From de58f5101236f6a1b835cc8304fbf230d6aa1af4 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:06:19 +0200
Subject: [PATCH 01/19] msc: check the length of input

---
 src/libopensc/muscle.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/muscle.c b/src/libopensc/muscle.c
index f0b1e921..13a67a05 100644
--- a/src/libopensc/muscle.c
+++ b/src/libopensc/muscle.c
@@ -601,7 +601,9 @@ int msc_extract_rsa_public_key(sc_card_t *card,
 	if(buffer[0] != MSC_RSA_PUBLIC) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_UNKNOWN_DATA_RECEIVED);
 	*modLength = (buffer[3] << 8) | buffer[4];
 	/* Read the modulus and the exponent length */
-	
+
+	if (*modLength + 2 > sizeof buffer)
+		SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, SC_ERROR_OUT_OF_MEMORY);
 	r = msc_read_object(card, inputId, fileLocation, buffer, *modLength + 2);
 	fileLocation += *modLength + 2;
 	if(r < 0) SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);

From ba3890f8e0280e68f91cc4d0ce235d11c6319560 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:07:46 +0200
Subject: [PATCH 02/19] Checks result of calloc

---
 src/libopensc/card-openpgp.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
index 68367232..a56f5165 100644
--- a/src/libopensc/card-openpgp.c
+++ b/src/libopensc/card-openpgp.c
@@ -2196,6 +2196,8 @@ pgp_build_extended_header_list(sc_card_t *card, sc_cardctl_openpgp_keystore_info
 	if (key_info->e_len < req_e_len) {
 		/* Create new buffer */
 		p = calloc(req_e_len, 1);
+		if (!p)
+			LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_ENOUGH_MEMORY);
 		memcpy(p + req_e_len - key_info->e_len, key_info->e, key_info->e_len);
 		key_info->e_len = req_e_len;
 		/* Set key_info->e to new buffer */

From 30d4f52718437cb998a26ab926698386fd949e15 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:11:03 +0200
Subject: [PATCH 03/19] Checks untrusted input

---
 src/libopensc/pkcs15-tccardos.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15-tccardos.c b/src/libopensc/pkcs15-tccardos.c
index 1715752d..706005a7 100644
--- a/src/libopensc/pkcs15-tccardos.c
+++ b/src/libopensc/pkcs15-tccardos.c
@@ -212,6 +212,7 @@ static int parse_EF_CardInfo(sc_pkcs15_card_t *p15card)
 	u8     *p1, *p2;
 	size_t key_num, i;
 	struct sc_context *ctx = p15card->card->ctx;
+	size_t offset;
 
 	/* read EF_CardInfo1 */
 	r = read_file(p15card->card, "3F001003b200", info1, &info1_len);
@@ -227,7 +228,10 @@ static int parse_EF_CardInfo(sc_pkcs15_card_t *p15card)
 	sc_debug(ctx, SC_LOG_DEBUG_NORMAL,
 		"found %d private keys\n", (int)key_num);
 	/* set p1 to the address of the first key descriptor */
-	p1 = info1 + (info1_len - 4 - key_num * 2);
+	offset = info1_len - 4 - key_num * 2;
+	if (offset >= sizeof info1)
+		return SC_ERROR_INVALID_DATA;
+	p1 = info1 + offset;
 	p2 = info2;
 	for (i=0; i<key_num; i++) {
 		u8   pinId, keyId, cert_count;

From 8a225eb42b067c07f674b10432464538a2ca9106 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:21:05 +0200
Subject: [PATCH 04/19] Avoids potential NULL pointer deref

---
 src/libopensc/card-iasecc.c       | 2 +-
 src/pkcs15init/pkcs15-isoApplet.c | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/card-iasecc.c b/src/libopensc/card-iasecc.c
index 09d730d6..317690ff 100644
--- a/src/libopensc/card-iasecc.c
+++ b/src/libopensc/card-iasecc.c
@@ -2166,7 +2166,7 @@ iasecc_pin_get_policy (struct sc_card *card, struct sc_pin_cmd_data *data)
 	if (sdo.docp.acls_contact.size == 0)
 		LOG_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Extremely strange ... there is no ACLs");
 
