opensc-0.16.0-1

* all patches applied upstream * new gids-tool * the folder from taball is in lower case
2016-08-02 13:54:59 +02:00 · 2016-08-02 13:54:59 +02:00 · c462078550
commit c462078550
parent 6111c51e42
8 changed files with 10 additions and 665 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /opensc-0.13.0.tar.gz
 /opensc-0.14.0.tar.gz
 /opensc-0.15.0.tar.gz
 /opensc-0.16.0.tar.gz
--- a/opensc-0.15.0-cka_private.patch
+++ b/opensc-0.15.0-cka_private.patch
@ -1,120 +0,0 @@
 commit 4df35b922c8eb7e0776a23260b65e570b33e4d42
 Author: Nicholas Wilson <nicholas.wilson@realvnc.com>
 Date:   Tue Aug 11 14:02:52 2015 +0100
    pkcs11: Fix to CKA_PRIVATE handling pcks11-tool
    There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
    is being set on the wrong variables! As well as fixing that, we should
    explicitly set CKA_PRIVATE to "false" for certificates and public keys,
    since the PKCS#11 spec doesn't specify a default and some drivers use
    "private" as the default, making it impossible to add a public key/cert
    using pkcs11-tool.
 diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
 index 2781302..c3861d5 100644
 --- a/src/tools/pkcs11-tool.c
 +++ b/src/tools/pkcs11-tool.c
@@ -1923,6 +1923,7 @@ static int parse_gost_private_key(EVP_PKEY *evp_key, struct gostkey_info *gost)
 static int write_object(CK_SESSION_HANDLE session)
 {
 	CK_BBOOL _true = TRUE;
 +	CK_BBOOL _false = FALSE;
 	unsigned char contents[MAX_OBJECT_SIZE + 1];
 	int contents_len = 0;
 	unsigned char certdata[MAX_OBJECT_SIZE];
@@ -2026,28 +2027,24 @@ static int write_object(CK_SESSION_HANDLE session)
 		FILL_ATTR(cert_templ[1], CKA_VALUE, contents, contents_len);
 		FILL_ATTR(cert_templ[2], CKA_CLASS, &clazz, sizeof(clazz));
 		FILL_ATTR(cert_templ[3], CKA_CERTIFICATE_TYPE, &cert_type, sizeof(cert_type));
 -		n_cert_attr = 4;
 +		FILL_ATTR(cert_templ[4], CKA_PRIVATE, &_false, sizeof(_false));
 +		n_cert_attr = 5;
 		if (opt_object_label != NULL) {
 -			FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL,
 -				opt_object_label, strlen(opt_object_label));
 +			FILL_ATTR(cert_templ[n_cert_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
 			n_cert_attr++;
 		}
 		if (opt_object_id_len != 0) {
 -			FILL_ATTR(cert_templ[n_cert_attr], CKA_ID,
 -				opt_object_id, opt_object_id_len);
 +			FILL_ATTR(cert_templ[n_cert_attr], CKA_ID, opt_object_id, opt_object_id_len);
 			n_cert_attr++;
 		}
 #ifdef ENABLE_OPENSSL
 		/* according to PKCS #11 CKA_SUBJECT MUST be specified */
 -		FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT,
 -			cert.subject, cert.subject_len);
 +		FILL_ATTR(cert_templ[n_cert_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
 		n_cert_attr++;
 -		FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER,
 -			cert.issuer, cert.issuer_len);
 +		FILL_ATTR(cert_templ[n_cert_attr], CKA_ISSUER, cert.issuer, cert.issuer_len);
 		n_cert_attr++;
 -		FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER,
 -			cert.serialnum, cert.serialnum_len);
 +		FILL_ATTR(cert_templ[n_cert_attr], CKA_SERIAL_NUMBER, cert.serialnum, cert.serialnum_len);
 		n_cert_attr++;
 #endif
 	}
@@ -2150,9 +2147,12 @@ static int write_object(CK_SESSION_HANDLE session)
 		n_pubkey_attr = 3;
 		if (opt_is_private != 0) {
 -			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
 -				&_true, sizeof(_true));
 -			n_data_attr++;
 +			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_true, sizeof(_true));
 +			n_pubkey_attr++;
 +		}
 +		else {
 +			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PRIVATE, &_false, sizeof(_false));
 +			n_pubkey_attr++;
 		}
 		if (opt_object_label != NULL) {
@@ -2180,15 +2180,12 @@ static int write_object(CK_SESSION_HANDLE session)
 #ifdef ENABLE_OPENSSL
 		if (cert.subject_len != 0) {
 -			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT,
 -				cert.subject, cert.subject_len);
 +			FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_SUBJECT, cert.subject, cert.subject_len);
 			n_pubkey_attr++;
 		}
 -		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS,
 -			rsa.modulus, rsa.modulus_len);
 +		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_MODULUS, rsa.modulus, rsa.modulus_len);
 		n_pubkey_attr++;
 -		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT,
 -			rsa.public_exponent, rsa.public_exponent_len);
 +		FILL_ATTR(pubkey_templ[n_pubkey_attr], CKA_PUBLIC_EXPONENT, rsa.public_exponent, rsa.public_exponent_len);
 		n_pubkey_attr++;
 #endif
 	}
@@ -2202,8 +2199,11 @@ static int write_object(CK_SESSION_HANDLE session)
 		n_data_attr = 3;
 		if (opt_is_private != 0) {
 -			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE,
 -				&_true, sizeof(_true));
 +			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_true, sizeof(_true));
 +			n_data_attr++;
 +		}
 +		else {
 +			FILL_ATTR(data_templ[n_data_attr], CKA_PRIVATE, &_false, sizeof(_false));
 			n_data_attr++;
 		}
@@ -2227,8 +2227,7 @@ static int write_object(CK_SESSION_HANDLE session)
 		}
 		if (opt_object_label != NULL) {
 -			FILL_ATTR(data_templ[n_data_attr], CKA_LABEL,
 -				opt_object_label, strlen(opt_object_label));
 +			FILL_ATTR(data_templ[n_data_attr], CKA_LABEL, opt_object_label, strlen(opt_object_label));
 			n_data_attr++;
 		}
--- a/opensc-0.15.0-eID-rsa2048.patch
+++ b/opensc-0.15.0-eID-rsa2048.patch
@ -1,24 +0,0 @@
 From 74493ca73f8e3c21c098fecb42a7a08ead85e197 Mon Sep 17 00:00:00 2001
 From: Henrik Andersson <henrik.4e@gmail.com>
 Date: Fri, 13 May 2016 09:16:21 +0200
 Subject: [PATCH] Add support for RSA with keylength 2048
 This solves sign issues with swedish eID cards which have
 RSA keys with length 2048. This also solves the issue #726.
 ---
 src/libopensc/card-setcos.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/src/libopensc/card-setcos.c b/src/libopensc/card-setcos.c
 index 2b0182a..a852180 100644
 --- a/src/libopensc/card-setcos.c
 +++ b/src/libopensc/card-setcos.c
@@ -215,6 +215,7 @@ static int setcos_init(sc_card_t *card)
 			_sc_card_add_rsa_alg(card, 512, flags, 0);
 			_sc_card_add_rsa_alg(card, 768, flags, 0);
 			_sc_card_add_rsa_alg(card, 1024, flags, 0);
 +			_sc_card_add_rsa_alg(card, 2048, flags, 0);
 		}
 		break;
 	}
--- a/opensc-0.15.0-fork-issue.patch
+++ b/opensc-0.15.0-fork-issue.patch
@ -1,399 +0,0 @@
 diff --git a/configure.ac b/configure.ac
 index 67aa5c4..e65c919 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -39,8 +39,8 @@ OPENSC_VS_FF_PRODUCT_NAME="VS_FF_PRODUCT_NAME"
 #   (Code changed:                      REVISION++)
 #   (Oldest interface removed:          OLDEST++)
 #   (Interfaces added:                  CURRENT++, REVISION=0)
 -OPENSC_LT_CURRENT="3"
 -OPENSC_LT_OLDEST="3"
 +OPENSC_LT_CURRENT="4"
 +OPENSC_LT_OLDEST="4"
 OPENSC_LT_REVISION="0"
 OPENSC_LT_AGE="0"
 OPENSC_LT_AGE="$((${OPENSC_LT_CURRENT}-${OPENSC_LT_OLDEST}))"
 diff --git a/src/libopensc/card.c b/src/libopensc/card.c
 index 2cb16f6..f3cb152 100644
 --- a/src/libopensc/card.c
 +++ b/src/libopensc/card.c
@@ -218,7 +218,8 @@ int sc_connect_card(sc_reader_t *reader, sc_card_t **card_out)
 			if (ops == NULL || ops->match_card == NULL)   {
 				continue;
 			}
 -			else if (!ctx->enable_default_driver && !strcmp("default", drv->short_name))   {
 +			else if (!(ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER)
 +				   	&& !strcmp("default", drv->short_name))   {
 				sc_log(ctx , "ignore 'default' card driver");
 				continue;
 			}
 diff --git a/src/libopensc/ctx.c b/src/libopensc/ctx.c
 index 5595dc4..15312f7 100644
 --- a/src/libopensc/ctx.c
 +++ b/src/libopensc/ctx.c
@@ -186,8 +186,7 @@ static void set_defaults(sc_context_t *ctx, struct _sc_ctx_options *opts)
 	if (ctx->debug_file && (ctx->debug_file != stderr && ctx->debug_file != stdout))
 		fclose(ctx->debug_file);
 	ctx->debug_file = stderr;
 -	ctx->paranoid_memory = 0;
 -	ctx->enable_default_driver = 0;
 +	ctx->flags = 0;
 #ifdef __APPLE__
 	/* Override the default debug log for OpenSC.tokend to be different from PKCS#11.
@@ -258,11 +257,13 @@ load_parameters(sc_context_t *ctx, scconf_block *block, struct _sc_ctx_options *
 		sc_ctx_log_to_file(ctx, val);
 	}
 -	ctx->paranoid_memory = scconf_get_bool (block, "paranoid-memory",
 -		ctx->paranoid_memory);
 +	if (scconf_get_bool (block, "paranoid-memory",
 +			   	ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY))
 +		ctx->flags |= SC_CTX_FLAG_PARANOID_MEMORY;
 -	ctx->enable_default_driver = scconf_get_bool (block, "enable_default_driver",
 -			ctx->enable_default_driver);
 +	if (scconf_get_bool (block, "enable_default_driver",
 +			   	ctx->flags & SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER))
 +		ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
 	val = scconf_get_str(block, "force_card_driver", NULL);
 	if (val) {
@@ -723,7 +724,9 @@ int sc_context_create(sc_context_t **ctx_out, const sc_context_param_t *parm)
 		return SC_ERROR_OUT_OF_MEMORY;
 	}
 +	ctx->flags = parm->flags;
 	set_defaults(ctx, &opts);
 +
 	list_init(&ctx->readers);
 	list_attributes_seeker(&ctx->readers, reader_list_seeker);
 	/* set thread context and create mutex object (if specified) */
 diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h
 index 8c4e81f..e9a4d19 100644
 --- a/src/libopensc/opensc.h
 +++ b/src/libopensc/opensc.h
@@ -639,13 +639,25 @@ typedef struct {
 	unsigned long (*thread_id)(void);
 } sc_thread_context_t;
 +/** Stop modifing or using external resources
 + *
 + * Currently this is used to avoid freeing duplicated external resources for a
 + * process that has been forked. For example, a child process may want to leave
 + * the duplicated card handles for the parent process. With this flag the child
 + * process indicates that shall the reader shall ignore those resources when
 + * calling sc_disconnect_card.
