From 8a952fd5b3b2b6eed50bb6d88537d43f3c6335a8 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 8 Oct 2021 13:42:16 +0200
Subject: [PATCH] Unbreak detection of unentrolled smart cards

Resolves: rhbz#2007029
---
 opensc-0.22.0-detect-empty.patch | 62 ++++++++++++++++++++++++++++++++
 opensc.spec                      |  3 ++
 2 files changed, 65 insertions(+)
 create mode 100644 opensc-0.22.0-detect-empty.patch

diff --git a/opensc-0.22.0-detect-empty.patch b/opensc-0.22.0-detect-empty.patch
new file mode 100644
index 0000000..671aba2
--- /dev/null
+++ b/opensc-0.22.0-detect-empty.patch
@@ -0,0 +1,62 @@
+From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Fri, 24 Sep 2021 13:33:26 +0200
+Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
+
+This was broken since 58b03b68, which tried to sanitize some states,
+but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
+of empty token information.
+
+Note, that this has effect only if the configuration options
+enable_default_driver and pkcs11_enable_InitToken are turned on.
+Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
+---
+ src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
+index 74fe7b3c49..4205e41739 100644
+--- a/src/pkcs11/framework-pkcs15.c
++++ b/src/pkcs11/framework-pkcs15.c
+@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ {
+ 	struct sc_pkcs11_slot *slot;
+ 	struct pkcs15_fw_data *fw_data = NULL;
+-	struct sc_pkcs15_card *p15card = NULL;
+ 	struct sc_pkcs15_object *auth;
+-	struct sc_pkcs15_auth_info *pin_info;
+ 	CK_RV rv;
+ 
+ 	sc_log(context, "C_GetTokenInfo(%lx)", slotID);
+@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ 		rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
+ 		goto out;
+ 	}
+-	p15card = fw_data->p15_card;
+-	if (!p15card) {
+-		rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
+-		goto out;
+-	}
+-
+ 	/* User PIN flags are cleared before re-calculation */
+ 	slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
+ 	auth = slot_data_auth(slot->fw_data);
+@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+ 		"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
+ 		slot->token_info.flags);
+ 	if (auth) {
++		struct sc_pkcs15_card *p15card = NULL;
++		struct sc_pkcs15_auth_info *pin_info = NULL;
++
+ 		pin_info = (struct sc_pkcs15_auth_info*) auth->data;
+ 
++		p15card = fw_data->p15_card;
++		if (!p15card) {
++			rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
++			goto out;
++		}
++
+ 		sc_pkcs15_get_pin_info(p15card, auth);
+ 
+ 		if (pin_info->tries_left >= 0) {
+
diff --git a/opensc.spec b/opensc.spec
index f0b00f0..a9ac60a 100644
--- a/opensc.spec
+++ b/opensc.spec
@@ -17,6 +17,8 @@ Patch5:         %{name}-gcc11.patch
 Patch7:         %{name}-32b-arch.patch
 # File caching by default (#2000626)
 Patch8:         %{name}-%{version}-file-cache.patch
+# https://github.com/OpenSC/OpenSC/pull/2414 (#2007029)
+Patch9:         %{name}-%{version}-detect-empty.patch
 
 BuildRequires: make
 BuildRequires:  pcsc-lite-devel
@@ -57,6 +59,7 @@ every software/card that does so, too.
 %patch5 -p1 -b .gcc11
 %patch7 -p1 -b .32b
 %patch8 -p1 -b .file-cache
+%patch9 -p1 -b .detect-empty
 
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .