Am Dienstag 16 März 2010 17:42:06 schrieb OpenSC:
> #203: pkcs11-tool --list-slots returns invalid slot
> ---------------------+-----------------------------------------------------
> - Reporter: jmpoure | Owner: opensc-de...@…
> Type: defect | Status: closed
> Priority: normal | Milestone:
> Component: pkcs11 | Version: trunk
> Severity: normal | Resolution: fixed
> Keywords: |
> ---------------------+-----------------------------------------------------
> Comment(by martin):
>
> There's a bug in engine_pkcs11, it tries to use a slot id that is not in
> the list of slots returned by C_GetSlotList
>
> With the hash style ID-s used internally by OpenSC (and by other PKCS#11
> providers as well) there's not requirement to give the slot ID. The ID can
> be searched from all available tokens without first logging in. If the
> slot ID is present, a C_Login can be done before.
>
/* third: id_<id> */
if (strncmp(slot_id, "id_", 3) == 0) {
if (strspn(slot_id + 3, HEXDIGITS) + 3 != strlen(slot_id)) {
fprintf(stderr, "could not parse string!\n");
return 0;
}
/* ah, rest is hex */
if ((strlen(slot_id) - 3 + 1) / 2 > *id_len) {
fprintf(stderr, "id string too long!\n");
return 0;
}
*slot = 0;
return hex_to_bin(slot_id + 3, id, id_len);
}
if only "id_" is given, but no slot info, then engine_pkcs11 defaults to
slot 0. what would be a better default? it doesn't search all slots for
a card.
that would be bad to implement I think: if a user has several readers,
and one app uses one of them already, then searching one app would block
in the pcsc connect I think, right? that would lock up the application
using engine_pkcs11 plus opensc-pkcs11.so?
so maybe we need a better default or better error message. but in general
I think engine_pkcs11 does the right thing.
Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
