pakchois + CoolKey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I saw guidance on the Subversion users mailing list
<http://svn.haxx.se/users/archive-2008-03/1004.shtml> about Subversion
with PKCS#11. Accordingly, I compiled pakchois 0.4, GNU TLS 2.3.5, and
neon 0.28.2 (with pakchois), compiled Subversion HEAD (r30607) using
them, put directives in my subversion configuration file as directed to
point it at CoolKey, and got the following error, immediately, upon
trying to use my shiny new smartcard layer:

subversion/libsvn_ra_neon/session.c:1212: (apr_err=175006)
svn: Invalid config: unable to load PKCS#11 provider 'coolkey'

Digging deeper with gdb, I found out that coolkey's C_Initialize was
returning 10 [== (ck_rv_t_) CKR_CANT_LOCK]. Looking in the PKCS#11 spec
<ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf> , I
found (p. 119 of the PDF, p. 103 if you print it) that the parameters
passed to C_Initialize signified that coolkey "needs to use the native
operating system [threading] primitives to ensure safe multi-threaded
access. If the library is unable to do this, C_Initialize should return
with the value CKR_CANT_LOCK." 

Relevant snippet from pakchois.c (around line 212):

    /* Require OS locking, the only sane option. */
    memset(&args, 0, sizeof args);
    args.flags = CKF_OS_LOCKING_OK;          
    args.reserved = reserved;

    rv = fns->C_Initialize(&args);
    if (rv != CKR_OK) {
        goto fail_ctx;
    }

Contrast coolkey.cpp, lines 223-225:

        if( (initArgs->flags & CKF_OS_LOCKING_OK) || initArgs->LockMutex
){
            throw PKCS11Exception(CKR_CANT_LOCK);
        }

How can pakchois be used with coolkey if pakchois expects coolkey to do
this OS_LOCKING thing and coolkey drops OS_LOCKING like a hot rock?

Versions:
coolkey-1.1.0-6.el5
pakchois-0.4-1SK02
pcsc-lite-debuginfo-1.4.100-1SK01
pcsc-lite-libs-1.4.100-1SK01
pcsc-lite-devel-1.4.100-1SK01
pcsc-lite-1.4.100-1SK01
pcsc-lite-doc-1.4.100-1SK01
neon-0.28.2-1SK01
Subversion r30607 (not packaged yet)
gnutls-2.3.5-1SK01
gnutls-utils-2.3.5-1SK01
libgcrypt-debuginfo-1.4.0-3
libgcrypt-devel-1.4.0-3
libgcrypt-1.4.0-3
Red Hat Enterprise Linux Client release 5.1 (Tikanga)

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux