rpms/opensc
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Unbreak detection of unentrolled smart cards

Browse Source 
Resolves: rhbz#2007029
This commit is contained in:
Jakub Jelen 2021-10-08 13:42:16 +02:00
parent ab9b52aa11
commit 8a952fd5b3
2 changed files with 65 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
opensc-0.22.0-detect-empty.patch Normal file
View File

@ -0,0 +1,62 @@
From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 24 Sep 2021 13:33:26 +0200
Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
This was broken since 58b03b68, which tried to sanitize some states,
but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
of empty token information.
Note, that this has effect only if the configuration options
enable_default_driver and pkcs11_enable_InitToken are turned on.
Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
---
src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
index 74fe7b3c49..4205e41739 100644
--- a/src/pkcs11/framework-pkcs15.c
+++ b/src/pkcs11/framework-pkcs15.c
@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
{
struct sc_pkcs11_slot *slot;
struct pkcs15_fw_data *fw_data = NULL;
- struct sc_pkcs15_card *p15card = NULL;
struct sc_pkcs15_object *auth;
- struct sc_pkcs15_auth_info *pin_info;
CK_RV rv;
sc_log(context, "C_GetTokenInfo(%lx)", slotID);
@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
goto out;
}
- p15card = fw_data->p15_card;
- if (!p15card) {
- rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
- goto out;
- }
-
/* User PIN flags are cleared before re-calculation */
slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
auth = slot_data_auth(slot->fw_data);
@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
slot->token_info.flags);
if (auth) {
+ struct sc_pkcs15_card *p15card = NULL;
+ struct sc_pkcs15_auth_info *pin_info = NULL;
+
pin_info = (struct sc_pkcs15_auth_info*) auth->data;
+ p15card = fw_data->p15_card;
+ if (!p15card) {
+ rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
+ goto out;
+ }
+
sc_pkcs15_get_pin_info(p15card, auth);
if (pin_info->tries_left >= 0) {

3
opensc.spec
View File

@ -17,6 +17,8 @@ Patch5: %{name}-gcc11.patch
Patch7: %{name}-32b-arch.patch
# File caching by default (#2000626)
Patch8: %{name}-%{version}-file-cache.patch
# https://github.com/OpenSC/OpenSC/pull/2414 (#2007029)
Patch9: %{name}-%{version}-detect-empty.patch
BuildRequires: make
BuildRequires: pcsc-lite-devel
@ -57,6 +59,7 @@ every software/card that does so, too.
%patch5 -p1 -b .gcc11
%patch7 -p1 -b .32b
%patch8 -p1 -b .file-cache
%patch9 -p1 -b .detect-empty
cp -p src/pkcs15init/README ./README.pkcs15init
cp -p src/scconf/README.scconf .