 + */
 +#define SC_CTX_FLAG_TERMINATE				0x00000001
 +#define SC_CTX_FLAG_PARANOID_MEMORY			0x00000002
 +#define SC_CTX_FLAG_DEBUG_MEMORY			0x00000004
 +#define SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER	0x00000008
 +
 typedef struct sc_context {
 	scconf_context *conf;
 	scconf_block *conf_blocks[3];
 	char *app_name;
 	int debug;
 -	int paranoid_memory;
 -	int enable_default_driver;
 +	unsigned long flags;
 	FILE *debug_file;
 	char *debug_filename;
@@ -719,7 +731,7 @@ typedef struct {
 	 *  dependend configuration data). If NULL the name "default"
 	 *  will be used. */
 	const char    *app_name;
 -	/** flags, currently unused */
 +	/** context flags */
 	unsigned long flags;
 	/** mutex functions to use (optional) */
 	sc_thread_context_t *thread_ctx;
 diff --git a/src/libopensc/reader-ctapi.c b/src/libopensc/reader-ctapi.c
 index 919c3f0..c526500 100644
 --- a/src/libopensc/reader-ctapi.c
 +++ b/src/libopensc/reader-ctapi.c
@@ -116,6 +116,9 @@ static int refresh_attributes(sc_reader_t *reader)
 	u8 cmd[5], rbuf[256], sad, dad;
 	unsigned short lr;
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	cmd[0] = CTBCS_CLA;
 	cmd[1] = CTBCS_INS_STATUS;
 	cmd[2] = CTBCS_P1_CT_KERNEL;
@@ -158,6 +161,9 @@ static int ctapi_internal_transmit(sc_reader_t *reader,
 	u8 dad, sad;
 	unsigned short lr;
 	char rv;
 +
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 	if (control)
 		dad = 1;
@@ -235,6 +241,9 @@ static int ctapi_connect(sc_reader_t *reader)
 	unsigned short lr;
 	int r;
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	cmd[0] = CTBCS_CLA;
 	cmd[1] = CTBCS_INS_REQUEST;
 	cmd[2] = CTBCS_P1_INTERFACE1;
@@ -280,7 +289,9 @@ static int ctapi_release(sc_reader_t *reader)
 {
 	struct ctapi_private_data *priv = GET_PRIV_DATA(reader);
 -	priv->funcs.CT_close(priv->ctn);
 +
 +	if (!(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
 +		priv->funcs.CT_close(priv->ctn);
 	free(priv);
 	return 0;
 diff --git a/src/libopensc/reader-openct.c b/src/libopensc/reader-openct.c
 index a276d52..2d7d6bd 100644
 --- a/src/libopensc/reader-openct.c
 +++ b/src/libopensc/reader-openct.c
@@ -154,7 +154,7 @@ static int openct_reader_release(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
 	if (data) {
 -		if (data->h)
 +		if (data->h && !(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
 			ct_reader_disconnect(data->h);
 		sc_mem_clear(data, sizeof(*data));
 		reader->drv_data = NULL;
@@ -174,6 +174,9 @@ static int openct_reader_detect_card_presence(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	reader->flags = 0;
 	if (!data->h && !(data->h = ct_reader_connect(data->num)))
 		return 0;
@@ -197,6 +200,9 @@ openct_reader_connect(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	if (data->h)
 		ct_reader_disconnect(data->h);
@@ -242,7 +248,7 @@ static int openct_reader_disconnect(sc_reader_t *reader)
 	struct driver_data *data = (struct driver_data *) reader->drv_data;
