[Globalplatform-developers] Re: GlobalPlatform2.1.1 and OpenSSL

[Iain M. <mu...@ds...>]

Iain MacDonnell wrote on 03/24/06 08:33 PM:
> 
> 
> Karsten Ohme wrote on 03/24/06 08:03 PM:
>> Iain MacDonnell wrote:
>>>
>>> Two questions:
>>>
>>> 1) Is OpenSSL 0.9.7e really needed? The configure script checks for
>>>    PEM_read_bio_PrivateKey(), but I don't see that actually used
>>>    anywhere. Solaris 10 comes with 0.9.7d, and like to use that if
>>>    there isn't a real need for 0.9.7e ... ?
>>
>> No. If the API has all needed function, it is OK. The check is only
>> performed to make sure that the library is OK. Does this step cause a
>> problem? I don't know if the version 0.9.7d has all needed functions, if
>> you are successful, I can change the e to a d.
> 
> The problem was that AC_CHECK_LIB failed.
> 
> 
>> I changed it to PEM_read_PrivateKey, which is used e.g. in
>> OP201_calculate_rsa_DAP().
> 
> Err, you changed it in the error message but not in the actual test :)
> 
> AC_CHECK_LIB(ssl, PEM_read_bio_PrivateKey, [],
>         [AC_MSG_ERROR([PEM_read_PrivateKey() not
> found, install OpenSSL 0.9.7e or later])])
> 
> but wait - that's a red herring anyway - the real problem is that you
> need to change "ssl" to "crypto", as libcrypto, not libssl, is where
> PEM_read_bio_PrivateKey() is visible.
> 
> With that change, configure finishes successfully, even with 0.9.7d.
> 
> 
>>> 2) It seems that libGlobalPlatform.so needs to be linked to libcrypto,
>>>    but it isn't - I have to manually add '-lcrypto' when building
>>>    anything that uses libGlobalPlatform.so (including GPShell)
>>
>> I changed the AC_CHECK_LIB autoconf macro to look for the crypto library.
>>
>> Let me know, if it works.
> 
> Ahhh, you need to do that for GlobalPlatform2.1.1 too - then both my
> problems will be solved, I believe.
> 
> 
>> I released at:
>>
>> http://sourceforge.net/project/showfiles.php?group_id=143343
>>
>> the current versions of GlobalPlatform and GPShell. Should be the same 
>> state as the CVS.
> 
> I'm working from CVS.
> 
> BTW, I've run into what appears to be a bigger problem - have you ever
> tried this stuff on a big-endian machine?
> 
> # /opt/ITmuscle/bin/gpshell list-cflex.txt
> mode_201
> enable_trace
> establish_context
> card_connect
> select -AID a0000000030000
> --> 00A404000700000000000000

Note that the AID is not showing in this APDU... compared to below....

> <-- 6A82
> select_application() returns 0x80216A82 (6A82: The application to be 
> selected could not be found.)
> # uname -a
> SunOS sb150 5.10 Generic_118822-25 sun4u sparc SUNW,Sun-Blade-100
> #
> 
> 
> Maybe the endianess is a red herring too ... but I've successfully used
> this stuff on Solaris x86...

Same card, same reader, same sources, but on Solaris x86:


# /opt/ITmuscle/bin/gpshell list-cflex.txt
mode_201
enable_trace
establish_context
card_connect
select -AID a0000000030000
--> 00A4040007A0000000030000
<-- 6F188407A0000000030000A50D9F6E060005020201009F6501FF9000
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 
404142434445464748494a4b4c4d4e4f -enc_key 
404142434445464748494a4b4c4d4e4f // Open secure channel
--> 80500000088409FFE1A2E28B4600
<-- 000012010000111401020101E86DFA173682E4673596888A215DE86C9000
--> 8482010010C8207C7B2A3E416884B431EF23B61CD2
<-- 9000
get_status -element e0
--> 80F2E000024F0000
<-- 
07A0000000030000070007A0000000620001010007A0000000620101010007A0000000620102010007A0000000620201010007A0000000030000010005A000000001010006A0000000010107009000

List of applets (AID state privileges)
a0000000030000  7       0
a0000000620001  1       0
a0000000620101  1       0
a0000000620102  1       0
a0000000620201  1       0
a0000000030000  1       0
a000000001      1       0
a00000000101    7       0
card_disconnect
release_context
#

     ~Iain