Merge branch 'master' of https://github.com/LudovicRousseau/OpenSC

2011-06-13 10:12:22 +02:00 · 2011-06-13 10:12:22 +02:00 · 9ef95c71e6
parent 3920417e94 00d9a5d7ac
commit 9ef95c71e6
13 changed files with 18 additions and 35 deletions
--- a/MacOSX/build-package.in
+++ b/MacOSX/build-package.in
@ -75,7 +75,7 @@ if test ${OSX_RELEASE} = "10.6"; then
 	(cd engine_pkcs11
 	git checkout origin/martin
 	test -x configure || ./bootstrap
-	PKG_CONFIG_PATH=${BUILDPATH}/build/lib/pkgconfig ./configure --disable-dependency-tracking --prefix=/Library/OpenSC && make
+	PKG_CONFIG_PATH=${BUILDPATH}/build/lib/pkgconfig:${PKG_CONFIG_PATH} ./configure --disable-dependency-tracking --prefix=/Library/OpenSC && make
 	make install DESTDIR=${BUILDPATH}/target)
 fi

@ -83,6 +83,9 @@ if ! test -e OpenSC.tokend; then
 	git clone http://github.com/martinpaljak/OpenSC.tokend.git
 fi

+# refresh remote branches, in case the script has changed the active branch and existing buildslave checkout is used.
+git --git-dir OpenSC.tokend/.git --work-tree OpenSC.tokend fetch --all
+
 case "${OSX_RELEASE}" in
 	"10.5") git --git-dir OpenSC.tokend/.git --work-tree OpenSC.tokend checkout --force origin/10.5-0.12.2; rm -rf OpenSC.tokend/build
 		if test ${INTEL_ONLY} = "yes"; then
--- a/src/libopensc/apdu.c
+++ b/src/libopensc/apdu.c
@ -410,11 +410,12 @@ static int do_single_transmit(sc_card_t *card, sc_apdu_t *apdu)
 			/* set the new expected length */
 			apdu->resplen = olen;
 			apdu->le      = nlen;
-			/* as some reader/smartcards can't handle an immediate
-			 * re-transmit so we optionally need to sleep for
-			 * a while */
-			if (card->wait_resend_apdu != 0)
-				msleep(card->wait_resend_apdu);
+			/* Belpic V1 applets have a problem: if the card sends a 6C XX
+			 * (only XX bytes available), and we resend the command too soon
+			 * (i.e. the reader is too fast), the card doesn't respond. So
+			 * we build in a delay. */
+			if (card->type == SC_CARD_TYPE_BELPIC_EID)
+				msleep(40);
 			/* re-transmit the APDU with new Le length */
 			r = card->reader->ops->transmit(card->reader, apdu);
 			if (r != SC_SUCCESS) {
--- a/src/libopensc/card-authentic.c
+++ b/src/libopensc/card-authentic.c
@ -1756,7 +1756,7 @@ authentic_get_challenge(struct sc_card *card, unsigned char *rnd, size_t len)
 	int rv, nn;

 	LOG_FUNC_CALLED(ctx);
-	if (!rnd)
+	if (!rnd && len)
 		return SC_ERROR_INVALID_ARGUMENTS;

 	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x84, 0x00, 0x00);
--- a/src/libopensc/card-belpic.c
+++ b/src/libopensc/card-belpic.c
@ -931,11 +931,6 @@ static int belpic_init(sc_card_t *card)
 				     SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE, 0);
 	}

-	/* V1 applets have a problem: if the card sends a 6C XX (only XX bytes available),
-	 * and we resend the command too soon (i.e. the reader is too fast), the card
-	 * doesn't respond. So we build in a delay. */
-	card->wait_resend_apdu = 40;
-
 	/* State that we have an RNG */
 	card->caps |= SC_CARD_CAP_RNG;

--- a/src/libopensc/card-muscle.c
+++ b/src/libopensc/card-muscle.c
@ -760,7 +760,10 @@ static int muscle_compute_signature(sc_card_t *card, const u8 *data,

 static int muscle_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
 {
-	return msc_get_challenge(card, len, 0, NULL, rnd);
+	if (len == 0)
+		return SC_SUCCESS;
+	else
+		return msc_get_challenge(card, len, 0, NULL, rnd);
 }

 static int muscle_check_sw(sc_card_t * card, unsigned int sw1, unsigned int sw2) {
--- a/src/libopensc/card-rutoken.c
+++ b/src/libopensc/card-rutoken.c
@ -1113,7 +1113,7 @@ static int rutoken_get_challenge(sc_card_t *card, u8 *rnd, size_t count)
 	sc_apdu_t apdu;
 	u8 rbuf[32];
 	size_t n;
-	int ret = SC_ERROR_INVALID_ARGUMENTS; /* if count == 0 */
+	int ret = SC_SUCCESS; /* if count == 0 */

