hi all,
we're in the process of rolling out Aladdin eToken PRO 32K USB smart
tokens for security on Windows and Linux; we want to use them to
generate so-called grid proxies , which are short-lived SSL
certificates, more or less. To achieve this I've very thankfully made
use of the OpenSC tools. During the course of my work I ran into two
minor bugs in engine_pkcs11
- PIN code of length 12 can cause random coredumps; I've also increased
the max PIN length to 31 as our eTokens support longer PIN's than 12 chars.
- using the openssl CAkey specify SLOT:ID does not work when the ID
contains the letters A-F
To fix this was fairly trivial but, as this is open source software, I
want to donate the patch to the "common good" :-)
Attached is the patch in 'diff -u' format.
share and enjoy,
JJK
System Integrator
Nikhef
Amsterdam
(shameless plug: see
http://www.nikhef.nl/pub/projects/grid/gridwiki/index.php/Using_an_Aladdin_eToken_PRO_to_store_grid_certificates
for the Wiki on our etoken stuff ;-))
--- engine_pkcs11-0.1.3/src/engine_pkcs11.c 2005-11-23 21:43:53.000000000 +0100
+++ engine_pkcs11-0.1.3-jjk/src/engine_pkcs11.c 2007-05-30 20:07:51.000000000 +0200
@@ -40,7 +40,7 @@
#define fail(msg) { fprintf(stderr,msg); return NULL;}
/** The maximum length of an internally-allocated PIN */
-#define MAX_PIN_LENGTH 12
+#define MAX_PIN_LENGTH 31
PKCS11_CTX *ctx;
@@ -247,7 +247,7 @@
*id_len = 0;
return 1;
}
- if (strspn(slot_id+i,"0123456789")+i != strlen(slot_id)) {
+ if (strspn(slot_id+i,"01234567890ABCDEFabcdef")+i != strlen(slot_id)) {
fprintf(stderr,"could not parse string!\n");
return 0;
}
@@ -262,7 +262,7 @@
/* third: id_<id> */
if ( strncmp(slot_id, "id_",3) == 0) {
- if (strspn(slot_id+3,"0123456789")+3 != strlen(slot_id)) {
+ if (strspn(slot_id+3,"01234567890ABCDEFabcdef")+3 != strlen(slot_id)) {
fprintf(stderr,"could not parse string!\n");
return 0;
}
@@ -305,7 +305,7 @@
/* now followed by "id_" */
if ( strncmp(slot_id+i, "id_",3) == 0) {
- if (strspn(slot_id+i+3,"0123456789")+3+i != strlen(slot_id)) {
+ if (strspn(slot_id+i+3,"01234567890ABCDEFabcdef")+3+i != strlen(slot_id)) {
fprintf(stderr,"could not parse string!\n");
return 0;
}
@@ -602,8 +602,10 @@
pin = NULL;
}
}
- else if (pin == NULL) {
- pin = (char *) calloc(MAX_PIN_LENGTH, sizeof(char));
+ else if (pin == NULL) {
+ /* add extra space for end-of-string character.
+ the ui_method does not need it but strlen(pin) does */
+ pin = (char *) calloc(MAX_PIN_LENGTH+1, sizeof(char));
if (pin == NULL) {
fail("Could not allocate memory for PIN");
}
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
