Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-11-21 19:42:24 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

system/coolkey: Included several upstream patches

Browse source 
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
This commit is contained in:
Andy Bailey 2011-01-10 20:52:19 -06:00 committed by Robby Workman
parent 4efe7dc1f1
commit aa4f663337
11 changed files with 2280 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
system/coolkey/coolkey.SlackBuild
View file

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
# Slackware build script for coolkey # Slackware build script for coolkey
@ -24,7 +24,7 @@
PRGNAM=coolkey PRGNAM=coolkey
VERSION=${VERSION:-1.1.0} VERSION=${VERSION:-1.1.0}
BUILD=${BUILD:-1} BUILD=${BUILD:-2}
TAG=${TAG:-_SBo} TAG=${TAG:-_SBo}
# Automatically determine the architecture we're building on: # Automatically determine the architecture we're building on:
@ -67,8 +67,20 @@ cd $PRGNAM-$VERSION
chown -R root:root . chown -R root:root .
chmod -R u+w,go+r-w,a-s . chmod -R u+w,go+r-w,a-s .
# Fixup some build errors on gcc43 # Redhat is dallying on a post 1.1.0 coolkey release
patch -p1 < $CWD/gcc-4.3.patch # but the cac and pcsc-lite fixes are necessary. These
# come directly from the rawhide srpm, currently -17
PATCHES="cache-dir-move \
gcc43 \
latest
simple-bugs \
thread-fix \
cac \
cac-1 \
pcsc-lite-fix"
for i in $PATCHES; do patch -p0 < $CWD/patches/coolkey-$i.patch; done
CFLAGS="$SLKCFLAGS" \ CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \

95
system/coolkey/gcc-4.3.patch
View file

@ -1,95 +0,0 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
## 01_coolkey_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Closes: #455658 FTBFS with GCC 4.3: #define redefined
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/coolkey.cpp coolkey-1.1.0/src/coolkey/coolkey.cpp
--- coolkey-1.1.0~/src/coolkey/coolkey.cpp 2007-02-14 20:54:01.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/coolkey.cpp 2008-01-06 14:12:35.000000000 +0100
@@ -34,7 +34,9 @@
#include "cky_base.h"
#include "params.h"
+#ifndef NULL
#define NULL 0
+#endif
/* static module data -------------------------------- */
#! /bin/sh /usr/share/dpatch/dpatch-run
## 02_log_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/log.cpp coolkey-1.1.0/src/coolkey/log.cpp
--- coolkey-1.1.0~/src/coolkey/log.cpp 2007-02-14 20:54:01.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/log.cpp 2008-01-06 14:18:11.000000000 +0100
@@ -17,6 +17,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* ***** END COPYRIGHT BLOCK *****/
+#include <stdlib.h>
+#include <string.h>
#include <string>
#include "mypkcs11.h"
#include <assert.h>
#! /bin/sh /usr/share/dpatch/dpatch-run
## 03_machdep_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/machdep.cpp coolkey-1.1.0/src/coolkey/machdep.cpp
--- coolkey-1.1.0~/src/coolkey/machdep.cpp 2007-02-14 01:46:28.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/machdep.cpp 2008-01-06 14:19:04.000000000 +0100
@@ -17,6 +17,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* ***** END COPYRIGHT BLOCK *****/
+#include <stdlib.h>
+#include <string.h>
#include "machdep.h"
#include "mypkcs11.h"
#include "PKCS11Exception.h"
#! /bin/sh /usr/share/dpatch/dpatch-run
## 04_object_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0~/src/coolkey/object.cpp coolkey-1.1.0/src/coolkey/object.cpp
--- coolkey-1.1.0~/src/coolkey/object.cpp 2007-02-09 19:53:21.000000000 +0100
+++ coolkey-1.1.0/src/coolkey/object.cpp 2008-01-06 14:22:42.000000000 +0100
@@ -17,6 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
* ***** END COPYRIGHT BLOCK *****/
+#include <string.h>
#include "mypkcs11.h"
#include "PKCS11Exception.h"
#include "object.h"
#! /bin/sh /usr/share/dpatch/dpatch-run
## 05_slot_cpp.dpatch by <rousseau@imac.maison.bogus>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: fix for g++ 4.3
@DPATCH@
diff -urNad coolkey-1.1.0.obsolete.0.590099710113467~/src/coolkey/slot.cpp coolkey-1.1.0.obsolete.0.590099710113467/src/coolkey/slot.cpp
--- coolkey-1.1.0.obsolete.0.590099710113467~/src/coolkey/slot.cpp 2008-01-06 14:27:32.000000000 +0100
+++ coolkey-1.1.0.obsolete.0.590099710113467/src/coolkey/slot.cpp 2008-01-06 14:27:58.000000000 +0100
@@ -33,7 +33,7 @@
#define MIN(x, y) ((x) < (y) ? (x) : (y))
-using std::auto_ptr;
+//using std::auto_ptr;
#ifdef DEBUG

28
system/coolkey/patches/coolkey-cac-1.patch Normal file
View file

@ -0,0 +1,28 @@
diff -up ./src/coolkey/object.cpp.cac-1 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.cac-1 2010-06-23 04:46:35.726198827 -0700
+++ ./src/coolkey/object.cpp 2010-06-23 04:47:28.073827862 -0700
@@ -505,6 +505,10 @@ dataStart(const CKYByte *buf, unsigned i
unsigned char tag;
unsigned int used_length= 0;
+ if(!buf) {
+ return NULL;
+ }
+
tag = buf[used_length++];
/* blow out when we come to the end */
diff -up ./src/coolkey/slot.cpp.cac-1 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.cac-1 2010-06-23 04:46:22.718371631 -0700
+++ ./src/coolkey/slot.cpp 2010-06-23 04:57:04.417774402 -0700
@@ -2192,6 +2192,10 @@ Slot::readCACCertificateFirst(CKYBuffer
if (throwException && (status != CKYSUCCESS)) {
handleConnectionError();
}
+
+ if(CKYBuffer_Size(cert) == 0) {
+ handleConnectionError();
+ }
return status;
}

1013
system/coolkey/patches/coolkey-cac.patch Normal file
View file

File diff suppressed because it is too large Load diff

177
system/coolkey/patches/coolkey-cache-dir-move.patch Normal file
View file

@ -0,0 +1,177 @@
Index: src/coolkey/machdep.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/machdep.cpp,v
retrieving revision 1.4
diff -u -r1.4 machdep.cpp
--- src/coolkey/machdep.cpp 14 Feb 2007 00:46:28 -0000 1.4
+++ src/coolkey/machdep.cpp 15 Aug 2007 01:41:11 -0000
@@ -185,12 +185,20 @@
#define MAP_INHERIT 0
#endif
+#ifndef BASEPATH
+#ifdef MAC
+#define BASEPATH "/var"
+#else
+#define BASEPATH "/var/cache"
+#endif
+#endif
+
#ifdef FULL_CLEANUP
#define RESERVED_OFFSET 256
-#define MEMSEGPATH "/tmp/.pk11ipc"
+#define MEMSEGPATH BASEPATH"/coolkey-lock"
#else
#define RESERVED_OFFSET 0
-#define MEMSEGPATH "/tmp/.pk11ipc1"
+#define MEMSEGPATH BASEPATH"/coolkey"
#endif
struct SHMemData {
@@ -208,11 +216,6 @@
#ifdef FULL_CLEANUP
flock(fd,LOCK_EX);
unsigned long ref = --(*(unsigned long *)addr);
-#ifdef notdef
- if (ref == 0) {
- unlink(path);
- }
-#endif
flock(fd, LOCK_UN);
#endif
munmap(addr,size+RESERVED_OFFSET);
@@ -225,6 +228,73 @@
}
}
+/*
+ * The cache directory is shared and accessible by anyone, make
+ * sure the cache file we are opening is really a valid cache file.
+ */
+int safe_open(char *path, int flags, int mode, int size)
+{
+ struct stat buf;
+ int fd, ret;
+
+ fd = open (path, flags|O_NOFOLLOW, mode);
+
+ if (fd < 0) {
+ return fd;
+ }
+
+ ret = fstat(fd, &buf);
+ if (ret < 0) {
+ close (fd);
+ return ret;
+ }
+
+ /* our cache files are pretty specific, make sure we are looking
+ * at the correct one */
+
+ /* first, we should own the file ourselves, don't open a file
+ * that someone else wanted us to see. */
+ if (buf.st_uid != getuid()) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* next, there should only be one link in this file. Don't
+ * use this code to trash another file */
+ if (buf.st_nlink != 1) {
+ close(fd);
+ errno = EMLINK;
+ return -1;
+ }
+
+ /* next, This better be a regular file */
+ if (!S_ISREG(buf.st_mode)) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* if the permissions don't match, something is wrong */
+ if ((buf.st_mode & 03777) != mode) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* finally the file should be the correct size. This
+ * check isn't so much to protect from an attack, as it is to
+ * detect a corrupted cache file */
+ if (buf.st_size != size) {
+ close(fd);
+ errno = EACCES;
+ return -1;
+ }
+
+ /* OK, the file checked out, ok to continue */
+ return fd;
+}
+
SHMem::SHMem(): shmemData(0) {}
SHMem *
@@ -248,7 +318,7 @@
return NULL;
}
int mask = umask(0);
- int ret = mkdir (MEMSEGPATH, 0777);
+ int ret = mkdir (MEMSEGPATH, 01777);
umask(mask);
if ((ret == -1) && (errno != EEXIST)) {
delete shmemData;
@@ -264,21 +334,16 @@
shmemData->path[sizeof(MEMSEGPATH)-1] = '/';
strcpy(&shmemData->path[sizeof(MEMSEGPATH)],name);
- int mode = 0777;
- if (strcmp(name,"token_names") != 0) {
- /* each user gets his own uid array */
- sprintf(uid_str, "-%u",getuid());
- strcat(shmemData->path,uid_str);
- mode = 0700;
- }
+ sprintf(uid_str, "-%u",getuid());
+ strcat(shmemData->path,uid_str);
+ int mode = 0600;
+
shmemData->fd = open(shmemData->path,
O_CREAT|O_RDWR|O_EXCL|O_APPEND|O_EXLOCK, mode);
- if (shmemData->fd < 0) {
- needInit = false;
- shmemData->fd = open(shmemData->path,O_RDWR|O_EXLOCK, mode);
- } else {
+ if (shmemData->fd >= 0) {
char *buf;
int len = size+RESERVED_OFFSET;
+ int ret;
buf = (char *)calloc(1,len);
if (!buf) {
@@ -289,8 +354,22 @@
delete shmemData;
return NULL;
}
- write(shmemData->fd,buf,len);
+ ret = write(shmemData->fd,buf,len);
+ if (ret != len) {
+ unlink(shmemData->path);
+#ifdef FULL_CLEANUP
+ flock(shmemData->fd, LOCK_UN);
+#endif
+ delete shmemData;
+ return NULL;
+ }
+
free(buf);
+ } else if (errno == EEXIST) {
+ needInit = false;
+
+ shmemData->fd = safe_open(shmemData->path,O_RDWR|O_EXLOCK, mode,
+ size+RESERVED_OFFSET);
}
if (shmemData->fd < 0) {
delete shmemData;

54
system/coolkey/patches/coolkey-gcc43.patch Normal file
View file

@ -0,0 +1,54 @@
diff -up ./src/coolkey/slot.cpp.coolkey-gcc43 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.coolkey-gcc43 2008-02-13 18:01:45.000000000 -0800
+++ ./src/coolkey/slot.cpp 2008-02-13 18:03:05.000000000 -0800
@@ -25,7 +25,6 @@
#include "PKCS11Exception.h"
#include <winscard.h>
#include "slot.h"
-#include <memory.h>
#include "zlib.h"
#include "params.h"
@@ -33,7 +32,6 @@
#define MIN(x, y) ((x) < (y) ? (x) : (y))
-using std::auto_ptr;
#ifdef DEBUG
diff -up ./src/coolkey/machdep.cpp.coolkey-gcc43 ./src/coolkey/machdep.cpp
--- ./src/coolkey/machdep.cpp.coolkey-gcc43 2008-02-13 18:02:06.000000000 -0800
+++ ./src/coolkey/machdep.cpp 2008-02-13 18:04:04.000000000 -0800
@@ -33,6 +33,8 @@
#include <sys/stat.h>
#include <sys/mman.h>
#include <pthread.h>
+#include <string.h>
+#include <stdlib.h>
#endif
#ifdef _WIN32
diff -up ./src/coolkey/log.cpp.coolkey-gcc43 ./src/coolkey/log.cpp
--- ./src/coolkey/log.cpp.coolkey-gcc43 2008-02-13 18:01:55.000000000 -0800
+++ ./src/coolkey/log.cpp 2008-02-13 18:03:37.000000000 -0800
@@ -18,6 +18,8 @@
* ***** END COPYRIGHT BLOCK *****/
#include <string>
+#include <string.h>
+#include <stdlib.h>
#include "mypkcs11.h"
#include <assert.h>
#include <stdio.h>
diff -up ./src/coolkey/object.cpp.coolkey-gcc43 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.coolkey-gcc43 2008-02-13 18:02:20.000000000 -0800
+++ ./src/coolkey/object.cpp 2008-02-13 18:04:22.000000000 -0800
@@ -21,6 +21,7 @@
#include "PKCS11Exception.h"
#include "object.h"
#include <algorithm>
+#include <string.h>
using std::find_if;

