers=0;
+ for ( i=0; i<SC_MAX_READERS; i++)
+ preinit_reader[i]=0;
+
+
+char * pch=NULL;
+int itmp=0;
+
+ pch=strtok(reader,",");
+
+ while (pch != NULL){
+ sscanf( pch, "%d",&itmp);
+ preinit_reader[itmp]=1;
+ pch = strtok (NULL, ",");
+ }
+
+ preinit_reader=1;
+ return 1;
+}
+
int set_module(const char *modulename)
{
module = strdup (modulename);
@@ -143,10 +171,16 @@ int pkcs11_init(ENGINE * engine)
fprintf(stderr, "initializing engine\n");
}
ctx = PKCS11_CTX_new();
+ if ( preinit_readers==1 )
+ {
+ PKCS11_CTX_preinit_readers(preinit_reader);
+ }
if (PKCS11_CTX_load(ctx, module) < 0) {
fprintf(stderr, "unable to load module %s\n", module);
return 0;
}
+
+
return 1;
}
diff -udrNPpr engine_pkcs11-0.1.3/src/hw_pkcs11.c
../engine_pkcs11-0.1.3/src/hw_pkcs11.c
--- engine_pkcs11-0.1.3/src/hw_pkcs11.c 2005-11-23 21:43:53.000000000 +0100
+++ ../engine_pkcs11-0.1.3/src/hw_pkcs11.c 2006-04-21
08:41:57.000000000 +0200
@@ -80,6 +80,7 @@
#define CMD_VERBOSE (ENGINE_CMD_BASE+3)
#define CMD_QUIET (ENGINE_CMD_BASE+4)
#define CMD_LOAD_CERT_CTRL (ENGINE_CMD_BASE+5)
+#define CMD_PRE_SELECT_READER (ENGINE_CMD_BASE+6)
static int pkcs11_engine_destroy(ENGINE * e);
static int pkcs11_engine_ctrl(ENGINE * e, int cmd, long i, void *p, void
(*f) ());
@@ -113,6 +114,10 @@ static const ENGINE_CMD_DEFN pkcs11_cmd_
"LOAD_CERT_CTRL",
"Get the certificate from card",
ENGINE_CMD_FLAG_INTERNAL},
+ {CMD_PRE_SELECT_READER,
+ "SELECT_READER",
+ "Pre select reader",
+ ENGINE_CMD_FLAG_STRING},
{0, NULL, NULL, 0}
};
@@ -134,6 +139,9 @@ static int pkcs11_engine_ctrl(ENGINE * e
return inc_verbose();
case CMD_LOAD_CERT_CTRL:
return load_cert_ctrl(e, p);
+ case CMD_PRE_SELECT_READER:
+ return set_pre_select((const char *) p);
+
default:
break;
}
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
