Detect empty cards and use file caching by default

opensc-0.22.0-detect-empty.patch

@@ -0,0 +1,62 @@
+From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 24 Sep 2021 13:33:26 +0200
+Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
+
+This was broken since 58b03b68, which tried to sanitize some states,
+but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
+of empty token information.
+
+Note, that this has effect only if the configuration options
+enable_default_driver and pkcs11_enable_InitToken are turned on.
+Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
+---
+ src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
+index 74fe7b3c49..4205e41739 100644
+--- a/src/pkcs11/framework-pkcs15.c
++++ b/src/pkcs11/framework-pkcs15.c
+@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ {
+ 	struct sc_pkcs11_slot *slot;
+ 	struct pkcs15_fw_data *fw_data = NULL;
+-	struct sc_pkcs15_card *p15card = NULL;
+ 	struct sc_pkcs15_object *auth;
+-	struct sc_pkcs15_auth_info *pin_info;
+ 	CK_RV rv;
+ 
+ 	sc_log(context, "C_GetTokenInfo(%lx)", slotID);
+@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ 		rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
+ 		goto out;
+ 	}
+-	p15card = fw_data->p15_card;
+-	if (!p15card) {
+-		rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
+-		goto out;
+-	}
+-
+ 	/* User PIN flags are cleared before re-calculation */
+ 	slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
+ 	auth = slot_data_auth(slot->fw_data);
+@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ 		"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
+ 		slot->token_info.flags);
+ 	if (auth) {
++		struct sc_pkcs15_card *p15card = NULL;
++		struct sc_pkcs15_auth_info *pin_info = NULL;
++
+ 		pin_info = (struct sc_pkcs15_auth_info*) auth->data;
+ 
++		p15card = fw_data->p15_card;
++		if (!p15card) {
++			rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
++			goto out;
++		}
++
+ 		sc_pkcs15_get_pin_info(p15card, auth);
+ 
+ 		if (pin_info->tries_left >= 0) {
+

opensc-0.22.0-file-cache.patch

@@ -0,0 +1,23 @@
+diff -up opensc-0.22.0/etc/opensc.conf.file-cache opensc-0.22.0/etc/opensc.conf
+--- opensc-0.22.0/etc/opensc.conf.file-cache	2021-10-08 13:14:44.091772071 +0200
++++ opensc-0.22.0/etc/opensc.conf	2021-10-08 13:19:27.339051951 +0200
+@@ -2,7 +2,7 @@ app default {
+ 	# debug = 3;
+ 	# debug_file = opensc-debug.txt;
+ 	framework pkcs15 {
+-		# use_file_caching = true;
++		use_file_caching = true;
+ 	}
+ 	reader_driver pcsc {
+ 		# The pinpad is disabled by default,
+@@ -10,3 +10,10 @@ app default {
+ 		enable_pinpad = false;
+ 	}
+ }
++# the pkcs15-init is used for card initialization when the file caching
++# brings more trouble than use so disable that:
++app pkcs15-init {
++	framework pkcs15 {
++		use_file_caching = false;
++	}
++}

opensc.spec

@@ -17,6 +17,10 @@ Patch1:         opensc-0.19.0-pinpad.patch
 # https://github.com/OpenSC/OpenSC/pull/2241/
 Patch5:         %{name}-gcc11.patch
 Patch6:         %{name}-32b-arch.patch
+# File caching by default (#2000626)
+Patch8:         %{name}-%{version}-file-cache.patch
+# https://github.com/OpenSC/OpenSC/pull/2414 (#2007029)
+Patch9:         %{name}-%{version}-detect-empty.patch
 
 BuildRequires: make
 BuildRequires:  pcsc-lite-devel
@@ -56,6 +60,8 @@ every software/card that does so, too.
 %patch1 -p1 -b .pinpad
 %patch5 -p1 -b .gcc11
 %patch6 -p1 -b .32b
+%patch8 -p1 -b .file-cache
+%patch9 -p1 -b .detect-empty
 
 cp %{SOURCE2} tests/