-	sc_log(ctx, "iasecc_pin_get_policy() sdo.docp.size.size %i %02X:%02X", sdo.docp.size.size, *(sdo.docp.size.value + 0),  *(sdo.docp.size.value + 1));
+	sc_log(ctx, "iasecc_pin_get_policy() sdo.docp.size.size %i", sdo.docp.size.size);
 	for (ii=0; ii<sizeof(sdo.docp.scbs); ii++)   {
 		struct iasecc_se_info se;
 		unsigned char scb = sdo.docp.scbs[ii];
diff --git a/src/pkcs15init/pkcs15-isoApplet.c b/src/pkcs15init/pkcs15-isoApplet.c
index 99db23a7..c2591b13 100644
--- a/src/pkcs15init/pkcs15-isoApplet.c
+++ b/src/pkcs15init/pkcs15-isoApplet.c
@@ -263,7 +263,8 @@ isoApplet_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t
 	struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
 	int r;
 
-	LOG_FUNC_CALLED(card->ctx);
+	if (card)
+		LOG_FUNC_CALLED(card->ctx);
 
 	if(!pin || !pin_len || !p15card || !p15card->card || !df || !&df->path)
 	{

From 63a9ad79b6ffb609758c643a0797f59498ec71a0 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:30:10 +0200
Subject: [PATCH 05/19] Assumes that p15card->card are set

The check for NULL was bogus anyway
---
 src/pkcs15init/pkcs15-isoApplet.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/pkcs15init/pkcs15-isoApplet.c b/src/pkcs15init/pkcs15-isoApplet.c
index c2591b13..498fb617 100644
--- a/src/pkcs15init/pkcs15-isoApplet.c
+++ b/src/pkcs15init/pkcs15-isoApplet.c
@@ -186,7 +186,7 @@ isoApplet_create_dir(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t
 
 	LOG_FUNC_CALLED(card->ctx);
 
-	if(!profile || !p15card || !df || !p15card->card || !p15card->card->ctx)
+	if(!profile || !df || !p15card->card->ctx)
 	{
 		LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
 	}
@@ -263,10 +263,9 @@ isoApplet_create_pin(sc_profile_t *profile, sc_pkcs15_card_t *p15card, sc_file_t
 	struct sc_pkcs15_pin_attributes *pin_attrs = &auth_info->attrs.pin;
 	int r;
 
-	if (card)
-		LOG_FUNC_CALLED(card->ctx);
+	LOG_FUNC_CALLED(card->ctx);
 
-	if(!pin || !pin_len || !p15card || !p15card->card || !df || !&df->path)
+	if(!pin || !pin_len || !df || !&df->path)
 	{
 		LOG_FUNC_RETURN(card->ctx, SC_ERROR_INVALID_ARGUMENTS);
 	}

From b5de72fe13b3f2246963ebd7fa48c6a2bc8fb68c Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:32:32 +0200
Subject: [PATCH 06/19] fix potention NULL deref

---
 src/scconf/parse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/scconf/parse.c b/src/scconf/parse.c
index 2804d7d5..f0e585b0 100644
--- a/src/scconf/parse.c
+++ b/src/scconf/parse.c
@@ -270,7 +270,7 @@ void scconf_parse_token(scconf_parser * parser, int token_type, const char *toke
 				scconf_parse_warning_expect(parser, ";");
 				scconf_parse_reset_state(parser);
 			}
-			if (*token == '"') {
+			if (token && *token == '"') {
 				/* quoted string, remove them */
 				token++;
 				len = strlen(token);

From 59254d9d88a0023c32698fb109405180189817b7 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:40:02 +0200
Subject: [PATCH 07/19] Checks on errors for ftell and fseek

---
 src/libopensc/card-piv.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index 218d74d3..ce5a5de8 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -1450,9 +1450,17 @@ static int piv_get_key(sc_card_t *card, unsigned int alg_id, u8 **key, size_t *l
 		goto err;
 	}
 
-	fseek(f, 0L, SEEK_END);
+	if (0 > fseek(f, 0L, SEEK_END))
+		r = SC_ERROR_INTERNAL;
 	fsize = ftell(f);
-	fseek(f, 0L, SEEK_SET);
+	if (0 > (long) fsize)
+		r = SC_ERROR_INTERNAL;
+	if (0 > fseek(f, 0L, SEEK_SET))
+		r = SC_ERROR_INTERNAL;
+	if(r) {
+		sc_debug(card->ctx, SC_LOG_DEBUG_VERBOSE, "Could not read %s\n", keyfilename);
+		goto err;
+	}
 
 	keybuf = malloc(fsize+1); /* if not binary, need null to make it a string */
 	if (!keybuf) {

From 69de207c21deaa9bd6aef9b69d7d3167cd845cee Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:48:08 +0200
Subject: [PATCH 08/19] Fixes bad type cast

---
 src/libopensc/card-oberthur.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c
index b8a5cbc4..99cc25a3 100644
--- a/src/libopensc/card-oberthur.c
+++ b/src/libopensc/card-oberthur.c
@@ -185,7 +185,7 @@ auth_select_aid(struct sc_card *card)
 	memcpy(card->serialnr.value, apdu.resp+15, 4);
 
 	for (ii=0, data->sn = 0; ii < 4; ii++)
-		data->sn += (int)(*(apdu.resp + 15 + ii)) << (3-ii)*8;
+		data->sn += (long int)(*(apdu.resp + 15 + ii)) << (3-ii)*8;
 
 	sc_debug(card->ctx, SC_LOG_DEBUG_NORMAL, "serial number %li/0x%lX\n", data->sn, data->sn);
 

From f08985086ac31f3b5a74b1b5637ac8f3339e8753 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 20:59:01 +0200
Subject: [PATCH 09/19] Fixes potential buffer overrun

---
 src/tools/pkcs15-tool.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c
index 92d51c9c..99bab8f1 100644
--- a/src/tools/pkcs15-tool.c
+++ b/src/tools/pkcs15-tool.c
@@ -835,7 +835,7 @@ static void print_ssh_key(FILE *outf, const char * alg, struct sc_pkcs15_object
 			return;
 
 		if (obj->label && strlen(obj->label)) 
-			fprintf(outf,"ssh-%s %s %s\n", alg, uu, obj->label);
+			fprintf(outf,"ssh-%s %s %.*s\n", alg, uu, sizeof obj->label, obj->label);
 		else
 			fprintf(outf,"ssh-%s %s\n", alg, uu);
 	}

From 69320f9d54605f1c4d18ef9843f4a0a9582bb0a7 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:11:05 +0200
Subject: [PATCH 10/19] Checks for out of bounds write

---
 src/libopensc/ctbcs.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libopensc/ctbcs.c b/src/libopensc/ctbcs.c
index 4b08ad6c..a330e665 100644
--- a/src/libopensc/ctbcs.c
+++ b/src/libopensc/ctbcs.c
@@ -143,6 +143,8 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
 		return SC_ERROR_BUFFER_TOO_SMALL;
 
 	j = count;
+	if (j + 2 > buflen)
+		return SC_ERROR_BUFFER_TOO_SMALL;
 	buf[j++] = CTBCS_TAG_VERIFY_CMD;
 	buf[j++] = 0x00;
 
@@ -154,6 +156,8 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
 		return SC_ERROR_INVALID_ARGUMENTS;
 	if (data->pin1.min_length == data->pin1.max_length)
 		control |= data->pin1.min_length << CTBCS_PIN_CONTROL_LEN_SHIFT;
+	if (j + 7 > buflen)
+		return SC_ERROR_BUFFER_TOO_SMALL;
 	buf[j++] = control;
 	buf[j++] = data->pin1.offset+1; /* Looks like offset is 1-based in CTBCS */
 	buf[j++] = data->pin2.offset+1;
@@ -170,6 +174,8 @@ ctbcs_build_modify_verification_apdu(sc_apdu_t *apdu, struct sc_pin_cmd_data *da
 		memset(buf+j, data->pin1.pad_char, len);
 		j += len;
 	}
+	if (count > buflen)
+		return SC_ERROR_BUFFER_TOO_SMALL;
 	buf[count+1] = j - count - 2;
 	count = j;
 

