From fe198e8b3837aa4c960e75d0e2a41020ad4dc9f9 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 24 Sep 2021 13:33:26 +0200 Subject: [PATCH 1/9] pkcs11: Unbreak detection of unenrolled cards This was broken since 58b03b68, which tried to sanitize some states, but caused C_GetTokenInfo returning CKR_TOKEN_NOT_RECOGNIZED instead of empty token information. Note, that this has effect only if the configuration options enable_default_driver and pkcs11_enable_InitToken are turned on. Otherwise it still returns CKR_TOKEN_NOT_RECOGNIZED. --- src/pkcs11/framework-pkcs15.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 74fe7b3c49..4205e41739 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -544,9 +544,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) { struct sc_pkcs11_slot *slot; struct pkcs15_fw_data *fw_data = NULL; - struct sc_pkcs15_card *p15card = NULL; struct sc_pkcs15_object *auth; - struct sc_pkcs15_auth_info *pin_info; CK_RV rv; sc_log(context, "C_GetTokenInfo(%lx)", slotID); @@ -578,12 +576,6 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) rv = sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetTokenInfo"); goto out; } - p15card = fw_data->p15_card; - if (!p15card) { - rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo"); - goto out; - } - /* User PIN flags are cleared before re-calculation */ slot->token_info.flags &= ~(CKF_USER_PIN_COUNT_LOW|CKF_USER_PIN_FINAL_TRY|CKF_USER_PIN_LOCKED); auth = slot_data_auth(slot->fw_data); @@ -591,8 +583,17 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) "C_GetTokenInfo() auth. object %p, token-info flags 0x%lX", auth, slot->token_info.flags); if (auth) { + struct sc_pkcs15_card *p15card = NULL; + struct sc_pkcs15_auth_info *pin_info = NULL; + pin_info = (struct sc_pkcs15_auth_info*) auth->data; + p15card = fw_data->p15_card; + if (!p15card) { + rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo"); + goto out; + } + sc_pkcs15_get_pin_info(p15card, auth); if (pin_info->tries_left >= 0) {