 	SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE);
 	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x84, 0x00, 0x00);
--- a/src/libopensc/iso7816.c
+++ b/src/libopensc/iso7816.c
@ -515,7 +515,7 @@ static int iso7816_get_challenge(sc_card_t *card, u8 *rnd, size_t len)
 	sc_apdu_t apdu;
 	u8 buf[10];

-	if (!rnd)
+	if (!rnd && len)
 		return SC_ERROR_INVALID_ARGUMENTS;

 	sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT,
--- a/src/libopensc/opensc.h
+++ b/src/libopensc/opensc.h
@ -422,7 +422,6 @@ typedef struct sc_card {

 	int type;			/* Card type, for card driver internal use */
 	unsigned long caps, flags;
-	unsigned int wait_resend_apdu;	/* Delay (msec) before responding to an SW = 6CXX */
 	int cla;
 	size_t max_send_size; /* Max Lc supported by the card */
 	size_t max_recv_size; /* Max Le supported by the card */
--- a/src/libopensc/pkcs15.h
+++ b/src/libopensc/pkcs15.h
@ -62,7 +62,6 @@ typedef struct sc_pkcs15_id sc_pkcs15_id_t;
 #define SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED		0x0200
 #define SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED	0x0400
 #define SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA		0x0800
-#define SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER		0x1000

 #define SC_PKCS15_PIN_TYPE_BCD				0
 #define SC_PKCS15_PIN_TYPE_ASCII_NUMERIC		1
--- a/src/pkcs15init/cardos.profile
+++ b/src/pkcs15init/cardos.profile
@ -24,17 +24,6 @@ PIN user-puk {
    attempts	= 10;
 }

-# For CardOS 4.3B and 4.4, the Verify Retry Counter Package 
-# can be loaded at ADMINISTRATION life cycle phase to change
-# the behavior of the VERIFY command in regard to return codes.
-# When that package is loaded, the PIN can be created with this
-# "verifyRC" flag if the return code must be ISO7816-4 compliant
-# (63Cx with x being the value of the remaining retry counter
-# when required verification has failed).
-#PIN user-pin {
-#    flags	= verifyRC;
-#}
-
 # Additional filesystem info.
 # This is added to the file system info specified in the
 # main profile.
--- a/src/pkcs15init/pkcs15-cardos.c
+++ b/src/pkcs15init/pkcs15-cardos.c
@ -409,7 +409,6 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
 		const u8 *pin, size_t pin_len)
 {
 	struct sc_cardctl_cardos_obj_info args;
-	struct sc_pkcs15_auth_info profile_auth;
 	unsigned char	buffer[256];
 	unsigned char	pinpadded[256];
 	struct tlv	tlv;
@ -446,11 +445,6 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card,
 	/* parameters */
 	tlv_next(&tlv, 0x85);
 	tlv_add(&tlv, 0x02);		/* options byte */
-	sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_auth);
-	if (profile_auth.attrs.pin.flags & SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER)	{
-		/* Use 9 byte OCI parameters to be able to set VerifyRC bit */
-		tlv_add(&tlv, 0x04);		/* options_2 byte with Bit n°2 set to return CurrentErrorCounter */
-		}
 	tlv_add(&tlv, attempts & 0xf);	/* flags byte */
 	tlv_add(&tlv, CARDOS_ALGO_PIN);	/* algorithm = pin-test */
 	tlv_add(&tlv, attempts & 0xf);	/* errcount = attempts */
--- a/src/pkcs15init/profile.c
+++ b/src/pkcs15init/profile.c
@ -191,7 +191,6 @@ static struct map		pinFlagNames[] = {
 	{ "integrity-protected",	SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED		},
 	{ "confidentiality-protected",	SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED	},
 	{ "exchangeRefData",		SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA		},
-	{ "verifyRC",			SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER		},
 	{ NULL, 0 }
 };
 static struct map		idStyleNames[] = {
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@ -483,6 +483,7 @@ int main(int argc, char * argv[])
 			action_count++;
 			break;
 		case 't':
+			need_session |= NEED_SESSION_RO;
 			do_test = 1;
 			action_count++;
 			break;