685
system/coolkey/patches/coolkey-latest.patch Normal file
View file

@ -0,0 +1,685 @@
diff -up ./src/coolkey/slot.cpp.coolkey-latest ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.coolkey-latest 2009-09-11 13:58:24.423487305 -0700
+++ ./src/coolkey/slot.cpp 2009-09-11 14:04:30.813488220 -0700
@@ -203,6 +203,29 @@ SlotList::readerExists(const char *reade
return FALSE;
}
+bool
+SlotList::readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList)
+{
+ if( !readerName || !readerNameList) {
+ return FALSE;
+ }
+
+ int i = 0;
+ int readerNameCnt = CKYReaderNameList_GetCount(*readerNameList);
+
+ const char *curReaderName = NULL;
+ for(i=0; i < readerNameCnt; i++) {
+ curReaderName = CKYReaderNameList_GetValue(*readerNameList,i);
+
+ if(!strcmp(curReaderName,readerName)) {
+ return TRUE;
+ }
+
+ }
+
+ return FALSE;
+}
+
/*
* you need to hold the ReaderList Lock before you can update the ReaderList
*/
@@ -256,6 +279,27 @@ SlotList::updateReaderList()
* don't recognize.
*/
+ /* first though, let's check to see if any previously removed readers have
+ * come back from the dead. If the ignored bit has been set, we do not need
+ * it any more.
+ */
+
+ const char *curReaderName = NULL;
+ unsigned long knownState = 0;
+ for(int ri = 0 ; ri < numReaders; ri ++) {
+
+ knownState = CKYReader_GetKnownState(&readerStates[ri]);
+ if( !(knownState & SCARD_STATE_IGNORE)) {
+ continue;
+ }
+
+ curReaderName = CKYReader_GetReaderName(&readerStates[ri]);
+ if(readerNameExistsInList(curReaderName,&readerNames)) {
+ CKYReader_SetKnownState(&readerStates[ri], knownState & ~SCARD_STATE_IGNORE);
+
+ }
+ }
+
const char *newReadersData[MAX_READER_DELTA];
const char **newReaders = &newReadersData[0];
unsigned int newReaderCount = 0;
@@ -528,7 +572,7 @@ SlotList::getSlotList(CK_BBOOL tokenPres
void
Slot::connectToToken()
{
- CKYStatus status;
+ CKYStatus status = CKYSCARDERR;
OSTime time = OSTimeNow();
mCoolkey = 0;
@@ -537,13 +581,31 @@ Slot::connectToToken()
// try to connect to the card
if( ! CKYCardConnection_IsConnected(conn) ) {
- status = CKYCardConnection_Connect(conn, readerName);
- if( status != CKYSUCCESS ) {
- log->log("Unable to connect to token\n");
+ int i = 0;
+ //for cranky readers try again a few more times
+ while( i++ < 5 && status != CKYSUCCESS )
+ {
+ status = CKYCardConnection_Connect(conn, readerName);
+ if( status != CKYSUCCESS &&
+ CKYCardConnection_GetLastError(conn) == SCARD_E_PROTO_MISMATCH )
+ {
+ log->log("Unable to connect to token status %d ConnGetGetLastError %x .\n",status,CKYCardConnection_GetLastError(conn));
+
+ }
+ else
+ {
+ break;
+ }
+ OSSleep(100000);
+ }
+
+ if( status != CKYSUCCESS)
+ {
state = UNKNOWN;
return;
}
}
+
log->log("time connect: Connect Time %d ms\n", OSTimeNow() - time);
if (!slotInfoFound) {
readSlotInfo();
@@ -562,15 +624,10 @@ Slot::connectToToken()
state = CARD_PRESENT;
}
- if ( CKYBuffer_DataIsEqual(&cardATR, ATR, sizeof (ATR)) ||
- CKYBuffer_DataIsEqual(&cardATR, ATR1, sizeof(ATR1)) ||
- CKYBuffer_DataIsEqual(&cardATR, ATR2, sizeof(ATR2)) ) {
-
- if (Params::hasParam("noAppletOK"))
- {
- state |= APPLET_SELECTABLE;
- mCoolkey = 1;
- }
+ if (Params::hasParam("noAppletOK"))
+ {
+ state |= APPLET_SELECTABLE;
+ mCoolkey = 1;
}
/* support CAC card. identify the card based on applets, not the ATRS */
@@ -631,7 +688,7 @@ Slot::connectToToken()
* unfriendly */
isVersion1Key = 0;
needLogin = 1;
-
+ mCoolkey = 0;
return;
}
mCoolkey = 1;
@@ -1077,6 +1134,7 @@ SlotList::waitForSlotEvent(CK_FLAGS flag
}
throw;
}
+
if (myNumReaders != numReaders) {
if (myReaderStates) {
delete [] myReaderStates;
@@ -1103,6 +1161,7 @@ SlotList::waitForSlotEvent(CK_FLAGS flag
}
}
}
+
if (found || (flag == CKF_DONT_BLOCK) || shuttingDown) {
break;
}
@@ -1272,6 +1331,19 @@ class ObjectHandleMatch {
}
};
+class KeyNumMatch {
+ private:
+ CKYByte keyNum;
+ const Slot &slot;
+ public:
+ KeyNumMatch(CKYByte keyNum_, const Slot &s) : keyNum(keyNum_), slot(s) { }
+ bool operator() (const PKCS11Object& obj) {
+ unsigned long objID = obj.getMuscleObjID();
+ return (slot.getObjectClass(objID) == 'k')
+ && (slot.getObjectIndex(objID) == keyNum);
+ }
+};
+
class ObjectCertCKAIDMatch {
private:
CKYByte cka_id;
@@ -3007,8 +3079,9 @@ Slot::sign(SessionHandleSuffix suffix, C
CK_ULONG ulDataLen, CK_BYTE_PTR pSignature,
CK_ULONG_PTR pulSignatureLen)
{
+ RSASignatureParams params(CryptParams::DEFAULT_KEY_SIZE);
cryptRSA(suffix, pData, ulDataLen, pSignature, pulSignatureLen,
- RSASignatureParams(CryptParams::FIXED_KEY_SIZE));
+ params);
}
void
@@ -3016,14 +3089,15 @@ Slot::decrypt(SessionHandleSuffix suffix
CK_ULONG ulDataLen, CK_BYTE_PTR pDecryptedData,
CK_ULONG_PTR pulDecryptedDataLen)
{
+ RSADecryptParams params(CryptParams::DEFAULT_KEY_SIZE);
cryptRSA(suffix, pData, ulDataLen, pDecryptedData, pulDecryptedDataLen,
- RSADecryptParams(CryptParams::FIXED_KEY_SIZE));
+ params);
}
void
