|
 |
5d2f60 |
From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001
|
|
|
5d2f60 |
From: Jakub Jelen <jjelen@redhat.com>
|
|
|
5d2f60 |
Date: Fri, 24 Sep 2021 13:33:26 +0200
|
|
|
5d2f60 |
Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards
|
|
|
5d2f60 |
|
|
|
5d2f60 |
This was broken since 58b03b68, which tried to sanitize some states,
|
|
|
5d2f60 |
but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead
|
|
|
5d2f60 |
of empty token information.
|
|
|
5d2f60 |
|
|
|
5d2f60 |
Note, that this has effect only if the configuration options
|
|
|
5d2f60 |
enable_default_driver and pkcs11_enable_InitToken are turned on.
|
|
|
5d2f60 |
Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED.
|
|
|
5d2f60 |
---
|
|
|
5d2f60 |
src/pkcs11/framework-pkcs15.c | 17 +++++++++--------
|
|
|
5d2f60 |
1 file changed, 9 insertions(+), 8 deletions(-)
|
|
|
5d2f60 |
|
|
|
5d2f60 |
diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
|
|
|
5d2f60 |
index 74fe7b3c49..4205e41739 100644
|
|
|
5d2f60 |
--- a/src/pkcs11/framework-pkcs15.c
|
|
|
5d2f60 |
+++ b/src/pkcs11/framework-pkcs15.c
|
|
|
5d2f60 |
@@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|
|
5d2f60 |
{
|
|
|
5d2f60 |
struct sc_pkcs11_slot *slot;
|
|
|
5d2f60 |
struct pkcs15_fw_data *fw_data = NULL;
|
|
|
5d2f60 |
- struct sc_pkcs15_card *p15card = NULL;
|
|
|
5d2f60 |
struct sc_pkcs15_object *auth;
|
|
|
5d2f60 |
- struct sc_pkcs15_auth_info *pin_info;
|
|
|
5d2f60 |
CK_RV rv;
|
|
|
5d2f60 |
|
|
|
5d2f60 |
sc_log(context, "C_GetTokenInfo(%lx)", slotID);
|
|
|
5d2f60 |
@@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|
|
5d2f60 |
rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo");
|
|
|
5d2f60 |
goto out;
|
|
|
5d2f60 |
}
|
|
|
5d2f60 |
- p15card = fw_data->p15_card;
|
|
|
5d2f60 |
- if (!p15card) {
|
|
|
5d2f60 |
- rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
|
|
|
5d2f60 |
- goto out;
|
|
|
5d2f60 |
- }
|
|
|
5d2f60 |
-
|
|
|
5d2f60 |
/* User PIN flags are cleared before re-calculation */
|
|
|
5d2f60 |
slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED);
|
|
|
5d2f60 |
auth = slot_data_auth(slot->fw_data);
|
|
|
5d2f60 |
@@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|
|
5d2f60 |
"C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth,
|
|
|
5d2f60 |
slot->token_info.flags);
|
|
|
5d2f60 |
if (auth) {
|
|
|
5d2f60 |
+ struct sc_pkcs15_card *p15card = NULL;
|
|
|
5d2f60 |
+ struct sc_pkcs15_auth_info *pin_info = NULL;
|
|
|
5d2f60 |
+
|
|
|
5d2f60 |
pin_info = (struct sc_pkcs15_auth_info*) auth->data;
|
|
|
5d2f60 |
|
|
|
5d2f60 |
+ p15card = fw_data->p15_card;
|
|
|
5d2f60 |
+ if (!p15card) {
|
|
|
5d2f60 |
+ rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
|
|
|
5d2f60 |
+ goto out;
|
|
|
5d2f60 |
+ }
|
|
|
5d2f60 |
+
|
|
|
5d2f60 |
sc_pkcs15_get_pin_info(p15card, auth);
|
|
|
5d2f60 |
|
|
|
5d2f60 |
if (pin_info->tries_left >= 0) {
|
|
|
5d2f60 |
|