From c6db68fdeee256309b1612776960558c553a38f5 Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Mon, 19 Sep 2016 23:55:41 +0200 Subject: [PATCH] pkcs15-tool: don't unconditionally lock the card --- src/pkcs15init/pkcs15-init.h | 6 ------ src/tools/pkcs15-tool.c | 13 +++++++++++-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/pkcs15init/pkcs15-init.h b/src/pkcs15init/pkcs15-init.h index 441fc547..4e7f85aa 100644 --- a/src/pkcs15init/pkcs15-init.h +++ b/src/pkcs15init/pkcs15-init.h @@ -382,12 +382,6 @@ extern int sc_pkcs15init_erase_card_recursively(struct sc_pkcs15_card *, extern int sc_pkcs15init_rmdir(struct sc_pkcs15_card *, struct sc_profile *, struct sc_file *); -/* Helper function for CardOS */ -extern int sc_pkcs15init_requires_restrictive_usage( - struct sc_pkcs15_card *, - struct sc_pkcs15init_prkeyargs *, - unsigned int); - extern int sc_pkcs15_create_pin_domain(struct sc_profile *, struct sc_pkcs15_card *, const struct sc_pkcs15_id *, struct sc_file **); diff --git a/src/tools/pkcs15-tool.c b/src/tools/pkcs15-tool.c index 1e9f4013..a5edc601 100644 --- a/src/tools/pkcs15-tool.c +++ b/src/tools/pkcs15-tool.c @@ -1555,7 +1555,9 @@ static int test_update(sc_card_t *in_card) static u8 fci_bad[] = { 0x00, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; static u8 fci_good[] = { 0x00, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x00, 0x00 }; - + r = sc_lock(card); + if (r < 0) + return r; if (strcmp("cardos",in_card->driver->short_name) != 0) { printf("not using the cardos driver, card is fine.\n"); @@ -1633,10 +1635,12 @@ static int test_update(sc_card_t *in_card) goto bad_fci; } end: + sc_unlock(card); /* 0 = card ok, 1 = card vulnerable, 2 = problem! */ return rc; bad_fci: + sc_unlock(card); util_hex_dump(stdout,rbuf,apdu.resplen," "); printf("\n"); return 2; @@ -1657,6 +1661,10 @@ static int update(sc_card_t *in_card) apdu.datalen = sizeof(cmd1); apdu.data = cmd1; + r = sc_lock(card); + if (r < 0) + return r; + r = sc_transmit_apdu(card, &apdu); if (r < 0) { printf("selecting folder failed: %s\n", sc_strerror(r)); @@ -1748,6 +1756,7 @@ skip_change_lifecycle: printf("security update applied successfully.\n"); end: + sc_unlock(card); return 0; } @@ -1930,7 +1939,7 @@ int main(int argc, char * const argv[]) sc_ctx_log_to_file(ctx, "stderr"); } - err = util_connect_card(ctx, &card, opt_reader, opt_wait, verbose); + err = util_connect_card_ex(ctx, &card, opt_reader, opt_wait, 0, verbose); if (err) goto end;