Slot::cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
- CK_ULONG_PTR pulOutputLen, const CryptParams& params)
+ CK_ULONG_PTR pulOutputLen, CryptParams& params)
{
refreshTokenState();
SessionIter session = findSession(suffix);
@@ -3041,6 +3115,11 @@ Slot::cryptRSA(SessionHandleSuffix suffi
CKYBuffer *result = &opState.result;
CKYByte keyNum = opState.keyNum;
+ unsigned int keySize = getKeySize(keyNum);
+
+ if(keySize != CryptParams::DEFAULT_KEY_SIZE)
+ params.setKeySize(keySize);
+
if( CKYBuffer_Size(result) == 0 ) {
// we haven't already peformed the decryption, so do it now.
if( pInput == NULL || ulInputLen == 0) {
@@ -3243,3 +3322,36 @@ Slot::generateRandom(SessionHandleSuffix
throw PKCS11Exception(CKR_DEVICE_ERROR);
}
}
+
+#define MAX_NUM_KEYS 8
+unsigned int
+Slot::getKeySize(CKYByte keyNum)
+{
+ unsigned int keySize = CryptParams::DEFAULT_KEY_SIZE;
+ int modSize = 0;
+
+ if(keyNum >= MAX_NUM_KEYS) {
+ return keySize;
+ }
+
+ ObjectConstIter iter;
+ iter = find_if(tokenObjects.begin(), tokenObjects.end(),
+ KeyNumMatch(keyNum,*this));
+
+ if( iter == tokenObjects.end() ) {
+ return keySize;
+ }
+
+ CKYBuffer const *modulus = iter->getAttribute(CKA_MODULUS);
+
+ if(modulus) {
+ modSize = CKYBuffer_Size(modulus);
+ if(CKYBuffer_GetChar(modulus,0) == 0x0) {
+ modSize--;
+ }
+ if(modSize > 0)
+ keySize = modSize * 8;
+ }
+
+ return keySize;
+}
diff -up ./src/coolkey/slot.h.coolkey-latest ./src/coolkey/slot.h
--- ./src/coolkey/slot.h.coolkey-latest 2006-06-09 11:39:11.000000000 -0700
+++ ./src/coolkey/slot.h 2009-09-11 13:58:24.462488099 -0700
@@ -270,10 +270,9 @@ class CryptParams {
protected:
unsigned int getKeySize() const { return keySize; }
public:
- // !!!XXX hack. The right way to get the key size is to get all the
- // key information from the token with MSCListKeys, the same way
- // we get all the object information with MSCListObjects.
- enum { FIXED_KEY_SIZE = 1024 };
+ // set the actual key size obtained from the card
+ void setKeySize(unsigned int newKeySize) { keySize = newKeySize; }
+ enum { DEFAULT_KEY_SIZE = 1024 };
CryptParams(unsigned int keySize_) : keySize(keySize_) { }
@@ -422,7 +421,7 @@ class Slot {
void cryptRSA(SessionHandleSuffix suffix, CK_BYTE_PTR pInput,
CK_ULONG ulInputLen, CK_BYTE_PTR pOutput,
- CK_ULONG_PTR pulOutputLen, const CryptParams& params);
+ CK_ULONG_PTR pulOutputLen, CryptParams& params);
void performRSAOp(CKYBuffer *out, const CKYBuffer *input, CKYByte keyNum,
CKYByte direction);
@@ -460,6 +459,8 @@ class Slot {
return (char )((objectID >> 16) & 0xff) - '0';
}
+ // actually get the size of a key in bits from the card
+ unsigned int getKeySize(CKYByte keyNum);
SessionHandleSuffix openSession(Session::Type type);
void closeSession(SessionHandleSuffix handleSuffix);
@@ -527,6 +528,8 @@ class SlotList {
* has called 'C_GetSlotList' with a NULL parameter */
void updateReaderList();
+ /* see if a reader name exists in a caller provided reader name list. */
+ bool readerNameExistsInList(const char *readerName,CKYReaderNameList *readerNameList );
bool readerExists(const char *readerName, unsigned int *hint = 0);
public:
SlotList(Log *log);
diff -up ./src/libckyapplet/cky_applet.c.coolkey-latest ./src/libckyapplet/cky_applet.c
--- ./src/libckyapplet/cky_applet.c.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_applet.c 2009-09-11 13:58:24.464487796 -0700
@@ -134,6 +134,13 @@ CKYAppletFactory_Logout(CKYAPDU *apdu, c
/* Future add WriteObject */
CKYStatus
+CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param)
+{
+ const CKYAppletArgWriteObject *wos = (const CKYAppletArgWriteObject *)param;
+ return CKYAPDUFactory_WriteObject(apdu,wos->objectID,wos->offset,wos->size,wos->data);
+}
+
+CKYStatus
CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param)
{
const CKYAppletArgCreateObject *cos=(const CKYAppletArgCreateObject *)param;
@@ -192,7 +199,6 @@ CKYAppletFactory_GetLifeCycleV2(CKYAPDU
{
return CKYAPDUFactory_GetLifeCycleV2(apdu);
}
-
CKYStatus
CKYAppletFactory_GetRandom(CKYAPDU *apdu, const void *param)
{
@@ -725,24 +731,48 @@ CKYApplet_ComputeCrypt(CKYCardConnection
CKYAppletArgComputeCrypt ccd;
CKYBuffer empty;
CKYISOStatus status;
+ short dataSize = 0;
int use2APDUs = 0;
+ int use_dl_object = CKYBuffer_Size(data) > 200 ;
CKYBuffer_InitEmpty(&empty);
ccd.keyNumber = keyNumber;
ccd.mode = mode;
ccd.direction = direction;
- ccd.location = CKY_DL_APDU;
+ ccd.location = use_dl_object ? CKY_DL_OBJECT : CKY_DL_APDU;
if (!apduRC)
apduRC = &status;
+ if (use_dl_object) {
+ CKYBuffer sizeBuf;
+
+ CKYBuffer_InitEmpty(&sizeBuf);
+ CKYBuffer_AppendShort(&sizeBuf, CKYBuffer_Size(data));
+
+ ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
+ 0, CKYBuffer_Size(&sizeBuf), nonce,
+ &sizeBuf, apduRC);
+
+ CKYBuffer_FreeData(&sizeBuf);
+ if( ret != CKYSUCCESS)
+ goto fail;
+
+ ret = CKYApplet_WriteObjectFull(conn, 0xffffffff,
+ 2, CKYBuffer_Size(data), nonce,
+ data, apduRC);
+
