Compilation errors

[spencescu]

We are trying to integrate our Azure Luna device with Ruby. The compilation fails with the errors shown in the attachment.

Versions

Luna SA Appliance Software: 7.2.0-220 Luna HSM Firmware: 7.0.3 Luna Client: lunacm (64-bit) v7.2.0-220 Ubuntu we tried with 16 and 18 Ruby 2.5.5 on ubuntu 18 and 1.9 on ubuntu 16

errors.txt

[larskanis]

@jpatchell Can you help here? It seems to be an issue caused by a newer Luna client library. I have Version 5.10 and pkcs11_luna builds fine with it. Can you provide a more recent version to me?

[jpatchell]

@larskanis My colleague will send you a more recent client. The new client introduces some new mechanism parameter structures so I will go ahead and add these to pkcs11_luna and push the changes.

[larskanis]

This should be fixed by #11 and is released as pkcs11_luna-0.3.1.

@spencescu Can you please verify with the latest pkcs11_luna release?

@jpatchell Thank you for your fast fix! I'm still in communication Antti to receive a recent Luna client library, but at least it still works with my older version.

[spencescu]

@larskanis many thanks for the fix, we will test and advise if it worked.

[spencescu]

@larskanis we tested and unfortunately we got errors again - please see attached file gem build errors.txt

[larskanis]

It looks like there's a invalid byte sequence in UTF-8 in the Luna Client version 7.2.0-220 header files. So that would be kind of bug in the Luna Client. Can you update it? @jpatchell Any other idea?

[spencescu]

@larskanis what do you mean by update it? is there a newer version? are you able to compile on your side?

[jpatchell]

The 7.2 client /usr/safenet/lunaclient/samples/include/cryptoki_v2.h copyright notice has a '©' in it that isn't valid UTF-8. In later versions (>= 7.4) the character has been changed to '(c)'.

@spencescu can you try removing the copyright symbol at the top of cryptoki_v2.h and try the install again?

[spencescu]

@jpatchell we did that and it worked - many thanks all for your support!

[spencescu]

I guess we could have upgraded the client too, but who knows what else would break...

[jpatchell]

Yes, you can simply upgrade the client. You should have no problems as long as your repo includes #11.

[larskanis]

I published pkcs11-0.3.2 and vendor extension gems with changes of how the vendor header files are being processed. See History file:

=== 0.3.2 / 2020-01-12

• pkcs11_protect_server, pkcs11_luna: Move parsing of vendor header files to gem installation. This fixes possible compile errors, if the version of vendor header files differ between gem build and gem install.
• pkcs11_luna: Workaround invalid UTF-8 encoding in cryptoki_v2.h of some Luna Client versions.

Gem installation should work now with a simple

gem inst pkcs11_luna

Could you please recheck if this works?

[spencescu]

We will do and let you know.

On Sun, Jan 12, 2020 at 2:55 PM Lars Kanis notifications@github.com wrote:

I published pkcs11-0.3.2 and vendor extension gems with changes of how the vendor header files are being processed. See History file:

=== 0.3.2 / 2020-01-12

• pkcs11_protect_server, pkcs11_luna: Move parsing of vendor header files to gem installation. This fixes possible compile errors, if the version of vendor header files differ between gem build and gem install.
• pkcs11_luna: Workaround invalid UTF-8 encoding in cryptoki_v2.h of some Luna Client versions.

Gem installation should work now with a simple

gem inst pkcs11_luna

Could you please recheck if this works?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/larskanis/pkcs11/issues/10?email_source=notifications&email_token=ACQMLMVKOAV7ODGOOXZYILTQ5MHKLA5CNFSM4KCQRELKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIWZKIY#issuecomment-573412643, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACQMLMT7L3BI2V4BEYLPOKLQ5MHKLANCNFSM4KCQRELA .

-- Sherman Pencescu, MSc, CISSP Virtual Security, a division of Mar-A-Mar Travel, LLC https://www.virtualsecurity.guru

[spencescu]

I can confirm this worked for us.