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
 -	if (data->h)
 +	if (data->h && !(reader->flags & SC_TERMINATE))
 		ct_reader_disconnect(data->h);
 	data->h = NULL;
 	return SC_SUCCESS;
@@ -256,6 +262,9 @@ openct_reader_internal_transmit(sc_reader_t *reader,
 	struct driver_data *data = (struct driver_data *) reader->drv_data;
 	int rc;
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	/* Hotplug check */
 	if ((rc = openct_reader_reconnect(reader)) < 0)
 		return rc;
@@ -324,6 +333,9 @@ static int openct_reader_perform_verify(sc_reader_t *reader, struct sc_pin_cmd_d
 	u8 buf[254];
 	int rc;
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	/* Hotplug check */
 	if ((rc = openct_reader_reconnect(reader)) < 0)
 		return rc;
@@ -382,6 +394,9 @@ static int openct_reader_lock(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	/* Hotplug check */
 	if ((rc = openct_reader_reconnect(reader)) < 0)
 		return rc;
@@ -408,6 +423,9 @@ static int openct_reader_unlock(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_VERBOSE);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	/* Not connected */
 	if (data->h == NULL)
 		return 0;
 diff --git a/src/libopensc/reader-pcsc.c b/src/libopensc/reader-pcsc.c
 index 666265d..7c26a25 100644
 --- a/src/libopensc/reader-pcsc.c
 +++ b/src/libopensc/reader-pcsc.c
@@ -184,6 +184,9 @@ static int pcsc_internal_transmit(sc_reader_t *reader,
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
 	card = priv->pcsc_card;
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	sSendPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol);
 	sSendPci.cbPciLength = sizeof(sSendPci);
 	sRecvPci.dwProtocol = opensc_proto_to_pcsc(reader->active_protocol);
@@ -284,6 +287,9 @@ static int refresh_attributes(sc_reader_t *reader)
 	sc_debug(reader->ctx, SC_LOG_DEBUG_NORMAL, "%s check", reader->name);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	if (priv->reader_state.szReader == NULL) {
 		priv->reader_state.szReader = reader->name;
 		priv->reader_state.dwCurrentState = SCARD_STATE_UNAWARE;
@@ -505,7 +511,8 @@ static int pcsc_disconnect(sc_reader_t * reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
 -	priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action);
 +	if (!(reader->ctx->flags & SC_CTX_FLAG_TERMINATE))
 +		priv->gpriv->SCardDisconnect(priv->pcsc_card, priv->gpriv->disconnect_action);
 	reader->flags = 0;
 	return SC_SUCCESS;
 }
@@ -518,6 +525,9 @@ static int pcsc_lock(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	rv = priv->gpriv->SCardBeginTransaction(priv->pcsc_card);
 	switch (rv) {
@@ -555,6 +565,9 @@ static int pcsc_unlock(sc_reader_t *reader)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	rv = priv->gpriv->SCardEndTransaction(priv->pcsc_card, priv->gpriv->transaction_end_action);
 	priv->locked = 0;
@@ -597,12 +610,18 @@ static int pcsc_cancel(sc_context_t *ctx)