From 07038225a74a738f1916e882d97a45ac4b344c13 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:14:49 +0200
Subject: [PATCH 11/19] Fixes out of bounds read

---
 src/libopensc/pkcs15-gemsafeV1.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libopensc/pkcs15-gemsafeV1.c b/src/libopensc/pkcs15-gemsafeV1.c
index b757b116..43858f13 100644
--- a/src/libopensc/pkcs15-gemsafeV1.c
+++ b/src/libopensc/pkcs15-gemsafeV1.c
@@ -256,6 +256,8 @@ static int gemsafe_get_cert_len(sc_card_t *card)
 				return SC_SUCCESS;
 			}
 			/* DER cert len is encoded this way */
+			if (ind+3 >= sizeof ibuf)
+				return SC_ERROR_INVALID_DATA;
 			certlen = ((((size_t) ibuf[ind+2]) << 8) | ibuf[ind+3]) + 4;
 			sc_log(card->ctx, "Found certificate of key container %d at offset %d, len %d", i+1, ind, certlen);
 			gemsafe_cert[i].index = ind;

From e4bce1ca6126efb1eed3acd1c943af2875abc6a2 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:16:05 +0200
Subject: [PATCH 12/19] Fixes dependency on uninitialized data

---
 src/pkcs15init/pkcs15-cardos.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c
index 63f32a85..3369140e 100644
--- a/src/pkcs15init/pkcs15-cardos.c
+++ b/src/pkcs15init/pkcs15-cardos.c
@@ -409,7 +409,7 @@ static int
 cardos_delete_object(sc_profile_t *profile, struct sc_pkcs15_card *p15card,
 		struct sc_pkcs15_object *obj, const struct sc_path *path)
 {
-	int r, stored_in_ef = 0, algorithm = 0;
+	int r = SC_SUCCESS, stored_in_ef = 0, algorithm = 0;
 	size_t keybits;
 	sc_file_t *file = NULL;
 	struct sc_pkcs15_prkey_info *key_info;

From 6c01750ba80e57f4be35c9f4e8e34ee2dec321fa Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:17:17 +0200
Subject: [PATCH 13/19] Removes dead code

---
 src/libopensc/card-authentic.c | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/src/libopensc/card-authentic.c b/src/libopensc/card-authentic.c
index 1454767b..cf190563 100644
--- a/src/libopensc/card-authentic.c
+++ b/src/libopensc/card-authentic.c
@@ -1577,7 +1577,6 @@ authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tri
 {
 	struct sc_context *ctx = card->ctx;
 	struct authentic_private_data *prv_data = (struct authentic_private_data *) card->drv_data;
-	struct sc_file *save_current = NULL;
 	struct sc_pin_cmd_data pin_cmd, puk_cmd;
 	struct sc_apdu apdu;
 	unsigned reference;
@@ -1653,10 +1652,6 @@ authentic_pin_reset(struct sc_card *card, struct sc_pin_cmd_data *data, int *tri
 		LOG_TEST_RET(ctx, rv, "Failed to set PIN with pin-pad");
 	}
 
-	if (save_current)   {
-		rv = authentic_select_file(card, &save_current->path, NULL);
-		LOG_TEST_RET(ctx, rv, "Cannot return to saved PATH");
-	}
 	LOG_FUNC_RETURN(ctx, rv);
 }
 

From c22ffd95bf7932cfe230d59e2b92a9aa69f345be Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:21:37 +0200
Subject: [PATCH 14/19] Fixed warning about unused variable

---
 src/pkcs15init/pkcs15-lib.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/pkcs15init/pkcs15-lib.c b/src/pkcs15init/pkcs15-lib.c
index 09feb0ad..b3fd5163 100644
--- a/src/pkcs15init/pkcs15-lib.c
+++ b/src/pkcs15init/pkcs15-lib.c
@@ -2237,6 +2237,9 @@ int
 sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_profile *profile,
 		int type, struct sc_pkcs15_id *id_out, void *data)
 {
+#ifndef ENABLE_OPENSSL
+	LOG_FUNC_RETURN(p15card->card->ctx, SC_SUCCESS);
+#else
 	struct sc_context *ctx = p15card->card->ctx;
 	struct sc_pkcs15_pubkey *pubkey = NULL;
 	unsigned id_style;
@@ -2246,9 +2249,7 @@ sc_pkcs15init_select_intrinsic_id(struct sc_pkcs15_card *p15card, struct sc_prof
 	int rv, allocated = 0;
 
 	LOG_FUNC_CALLED(ctx);
-#ifndef ENABLE_OPENSSL
-	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
-#else
+
 	if (!id_out || !profile)
 		LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_ARGUMENTS);
 

From 5902587889f8d70499ad76366af044a7e5a0be70 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:22:08 +0200
Subject: [PATCH 15/19] Removed dead code

---
 src/pkcs15init/pkcs15-oberthur.c | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
index c968984b..a540466f 100644
--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@@ -760,16 +760,6 @@ cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 }
 
 
-static int
-cosm_emu_update_dir (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
-		struct sc_app_info *info)
-{
-	SC_FUNC_CALLED(p15card->card->ctx, 1);
-	/* No DIR file in the native Oberthur card */
-	SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS);
-}
-
-
 static int
 cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 		unsigned op, struct sc_pkcs15_object *object)

From 0fe282414f17777487cb6bd09ca7897f1f595a7e Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:24:10 +0200
Subject: [PATCH 16/19] Fixed warning about unused function

---
 src/pkcs15init/pkcs15-oberthur.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/pkcs15init/pkcs15-oberthur.c b/src/pkcs15init/pkcs15-oberthur.c
index a540466f..a4eb2324 100644
--- a/src/pkcs15init/pkcs15-oberthur.c
+++ b/src/pkcs15init/pkcs15-oberthur.c
@@ -760,6 +760,17 @@ cosm_store_key(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 }
 
 
+#ifdef ENABLE_OPENSSL
+static int
+cosm_emu_update_dir (struct sc_profile *profile, struct sc_pkcs15_card *p15card,
+		struct sc_app_info *info)
+{
+	SC_FUNC_CALLED(p15card->card->ctx, 1);
+	/* No DIR file in the native Oberthur card */
+	SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS);
+}
+
+
 static int
 cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 		unsigned op, struct sc_pkcs15_object *object)
@@ -768,7 +779,6 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
 	int rv = SC_ERROR_NOT_SUPPORTED;
 
 	SC_FUNC_CALLED(ctx, 1);
-#ifdef ENABLE_OPENSSL
 	switch(op)   {
 	case SC_AC_OP_ERASE:
 		sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Update DF; erase object('%s',type:%X)", object->label, object->type);
@@ -779,7 +789,6 @@ cosm_emu_update_any_df(struct sc_profile *profile, struct sc_pkcs15_card *p15car
 		rv = awp_update_df_create(p15card, profile, object);
 		break;
 	}
-#endif
 	SC_FUNC_RETURN(ctx, 1, rv);
 }
 
@@ -837,6 +846,7 @@ cosm_emu_write_info(struct sc_profile *profile, struct sc_pkcs15_card *p15card,
 	/* No OpenSC Info file in the native Oberthur card */
 	SC_FUNC_RETURN(p15card->card->ctx, 1, SC_SUCCESS);
 }
+#endif
 
 
 static struct sc_pkcs15init_operations

From be073396be865c3b35c670a1abfab9e6d259639d Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 21:50:19 +0200
Subject: [PATCH 17/19] Fixes warnings about unused variables/functions

---
 src/libopensc/card-piv.c      | 2 +-
 src/libopensc/card-westcos.c  | 6 +++---
 src/libopensc/pkcs15-itacns.c | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index ce5a5de8..b89d02aa 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -1391,7 +1391,6 @@ static const EVP_CIPHER *get_cipher_for_algo(int alg_id)
 		default: return NULL;
 	}
 }
-#endif
 
 static int get_keylen(unsigned int alg_id, size_t *size)
 {
@@ -1516,6 +1515,7 @@ err:
 	SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
 	return r;
 }
+#endif
 