+ if(ret != CKYSUCCESS)
+ goto fail;
+ }
+
if (mode == CKY_RSA_NO_PAD) {
- ccd.data = data;
+ ccd.data = use_dl_object ? &empty : data;
ccd.sig = sig;
ret = CKYApplet_HandleAPDU(conn,
CKYAppletFactory_ComputeCryptOneStep, &ccd, nonce,
CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,
- result, apduRC);
+ use_dl_object ? NULL : result, apduRC);
if (ret == CKYAPDUFAIL && *apduRC == CKYISO_INCORRECT_P2) {
use2APDUs = 1; /* maybe it's an old applet */
}
@@ -759,13 +789,38 @@ CKYApplet_ComputeCrypt(CKYCardConnection
CKYAppletFactory_ComputeCryptInit, &ccd, nonce,
0, CKYAppletFill_Null, NULL, apduRC);
if (ret == CKYSUCCESS) {
- ccd.data = data;
+ ccd.data = use_dl_object ? &empty : data;
ret = CKYApplet_HandleAPDU(conn,
CKYAppletFactory_ComputeCryptFinal, &ccd, nonce,
CKY_SIZE_UNKNOWN, ckyAppletFill_ComputeCryptFinal,
- result, apduRC);
+ use_dl_object ? NULL : result, apduRC);
}
}
+
+ if (use_dl_object && ret == CKYSUCCESS) {
+ CKYBuffer sizeOutBuf;
+ CKYBuffer_InitEmpty(&sizeOutBuf);
+
+ ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
+ 0, 2,
+ nonce,&sizeOutBuf,apduRC);
+
+ if(ret != CKYSUCCESS) {
+ CKYBuffer_FreeData(&sizeOutBuf);
+ goto fail;
+ }
+
+ dataSize = CKYBuffer_GetShort(&sizeOutBuf, 0);
+
+ CKYBuffer_FreeData(&sizeOutBuf);
+
+ ret = CKYApplet_ReadObjectFull(conn,0xffffffff,
+ 2, dataSize,
+ nonce,result,apduRC);
+ }
+
+fail:
+
return ret;
}
@@ -1036,6 +1091,44 @@ CKYApplet_ReadObjectFull(CKYCardConnecti
}
/*
+ * Write Object
+ * This makes multiple APDU calls to write the entire object.
+ *
+ */
+
+CKYStatus
+CKYApplet_WriteObjectFull(CKYCardConnection *conn, unsigned long objectID,
+ CKYOffset offset, CKYSize size, const CKYBuffer *nonce,
+ const CKYBuffer *data, CKYISOStatus *apduRC)
+{
+
+ CKYBuffer chunk;
+ CKYOffset srcOffset = 0;
+ CKYAppletArgWriteObject wod;
+ CKYStatus ret = CKYSUCCESS;
+
+ wod.objectID = objectID;
+ wod.offset = offset;
+ do {
+ wod.size = (CKYByte) MIN(size, 220);
+ ret = CKYBuffer_InitFromBuffer(&chunk, data,
+ srcOffset, wod.size);
+ if(ret == CKYSUCCESS) {
+ wod.data = &chunk;
+ ret = CKYApplet_HandleAPDU(conn, CKYAppletFactory_WriteObject, &wod,
+ nonce, 0, CKYAppletFill_Null, NULL, apduRC);
+ size -= wod.size;
+ wod.offset += wod.size;
+ srcOffset += wod.size;
+ CKYBuffer_FreeData(&chunk);
+ }
+
+ } while ((size > 0) && (ret == CKYSUCCESS));
+
+ return ret;
+}
+
+/*
* List Object cluster
*/
static CKYStatus
diff -up ./src/libckyapplet/cky_applet.h.coolkey-latest ./src/libckyapplet/cky_applet.h
--- ./src/libckyapplet/cky_applet.h.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_applet.h 2009-09-11 13:58:24.466487772 -0700
@@ -192,6 +192,14 @@ typedef struct _CKYAppletArgReadObject {
CKYByte size;
} CKYAppletArgReadObject;
+typedef struct _CKYAppletArgWriteObject {
+ unsigned long objectID;
+ CKYOffset offset;
+ CKYByte size;
+ CKYBuffer *data;
+
+} CKYAppletArgWriteObject;
+
typedef struct _CKYAppletArgComputeCrypt {
CKYByte keyNumber;
CKYByte mode;
@@ -250,6 +258,8 @@ CKYStatus CKYAppletFactory_ListPINs(CKYA
/* param == CKYByte * (pointer to pinNumber) */
CKYStatus CKYAppletFactory_Logout(CKYAPDU *apdu, const void *param);
/* Future add WriteObject */
+/* parm == CKYAppletArgWriteObject */
+CKYStatus CKYAppletFactory_WriteObject(CKYAPDU *apdu, const void *param);
/* param == CKYAppletArgCreateObject */
CKYStatus CKYAppletFactory_CreateObject(CKYAPDU *apdu, const void *param);
/* param == CKYAppletArgDeleteObject */
@@ -482,6 +492,17 @@ CKYStatus CKYApplet_ReadObjectAppend(CKY
CKYStatus CKYApplet_ReadObjectFull(CKYCardConnection *conn,
unsigned long objectID, CKYOffset offset, CKYSize size,
const CKYBuffer *nonce, CKYBuffer *data, CKYISOStatus *apduRC);
+/*
+ * There is 1 write command:
+ * CKYApplet_WriteObjectFull can write an entire data object. It makes multiple
+ * apdu calls in order to write the full amount into the buffer. The buffer is
+ * overwritten.
+*/
+
+CKYStatus CKYApplet_WriteObjectFull(CKYCardConnection *conn,
+ unsigned long objectID, CKYOffset offset, CKYSize size,
+ const CKYBuffer *nonce, const CKYBuffer *data, CKYISOStatus *apduRC);
+
CKYStatus CKYApplet_ListObjects(CKYCardConnection *conn, CKYByte seq,
CKYAppletRespListObjects *lop, CKYISOStatus *apduRC);
CKYStatus CKYApplet_GetStatus(CKYCardConnection *conn,
diff -up ./src/libckyapplet/cky_card.c.coolkey-latest ./src/libckyapplet/cky_card.c
--- ./src/libckyapplet/cky_card.c.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_card.c 2009-09-11 13:58:24.468487469 -0700
@@ -129,6 +129,7 @@ typedef struct _SCard {
SCardGetStatusChangeFn SCardGetStatusChange;
SCardCancelFn SCardCancel;
SCARD_IO_REQUEST *SCARD_PCI_T0_;
+ SCARD_IO_REQUEST *SCARD_PCI_T1_;
} SCard;
#define GET_ADDRESS(library, scard, name) \
@@ -195,6 +196,12 @@ ckySCard_Init(void)
if( status != CKYSUCCESS ) {
goto fail;
}
+
+ status = ckyShLibrary_getAddress( library,
+ (void**) &scard->SCARD_PCI_T1_, MAKE_DLL_SYMBOL(g_rgSCardT1Pci));