 	struct pcsc_global_private_data *gpriv = (struct pcsc_global_private_data *)ctx->reader_drv_data;
 	SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
 +
 +	if (ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 #ifndef _WIN32
 	if (gpriv->pcsc_wait_ctx != -1) {
 		rv = gpriv->SCardCancel(gpriv->pcsc_wait_ctx);
 -		if (rv == SCARD_S_SUCCESS)
 +		if (rv == SCARD_S_SUCCESS) {
 			 /* Also close and clear the waiting context */
 			 rv = gpriv->SCardReleaseContext(gpriv->pcsc_wait_ctx);
 +			 gpriv->pcsc_wait_ctx = -1;
 +		}
 	}
 #else
 	rv = gpriv->SCardCancel(gpriv->pcsc_ctx);
@@ -747,7 +766,7 @@ static int pcsc_finish(sc_context_t *ctx)
 	SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
 	if (gpriv) {
 -		if (gpriv->pcsc_ctx != -1)
 +		if (gpriv->pcsc_ctx != -1 && !(ctx->flags & SC_CTX_FLAG_TERMINATE))
 			gpriv->SCardReleaseContext(gpriv->pcsc_ctx);
 		if (gpriv->dlhandle != NULL)
 			sc_dlclose(gpriv->dlhandle);
@@ -1693,6 +1712,9 @@ pcsc_pin_cmd(sc_reader_t *reader, struct sc_pin_cmd_data *data)
 	SC_FUNC_CALLED(reader->ctx, SC_LOG_DEBUG_NORMAL);
 +	if (reader->ctx->flags & SC_CTX_FLAG_TERMINATE)
 +		return SC_ERROR_NOT_ALLOWED;
 +
 	if (priv->gpriv->SCardControl == NULL)
 		return SC_ERROR_NOT_SUPPORTED;
@@ -1982,8 +2004,8 @@ static int transform_pace_output(u8 *rbuf, size_t rbuflen,
 static int
 pcsc_perform_pace(struct sc_reader *reader, void *input_pace, void *output_pace)
 {
 -        struct establish_pace_channel_input *pace_input = (struct establish_pace_channel_input *) input_pace;
 -        struct establish_pace_channel_output *pace_output = (struct establish_pace_channel_output *) output_pace;
 +	struct establish_pace_channel_input *pace_input = (struct establish_pace_channel_input *) input_pace;
 +	struct establish_pace_channel_output *pace_output = (struct establish_pace_channel_output *) output_pace;
 	struct pcsc_private_data *priv;
 	u8 rbuf[SC_MAX_EXT_APDU_BUFFER_SIZE], sbuf[SC_MAX_EXT_APDU_BUFFER_SIZE];
 	size_t rcount = sizeof rbuf, scount = sizeof sbuf;
 diff --git a/src/libopensc/sc.c b/src/libopensc/sc.c
 index 052d6eb..5cddd32 100644
 --- a/src/libopensc/sc.c
 +++ b/src/libopensc/sc.c
@@ -806,7 +806,7 @@ void *sc_mem_alloc_secure(sc_context_t *ctx, size_t len)
         locked = 1;
 #endif
     if (!locked) {
 -        if (ctx->paranoid_memory) {
 +        if (ctx->flags & SC_CTX_FLAG_PARANOID_MEMORY) {
             sc_do_log (ctx, 0, NULL, 0, NULL, "cannot lock memory, failing allocation because paranoid set");
             free (pointer);
             pointer = NULL;
 diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
 index a01cbab..349ee29 100644
 --- a/src/pkcs11/pkcs11-global.c
 +++ b/src/pkcs11/pkcs11-global.c
@@ -202,9 +202,11 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
 	unsigned int i;
 	sc_context_param_t ctx_opts;
 -	/* Handle fork() exception */
 #if !defined(_WIN32)
 +	/* Handle fork() exception */
 	if (current_pid != initialized_pid) {
 +		if (context)
