[opensc-devel] engine_pkcs11: Slot selecting

Wed, 16 Apr 2008 05:53:28 -0700 

Hi,

engine_pkcs11 uses a special format to identify a key or cert stored on a token 
in a specific slot. This is the parameter "s_slot_cert_id" for 
"pkcs11_load_cert" and "s_slot_key_id" for "pkcs11_load_key". If this parameter 
is left empty, it means "use the first key/cert on the first token found". But 
what I (and maybe others) need is "use the first key/cert on a given slot". 
This cannot be achieved with the current code, because if one gives a slot-id, 
a cert-id has to be given too (e.g. "1:45").

The following diff is my approach to allow e.g. "1:", which in this case means 
"use the first key/cert on slot 1":


*** config/patch/engine_pkcs11-0.1.4/engine_pkcs11.c    2008-04-03 
16:41:26.000000000 +0200
--- engine_pkcs11-0.1.4/src/engine_pkcs11.c     2007-07-04 02:18:31.000000000 
+0200
***************
*** 461,471 ****
  
        if (verbose) {
                fprintf(stderr, "Found %u cert%s:\n", count,
                        (count <= 1) ? "" : "s");
        }
!       if (cert_id_len != 0) {
                for (n = 0; n < count; n++) {
                        PKCS11_CERT *k = certs + n;
  
                        if (cert_id_len != 0 && k->id_len == cert_id_len &&
                            memcmp(k->id, cert_id, cert_id_len) == 0) {
--- 461,471 ----
  
        if (verbose) {
                fprintf(stderr, "Found %u cert%s:\n", count,
                        (count <= 1) ? "" : "s");
        }
!       if ((s_slot_cert_id && *s_slot_cert_id) || (cert_id_len == 0)) {
                for (n = 0; n < count; n++) {
                        PKCS11_CERT *k = certs + n;
  
                        if (cert_id_len != 0 && k->id_len == cert_id_len &&
                            memcmp(k->id, cert_id, cert_id_len) == 0) {
***************
*** 700,710 ****
  
        if (verbose) {
                fprintf(stderr, "Found %u key%s:\n", count,
                        (count <= 1) ? "" : "s");
        }
!       if (key_label || (key_id_len != 0)) {
                for (n = 0; n < count; n++) {
                        PKCS11_KEY *k = keys + n;
  
                        if (verbose) {
                                fprintf(stderr, "  %2u %c%c %s\n", n + 1,
--- 700,710 ----
  
        if (verbose) {
                fprintf(stderr, "Found %u key%s:\n", count,
                        (count <= 1) ? "" : "s");
        }
!       if (s_slot_key_id && *s_slot_key_id) {
                for (n = 0; n < count; n++) {
                        PKCS11_KEY *k = keys + n;
  
                        if (verbose) {
                                fprintf(stderr, "  %2u %c%c %s\n", n + 1,



I'm using this code for a while now, and it seems to work fine. Can the 
engine_pkcs11 developers take this change into consideration?


Greetings,

Stefan Blomen
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to