+ if( status != CKYSUCCESS ) {
+ goto fail;
+ }
return scard;
fail:
@@ -884,6 +891,7 @@ struct _CKYCardConnection {
SCARDHANDLE cardHandle;
unsigned long lastError;
CKYBool inTransaction;
+ unsigned long protocol;
};
static void
@@ -894,6 +902,7 @@ ckyCardConnection_init(CKYCardConnection
conn->cardHandle = 0;
conn->lastError = 0;
conn->inTransaction = 0;
+ conn->protocol = SCARD_PROTOCOL_T0;
}
CKYCardConnection *
@@ -934,14 +943,13 @@ CKYCardConnection_Connect(CKYCardConnect
{
CKYStatus ret;
unsigned long rv;
- unsigned long protocol;
ret = CKYCardConnection_Disconnect(conn);
if (ret != CKYSUCCESS) {
return ret;
}
rv = conn->scard->SCardConnect( conn->ctx->context, readerName,
- SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, &conn->cardHandle, &protocol);
+ SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &conn->cardHandle, &conn->protocol);
if (rv != SCARD_S_SUCCESS) {
conn->lastError = rv;
return CKYSCARDERR;
@@ -978,7 +986,7 @@ ckyCardConnection_reconnectRaw(CKYCardCo
unsigned long protocol;
rv = conn->scard->SCardReconnect(conn->cardHandle,
- SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, init, &protocol);
+ SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1 , init, &protocol);
if (rv != SCARD_S_SUCCESS) {
conn->lastError = rv;
return CKYSCARDERR;
@@ -1039,10 +1047,17 @@ CKYCardConnection_TransmitAPDU(CKYCardCo
return ret;
}
- rv = conn->scard->SCardTransmit(conn->cardHandle,
- conn->scard->SCARD_PCI_T0_,
- CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
- NULL, response->data, &response->len);
+ if( conn->protocol == SCARD_PROTOCOL_T0 ) {
+ rv = conn->scard->SCardTransmit(conn->cardHandle,
+ conn->scard->SCARD_PCI_T0_,
+ CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
+ NULL, response->data, &response->len);
+ } else {
+ rv = conn->scard->SCardTransmit(conn->cardHandle,
+ conn->scard->SCARD_PCI_T1_,
+ CKYBuffer_Data(&apdu->apduBuf), CKYBuffer_Size(&apdu->apduBuf),
+ NULL, response->data, &response->len);
+ }
if (rv != SCARD_S_SUCCESS) {
conn->lastError =rv;
diff -up ./src/libckyapplet/cky_factory.c.coolkey-latest ./src/libckyapplet/cky_factory.c
--- ./src/libckyapplet/cky_factory.c.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_factory.c 2009-09-11 13:58:24.470495267 -0700
@@ -190,8 +190,11 @@ CKYAPDUFactory_ComputeCryptOneStep(CKYAP
CKYSize len;
CKYBuffer buf;
- if (!idata || !(len = CKYBuffer_Size(idata)) || location != CKY_DL_APDU)
- return ret;
+ if (!idata)
+ return ret;
+
+ if (!(len = CKYBuffer_Size(idata)) && location != CKY_DL_OBJECT)
+ return ret;
CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
CKYAPDU_SetINS(apdu, CKY_INS_COMPUTE_CRYPT);
@@ -314,8 +317,6 @@ CKYAPDUFactory_Logout(CKYAPDU *apdu, CKY
return CKYSUCCESS;
}
-/* Future add WriteObject */
-
CKYStatus
CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID, CKYSize size,
unsigned short readACL, unsigned short writeACL, unsigned short deleteACL)
@@ -419,6 +420,58 @@ fail:
}
CKYStatus
+CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
+ CKYOffset offset,CKYSize size,CKYBuffer *data)
+{
+ CKYBuffer buf;
+ CKYStatus ret = CKYSUCCESS;
+ unsigned short dataSize = 0;
+
+ CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
+ CKYAPDU_SetINS(apdu, CKY_INS_WRITE_OBJ);
+ CKYAPDU_SetP1(apdu, 0x00);
+ CKYAPDU_SetP2(apdu, 0x00);
+ CKYBuffer_InitEmpty(&buf);
+
+ dataSize = (unsigned short) CKYBuffer_Size(data);
+
+ if(!dataSize) {
+ ret = CKYINVALIDARGS;
+ goto fail;
+ }
+
+ ret = CKYBuffer_AppendLong(&buf,objectID);
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+ ret = CKYBuffer_AppendLong(&buf,offset);
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+ ret = CKYBuffer_AppendChar(&buf, size);
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+
+ ret = CKYAPDU_SetSendDataBuffer(apdu,&buf);
+
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+
+ ret = CKYAPDU_AppendSendDataBuffer(apdu, data);
+
+ if (ret != CKYSUCCESS) {
+ goto fail;
+ }
+
+fail:
+ CKYBuffer_FreeData(&buf);
+ return ret;
+
+}
+
+CKYStatus
CKYAPDUFactory_ListObjects(CKYAPDU *apdu, CKYByte sequence)
{
CKYAPDU_SetCLA(apdu, CKY_CLASS_COOLKEY);
diff -up ./src/libckyapplet/cky_factory.h.coolkey-latest ./src/libckyapplet/cky_factory.h
--- ./src/libckyapplet/cky_factory.h.coolkey-latest 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_factory.h 2009-09-11 13:58:24.472487421 -0700
@@ -190,7 +190,8 @@ CKYStatus CKYAPDUFactory_ChangePIN(CKYAP
const char *oldPin, const char *newPin);
CKYStatus CKYAPDUFactory_ListPINs(CKYAPDU *apdu);
CKYStatus CKYAPDUFactory_Logout(CKYAPDU *apdu, CKYByte pinNumber);
-
+CKYStatus CKYAPDUFactory_WriteObject(CKYAPDU *apdu, unsigned long objectID,
+ CKYOffset offset,CKYSize size,CKYBuffer *data);
/* Future add WriteObject */
CKYStatus CKYAPDUFactory_CreateObject(CKYAPDU *apdu, unsigned long objectID,
CKYSize size, unsigned short readACL, unsigned short writeACL,