 +			context->flags |= SC_CTX_FLAG_TERMINATE;
 		C_Finalize(NULL_PTR);
 	}
 	initialized_pid = current_pid;
 diff --git a/src/tools/opensc-explorer.c b/src/tools/opensc-explorer.c
 index fa2581b..75588df 100644
 --- a/src/tools/opensc-explorer.c
 +++ b/src/tools/opensc-explorer.c
@@ -1836,7 +1836,7 @@ int main(int argc, char * const argv[])
 		return 1;
 	}
 -	ctx->enable_default_driver = 1;
 +	ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
 	if (verbose > 1) {
 		ctx->debug = verbose;
 diff --git a/src/tools/opensc-tool.c b/src/tools/opensc-tool.c
 index d907984..aea526e 100644
 --- a/src/tools/opensc-tool.c
 +++ b/src/tools/opensc-tool.c
@@ -758,7 +758,7 @@ int main(int argc, char * const argv[])
 		return 1;
 	}
 -	ctx->enable_default_driver = 1;
 +	ctx->flags |= SC_CTX_FLAG_ENABLE_DEFAULT_DRIVER;
 	if (verbose > 1) {
 		ctx->debug = verbose;
--- a/opensc-0.15.0-pubkey-crash.patch
+++ b/opensc-0.15.0-pubkey-crash.patch
@ -1,31 +0,0 @@
 From 6e5ae841eb398b6393d7349d45f2386f820c9f5f Mon Sep 17 00:00:00 2001
 From: LE TOUX Vincent <HG2025@sdmn01.sirius.infra.com>
 Date: Sat, 2 Jan 2016 09:31:36 +0100
 Subject: [PATCH] fix a pkcs11 crash when the public key reading fails
 ---
 src/pkcs11/framework-pkcs15.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)
 diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
 index e103550..8496f43 100644
 --- a/src/pkcs11/framework-pkcs15.c
 +++ b/src/pkcs11/framework-pkcs15.c
@@ -772,9 +772,11 @@ __pkcs15_prkey_bind_related(struct pkcs15_fw_data *fw_data, struct pkcs15_prkey_
 			if (sc_pkcs15_compare_id(&pubkey->pub_info->id, id)) {
 				sc_log(context, "Associating object %d as public key", i);
 				pk->prv_pubkey = pubkey;
 -				sc_pkcs15_dup_pubkey(context, pubkey->pub_data, &pk->pub_data);
 -				if (pk->prv_info->modulus_length == 0)
 -					pk->prv_info->modulus_length = pubkey->pub_info->modulus_length;
 +				if (pubkey->pub_data) {
 +					sc_pkcs15_dup_pubkey(context, pubkey->pub_data, &pk->pub_data);
 +					if (pk->prv_info->modulus_length == 0)
 +						pk->prv_info->modulus_length = pubkey->pub_info->modulus_length;
 +				}
 			}
 		}
 	}
 -- 
 2.5.0
--- a/opensc-export-symbols.patch
+++ b/opensc-export-symbols.patch
@ -1,75 +0,0 @@
 diff --git a/src/pkcs11/pkcs11-spy.exports b/src/pkcs11/pkcs11-spy.exports
 index 562ecea..9b9b01c 100644
 --- a/src/pkcs11/pkcs11-spy.exports
 +++ b/src/pkcs11/pkcs11-spy.exports
@@ -1 +1,70 @@
 +C_Initialize
 +C_Finalize
 +C_GetInfo
 C_GetFunctionList
 +C_GetSlotList
 +C_GetSlotInfo
 +C_GetTokenInfo
 +C_GetMechanismList
 +C_GetMechanismInfo
 +C_InitToken
 +C_InitPIN
 +C_SetPIN
 +C_OpenSession
 +C_CloseSession
 +C_CloseAllSessions
 +C_GetSessionInfo
 +C_GetOperationState
 +C_SetOperationState
 +C_Login
 +C_Logout
 +C_CreateObject
 +C_CopyObject
 +C_DestroyObject
 +C_GetObjectSize
 +C_GetAttributeValue
 +C_SetAttributeValue
 +C_FindObjectsInit
 +C_FindObjects
 +C_FindObjectsFinal
 +C_EncryptInit
 +C_Encrypt
 +C_EncryptUpdate
 +C_EncryptFinal
 +C_DecryptInit
 +C_Decrypt
 +C_DecryptUpdate
 +C_DecryptFinal
 +C_DigestInit
 +C_Digest
 +C_DigestUpdate
 +C_DigestKey
 +C_DigestFinal
 +C_SignInit
 +C_Sign
 +C_SignUpdate
 +C_SignFinal
 +C_SignRecoverInit
 +C_SignRecover
 +C_VerifyInit
 +C_Verify
 +C_VerifyUpdate
 +C_VerifyFinal
 +C_VerifyRecoverInit
 +C_VerifyRecover
 +C_DigestEncryptUpdate
 +C_DecryptDigestUpdate
 +C_SignEncryptUpdate
 +C_DecryptVerifyUpdate
 +C_GenerateKey
 +C_GenerateKeyPair
 +C_WrapKey
 +C_UnwrapKey
 +C_DeriveKey
 +C_SeedRandom
 +C_GenerateRandom
 +C_GetFunctionStatus
 +C_CancelFunction
 +C_WaitForSlotEvent
 +C_Initialize
 +C_Finalize
--- a/opensc.spec
+++ b/opensc.spec
@ -1,6 +1,6 @@
 Name:           opensc
-Version:        0.15.0
+Version:        0.16.0
-Release:        6%{?dist}
+Release:        1%{?dist}
 Summary:        Smart card library and applications
 Group:          System Environment/Libraries
@ -20,12 +20,6 @@ Requires:	pcsc-lite
 Obsoletes:      mozilla-opensc-signer < 0.12.0
 Obsoletes:      opensc-devel < 0.12.0
 Patch0:		opensc-0.15.0-fork-issue.patch
 Patch1:		opensc-export-symbols.patch
 Patch2:		opensc-0.15.0-pubkey-crash.patch
 Patch3:		opensc-0.15.0-eID-rsa2048.patch
 Patch4:		opensc-0.15.0-cka_private.patch
 %description
 OpenSC provides a set of libraries and utilities to work with smart cards. Its
 main focus is on cards that support cryptographic operations, and facilitate
@ -37,13 +31,7 @@ every software/card that does so, too.
 %prep
-%setup -q -n OpenSC-%{version}
+%setup -q -n opensc-%{version}
 %patch0 -p1 -b .fork-issue
 %patch1 -p1 -b .export-symbols
 %patch2 -p1 -b .pubkey-crash
 %patch3 -p1 -b .eID-rsa2048
 %patch4 -p1 -b .cka-private
 cp -p src/pkcs15init/README ./README.pkcs15init
 cp -p src/scconf/README.scconf .
@ -104,6 +92,7 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
 %{_bindir}/cryptoflex-tool
 %{_bindir}/eidenv
 %{_bindir}/iasecc-tool
 %{_bindir}/gids-tool
 %{_bindir}/netkey-tool
 %{_bindir}/openpgp-tool
 %{_bindir}/opensc-explorer
@ -128,6 +117,7 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
 %{_mandir}/man1/cardos-tool.1*
 %{_mandir}/man1/cryptoflex-tool.1*
 %{_mandir}/man1/eidenv.1*
 %{_mandir}/man1/gids-tool.1*
 %{_mandir}/man1/iasecc-tool.1*
 %{_mandir}/man1/netkey-tool.1*
 %{_mandir}/man1/openpgp-tool.1*
@ -145,6 +135,9 @@ rm -rf %{buildroot}%{_sysconfdir}/bash_completion.d/
 %changelog
 * Tue Aug 02 2016 Jakub Jelen <jjelen@redhat.com> - 0.16.0-1
 - New upstream release 0.16.0 (#1306071)
 * Tue Jul 12 2016 Jakub Jelen <jjelen@redhat.com> - 0.15.0-6
 - Add support for 2048 key length (#1350588)
 - Explicitly set CKA_PRIVATE to false when writing certificates (#1272127)
--- a/2
+++ b/2
@ -1 +1 @@
-f266024e5a9630821ffa0ac14f72e369  opensc-0.15.0.tar.gz
+724d128f23cd7a74b28d04300ce7bcbd  opensc-0.16.0.tar.gz
`@ -1 +1 @@`
	`f266024e5a9630821ffa0ac14f72e369 opensc-0.15.0.tar.gz`	`724d128f23cd7a74b28d04300ce7bcbd opensc-0.16.0.tar.gz`