add PKCS11_change_pin() to libp11

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

add PKCS11_change_pin() to libp11

Ludovic Rousseau
Hello,

I propose to add a new function PKCS11_change_pin() to libp11.
Proposed patch attached.

It is very much inspired from PKCS11_init_pin(). I do not master the
OpenSSL error management so maybe I failed.

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: add PKCS11_change_pin() to libp11

Nils Larsch
Ludovic Rousseau wrote:
> Hello,
>
> I propose to add a new function PKCS11_change_pin() to libp11.
> Proposed patch attached.
>
> It is very much inspired from PKCS11_init_pin(). I do not master the
> OpenSSL error management so maybe I failed.

looks ok, but apropos error management in src/libp11/libp11.h :

/* get some structures for local code to handle pkcs11 data readily */
/* Use the first free lib ID available */
#define ERR_LIB_PKCS11  42

this isn't really nice as this number is already used in openssl 0.9.8
(for the ecdsa). It might be better to use (openssl/crypto/err/err.h)

#define ERR_LIB_USER            128

for our error messages (or try to get the first free number from a
given openssl lib/header files).

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: add PKCS11_change_pin() to libp11

Ludovic Rousseau
On 16/08/05, Nils Larsch <[hidden email]> wrote:
> Ludovic Rousseau wrote:
> > I propose to add a new function PKCS11_change_pin() to libp11.
> > Proposed patch attached.

> looks ok,

OK. Commited.

> but apropos error management in src/libp11/libp11.h :
>
> /* get some structures for local code to handle pkcs11 data readily */
> /* Use the first free lib ID available */
> #define ERR_LIB_PKCS11  42
>
> this isn't really nice as this number is already used in openssl 0.9.8
> (for the ecdsa). It might be better to use (openssl/crypto/err/err.h)
>
> #define ERR_LIB_USER            128
>
> for our error messages (or try to get the first free number from a
> given openssl lib/header files).

42 is also used for ERR_LIB_FIPS in OpenSSL 0.9.7e.
Maybe 42 is not so magic after all? :-)

Maybe 128 is the correct value for what we want to do. Feel free to change it.

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: add PKCS11_change_pin() to libp11

Nils Larsch
Ludovic Rousseau wrote:
...

>>but apropos error management in src/libp11/libp11.h :
>>
>>/* get some structures for local code to handle pkcs11 data readily */
>>/* Use the first free lib ID available */
>>#define ERR_LIB_PKCS11  42
>>
>>this isn't really nice as this number is already used in openssl 0.9.8
>>(for the ecdsa). It might be better to use (openssl/crypto/err/err.h)
>>
>>#define ERR_LIB_USER            128
>>
>>for our error messages (or try to get the first free number from a
>>given openssl lib/header files).
>
>
> 42 is also used for ERR_LIB_FIPS in OpenSSL 0.9.7e.
> Maybe 42 is not so magic after all? :-)
>
> Maybe 128 is the correct value for what we want to do. Feel free to change it.

done

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel