it works; closes #8

openssl-act-engine/README

@@ -2,3 +2,30 @@ OpenSSL-Engine auf Basis der actlibrary zur Benutzung von
 Smartcard-basierten Schlüsseln von OpenSSL aus.
 
 Erstellt libengine_act.so
+
+Beim Kompilieren braucht es den Pfad zu einer passenden libact.a, z.B.:
+  ./bootstrap.sh && \
+  LDFLAGS="-L/home/marc/svn/swisssurfer/actlibrary/OpenSUSE-11-x86_64/Release" \
+  ./configure && \
+  make
+  src/test_engine
+
+Bei Erfolg kommt keien Fehlermeldung:
+------------------------------------------------------------------------------
+> src/test_engine 
+Found 4 certificates.
+Certificate 0:
+  Name: /C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2
+  No key.
+Certificate 1:
+  Name: /CN=Marc Waeckerlin/emailAddress=marc@waeckerlin.org
+  Key access ID: slot-0-id-7e807c700d5880aa3d7e6db92ae9fcc4bf9afd2d
+Certificate 2:
+  Name: /CN=Marc Waeckerlin/emailAddress=marc@waeckerlin.org
+  Key access ID: slot-0-id-46afda4155d8c4b7a038340a479584ab5385549e
+Certificate 3:
+  Name: /C=CH/O=SwissSign AG/CN=Swiss Post Platinum CA 2008 - G2
+  No key.
+Token PIN: 
+Signature-Len: 256
+------------------------------------------------------------------------------

openssl-act-engine/configure.in

@@ -44,7 +44,7 @@ LIB_VERSION="${LIB_MAJOR}:${LIB_MINOR}:${LIB_LEAST}"
 AC_SUBST(LIB_VERSION)
 
 # Get rid of that stupid -O2 -g options!
-CXXFLAGS="${CXXFLAGS:-}"
+CXXFLAGS="${CXXFLAGS:-} -pthread"
 
 # languages
 AC_LANG(C++)

openssl-act-engine/makefile.am

@@ -1 +1,4 @@
-SUBDIRS=src
+SUBDIRS=src doc
+
+MAINTAINERCLEANFILES = configure depcomp config.guess ltmain.sh	\
+                       config.sub makefile.in missing aclocal.m4 install-sh

openssl-act-engine/src/engine_sct.cpp

@@ -351,13 +351,15 @@ int SecureTokenEngine::rsa_sign(int type, const unsigned char *msg, unsigned int
 
 int SecureTokenEngine::rsa_verify(int type, const unsigned char *msg, unsigned int msglen, unsigned char *signature, unsigned int siglen, const CardKey* ck)
 {
+	bool ssl = (type == NID_md5_sha1);
 	if(ck == NULL)
 	{
 		ACT_TRACE("SecureTokenEngine::rsa_verify: No CardKey given\n");
 		return 0;
 	}
-	
-	act::IToken* token = ck->getKey()->GetToken();
+
+        act::ITokenKey* key = ck->getKey();
+	act::IToken* token = key->GetToken();
 	SecOpGuard guard(token);
 	act::Synchronize lock(*token);
 
@@ -365,9 +367,12 @@ int SecureTokenEngine::rsa_verify(int type, const unsigned char *msg, unsigned i
 	act::Blob _signature(signature, signature+siglen);
 	bool sig_ok = false;
 
+	if(ssl)
+          key->SetParam(act::HASH, "DummyHash");
+
 	try
 	{
-		act::Algorithm alg(ck->getKey(), act::VERIFY, _signature);
+		act::Algorithm alg(key, act::VERIFY, _signature);
 		alg << _plaintext << act::final;
 		sig_ok = alg.GetStatus() == act::SIGNATURE_OK;
 	}

openssl-act-engine/src/test_engine.cpp

@@ -31,12 +31,14 @@ int main(int argc, char* argv[])
 	int res(-1);
 	
 	// Parameters to set for the dynamic loader
-	CHECK(ENGINE_ctrl_cmd_string(e, "SO_PATH", "./libengine_act.so", 0));
+	CHECK(ENGINE_ctrl_cmd_string(e, "SO_PATH", "./.libs/libengine_act.so", 0));
 	CHECK(ENGINE_ctrl_cmd_string(e, "ID", "act", 0));
 	CHECK(ENGINE_ctrl_cmd_string(e, "LIST_ADD", "1", 0));
 	
 	// Now actually load the SecureToken engine.
-	CHECK(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0));
+	CHECK(ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)
+              || ENGINE_ctrl_cmd_string(e, "SO_PATH", "./src/.libs/libengine_act.so", 0)
+              && ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0));
 	
 	// Following control commands go to the SecureToken engine rather than the dynamic loader