 /*
  * will only deal with 3des for now
diff --git a/src/libopensc/card-westcos.c b/src/libopensc/card-westcos.c
index 76788bcf..0dce9653 100644
--- a/src/libopensc/card-westcos.c
+++ b/src/libopensc/card-westcos.c
@@ -1097,12 +1097,12 @@ static int westcos_sign_decipher(int mode, sc_card_t *card,
 				 size_t outlen)
 {
 	int r;
+	sc_file_t *keyfile = sc_file_new();
+#ifdef ENABLE_OPENSSL
 	int idx = 0;
 	u8 buf[180];
-	sc_file_t *keyfile = sc_file_new();
 	priv_data_t *priv_data = NULL;
 	int pad;
-#ifdef ENABLE_OPENSSL
 	RSA *rsa = NULL;
 	BIO *mem = BIO_new(BIO_s_mem());
 #endif
@@ -1234,8 +1234,8 @@ out:
 		BIO_free(mem);
 	if (rsa)
 		RSA_free(rsa);
-#endif /* ENABLE_OPENSSL */
 out2:
+#endif /* ENABLE_OPENSSL */
 	if (keyfile)
 		sc_file_free(keyfile);
 	return r;
diff --git a/src/libopensc/pkcs15-itacns.c b/src/libopensc/pkcs15-itacns.c
index 55e9f31b..02107cdf 100644
--- a/src/libopensc/pkcs15-itacns.c
+++ b/src/libopensc/pkcs15-itacns.c
@@ -199,8 +199,8 @@ static int itacns_add_cert(sc_pkcs15_card_t *p15card,
 	sc_pkcs15_object_t    obj;
 #ifdef ENABLE_OPENSSL
 	X509 *x509;
-#endif
 	sc_pkcs15_cert_t *cert;
+#endif
 
 	SC_FUNC_CALLED(p15card->card->ctx, 1);
 	

From fe31aceacb86a02d138748e316de7af25269f551 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 22:04:22 +0200
Subject: [PATCH 18/19] Fixes signature of iasecc_read_public_key

---
 src/libopensc/card-iasecc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libopensc/card-iasecc.c b/src/libopensc/card-iasecc.c
index 317690ff..393c7df1 100644
--- a/src/libopensc/card-iasecc.c
+++ b/src/libopensc/card-iasecc.c
@@ -3357,7 +3357,7 @@ iasecc_compute_signature(struct sc_card *card,
 
 static int
 iasecc_read_public_key(struct sc_card *card, unsigned type,
-		struct sc_path *key_path, unsigned ref, size_t size,
+		struct sc_path *key_path, unsigned ref, unsigned size,
 		unsigned char **out, size_t *out_len)
 {
 	struct sc_context *ctx = card->ctx;

From 1e2a42dae582ee48c601d821f76c77d0b85ea988 Mon Sep 17 00:00:00 2001
From: Frank Morgner <morgner@informatik.hu-berlin.de>
Date: Thu, 17 Sep 2015 22:11:22 +0200
Subject: [PATCH 19/19] Fixes warning about unused variables

---
 src/libopensc/card-dnie.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libopensc/card-dnie.c b/src/libopensc/card-dnie.c
index 0b25b845..00968b29 100644
--- a/src/libopensc/card-dnie.c
+++ b/src/libopensc/card-dnie.c
@@ -637,12 +637,12 @@ static unsigned long le2ulong(u8 * pt)
  */
 static u8 *dnie_uncompress(sc_card_t * card, u8 * from, size_t *len)
 {
-	int res = SC_SUCCESS;
 	u8 *upt = from;
+#ifdef ENABLE_ZLIB
+	int res = SC_SUCCESS;
 	size_t uncompressed = 0L;
 	size_t compressed = 0L;
 
-#ifdef ENABLE_ZLIB
 	if (!card || !card->ctx || !from || !len)
 		return NULL;
 	LOG_FUNC_CALLED(card->ctx);