diff --git a/MacOSX/build-package.in b/MacOSX/build-package.in index 8d18640b..19d44e69 100755 --- a/MacOSX/build-package.in +++ b/MacOSX/build-package.in @@ -75,7 +75,7 @@ if test ${OSX_RELEASE} = "10.6"; then (cd engine_pkcs11 git checkout origin/martin test -x configure || ./bootstrap - PKG_CONFIG_PATH=${BUILDPATH}/build/lib/pkgconfig ./configure --disable-dependency-tracking --prefix=/Library/OpenSC && make + PKG_CONFIG_PATH=${BUILDPATH}/build/lib/pkgconfig:${PKG_CONFIG_PATH} ./configure --disable-dependency-tracking --prefix=/Library/OpenSC && make make install DESTDIR=${BUILDPATH}/target) fi @@ -83,6 +83,9 @@ if ! test -e OpenSC.tokend; then git clone http://github.com/martinpaljak/OpenSC.tokend.git fi +# refresh remote branches, in case the script has changed the active branch and existing buildslave checkout is used. +git --git-dir OpenSC.tokend/.git --work-tree OpenSC.tokend fetch --all + case "${OSX_RELEASE}" in "10.5") git --git-dir OpenSC.tokend/.git --work-tree OpenSC.tokend checkout --force origin/10.5-0.12.2; rm -rf OpenSC.tokend/build if test ${INTEL_ONLY} = "yes"; then diff --git a/src/libopensc/apdu.c b/src/libopensc/apdu.c index 01a10caf..5621018d 100644 --- a/src/libopensc/apdu.c +++ b/src/libopensc/apdu.c @@ -410,11 +410,12 @@ static int do_single_transmit(sc_card_t *card, sc_apdu_t *apdu) /* set the new expected length */ apdu->resplen = olen; apdu->le = nlen; - /* as some reader/smartcards can't handle an immediate - * re-transmit so we optionally need to sleep for - * a while */ - if (card->wait_resend_apdu != 0) - msleep(card->wait_resend_apdu); + /* Belpic V1 applets have a problem: if the card sends a 6C XX + * (only XX bytes available), and we resend the command too soon + * (i.e. the reader is too fast), the card doesn't respond. So + * we build in a delay. */ + if (card->type == SC_CARD_TYPE_BELPIC_EID) + msleep(40); /* re-transmit the APDU with new Le length */ r = card->reader->ops->transmit(card->reader, apdu); if (r != SC_SUCCESS) { diff --git a/src/libopensc/card-authentic.c b/src/libopensc/card-authentic.c index 9e86b328..699e7011 100644 --- a/src/libopensc/card-authentic.c +++ b/src/libopensc/card-authentic.c @@ -1756,7 +1756,7 @@ authentic_get_challenge(struct sc_card *card, unsigned char *rnd, size_t len) int rv, nn; LOG_FUNC_CALLED(ctx); - if (!rnd) + if (!rnd && len) return SC_ERROR_INVALID_ARGUMENTS; sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x84, 0x00, 0x00); diff --git a/src/libopensc/card-belpic.c b/src/libopensc/card-belpic.c index 5fc04021..3f7cf44f 100644 --- a/src/libopensc/card-belpic.c +++ b/src/libopensc/card-belpic.c @@ -931,11 +931,6 @@ static int belpic_init(sc_card_t *card) SC_ALGORITHM_RSA_PAD_PKCS1 | SC_ALGORITHM_RSA_HASH_NONE, 0); } - /* V1 applets have a problem: if the card sends a 6C XX (only XX bytes available), - * and we resend the command too soon (i.e. the reader is too fast), the card - * doesn't respond. So we build in a delay. */ - card->wait_resend_apdu = 40; - /* State that we have an RNG */ card->caps |= SC_CARD_CAP_RNG; diff --git a/src/libopensc/card-muscle.c b/src/libopensc/card-muscle.c index 78f2b6e7..3b0562bf 100644 --- a/src/libopensc/card-muscle.c +++ b/src/libopensc/card-muscle.c @@ -760,7 +760,10 @@ static int muscle_compute_signature(sc_card_t *card, const u8 *data, static int muscle_get_challenge(sc_card_t *card, u8 *rnd, size_t len) { - return msc_get_challenge(card, len, 0, NULL, rnd); + if (len == 0) + return SC_SUCCESS; + else + return msc_get_challenge(card, len, 0, NULL, rnd); } static int muscle_check_sw(sc_card_t * card, unsigned int sw1, unsigned int sw2) { diff --git a/src/libopensc/card-rutoken.c b/src/libopensc/card-rutoken.c index e2d0c818..efbf6b5b 100644 --- a/src/libopensc/card-rutoken.c +++ b/src/libopensc/card-rutoken.c @@ -1113,7 +1113,7 @@ static int rutoken_get_challenge(sc_card_t *card, u8 *rnd, size_t count) sc_apdu_t apdu; u8 rbuf[32]; size_t n; - int ret = SC_ERROR_INVALID_ARGUMENTS; /* if count == 0 */ + int ret = SC_SUCCESS; /* if count == 0 */ SC_FUNC_CALLED(card->ctx, SC_LOG_DEBUG_VERBOSE); sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, 0x84, 0x00, 0x00); diff --git a/src/libopensc/iso7816.c b/src/libopensc/iso7816.c index f82e1401..3bd50ab9 100644 --- a/src/libopensc/iso7816.c +++ b/src/libopensc/iso7816.c @@ -515,7 +515,7 @@ static int iso7816_get_challenge(sc_card_t *card, u8 *rnd, size_t len) sc_apdu_t apdu; u8 buf[10]; - if (!rnd) + if (!rnd && len) return SC_ERROR_INVALID_ARGUMENTS; sc_format_apdu(card, &apdu, SC_APDU_CASE_2_SHORT, diff --git a/src/libopensc/opensc.h b/src/libopensc/opensc.h index 7a81b756..ecd109ba 100644 --- a/src/libopensc/opensc.h +++ b/src/libopensc/opensc.h @@ -422,7 +422,6 @@ typedef struct sc_card { int type; /* Card type, for card driver internal use */ unsigned long caps, flags; - unsigned int wait_resend_apdu; /* Delay (msec) before responding to an SW = 6CXX */ int cla; size_t max_send_size; /* Max Lc supported by the card */ size_t max_recv_size; /* Max Le supported by the card */ diff --git a/src/libopensc/pkcs15.h b/src/libopensc/pkcs15.h index 4fafe709..ba9a7357 100644 --- a/src/libopensc/pkcs15.h +++ b/src/libopensc/pkcs15.h @@ -62,7 +62,6 @@ typedef struct sc_pkcs15_id sc_pkcs15_id_t; #define SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED 0x0200 #define SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED 0x0400 #define SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA 0x0800 -#define SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER 0x1000 #define SC_PKCS15_PIN_TYPE_BCD 0 #define SC_PKCS15_PIN_TYPE_ASCII_NUMERIC 1 diff --git a/src/pkcs15init/cardos.profile b/src/pkcs15init/cardos.profile index edbb8f3c..c5d6cf75 100644 --- a/src/pkcs15init/cardos.profile +++ b/src/pkcs15init/cardos.profile @@ -24,17 +24,6 @@ PIN user-puk { attempts = 10; } -# For CardOS 4.3B and 4.4, the Verify Retry Counter Package -# can be loaded at ADMINISTRATION life cycle phase to change -# the behavior of the VERIFY command in regard to return codes. -# When that package is loaded, the PIN can be created with this -# "verifyRC" flag if the return code must be ISO7816-4 compliant -# (63Cx with x being the value of the remaining retry counter -# when required verification has failed). -#PIN user-pin { -# flags = verifyRC; -#} - # Additional filesystem info. # This is added to the file system info specified in the # main profile. diff --git a/src/pkcs15init/pkcs15-cardos.c b/src/pkcs15init/pkcs15-cardos.c index 5518317d..dba0d66c 100644 --- a/src/pkcs15init/pkcs15-cardos.c +++ b/src/pkcs15init/pkcs15-cardos.c @@ -409,7 +409,6 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card, const u8 *pin, size_t pin_len) { struct sc_cardctl_cardos_obj_info args; - struct sc_pkcs15_auth_info profile_auth; unsigned char buffer[256]; unsigned char pinpadded[256]; struct tlv tlv; @@ -446,11 +445,6 @@ cardos_store_pin(sc_profile_t *profile, sc_card_t *card, /* parameters */ tlv_next(&tlv, 0x85); tlv_add(&tlv, 0x02); /* options byte */ - sc_profile_get_pin_info(profile, SC_PKCS15INIT_USER_PIN, &profile_auth); - if (profile_auth.attrs.pin.flags & SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER) { - /* Use 9 byte OCI parameters to be able to set VerifyRC bit */ - tlv_add(&tlv, 0x04); /* options_2 byte with Bit n°2 set to return CurrentErrorCounter */ - } tlv_add(&tlv, attempts & 0xf); /* flags byte */ tlv_add(&tlv, CARDOS_ALGO_PIN); /* algorithm = pin-test */ tlv_add(&tlv, attempts & 0xf); /* errcount = attempts */ diff --git a/src/pkcs15init/profile.c b/src/pkcs15init/profile.c index 1f59afbb..8afac4a9 100644 --- a/src/pkcs15init/profile.c +++ b/src/pkcs15init/profile.c @@ -191,7 +191,6 @@ static struct map pinFlagNames[] = { { "integrity-protected", SC_PKCS15_PIN_FLAG_INTEGRITY_PROTECTED }, { "confidentiality-protected", SC_PKCS15_PIN_FLAG_CONFIDENTIALITY_PROTECTED }, { "exchangeRefData", SC_PKCS15_PIN_FLAG_EXCHANGE_REF_DATA }, - { "verifyRC", SC_PKCS15_PIN_FLAG_VERIFY_RC_COUNTER }, { NULL, 0 } }; static struct map idStyleNames[] = { diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index a2471cf7..5bcee5bc 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -483,6 +483,7 @@ int main(int argc, char * argv[]) action_count++; break; case 't': + need_session |= NEED_SESSION_RO; do_test = 1; action_count++; break;