69
system/coolkey/patches/coolkey-pcsc-lite-fix.patch Normal file
View file

@ -0,0 +1,69 @@
diff -up ./src/coolkey/slot.cpp.reader-state-fix ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.reader-state-fix 2010-09-08 13:25:14.479109000 -0700
+++ ./src/coolkey/slot.cpp 2010-09-08 13:25:14.506109000 -0700
@@ -2185,6 +2185,7 @@ Slot::readCACCertificateFirst(CKYBuffer
{
CKYStatus status;
CKYISOStatus apduRC;
+ *nextSize = 0;
if (mOldCAC) {
/* get the first 100 bytes of the cert */
diff -up ./src/libckyapplet/cky_card.c.reader-state-fix ./src/libckyapplet/cky_card.c
--- ./src/libckyapplet/cky_card.c.reader-state-fix 2010-09-08 14:05:10.859321000 -0700
+++ ./src/libckyapplet/cky_card.c 2010-09-08 14:05:42.792257000 -0700
@@ -27,7 +27,6 @@
#ifndef WINAPI
#define WINAPI
-typedef SCARD_READERSTATE *LPSCARD_READERSTATE;
#endif
#ifndef SCARD_E_NO_READERS_AVAILABLE
diff -up ./src/libckyapplet/cky_card.h.reader-state-fix ./src/libckyapplet/cky_card.h
--- ./src/libckyapplet/cky_card.h.reader-state-fix 2006-06-09 11:44:17.000000000 -0700
+++ ./src/libckyapplet/cky_card.h 2010-09-08 13:25:14.518109000 -0700
@@ -41,23 +41,23 @@ CKYLIST_DECLARE(CKYReaderName, char *)
CKYLIST_DECLARE(CKYCardConnection, CKYCardConnection *)
CKY_BEGIN_PROTOS
-void CKYReader_Init(SCARD_READERSTATE_A *reader);
-void CKYReader_FreeData(SCARD_READERSTATE_A *reader);
+void CKYReader_Init(SCARD_READERSTATE *reader);
+void CKYReader_FreeData(SCARD_READERSTATE *reader);
/*
- * "Accessors": for SCARD_READERSTATE_A structure as a class.
- * These functions take an SCARD_READERSTATE_A which can also be referenced
+ * "Accessors": for SCARD_READERSTATE structure as a class.
+ * These functions take an SCARD_READERSTATE which can also be referenced
* directly.
*/
-CKYStatus CKYReader_SetReaderName(SCARD_READERSTATE_A *reader, const char *name);
-const char *CKYReader_GetReaderName(const SCARD_READERSTATE_A *reader);
-CKYStatus CKYReader_SetKnownState(SCARD_READERSTATE_A *reader,
+CKYStatus CKYReader_SetReaderName(SCARD_READERSTATE *reader, const char *name);
+const char *CKYReader_GetReaderName(const SCARD_READERSTATE *reader);
+CKYStatus CKYReader_SetKnownState(SCARD_READERSTATE *reader,
unsigned long state);
-unsigned long CKYReader_GetKnownState(const SCARD_READERSTATE_A *reader);
-unsigned long CKYReader_GetEventState(const SCARD_READERSTATE_A *reader);
-CKYStatus CKYReader_GetATR(const SCARD_READERSTATE_A *reader, CKYBuffer *buf);
+unsigned long CKYReader_GetKnownState(const SCARD_READERSTATE *reader);
+unsigned long CKYReader_GetEventState(const SCARD_READERSTATE *reader);
+CKYStatus CKYReader_GetATR(const SCARD_READERSTATE *reader, CKYBuffer *buf);
/* create an array of READERSTATEs from a LIST of Readers */
-SCARD_READERSTATE_A *CKYReader_CreateArray(const CKYReaderNameList readerNames,
+SCARD_READERSTATE *CKYReader_CreateArray(const CKYReaderNameList readerNames,
unsigned long *readerCount);
/* frees the reader, then the full array */
void CKYReader_DestroyArray(SCARD_READERSTATE *reader, unsigned long count);
@@ -88,7 +88,7 @@ CKYStatus CKYCardContext_FindReadersByAT
const CKYBuffer *targetATR);
/* return if any of the readers in our array has changed in status */
CKYStatus CKYCardContext_WaitForStatusChange(CKYCardContext *context,
- SCARD_READERSTATE_A *readers,
+ SCARD_READERSTATE *readers,
unsigned long readerCount,
unsigned long timeout);
/* cancel any current operation (such as wait for status change) on this

71
system/coolkey/patches/coolkey-simple-bugs.patch Normal file
View file

@ -0,0 +1,71 @@
diff -up ./configure.in.coolkey-simple-bugs ./configure.in
--- ./configure.in.coolkey-simple-bugs 2009-09-16 11:21:55.621493844 -0700
+++ ./configure.in 2009-09-16 11:22:23.354492383 -0700
@@ -124,9 +124,9 @@ then
if test $WINDOWS -ne 1; then
PKG_CHECK_MODULES(NSS, nss, true, [ AC_MSG_ERROR(could not find NSS Crypto libraries) ])
fi
- enable_pk11install = "yes"
+ enable_pk11install="yes"
else
- enable_pk11install = "no"
+ enable_pk11install="no"
AC_MSG_WARN([skipping pk11install])
fi
diff -up ./Makefile.am.coolkey-simple-bugs ./Makefile.am
--- ./Makefile.am.coolkey-simple-bugs 2009-09-16 11:23:18.715515063 -0700
+++ ./Makefile.am 2009-09-16 13:15:29.570492412 -0700
@@ -25,7 +25,6 @@ if BUILD_PK11INSTALL
SUBDIRS += src/install
endif
-ACLOCAL_AMFLAGS = -I m4
EXTRA_DIST = cookey.spec LICENSE
diff -up ./src/coolkey/object.cpp.coolkey-simple-bugs ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.coolkey-simple-bugs 2009-09-16 10:36:29.300516245 -0700
+++ ./src/coolkey/object.cpp 2009-09-16 10:37:17.747492199 -0700
@@ -397,7 +397,7 @@ PKCS11Object::getLabel()
{
// clean up old one
if (label) {
- delete label;
+ delete [] label;
label = NULL;
}
// find matching attribute
diff -up ./src/coolkey/object.h.coolkey-simple-bugs ./src/coolkey/object.h
--- ./src/coolkey/object.h.coolkey-simple-bugs 2009-09-16 16:05:27.233488140 -0700
+++ ./src/coolkey/object.h 2009-09-16 16:05:54.161492421 -0700
@@ -82,7 +82,7 @@ class PKCS11Object {
PKCS11Object(unsigned long muscleObjID, CK_OBJECT_HANDLE handle);
PKCS11Object(unsigned long muscleObjID, const CKYBuffer *data,
CK_OBJECT_HANDLE handle);
- ~PKCS11Object() { delete label; delete name; CKYBuffer_FreeData(&pubKey); }
+ ~PKCS11Object() { delete [] label; delete [] name; CKYBuffer_FreeData(&pubKey); }
PKCS11Object(const PKCS11Object& cpy) :
attributes(cpy.attributes), muscleObjID(cpy.muscleObjID),
diff -up ./src/coolkey/slot.cpp.coolkey-simple-bugs ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.coolkey-simple-bugs 2009-09-16 10:28:15.412492201 -0700
+++ ./src/coolkey/slot.cpp 2009-09-16 10:57:27.692492487 -0700
@@ -979,7 +979,7 @@ Slot::makeLabelString(char *label, int m
//
#define COOLKEY "CoolKey"
#define POSSESSION " for "
- if (!personName || personName == "") {
+ if (!personName || personName[0] == '\0' ) {
const int coolKeySize = sizeof(COOLKEY) ;
memcpy(label, COOLKEY, coolKeySize-1);
makeSerialString(&label[coolKeySize], maxSize-coolKeySize, cuid);
@@ -1528,7 +1528,7 @@ SlotMemSegment::SlotMemSegment(const cha
}
sprintf(segName,SEGMENT_PREFIX"%s",readerName);
segment = SHMem::initSegment(segName, MAX_OBJECT_STORE_SIZE, needInit);
- delete segName;
+ delete [] segName;
if (!segment) {
// just run without shared memory
return;

