The special value still needs to be handled for commands that are issued
during card initialization. This especially concerns T=0 cards that need
to use iso_get_response.
fixes#533
regression of 85b79a3332
There's a copy-and-paste bug in there, where the CKA_PRIVATE attribute
is being set on the wrong variables! As well as fixing that, we should
explicitly set CKA_PRIVATE to "false" for certificates and public keys,
since the PKCS#11 spec doesn't specify a default and some drivers use
"private" as the default, making it impossible to add a public key/cert
using pkcs11-tool.
If the reader announces extended length support, but the card driver
leaves max_send_size/max_recv_size at `0`, max_send_size/max_recv_size
previously would have been overwritten with the reader's size though the
card might not have set SC_CARD_CAP_APDU_EXT. This commit fixes this
behavior.
Additionally card->max_send_size/max_recv_size is always initialized to
a value different from 0 after the card initialization. This removes the
need to check for this special value in all subsequent calls.
../../src/libopensc/errors.h:73:37: warning: statement with no effect [-Wunused-value]
#define SC_ERROR_INVALID_ARGUMENTS -1300
^
card-masktech.c:181:48: note: in expansion of macro 'SC_ERROR_INVALID_ARGUMENTS'
if (crgram_len > SC_MAX_EXT_APDU_BUFFER_SIZE) SC_ERROR_INVALID_ARGUMENTS;
This is name change only fix.
The variable name "card" was being used to refer to a struct sc_card or a struct sc_pkcs11_card
in some files including sc_pkcs11.h. In other files the variable name "p11card" is used for struct sc_pkcs11_card.
This creates hard to read code, such as: slot->card->card.
All definitations of sc_pkcs11_card *card now use p11card as the variable name.
Fix#471
The PKCS#11 Usage Guide, at least up to v2.40, says that calling
C_Initialize() in the child after fork is "considered to be good
Cryptoki programming practice, since it can prevent the existence of
dangling duplicate resources that were created at the time of the fork()
call."
(It neglects to mention that doing so in the child of a multi-threaded
process is a clear violation of POSIX, mind you. Not to mention being
utterly pointless if all you're going to do in the child is exec something
else anyway.)
Regardless of the sagacity of this recommendation, we need to cope when
it happens. Historically, we've been quite bad at that. Let's add a test
to pkcs11-tool in the hope it'll help...
Fixes#464