158
system/coolkey/patches/coolkey-thread-fix.patch Normal file
View file

@ -0,0 +1,158 @@
Index: src/coolkey/coolkey.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/coolkey.cpp,v
retrieving revision 1.2
diff -u -r1.2 coolkey.cpp
--- src/coolkey/coolkey.cpp 14 Feb 2007 19:54:01 -0000 1.2
+++ src/coolkey/coolkey.cpp 18 Dec 2009 23:22:58 -0000
@@ -42,7 +42,9 @@
static SlotList *slotList = NULL;
-static OSLock finalizeLock(false);
+static OSLock *finalizeLock = NULL;
+#define FINALIZE_GETLOCK() if (finalizeLock) finalizeLock->getLock();
+#define FINALIZE_RELEASELOCK() if (finalizeLock) finalizeLock->releaseLock();
static CK_BBOOL initialized = FALSE;
static CK_BBOOL finalizing = FALSE;
@@ -208,11 +210,13 @@
if( initialized ) {
return CKR_CRYPTOKI_ALREADY_INITIALIZED;
}
- if (!finalizeLock.isValid()) {
+ if (finalizeLock && !finalizeLock->isValid()) {
return CKR_CANT_LOCK;
}
CK_C_INITIALIZE_ARGS* initArgs = (CK_C_INITIALIZE_ARGS*) pInitArgs;
+ OSLock::setThreadSafe(0);
if( initArgs != NULL ) {
+ bool needThreads;
/* work around a bug in NSS where the library parameters are only
* send if locking is requested */
if (initArgs->LibraryParameters) {
@@ -220,7 +224,17 @@
} else {
Params::ClearParams();
}
- if( (initArgs->flags & CKF_OS_LOCKING_OK) || initArgs->LockMutex ){
+ needThreads = ((initArgs->flags & CKF_OS_LOCKING_OK) != 0);
+ OSLock::setThreadSafe(needThreads);
+ /* don't get a finalize lock unless someone initializes us asking
+ * us to use threads */
+ if (needThreads && !finalizeLock) {
+ finalizeLock = new OSLock(true);
+ if (finalizeLock == NULL) return CKR_HOST_MEMORY;
+ }
+ /* only support OS LOCKING threads */
+ if( ((initArgs->flags & CKF_OS_LOCKING_OK) == 0)
+ && initArgs->LockMutex ){
throw PKCS11Exception(CKR_CANT_LOCK);
}
}
@@ -259,9 +273,9 @@
// the finalizing call first, we know it will set waitEvent before
// we can get the lock, so we only need to protect setting finalizing
// to true.
- finalizeLock.getLock();
+ FINALIZE_GETLOCK();
finalizing = TRUE;
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
if (waitEvent) {
/* we're waiting on a slot event, shutdown first to allow
* the wait function to complete before we pull the rug out.
@@ -273,10 +287,10 @@
}
delete slotList;
delete log;
- finalizeLock.getLock();
+ FINALIZE_GETLOCK();
finalizing = FALSE;
initialized = FALSE;
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
return CKR_OK;
}
@@ -595,17 +609,17 @@
CK_RV
C_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
{
- finalizeLock.getLock();
+ FINALIZE_GETLOCK();
if( ! initialized ) {
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
return CKR_CRYPTOKI_NOT_INITIALIZED;
}
if (finalizing) {
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
return CKR_CRYPTOKI_NOT_INITIALIZED;
}
waitEvent = TRUE;
- finalizeLock.releaseLock();
+ FINALIZE_RELEASELOCK();
try {
log->log("C_WaitForSlotEvent called\n");
slotList->waitForSlotEvent(flags, pSlot, pReserved);
Index: src/coolkey/machdep.cpp
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/machdep.cpp,v
retrieving revision 1.7
diff -u -r1.7 machdep.cpp
--- src/coolkey/machdep.cpp 14 Feb 2008 23:48:19 -0000 1.7
+++ src/coolkey/machdep.cpp 18 Dec 2009 23:22:58 -0000
@@ -37,6 +37,8 @@
#include <stdlib.h>
#endif
+bool OSLock::needThread = 0;
+
#ifdef _WIN32
//
// Windows functions to grab a named shared memory segment of a specific size,
@@ -123,6 +125,10 @@
OSLock::OSLock(bool exceptionAllowed)
{
+ if (!needThread) {
+ lockData = NULL;
+ return;
+ }
lockData = new OSLockData;
if (lockData) {
InitializeCriticalSection(&lockData->mutex);
@@ -360,6 +366,9 @@
int rc;
lockData = NULL;
+ if (!needThread) {
+ return;
+ }
#ifdef MAC
if (!OSLock_attr_init) {
rc = pthread_mutexattr_init(&OSLock_attr);
Index: src/coolkey/machdep.h
===================================================================
RCS file: /cvs/dirsec/coolkey/src/coolkey/machdep.h,v
retrieving revision 1.1
diff -u -r1.1 machdep.h
--- src/coolkey/machdep.h 9 Jun 2006 18:39:11 -0000 1.1
+++ src/coolkey/machdep.h 18 Dec 2009 23:22:58 -0000
@@ -40,12 +40,14 @@
class OSLock {
private:
OSLockData *lockData;
+ static bool needThread;
public:
OSLock(bool exceptionAllowed = true);
~OSLock();
bool isValid();
void getLock();
void releaseLock();
+ static void setThreadSafe(bool thread) { needThread = thread; }
};
typedef unsigned long OSTime;

18
system/coolkey/slack-desc
View file

@ -6,14 +6,14 @@
# customary to leave one space after the ':'. # customary to leave one space after the ':'.
|-----handy-ruler---------------------------------------------------| |-----handy-ruler---------------------------------------------------|
coolkey: coolkey coolkey: coolkey (pkcs#11 smartcard library)
coolkey: coolkey:
coolkey: Linux Driver support for the CoolKey and CAC products. coolkey: coolkey is a pkcs#11 smartcard library that can be used with a US
coolkey: Government CAC (Common Access Card) in conjunction with pcsc-lite.
coolkey: It is most commonly used by pkcs#11 aware web browsers or email
coolkey: clients, to use a CAC's client certificate for authentication or
coolkey: signing. coolkey is commonly used with the DoD Configuration
coolkey: plugin for Firefox and Thunderbird, which is located at
coolkey: https://addons.mozilla.org/en-US/thunderbird/addon/3182.
coolkey: coolkey:
coolkey: coolkey:
coolkey:
coolkey:
coolkey:
coolkey:
coolkey:
coolkey: