Check-in [bab332232a]
Overview
Comment:Merged in trunk
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | protected-auth-path
Files: files | file ages | folders
SHA1:bab332232ace8d1545ace6b43eda7e3b49cfd099
User & Date: rkeene on 2015-07-15 20:08:02
Other Links: manifest | tags
Context
2015-07-15
20:08
Merged in trunk Closed-Leaf check-in: bab332232a user: rkeene tags: protected-auth-path
20:05
Added support for updating the PIN check-in: b5ecb7c2d6 user: rkeene tags: trunk
2014-03-14
14:25
Updated to reset the card if a retry is required check-in: ad6536ceb0 user: rkeene tags: protected-auth-path
Changes

Modified .fossil-settings/ignore-glob from [05a4cf3c20] to [0b3e38b0b6].

     9      9   config.status
    10     10   config.sub
    11     11   configure
    12     12   install-sh
    13     13   libcackey_g.so
    14     14   libcackey.so
    15     15   libcackey.syms
           16  +build/certs
           17  +test

Modified asn1-x509.c from [e21185aa9d] to [f9aa197383].

   131    131   }
   132    132   
   133    133   static int asn1_x509_read_object(unsigned char *buf, size_t buflen, struct x509_object *outbuf) {
   134    134   	int read_ret;
   135    135   
   136    136   	read_ret = asn1_x509_read_asn1_object(buf, buflen, &outbuf->wholething, NULL);
   137    137   	if (read_ret != 0) {
          138  +		CACKEY_DEBUG_PRINTF("Failed at reading the contents from the wrapper")
          139  +
   138    140   		return(-1);
   139    141   	}
   140    142   
   141    143   	read_ret = asn1_x509_read_asn1_object(outbuf->wholething.contents, outbuf->wholething.size, &outbuf->certificate, NULL);
   142    144   	if (read_ret != 0) {
          145  +		CACKEY_DEBUG_PRINTF("Failed at reading the certificate from the contents");
          146  +
   143    147   		return(-1);
   144    148   	}
   145    149   
   146    150   	read_ret = asn1_x509_read_asn1_object(outbuf->certificate.contents, outbuf->certificate.size, &outbuf->version, &outbuf->serial_number, &outbuf->signature_algo, &outbuf->issuer, &outbuf->validity, &outbuf->subject, &outbuf->pubkeyinfo, NULL);
   147    151   	if (read_ret != 0) {
          152  +		CACKEY_DEBUG_PRINTF("Failed at reading the certificate components from the certificate");
          153  +
   148    154   		return(-1);
   149    155   	}
   150    156   
   151    157   	read_ret = asn1_x509_read_asn1_object(outbuf->pubkeyinfo.contents, outbuf->pubkeyinfo.size, &outbuf->pubkey_algoid, &outbuf->pubkey, NULL);
   152    158   	if (read_ret != 0) {
          159  +		CACKEY_DEBUG_PRINTF("Failed at reading the public key from the certificate components");
          160  +
   153    161   		return(-1);
   154    162   	}
   155    163   
   156    164   	return(0);
   157    165   }
   158    166   
   159    167   ssize_t x509_to_issuer(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
................................................................................
   190    198   
   191    199   static ssize_t x509_to_serial(void *x509_der_buf, size_t x509_der_buf_len, void **outbuf) {
   192    200   	struct x509_object x509;
   193    201   	int read_ret;
   194    202   
   195    203   	read_ret = asn1_x509_read_object(x509_der_buf, x509_der_buf_len, &x509);
   196    204   	if (read_ret != 0) {
          205  +		CACKEY_DEBUG_PRINTF("Unable to read serial number from a %lu byte buffer", x509_der_buf_len);
          206  +		CACKEY_DEBUG_PRINTBUF("X.509 DER:", x509_der_buf, x509_der_buf_len);
          207  +
   197    208   		return(-1);
   198    209   	}
   199    210   
   200    211   	if (outbuf) {
   201    212   		*outbuf = x509.serial_number.asn1rep;
   202    213   	}
   203    214   

Modified build/builtin-certs-update from [6d290a2094] to [9fea13231c].

     1      1   #! /bin/bash
            2  +
            3  +set -e
     2      4   
     3      5   ourdir="$(dirname "$(which "$0")")"
     4      6   cd "${outdir}" || exit 1
     5      7   
     6      8   make -C certs/dod distclean all
     7      9   make -C certs/federal distclean all
     8     10   
     9         -./certs-to-c certs/*/*.crt > ../cackey_builtin_certs.h
           11  +if [ "$1" = '--commercial' ]; then
           12  +	commercial='commercial'
           13  +else
           14  +	commercial='SKIP'
           15  +fi
           16  +
           17  +./certs-to-c certs/{dod,federal,$commercial}/*.crt > ../cackey_builtin_certs.h

Modified build/cackey_osx_build/Template_pmbuild/03libcackey.xml.in from [b6742d933b] to [afd3f433a1].

     2      2   	<config>
     3      3   		<identifier>mil.army.usace.cackeyForMacOsX@@OSXVERSION@@.cackey.pkg</identifier>
     4      4   		<version>1</version>
     5      5   		<description></description>
     6      6   		<post-install type="none"/>
     7      7   		<requireAuthorization/>
     8      8   		<installFrom relative="true" mod="true">cackey.dylib</installFrom>
     9         -		<installTo mod="true" relocatable="true">/usr/lib/pkcs11</installTo>
            9  +		<installTo mod="true" relocatable="true">/usr/local/lib/pkcs11</installTo>
    10     10   		<flags></flags>
    11     11   		<packageStore type="internal"></packageStore>
    12     12   		<mod>parent</mod>
    13     13   		<mod>scripts.postinstall.path</mod>
    14     14   		<mod>scripts.scriptsDirectoryPath.isRelativeType</mod>
    15     15   		<mod>scripts.scriptsDirectoryPath.path</mod>
    16     16   		<mod>installTo.isAbsoluteType</mod>

Modified build/cackey_osx_build/Template_pmbuild/04pkcs11tokend.xml.in from [793db41bea] to [4eff712abd].

     2      2   	<config>
     3      3   		<identifier>mil.army.usace.cackeyForMacOsX@@OSXVERSION@@.PKCS11.pkg</identifier>
     4      4   		<version>1</version>
     5      5   		<description></description>
     6      6   		<post-install type="none"/>
     7      7   		<requireAuthorization/>
     8      8   		<installFrom relative="true" mod="true">PKCS11.tokend</installFrom>
     9         -		<installTo mod="true" relocatable="true">/System/Library/Security/tokend/PKCS11.tokend</installTo>
            9  +		<installTo mod="true" relocatable="true">/Library/Security/tokend/PKCS11.tokend</installTo>
    10     10   		<flags></flags>
    11     11   		<packageStore type="internal"></packageStore>
    12     12   		<mod>parent</mod>
    13     13   		<mod>scripts.postinstall.path</mod>
    14     14   		<mod>scripts.scriptsDirectoryPath.isRelativeType</mod>
    15     15   		<mod>scripts.scriptsDirectoryPath.path</mod>
    16     16   		<mod>installTo.isAbsoluteType</mod>

Modified build/cackey_osx_build/Template_pmbuild/index.xml.in from [6bfcbad535] to [75581e5581].

    30     30   {\fonttbl\f0\fnil\fcharset0 LucidaGrande;}
    31     31   {\colortbl;\red255\green255\blue255;}
    32     32   \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural\pardirnatural
    33     33   
    34     34   \f0\fs26 \cf0 Release information:\
    35     35       pkg: CACKey\
    36     36    author: US Army Corps of Engineers\
    37         -Mac build contact: Kenneth Van Alstyne <Kenneth.VanAlstyne@associates.hq.dhs.gov>\
    38         -                   US Department of Homeland Security\
    39         -contact: Roy Keene <DC1-UNIX@hq.dhs.gov>\
           37  +Mac build contact: Kenneth Van Alstyne <kenny@coreadaptive.com>\
           38  +                   Core Adaptive, LLC\
           39  +contact: Roy Keene <rkeene@coreadaptive.com>\
    40     40   ------------------------------------------------\
    41     41   \
    42     42   The PKCS11.tokend connector module included in this package is licensed under\
    43     43   the APSL. See: http://devel.kvanals.org/PKCS11_Tokend\
    44     44   \
    45     45   The following files in the source directory are the intellectual property of the\
    46     46   Free Software Foundation and are licensed under the terms of the GNU General\
................................................................................
    65     65   {\fonttbl\f0\fnil\fcharset0 LucidaGrande;}
    66     66   {\colortbl;\red255\green255\blue255;}
    67     67   \pard\tx560\tx1120\tx1680\tx2240\tx2800\tx3360\tx3920\tx4480\tx5040\tx5600\tx6160\tx6720\ql\qnatural\pardirnatural
    68     68   
    69     69   \f0\fs26 \cf0 Thank you for choosing to install CACKey.\
    70     70   \
    71     71   To use CACKey, install /Library/CACKey/libcackey.dylib or\
    72         -/usr/lib/pkcs11/cackey.dylib as a security module into any application that can use a PKCS#11 provider.\
           72  +/usr/local/lib/pkcs11/cackey.dylib as a security module into any application that can use a PKCS#11 provider.\
    73     73   \
    74         -A PKCS11 Connector for Tokend (Keychain Access) will be installed in /System/Library/Security/tokend.\
           74  +A PKCS11 Connector for Tokend (Keychain Access) will be installed in /Library/Security/tokend.\
    75     75   To use, be sure to import the certificate authorities into Keychain Access.\
    76     76   \
    77     77   A debug version, /Library/CACKey/libcackey_g.dylib is provided if debug output is necessary.}]]>
    78     78   			</resource>
    79     79   		</locale>
    80     80   	</resources>
    81     81   	<requirements>

Modified build/cackey_osx_build/Template_pmbuild/scripts/03libcackey-post.sh from [1ca797dc96] to [a53c7a2b82].

     1      1   #!/bin/bash
     2         -chmod 755 /usr/lib/pkcs11
     3         -chown root:wheel /usr/lib/pkcs11
            2  +chmod 755 /usr/local/lib/pkcs11
            3  +chown root:wheel /usr/local/lib/pkcs11

Modified build/cackey_osx_build/Template_pmbuild/scripts/04pkcs11tokend-post.sh from [1f1313960f] to [022fa1323e].

     1      1   #!/bin/bash
     2         -chmod -R go+rX /System/Library/Security/tokend/PKCS11.tokend
     3         -chown -R root:wheel /System/Library/Security/tokend/PKCS11.tokend
            2  +chmod -R go+rX /Library/Security/tokend/PKCS11.tokend
            3  +chown -R root:wheel /Library/Security/tokend/PKCS11.tokend

Modified build/cackey_osx_build/build_osx.sh from [361c9900ba] to [14980c7d5f].

     1      1   #!/bin/bash
     2      2   # Shell Script to make Mac OS X Releases of CACKey
     3      3   # Kenneth Van Alstyne
     4         -# DC1SAN_SUPPORT@hq.dhs.gov
            4  +# kenny@coreadaptive.com
     5      5   CACKEY_VERSION=`cat configure.ac | grep AC_INIT | cut -d " " -f 2 | sed 's_)__'`
     6      6   
     7         -# Check to see if we're building on Mac OS X 10.7 "Lion"
     8         -if [ "`uname -r | cut -d . -f 1`" = "11" ]; then
            7  +# Check to see if we're building on Mac OS X 10.7 "Lion" or newer
            8  +if [ "`uname -r | cut -d . -f 1`" -ge "11" ]; then
     9      9   	LIONBUILD=1
    10     10   fi
    11     11   
    12     12   # Usage function
    13     13   usage() {
    14     14   	echo "Usage: build_osx.sh <target>"
    15     15   	echo Where target is one of:
    16     16   	echo "    leopard  - (Builds Universal 10.5 Library for PPCG4/i386)"
    17         -	echo "    snowleopard  - (Builds Universal 10.6 Library for i386/x86_64)"
    18         -	echo "    lion  - (Builds Universal 10.7 Library for i386/x86_64)"
    19         -	echo "    sltomav - (Builds Universal 10.6/10.7/10.8/10.9 Library for i386/x86_64)"
           17  +	echo "    slandup - (Builds Universal 10.6 and Up Library for i386/x86_64)"
    20     18   	echo "    all - (Builds for all supported targets)"
    21     19   	echo "    clean - (Cleans up)"
    22     20   	echo "Run from CACKey Build Root."
           21  +	echo ""
           22  +	echo "NOTE:  Leopard build requires legacy XCode 3 components in"
           23  +	echo "       /Developer because of PowerPC support."
           24  +	echo "       All builds require gnutar, automake, and autoconf."
           25  +	echo "       If your newer release of XCode does not include these"
           26  +	echo "       components, I recommend installing them from MacPorts."
    23     27   	exit $?
    24     28   }
    25     29   
    26     30   # Clean up function
    27     31   clean() {
    28     32   	rm -f build/cackey_osx_build/cackey.dylib
    29     33   	rm -rf build/cackey_osx_build/PKCS11.tokend
................................................................................
    39     43   		LIBTOOLDIR=/Developer/usr/share/libtool
    40     44   	else
    41     45   		LIBTOOLDIR=/Developer/usr/share/libtool/config
    42     46   	fi
    43     47   	if [ ! -d macbuild ]; then
    44     48   		mkdir macbuild
    45     49   		mkdir macbuild/Leopard
    46         -		mkdir macbuild/Snowleopard
    47         -		mkdir macbuild/Lion
    48         -		mkdir macbuild/Sltomav
           50  +		mkdir macbuild/Slandup
    49     51   		mkdir macbuild/pkg
    50     52   	fi
    51     53   	if [ ! -f config.guess ]; then
    52     54   		cp ${LIBTOOLDIR}/config.guess .
    53     55   	fi
    54     56   	if [ ! -f config.sub ]; then
    55     57   		cp ${LIBTOOLDIR}/config.sub .
................................................................................
    74     76   	for HOST in powerpc-apple-darwin9 i386-apple-darwin9; do
    75     77   		genbuild
    76     78   	done
    77     79   	libbuild
    78     80   	pkgbuild
    79     81   }
    80     82   
    81         -# Build function for Snow Leopard
    82         -snowleopard() {
           83  +# Build function for Snow Leopard/Lion/Mountain Lion/Mavericks/Yosemite
           84  +slandup() {
    83     85   	makedir
    84     86   	HEADERS=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/Versions/A/Headers/
    85     87   	LIBRARY=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/PCSC
    86     88   	LIB=""
    87     89   	ARCHLIST=""
    88     90   	DLIB=""
    89     91   	DARCHLIST=""
    90         -	OSX=Snowleopard
    91         -	PKTARGETOS=3
    92         -	CUROSXVER=10.6
    93         -	for HOST in i386-apple-darwin10 x86_64-apple-darwin10; do
    94         -		genbuild
    95         -	done
    96         -	libbuild
    97         -	pkgbuild
    98         -}
    99         -
   100         -# Build function for Lion
   101         -lion() {
   102         -	makedir
   103         -	HEADERS=/Developer/SDKs/MacOSX10.7.sdk/System/Library/Frameworks/PCSC.framework/Versions/A/Headers/
   104         -	LIBRARY=/Developer/SDKs/MacOSX10.7.sdk/System/Library/Frameworks/PCSC.framework/PCSC
   105         -	LIB=""
   106         -	ARCHLIST=""
   107         -	DLIB=""
   108         -	DARCHLIST=""
   109         -	OSX=Lion
   110         -	PKTARGETOS=3
   111         -	CUROSXVER=10.7
   112         -	for HOST in i386-apple-darwin11 x86_64-apple-darwin11; do
   113         -		genbuild
   114         -	done
   115         -	libbuild
   116         -	pkgbuild
   117         -}
   118         -
   119         -# Build function for Snow Leopard/Lion/Mountain Lion
   120         -sltomav() {
   121         -	makedir
   122         -	HEADERS=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/Versions/A/Headers/
   123         -	LIBRARY=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/PCSC
   124         -	LIB=""
   125         -	ARCHLIST=""
   126         -	DLIB=""
   127         -	DARCHLIST=""
   128         -	OSX=Sltomav
   129         -	PKTARGETOS=3
   130         -	CUROSXVER=10.6
   131         -	for HOST in i386-apple-darwin10 x86_64-apple-darwin10; do
   132         -		genbuild
   133         -	done
   134         -	libbuild
   135         -	pkgbuild
   136         -}
   137         -
   138         -# Build function for Snow Leopard/Lion/Mountain Lion
   139         -sltomav() {
   140         -	makedir
   141         -	HEADERS=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/Versions/A/Headers/
   142         -	LIBRARY=/Developer/SDKs/MacOSX10.6.sdk/System/Library/Frameworks/PCSC.framework/PCSC
   143         -	LIB=""
   144         -	ARCHLIST=""
   145         -	DLIB=""
   146         -	DARCHLIST=""
   147         -	OSX=Sltomav
           92  +	OSX=Slandup
   148     93   	PKTARGETOS=3
   149     94   	CUROSXVER=10.6
   150     95   	for HOST in i386-apple-darwin10 x86_64-apple-darwin10; do
   151     96   		genbuild
   152     97   	done
   153     98   	libbuild
   154     99   	pkgbuild
................................................................................
   155    100   }
   156    101   
   157    102   # Generic build function
   158    103   genbuild() {
   159    104   	make distclean
   160    105   	ARCH=`echo ${HOST} | cut -d "-" -f 1`
   161    106   	if [ ${ARCH} == "powerpc" ]; then
   162         -		if [ ${OSX} == "Leopard" ]; then
   163         -			ARCH="ppc -mcpu=G4"
   164         -		else
   165         -			ARCH="ppc -mcpu=G3"
   166         -		fi
          107  +		ARCH="ppc -mcpu=G4"
   167    108   	fi
   168    109   	if [ "${LIONBUILD}" = 1 ]; then
   169    110   		if [ "${ARCH}" == "ppc -mcpu=G4" ]; then
   170         -			CC=powerpc-apple-darwin11-gcc-4.2.1 CPP=powerpc-apple-darwin11-cpp-4.2.1 CFLAGS="-m32 -I/Developer/Platforms/iPhoneOS.platform/Developer/usr/lib/gcc/powerpc-apple-darwin10/4.2.1/include -isysroot /Developer/SDKs/MacOSX10.5.sdk" CPPFLAGS="-D_LIBC_LIMITS_H_" ./configure --with-pcsc-headers=${HEADERS} --with-pcsc-libs=${LIBRARY} --host=${HOST} --enable-dod-certs-on-hw-slots
          111  +			CC=/Developer/usr/bin/powerpc-apple-darwin10-gcc-4.2.1 CXX=/Developer/usr/bin/powerpc-apple-darwin10-g++-4.2.1 CFLAGS="-m32 -mcpu=G4 -I/Developer/usr/lib/gcc/powerpc-apple-darwin10/4.2.1/include -isysroot /Developer/SDKs/MacOSX10.5.sdk" CPPFLAGS="-D_LIBC_LIMITS_H_" ./configure --with-pcsc-headers=${HEADERS} --with-pcsc-libs=${LIBRARY} --host=${HOST} --enable-dod-certs-on-hw-slots
   171    112   		else
   172    113   			CFLAGS="-arch ${ARCH}" ./configure --with-pcsc-headers=${HEADERS} --with-pcsc-libs=${LIBRARY} --host=${HOST} --enable-dod-certs-on-hw-slots
   173    114   		fi
   174    115   	else
   175    116   		CFLAGS="-arch ${ARCH}" ./configure --with-pcsc-headers=${HEADERS} --with-pcsc-libs=${LIBRARY} --host=${HOST} --enable-dod-certs-on-hw-slots
   176    117   	fi
   177    118   	make
................................................................................
   204    145   	rm -rf build/cackey_osx_build/PKCS11.tokend
   205    146   	if [ "${LIONBUILD}" = 1 ]; then
   206    147   		TAR=gnutar
   207    148   	else
   208    149   		TAR=tar
   209    150   	fi
   210    151   	if [ "${OSX}" = "Leopard" ]; then
   211         -		curl http://devel.kvanals.org/PKCS11_Tokend/PKCS11_tokend-latest.tar.gz | ${TAR} --strip-components 3 --wildcards -x -z -f - "PKCS11_tokend-*/prebuilt/leopard/PKCS11.tokend"
          152  +		curl http://devel.kvanals.org/PKCS11_Tokend/PKCS11_tokend-latest.tar.gz | gzip -d -c | ${TAR} --strip-components 3 --wildcards -x -f - "PKCS11_tokend-*/prebuilt/leopard/PKCS11.tokend"
   212    153   		mv PKCS11.tokend build/cackey_osx_build/PKCS11.tokend
   213    154   	else
   214         -		curl http://devel.kvanals.org/PKCS11_Tokend/PKCS11_tokend-latest.tar.gz | ${TAR} --strip-components 3 --wildcards -x -z -f - "PKCS11_tokend-*/prebuilt/snowleopard/PKCS11.tokend"
          155  +		curl http://devel.kvanals.org/PKCS11_Tokend/PKCS11_tokend-latest.tar.gz | gzip -d -c | ${TAR} --strip-components 3 --wildcards -x -f - "PKCS11_tokend-*/prebuilt/snowleopard/PKCS11.tokend"
   215    156   		mv PKCS11.tokend build/cackey_osx_build/PKCS11.tokend
   216    157   	fi
   217    158   	for PMDOC in build/cackey_osx_build/Template_pmbuild/*.in; do
   218    159   		PMDOC="`echo "${PMDOC}" | sed 's|l.in|l|g' | sed 's|build/cackey_osx_build/Template_pmbuild/||g'`"
   219    160   		UUID="`python -c 'import uuid; print uuid.uuid1()' | dd conv=ucase 2>/dev/null`"
   220    161   		mkdir -p build/cackey_osx_build/${OSX}_pmbuild.pmdoc
   221    162   		sed "s|@@BUILDROOTDIR@@|$(pwd)|g" build/cackey_osx_build/Template_pmbuild/${PMDOC}.in > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
................................................................................
   224    165   		sed "s|@@TARGETOS@@|${PKTARGETOS}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
   225    166   		sed "s|@@CUROSXVER@@|${CUROSXVER}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
   226    167   		sed "s|@@LIBCACKEYG@@|${LIBCACKEYG}|g" build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1 > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
   227    168   		cp build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC} build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1
   228    169   		mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}.1 build/cackey_osx_build/${OSX}_pmbuild.pmdoc/${PMDOC}
   229    170   	done
   230    171   	EXT=pkg
   231         -	if [ ${OSX} == "Snowleopard" ]; then
   232         -		cat build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml | sed 's|for Mac OS X Snowleopard|for Mac OS X SnowLeopard|g' > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new
   233         -		mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml
   234         -	fi
   235         -	if [ ${OSX} == "Sltomav" ]; then
   236         -		cat build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml | sed 's|for Mac OS X Sltomav|for Mac OS X SLtoMav|g' > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new
          172  +	if [ ${OSX} == "Slandup" ]; then
          173  +		cat build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml | sed 's|for Mac OS X Slandup|for Mac OS X SLandUp|g' > build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new
   237    174   		mv build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml.new build/cackey_osx_build/${OSX}_pmbuild.pmdoc/index.xml
   238    175   	fi
   239    176   	/Developer/Applications/Utilities/PackageMaker.app/Contents/MacOS/PackageMaker -d build/cackey_osx_build/${OSX}_pmbuild.pmdoc -o macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
   240    177   	tar --create --directory macbuild/pkg/ --file macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}.tar CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
   241    178   	gzip -9 macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}.tar
   242    179   	rm -rf macbuild/pkg/CACKey_${CACKEY_VERSION}_${OSX}.${EXT}
   243    180   	rm -f build/cackey_osx_build/cackey.dylib
................................................................................
   254    191   
   255    192   	"leopard")
   256    193   		./autogen.sh
   257    194   		leopard
   258    195   		exit $?
   259    196   	;;
   260    197   
   261         -	"snowleopard")
          198  +	"slandup")
   262    199   		./autogen.sh
   263         -		snowleopard
   264         -		exit $?
   265         -	;;
   266         -	
   267         -	"lion")
   268         -		./autogen.sh
   269         -		lion
   270         -		exit $?
   271         -	;;
   272         -	
   273         -	"sltomav")
   274         -		./autogen.sh
   275         -		sltomav
          200  +		slandup
   276    201   		exit $?
   277    202   	;;
   278    203   
   279    204   	"all")
   280    205   		./autogen.sh
   281    206   		leopard
   282         -		sltomav
          207  +		slandup
   283    208   		echo ""
   284    209   		echo "All builds complete."
   285    210   		exit $?
   286    211   	;;
   287    212   
   288    213   	"clean")
   289    214   		clean

Modified build/certs-to-c from [1cd87f2aca] to [e4223940e0].

     1      1   #! /bin/bash
     2      2   
     3      3   for file in "$@"; do
            4  +	if [ ! -f "${file}" ]; then
            5  +		continue
            6  +	fi
            7  +
     4      8   	rm -f tmpfile.x509
     5      9   	if ! openssl x509 -in "${file}" -inform pem -noout -checkend 0 >/dev/null 2>/dev/null; then
     6     10   		echo "warning: Skipping \"${file}\" as it is invalid or expired." >&2
     7     11   
     8     12   		continue
     9     13   	fi
    10     14   
    11     15   	openssl x509 -in "${file}" -out tmpfile.x509 -inform pem -outform der
    12     16   
    13         -	pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'RSA Public Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
    14         -	certlen="$(cat tmpfile.x509 | wc -c)"
           17  +	pubkeylen="$(openssl x509 -in tmpfile.x509 -inform der -text -noout | grep 'Public[- ]Key:' | sed 's@^.*(\([0-9][0-9]*\) bit).*$@\1@')"
           18  +	certlen="$(cat tmpfile.x509 | wc -c | awk '{ print $1 }')"
    15     19   	cert="$(( cat tmpfile.x509 | od -t x1 | cut -c 9- | tr "\n" ' '; echo ) | sed 's@ @@g;s@..@\\x&@g')"
    16     20   
    17     21   	cat << _EOF_
           22  +	/* ${file} */
    18     23   	{
    19     24   		CACKEY_ID_TYPE_CERT_ONLY, /* id_type */
    20     25   		${certlen}, /* certificate_len */
    21     26   		(unsigned char *) "${cert}", /* certificate */
    22     27   		${pubkeylen} /* keysize */
    23     28   	},
    24     29   _EOF_
    25     30   done
    26     31   
    27     32   rm -f tmpfile.x509

Modified build/certs/dod/Makefile from [678511107e] to [dcbc2db73e].

     1      1   all: cert-0.crt
     2      2   
     3      3   rel3_dodroot_2048.cac:
     4         -	wget -O "$@.new" http://dodpki.c3pki.chamb.disa.mil/rel3_dodroot_2048.cac
     5         -	mv "$@.new" "$@"
            4  +	wget -O Certificates_PKCS7_v4.1_DoD.zip http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v4.1_DoD.zip
            5  +	unzip Certificates_PKCS7_v4.1_DoD.zip Certificates_PKCS7_v4.1_DoD/Certificates_PKCS7_v4.1_DoD.der.p7b
            6  +	mv Certificates_PKCS7_v4.1_DoD/Certificates_PKCS7_v4.1_DoD.der.p7b "$@"
            7  +	rm -rf Certificates_PKCS7_v4.1_DoD Certificates_PKCS7_v4.1_DoD.zip
     6      8   
     7      9   cert-%.crt: rel3_dodroot_2048.cac
     8     10   	idx=0; \
     9     11   	( \
    10     12   		openssl pkcs7 -in rel3_dodroot_2048.cac -inform DER -print_certs -text; \
    11     13   	) | while IFS='' read -r line; do \
    12     14   		if [ -z "$${line}" ]; then \

Modified build/certs/federal/Makefile from [7088ba1ceb] to [4c5635d94a].

     1      1   all: cert-1.crt CPCA_TRCA.crt CommonPolicy.crt
     2      2   	grep -l 'Issuer: C=US, O=U.S. Government, OU=FPKI, CN=Federal Bridge CA' *.crt | xargs rm -f
     3      3   	grep -l 'Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA' *.crt  | xargs grep -H 'Issuer:' | grep -v 'Issuer: C=us, O=U.S. Government, OU=FBCA, CN=Common Policy' | cut -f 1 -d : | xargs rm -f
     4      4   
     5      5   CPCA_TRCA.crt:
     6         -	wget -O - --no-check-certificate https://pki.treas.gov/CPCA_TRCA.cer | openssl x509 -text > "$@.new"
            6  +	wget -O - --no-check-certificate https://pki.treas.gov/CPCA_TRCA.cer | openssl x509 -text -inform der > "$@.new"
     7      7   	mv "$@.new" "$@"
     8      8   
     9      9   caCertsIssuedTofcpca.p7c:
    10     10   	wget -O "$@.new" http://http.fpki.gov/fcpca/caCertsIssuedTofcpca.p7c
    11     11   	mv "$@.new" "$@"
    12     12   
    13     13   root_sia.p7b:

Modified cackey.c from [318588635a] to [3a0d4abad4].

    31     31   #endif
    32     32   #ifdef HAVE_LIMITS_H
    33     33   #  include <limits.h>
    34     34   #endif
    35     35   #ifdef HAVE_STDIO_H
    36     36   #  include <stdio.h>
    37     37   #endif
           38  +#define HAVE_ERRNO_H 1
           39  +#ifdef HAVE_ERRNO_H
           40  +#  include <errno.h>
           41  +#endif
    38     42   #ifdef HAVE_ZLIB_H
    39     43   #  ifdef HAVE_LIBZ
    40     44   #    include <zlib.h>
    41     45   #  endif
    42     46   #else
    43     47   #  ifdef HAVE_LIBZ
    44     48   #    undef HAVE_LIBZ
................................................................................
    59     63   
    60     64   #include "pkcs11.h"
    61     65   #include "pkcs11n.h"
    62     66   #include "asn1-x509.h"
    63     67   #include "sha1.h"
    64     68   #include "md5.h"
    65     69   
    66         -/*
    67         - * Include these source files in this translation unit so that we can bind to
    68         - * functions and not include any symbols in the output shared object.
    69         - */
    70         -#include "asn1-x509.c"
    71         -#include "sha1.c"
    72         -#include "md5.c"
    73         -
    74     70   #ifndef CACKEY_CRYPTOKI_VERSION_CODE
    75     71   #  define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00
    76     72   #endif
    77     73   
    78     74   /* GSC-IS v2.1 Definitions */
    79     75   /** Classes **/
    80     76   #define GSCIS_CLASS_ISO7816           0x00
................................................................................
    85     81   #define GSCIS_INSTR_READ_BINARY       0xB0
    86     82   #define GSCIS_INSTR_UPDATE_BINARY     0xD6
    87     83   #define GSCIS_INSTR_SELECT            0xA4
    88     84   #define GSCIS_INSTR_EXTERNAL_AUTH     0x82
    89     85   #define GSCIS_INSTR_GET_CHALLENGE     0x84
    90     86   #define GSCIS_INSTR_INTERNAL_AUTH     0x88
    91     87   #define GSCIS_INSTR_VERIFY            0x20
           88  +#define GSCIS_INSTR_CHANGE_REFERENCE  0x24
    92     89   #define GSCIS_INSTR_SIGN              0x2A
    93     90   #define GSCIS_INSTR_GET_PROP          0x56
    94     91   #define GSCIS_INSTR_GET_ACR           0x4C
    95     92   #define GSCIS_INSTR_READ_BUFFER       0x52
    96     93   #define GSCIS_INSTR_SIGNDECRYPT       0x42
    97     94   
    98     95   #define GSCIS_PARAM_SELECT_APPLET     0x04
................................................................................
   222    219   #  define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
   223    220   	static char buf_user[4096] = {0}, *buf_user_p; \
   224    221   	unsigned long buf_user_size; \
   225    222   	unsigned char *TMPBUF; \
   226    223   	unsigned long idx; \
   227    224   	int snprintf_ret; \
   228    225   	TMPBUF = (unsigned char *) (x); \
          226  +	buf_user[0] = 0; \
   229    227   	buf_user_p = buf_user; \
   230    228   	buf_user_size = sizeof(buf_user); \
   231    229   	for (idx = 1; idx < (y); idx++) { \
   232    230   		if (buf_user_size <= 0) { \
   233    231   			break; \
   234    232   		}; \
   235    233   		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \
................................................................................
   714    712   #  define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
   715    713   #  define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
   716    714   #  define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
   717    715   #  define CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(x) "DEBUG_DISABLED"
   718    716   #  define CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(x) "DEBUG_DISABLED"
   719    717   #endif
   720    718   
          719  +/*
          720  + * Include these source files in this translation unit so that we can bind to
          721  + * functions and not include any symbols in the output shared object.
          722  + */
          723  +#include "asn1-x509.c"
          724  +#include "sha1.c"
          725  +#include "md5.c"
          726  +
   721    727   typedef enum {
   722    728   	CACKEY_ID_TYPE_CAC,
   723    729   	CACKEY_ID_TYPE_PIV,
   724    730   	CACKEY_ID_TYPE_CERT_ONLY
   725    731   } cackey_pcsc_id_type;
   726    732   
   727    733   struct cackey_pcsc_identity {
................................................................................
  1210   1216   		CACKEY_DEBUG_PRINTF("Connection to PC/SC failed, returning in failure");
  1211   1217   
  1212   1218   		return(CACKEY_PCSC_E_GENERIC);
  1213   1219   	}
  1214   1220   
  1215   1221   	/* Connect to reader, if needed */
  1216   1222   	if (!slot->pcsc_card_connected) {
  1217         -		CACKEY_DEBUG_PRINTF("SCardConnect(%s) called", slot->pcsc_reader);
         1223  +		CACKEY_DEBUG_PRINTF("SCardConnect(%s) called for slot %p", slot->pcsc_reader, slot);
  1218   1224   		scard_conn_ret = SCardConnect(*cackey_pcsc_handle, slot->pcsc_reader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &slot->pcsc_card, &protocol);
  1219   1225   
  1220   1226   		if (scard_conn_ret == SCARD_E_PROTO_MISMATCH) {
  1221   1227   			CACKEY_DEBUG_PRINTF("SCardConnect() returned SCARD_E_PROTO_MISMATCH, trying with just T=0")
  1222   1228   			scard_conn_ret = SCardConnect(*cackey_pcsc_handle, slot->pcsc_reader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, &slot->pcsc_card, &protocol);
  1223   1229   
  1224   1230   			if (scard_conn_ret == SCARD_E_PROTO_MISMATCH) {
................................................................................
  1524   1530   			xmit_buf[xmit_len++] = le;
  1525   1531   		}
  1526   1532   	}
  1527   1533   
  1528   1534   	/* Begin Smartcard Transaction */
  1529   1535   	cackey_begin_transaction(slot);
  1530   1536   
  1531         -	if (class == GSCIS_CLASS_ISO7816 && instruction == GSCIS_INSTR_VERIFY && p1 == 0x00) {
         1537  +	if (class == GSCIS_CLASS_ISO7816 && (instruction == GSCIS_INSTR_VERIFY || instruction == GSCIS_INSTR_CHANGE_REFERENCE) && p1 == 0x00) {
  1532   1538   		CACKEY_DEBUG_PRINTF("Sending APDU: <<censored>>");
  1533   1539   	} else {
  1534   1540   		CACKEY_DEBUG_PRINTBUF("Sending APDU:", xmit_buf, xmit_len);
  1535   1541   	}
  1536   1542   
  1537   1543   	recv_len = sizeof(recv_buf);
  1538   1544   	scard_xmit_ret = SCardTransmit(slot->pcsc_card, pioSendPci, xmit_buf, xmit_len, NULL, recv_buf, &recv_len);
................................................................................
  1741   1747   		CACKEY_DEBUG_PRINTF("outbuffer_len_p is NULL.  Returning in failure.");
  1742   1748   
  1743   1749   		return(NULL);
  1744   1750   	}
  1745   1751   
  1746   1752   	buffer_len = *outbuffer_len_p;
  1747   1753   	outbuffer_len = *outbuffer_len_p;
         1754  +
         1755  +	if (buffer_len < 2) {
         1756  +		CACKEY_DEBUG_PRINTF("buffer_len is less than 2, so we can't read any tag.  Returning in failure.");
         1757  +
         1758  +		return(NULL);
         1759  +	}
  1748   1760   
  1749   1761   	buffer_p = buffer;
  1750   1762   	if (buffer_p[0] != tag) {
  1751   1763   		CACKEY_DEBUG_PRINTF("Tag found was not tag expected.  Tag = %02x, Expected = %02x.  Returning in failure.", (unsigned int) buffer_p[0], tag);
  1752   1764   
  1753   1765   		return(NULL);
  1754   1766   	}
................................................................................
  2423   2435    */
  2424   2436   static struct cackey_pcsc_identity *cackey_read_certs(struct cackey_slot *slot, struct cackey_pcsc_identity *certs, unsigned long *count) {
  2425   2437   	struct cackey_pcsc_identity *curr_id;
  2426   2438   	struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
  2427   2439   	unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
  2428   2440   	unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
  2429   2441   	unsigned char curr_aid[7];
  2430         -	unsigned char buffer[8192], *buffer_p;
         2442  +	unsigned char buffer[8192], *buffer_p, *tmpbuf;
  2431   2443   	unsigned long outidx = 0;
  2432   2444   	char *piv_label;
  2433   2445   	cackey_ret transaction_ret;
  2434   2446   	ssize_t read_ret;
  2435         -	size_t buffer_len;
         2447  +	size_t buffer_len, tmpbuflen;
  2436   2448   	int certs_resizable;
  2437   2449   	int send_ret, select_ret;
  2438   2450   	int piv_key, piv = 0;
  2439   2451   	int idx;
         2452  +#ifdef HAVE_LIBZ
         2453  +	int uncompress_ret;
         2454  +	z_stream gzip_stream;
         2455  +#endif
  2440   2456   
  2441   2457   	CACKEY_DEBUG_PRINTF("Called.");
  2442   2458   
  2443   2459   	if (count == NULL) {
  2444   2460   		CACKEY_DEBUG_PRINTF("count is NULL, returning in failure");
  2445   2461   
  2446   2462   		return(NULL);
................................................................................
  2550   2566   			curr_id->certificate = malloc(curr_id->certificate_len);
  2551   2567   
  2552   2568   			buffer_len = sizeof(buffer);
  2553   2569   			buffer_p = cackey_read_bertlv_tag(buffer, &buffer_len, 0x70, curr_id->certificate, &curr_id->certificate_len);
  2554   2570   
  2555   2571   			if (buffer_p == NULL) {
  2556   2572   				CACKEY_DEBUG_PRINTF("Reading certificate from BER-TLV response failed, skipping key %i", idx);
         2573  +
  2557   2574   				free(curr_id->certificate);
         2575  +
         2576  +				curr_id->certificate = NULL;
  2558   2577   
  2559   2578   				outidx--;
  2560   2579   
  2561   2580   				continue;
  2562   2581   			}
         2582  +
         2583  +#ifdef HAVE_LIBZ
         2584  +			if (curr_id->certificate_len > 4) {
         2585  +				if (memcmp(curr_id->certificate, "\x1f\x8b\x08\x00", 4) == 0) {
         2586  +					tmpbuflen = curr_id->certificate_len * 2;
         2587  +					tmpbuf = malloc(tmpbuflen);
         2588  +
         2589  +					CACKEY_DEBUG_PRINTBUF("Attempting to decompress:", curr_id->certificate, curr_id->certificate_len);
         2590  +
         2591  +					gzip_stream.zalloc = NULL;
         2592  +					gzip_stream.zfree = NULL;
         2593  +					gzip_stream.opaque = NULL;
         2594  +
         2595  +					gzip_stream.next_in  = curr_id->certificate;
         2596  +					gzip_stream.avail_in = curr_id->certificate_len;
         2597  +					gzip_stream.next_out = tmpbuf;
         2598  +					gzip_stream.avail_out = tmpbuflen;
         2599  +
         2600  +					uncompress_ret = inflateInit(&gzip_stream);
         2601  +					if (uncompress_ret == Z_OK) {
         2602  +						uncompress_ret = inflateReset2(&gzip_stream, 31);
         2603  +					}
         2604  +					if (uncompress_ret == Z_OK) {
         2605  +						uncompress_ret = inflate(&gzip_stream, 0);
         2606  +					}
         2607  +					if (uncompress_ret == Z_STREAM_END) {
         2608  +						uncompress_ret = inflateEnd(&gzip_stream);
         2609  +					} else {
         2610  +						uncompress_ret = Z_DATA_ERROR;
         2611  +					}
         2612  +					if (uncompress_ret == Z_OK) {
         2613  +						tmpbuflen = gzip_stream.total_out;
         2614  +
         2615  +						CACKEY_DEBUG_PRINTBUF("Decompressed to:", tmpbuf, tmpbuflen);
         2616  +
         2617  +						free(curr_id->certificate);
         2618  +
         2619  +						curr_id->certificate = tmpbuf;
         2620  +						curr_id->certificate_len = tmpbuflen;
         2621  +					} else {
         2622  +						CACKEY_DEBUG_PRINTF("Decompressing failed! uncompress() returned %i", uncompress_ret);
         2623  +
         2624  +						free(tmpbuf);
         2625  +					}
         2626  +				}
         2627  +			}
         2628  +#endif
  2563   2629   		}
  2564   2630   	} else {
  2565   2631   		/* Read all the applets from the CCC's TLV */
  2566   2632   		ccc_tlv = cackey_read_tlv(slot);
  2567   2633   
  2568   2634   		/* Look for CARDURLs that coorespond to PKI applets */
  2569   2635   		for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
................................................................................
  2631   2697   
  2632   2698   				curr_id->certificate = malloc(curr_id->certificate_len);
  2633   2699   				memcpy(curr_id->certificate, app_curr->value, curr_id->certificate_len);
  2634   2700   
  2635   2701   				if (outidx >= *count) {
  2636   2702   					if (certs_resizable) {
  2637   2703   						*count *= 2;
  2638         -						certs = realloc(certs, sizeof(*certs) * (*count));
         2704  +						if (*count != 0) {
         2705  +							certs = realloc(certs, sizeof(*certs) * (*count));
         2706  +						} else {
         2707  +							certs = NULL;
         2708  +						}
  2639   2709   					} else {
  2640   2710   						break;
  2641   2711   					}
  2642   2712   				}
  2643   2713   			}
  2644   2714   
  2645   2715   			cackey_free_tlv(app_tlv);
................................................................................
  2651   2721   
  2652   2722   		cackey_free_tlv(ccc_tlv);
  2653   2723   	}
  2654   2724   
  2655   2725   	*count = outidx;
  2656   2726   
  2657   2727   	if (certs_resizable) {
  2658         -		certs = realloc(certs, sizeof(*certs) * (*count));
         2728  +		if (*count != 0) {
         2729  +			certs = realloc(certs, sizeof(*certs) * (*count));
         2730  +		} else {
         2731  +			certs = NULL;
         2732  +		}
  2659   2733   	}
  2660   2734   
  2661   2735   	slot->cached_certs = cackey_copy_certs(NULL, certs, *count);
  2662   2736   	slot->cached_certs_count = *count;
  2663   2737   
  2664   2738   	/* Terminate SmartCard Transaction */
  2665   2739   	cackey_end_transaction(slot);
................................................................................
  2679   2753    *
  2680   2754    * NOTES
  2681   2755    *     ...
  2682   2756    *
  2683   2757    */
  2684   2758   static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen, int padInput, int unpadOutput) {
  2685   2759   	cackey_pcsc_id_type id_type;
  2686         -	unsigned char dyn_auth_template[10];
         2760  +	unsigned char dyn_auth_template[10], *dyn_auth_tmpbuf;
  2687   2761   	unsigned char *tmpbuf, *tmpbuf_s, *outbuf_s, *outbuf_p;
  2688   2762   	unsigned char bytes_to_send, p1, class;
  2689   2763   	unsigned char blocktype;
  2690   2764   	cackey_ret send_ret;
  2691   2765   	uint16_t respcode;
  2692   2766   	ssize_t retval = 0, unpadoffset;
  2693   2767   	size_t tmpbuflen, padlen, tmpoutbuflen, outbuf_len;
................................................................................
  2814   2888   			dyn_auth_template[4] = 0x82;
  2815   2889   			dyn_auth_template[5] = 0x00;
  2816   2890   			dyn_auth_template[6] = 0x81;
  2817   2891   			dyn_auth_template[7] = 0x82;
  2818   2892   			dyn_auth_template[8] = (tmpbuflen & 0xff00) >> 8;
  2819   2893   			dyn_auth_template[9] = tmpbuflen & 0x00ff;
  2820   2894   
  2821         -			send_ret = cackey_send_apdu(slot, 0x10, NISTSP800_73_3_INSTR_GENAUTH, NISTSP800_78_3_ALGO_RSA2048, identity->pcsc_identity->card.piv.key_id, sizeof(dyn_auth_template), dyn_auth_template, 0x00, NULL, NULL, NULL);
         2895  +			dyn_auth_tmpbuf = malloc(tmpbuflen + sizeof(dyn_auth_template));
         2896  +			memcpy(dyn_auth_tmpbuf, dyn_auth_template, sizeof(dyn_auth_template));
         2897  +			memcpy(dyn_auth_tmpbuf + sizeof(dyn_auth_template), tmpbuf, tmpbuflen);
         2898  +
         2899  +			if (free_tmpbuf) {
         2900  +				free(tmpbuf);
         2901  +			}
         2902  +
         2903  +			tmpbuflen += sizeof(dyn_auth_template);
         2904  +			tmpbuf = dyn_auth_tmpbuf;
         2905  +			free_tmpbuf = 1;
         2906  +
  2822   2907   			break;
  2823   2908   		case CACKEY_ID_TYPE_CERT_ONLY:
  2824   2909   			break;
  2825   2910   	}
  2826   2911   
  2827   2912   	tmpbuf_s = tmpbuf;
  2828   2913   	outbuf_s = outbuf;
................................................................................
  2886   2971   					CACKEY_DEBUG_PRINTF("Got \"WRONG CLASS\", this means we are talking to the wrong object (likely because the card went away) -- resetting");
  2887   2972   				} else {
  2888   2973   					CACKEY_DEBUG_PRINTF("Security status not satisified (respcode = 0x%04x).  Returning NEEDLOGIN", (int) respcode);
  2889   2974   				}
  2890   2975   
  2891   2976   				cackey_mark_slot_reset(slot);
  2892   2977   
         2978  +				slot->token_flags = CKF_LOGIN_REQUIRED;
         2979  +
  2893   2980   				return(CACKEY_PCSC_E_NEEDLOGIN);
  2894   2981   			}
  2895   2982   
  2896   2983   			if (send_ret == CACKEY_PCSC_E_TOKENABSENT) {
  2897   2984   				CACKEY_DEBUG_PRINTF("Token absent.  Returning TOKENABSENT");
  2898   2985   
  2899   2986   				cackey_mark_slot_reset(slot);
................................................................................
  2945   3032   			}
  2946   3033   
  2947   3034   			retval = outbuf_len;
  2948   3035   
  2949   3036   			outbuf_len = retval;
  2950   3037   			outbuf_p = cackey_read_bertlv_tag(outbuf, &outbuf_len, 0x82, NULL,  &outbuf_len);
  2951   3038   			if (outbuf_p == NULL) {
  2952         -				CACKEY_DEBUG_PRINTF("Response from PIV for GENERATE AUTHENTICATION was not a 0x82 with then 0x7C tag, returning in failure");
         3039  +				CACKEY_DEBUG_PRINTF("Response from PIV for GENERATE AUTHENTICATION was not a 0x82 within a 0x7C tag, returning in failure");
  2953   3040   
  2954   3041   				return(-1);
  2955   3042   			}
  2956   3043   
  2957   3044   			retval = outbuf_len;
  2958   3045   
  2959   3046   			break;
................................................................................
  3037   3124   	}
  3038   3125   
  3039   3126   
  3040   3127   	CACKEY_DEBUG_PRINTF("Returning in success, retval = %li (bytes)", (long) retval);
  3041   3128   
  3042   3129   	return(retval);
  3043   3130   }
         3131  +
         3132  +/*
         3133  + * SYNPOSIS
         3134  + *     ...
         3135  + *
         3136  + * ARGUMENTS
         3137  + *     ...
         3138  + *
         3139  + * RETURN VALUE
         3140  + *     ...
         3141  + *
         3142  + * NOTES
         3143  + *     ...
         3144  + *
         3145  + */
         3146  +static cackey_ret cackey_set_pin(struct cackey_slot *slot, unsigned char *old_pin, unsigned long old_pin_len, unsigned char *pin, unsigned long pin_len) {
         3147  +	struct cackey_pcsc_identity *pcsc_identities;
         3148  +	unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
         3149  +	unsigned char old_cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
         3150  +	unsigned char pin_update[sizeof(cac_pin) + sizeof(old_cac_pin)];
         3151  +	unsigned long num_certs;
         3152  +	uint16_t response_code;
         3153  +	int tries_remaining;
         3154  +	int send_ret;
         3155  +	int key_reference = 0x00;
         3156  +
         3157  +	/* Apparently, CAC PINs are *EXACTLY* 8 bytes long -- pad with 0xFF if too short */
         3158  +	if (pin_len >= 8) {
         3159  +		memcpy(cac_pin, pin, 8);
         3160  +	} else {
         3161  +		memcpy(cac_pin, pin, pin_len);
         3162  +	}
         3163  +
         3164  +	if (old_pin_len >= 8) {
         3165  +		memcpy(old_cac_pin, old_pin, 8);
         3166  +	} else {
         3167  +		memcpy(old_cac_pin, old_pin, old_pin_len);
         3168  +	}
         3169  +
         3170  +	/* Concatenate both PINs together to send as a single instruction */
         3171  +	memcpy(pin_update, old_cac_pin, sizeof(old_cac_pin));
         3172  +	memcpy(pin_update + sizeof(old_cac_pin), cac_pin, sizeof(cac_pin));
         3173  +
         3174  +	/* Reject PINs which are too short */
         3175  +	if (pin_len < 5) {
         3176  +		CACKEY_DEBUG_PRINTF("Rejecting New PIN which is too short (length = %lu, must be atleast 5)", pin_len);
         3177  +
         3178  +		return(CACKEY_PCSC_E_BADPIN);
         3179  +	}
         3180  +
         3181  +	if (old_pin_len < 5) {
         3182  +		CACKEY_DEBUG_PRINTF("Rejecting Old PIN which is too short (length = %lu, must be atleast 5)", old_pin_len);
         3183  +
         3184  +		return(CACKEY_PCSC_E_BADPIN);
         3185  +	}
         3186  +
         3187  +	/* PIV authentication uses a "key_reference" of 0x80 */
         3188  +	pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
         3189  +	if (num_certs > 0 && pcsc_identities != NULL) {
         3190  +		switch (pcsc_identities[0].id_type) {
         3191  +			case CACKEY_ID_TYPE_PIV:
         3192  +				CACKEY_DEBUG_PRINTF("We have PIV card, so we will attempt to authenticate using the PIV Application key reference");
         3193  +
         3194  +				key_reference = 0x80;
         3195  +				break;
         3196  +			default:
         3197  +				break;
         3198  +		}
         3199  +
         3200  +		cackey_free_certs(pcsc_identities, num_certs, 1);
         3201  +	}
         3202  +
         3203  +	/* Issue a Set PIN (CHANGE REFERENCE) */
         3204  +	send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_CHANGE_REFERENCE, 0x00, key_reference, sizeof(pin_update), pin_update, 0x00, &response_code, NULL, NULL);
         3205  +
         3206  +	if (send_ret != CACKEY_PCSC_S_OK) {
         3207  +		if ((response_code & 0x63C0) == 0x63C0) {
         3208  +			tries_remaining = (response_code & 0xF);
         3209  +
         3210  +			CACKEY_DEBUG_PRINTF("PIN Verification failed, %i tries remaining", tries_remaining);
         3211  +
         3212  +			return(CACKEY_PCSC_E_BADPIN);
         3213  +		}
         3214  +
         3215  +		if (response_code == 0x6983) {
         3216  +			CACKEY_DEBUG_PRINTF("Unable to set PIN, device is locked or changing the PIN is disabled");
         3217  +
         3218  +			return(CACKEY_PCSC_E_LOCKED);
         3219  +		}
         3220  +
         3221  +		return(CACKEY_PCSC_E_GENERIC);
         3222  +	}
         3223  +
         3224  +	CACKEY_DEBUG_PRINTF("PIN Change succeeded");
         3225  +
         3226  +	return(CACKEY_PCSC_S_OK);
         3227  +}
  3044   3228   
  3045   3229   /*
  3046   3230    * SYNPOSIS
  3047   3231    *     ...
  3048   3232    *
  3049   3233    * ARGUMENTS
  3050   3234    *     ...
................................................................................
  4084   4268   		return(identities);
  4085   4269   	}
  4086   4270   
  4087   4271   
  4088   4272   	*ids_found = 0;
  4089   4273   	return(NULL);
  4090   4274   }
         4275  +
         4276  +static cackey_ret cackey_get_pin(char *pinbuf) {
         4277  +	FILE *pinfd;
         4278  +	char *fgets_ret;
         4279  +	int pclose_ret;
         4280  +
         4281  +	if (cackey_pin_command == NULL) {
         4282  +		return(CACKEY_PCSC_E_GENERIC);
         4283  +	}
         4284  +
         4285  +	if (pinbuf == NULL) {
         4286  +		return(CACKEY_PCSC_E_GENERIC);
         4287  +	}
         4288  +
         4289  +	CACKEY_DEBUG_PRINTF("CACKEY_PIN_COMMAND = %s", cackey_pin_command);
         4290  +
         4291  +	pinfd = popen(cackey_pin_command, "r");
         4292  +	if (pinfd == NULL) {
         4293  +		CACKEY_DEBUG_PRINTF("Error.  %s: Unable to run", cackey_pin_command);
         4294  +
         4295  +		return(CACKEY_PCSC_E_BADPIN);
         4296  +	}
         4297  +
         4298  +	fgets_ret = fgets(pinbuf, 32, pinfd);
         4299  +	if (fgets_ret == NULL) {
         4300  +		pinbuf[0] = '\0';
         4301  +	}
         4302  +
         4303  +	pclose_ret = pclose(pinfd);
         4304  +	if (pclose_ret == -1 && errno == ECHILD) {
         4305  +		CACKEY_DEBUG_PRINTF("Notice.  pclose() indicated it could not get the status of the child, assuming it succeeeded !");
         4306  +
         4307  +		pclose_ret = 0;
         4308  +	}
         4309  +
         4310  +	if (pclose_ret != 0) {
         4311  +		CACKEY_DEBUG_PRINTF("Error.  %s: exited with non-zero status of %i", cackey_pin_command, pclose_ret);
         4312  +
         4313  +		return(CACKEY_PCSC_E_BADPIN);
         4314  +	}
         4315  +
         4316  +	if (strlen(pinbuf) < 1) {
         4317  +		CACKEY_DEBUG_PRINTF("Error.  %s: returned no data", cackey_pin_command);
         4318  +
         4319  +		return(CACKEY_PCSC_E_BADPIN);
         4320  +	}
         4321  +
         4322  +	if (pinbuf[strlen(pinbuf) - 1] == '\n') {
         4323  +		pinbuf[strlen(pinbuf) - 1] = '\0';
         4324  +	}
         4325  +
         4326  +	return(CACKEY_PCSC_S_OK);
         4327  +}
  4091   4328   
  4092   4329   CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
  4093   4330   	CK_C_INITIALIZE_ARGS CK_PTR args;
  4094   4331   	uint32_t idx, highest_slot;
  4095   4332   	int mutex_init_ret;
  4096   4333   	int include_dod_certs;
  4097   4334   
................................................................................
  4379   4616   		} else {
  4380   4617   			
  4381   4618   		}
  4382   4619   	}
  4383   4620   
  4384   4621   	/* Determine list of readers */
  4385   4622   	pcsc_connect_ret = cackey_pcsc_connect();
         4623  +/* XXX: CAN HANG HERE ! */
  4386   4624   	if (pcsc_connect_ret != CACKEY_PCSC_S_OK) {
  4387   4625   		CACKEY_DEBUG_PRINTF("Connection to PC/SC failed, assuming no slots");
  4388   4626   
  4389   4627   		slot_count = 0;
  4390   4628   	} else {
  4391   4629   		pcsc_readers_len = 0;
  4392   4630   
................................................................................
  4900   5138   	}
  4901   5139   
  4902   5140   	CACKEY_DEBUG_PRINTF("Returning CKR_TOKEN_WRITE_PROTECTED (%i)", CKR_TOKEN_WRITE_PROTECTED);
  4903   5141   
  4904   5142   	return(CKR_TOKEN_WRITE_PROTECTED);
  4905   5143   }
  4906   5144   
  4907         -/* We don't support this method. */
  4908   5145   CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) {
  4909         -	CACKEY_DEBUG_PRINTF("Called.");
  4910         -
  4911         -	if (!cackey_initialized) {
  4912         -		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  4913         -
  4914         -		return(CKR_CRYPTOKI_NOT_INITIALIZED);
  4915         -	}
  4916         -
  4917         -	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
  4918         -
  4919         -	return(CKR_FUNCTION_NOT_SUPPORTED);
         5146  +	char oldpinbuf[64], newpinbuf[64];
         5147  +	cackey_ret set_pin_ret, get_pin_ret;
         5148  +	CK_SLOT_ID slotID;
         5149  +	int mutex_retval;
         5150  +
         5151  +	CACKEY_DEBUG_PRINTF("Called.");
         5152  +
         5153  +	if (!cackey_initialized) {
         5154  +		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
         5155  +
         5156  +		return(CKR_CRYPTOKI_NOT_INITIALIZED);
         5157  +	}
         5158  +
         5159  +	mutex_retval = cackey_mutex_lock(cackey_biglock);
         5160  +	if (mutex_retval != 0) {
         5161  +		CACKEY_DEBUG_PRINTF("Error.  Locking failed.");
         5162  +
         5163  +		return(CKR_GENERAL_ERROR);
         5164  +	}
         5165  +
         5166  +	if (!cackey_sessions[hSession].active) {
         5167  +		cackey_mutex_unlock(cackey_biglock);
         5168  +
         5169  +		CACKEY_DEBUG_PRINTF("Error.  Session not active.");
         5170  +		
         5171  +		return(CKR_SESSION_HANDLE_INVALID);
         5172  +	}
         5173  +
         5174  +	slotID = cackey_sessions[hSession].slotID;
         5175  +
         5176  +	if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
         5177  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
         5178  +
         5179  +		cackey_mutex_unlock(cackey_biglock);
         5180  +
         5181  +		return(CKR_GENERAL_ERROR);
         5182  +	}
         5183  +
         5184  +	if (cackey_slots[slotID].active == 0) {
         5185  +		CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
         5186  +
         5187  +		cackey_mutex_unlock(cackey_biglock);
         5188  +
         5189  +		return(CKR_GENERAL_ERROR);
         5190  +	}
         5191  +
         5192  +	if (cackey_pin_command != NULL) {
         5193  +		/* Get old PIN */
         5194  +		get_pin_ret = cackey_get_pin(oldpinbuf);
         5195  +
         5196  +		if (get_pin_ret != CACKEY_PCSC_S_OK) {
         5197  +			CACKEY_DEBUG_PRINTF("Error while getting Old PIN, returning CKR_PIN_INCORRECT.");
         5198  +
         5199  +			cackey_mutex_unlock(cackey_biglock);
         5200  +			
         5201  +			return(CKR_PIN_INCORRECT);
         5202  +		}
         5203  +
         5204  +		pOldPin = (CK_UTF8CHAR_PTR) oldpinbuf;
         5205  +		ulOldPinLen = strlen(oldpinbuf);
         5206  +
         5207  +		/* Get new PIN */
         5208  +		get_pin_ret = cackey_get_pin(newpinbuf);
         5209  +
         5210  +		if (get_pin_ret != CACKEY_PCSC_S_OK) {
         5211  +			CACKEY_DEBUG_PRINTF("Error while getting New PIN, returning CKR_PIN_INVALID.");
         5212  +
         5213  +			cackey_mutex_unlock(cackey_biglock);
         5214  +			
         5215  +			return(CKR_PIN_INVALID);
         5216  +		}
         5217  +
         5218  +		pNewPin = (CK_UTF8CHAR_PTR) newpinbuf;
         5219  +		ulNewPinLen = strlen(newpinbuf);
         5220  +	}
         5221  +
         5222  +	if (pOldPin == NULL) {
         5223  +		CACKEY_DEBUG_PRINTF("Old PIN value is wrong (null).");
         5224  +
         5225  +		cackey_mutex_unlock(cackey_biglock);
         5226  +
         5227  +		return(CKR_PIN_INCORRECT);
         5228  +	}
         5229  +
         5230  +	if (ulOldPinLen == 0 || ulOldPinLen > 8) {
         5231  +		CACKEY_DEBUG_PRINTF("Old PIN length is wrong: %lu.", (unsigned long) ulOldPinLen);
         5232  +
         5233  +		cackey_mutex_unlock(cackey_biglock);
         5234  +
         5235  +		return(CKR_PIN_INCORRECT);
         5236  +	}
         5237  +
         5238  +	if (pNewPin == NULL) {
         5239  +		CACKEY_DEBUG_PRINTF("New PIN value is wrong (either NULL, or too long/short).");
         5240  +
         5241  +		cackey_mutex_unlock(cackey_biglock);
         5242  +
         5243  +		return(CKR_PIN_INVALID);
         5244  +	}
         5245  +
         5246  +	if (ulNewPinLen < 5 || ulNewPinLen > 8) {
         5247  +		CACKEY_DEBUG_PRINTF("New PIN length is wrong: %lu, must be atleast 5 and no more than 8.", (unsigned long) ulNewPinLen);
         5248  +
         5249  +		cackey_mutex_unlock(cackey_biglock);
         5250  +
         5251  +		return(CKR_PIN_LEN_RANGE);
         5252  +	}
         5253  +
         5254  +	set_pin_ret = cackey_set_pin(&cackey_slots[slotID], pOldPin, ulOldPinLen, pNewPin, ulNewPinLen);
         5255  +
         5256  +	if (set_pin_ret != CACKEY_PCSC_S_OK) {
         5257  +		if (cackey_pin_command == NULL) {
         5258  +			cackey_slots[slotID].token_flags |= CKF_LOGIN_REQUIRED;
         5259  +		}
         5260  +
         5261  +		if (set_pin_ret == CACKEY_PCSC_E_LOCKED) {
         5262  +			cackey_slots[slotID].token_flags |= CKF_USER_PIN_LOCKED;
         5263  +		}
         5264  +	}
         5265  +
         5266  +	mutex_retval = cackey_mutex_unlock(cackey_biglock);
         5267  +	if (mutex_retval != 0) {
         5268  +		CACKEY_DEBUG_PRINTF("Error.  Unlocking failed.");
         5269  +
         5270  +		return(CKR_GENERAL_ERROR);
         5271  +	}
         5272  +
         5273  +	switch (set_pin_ret) {
         5274  +		case CACKEY_PCSC_S_OK:
         5275  +			CACKEY_DEBUG_PRINTF("Successfully set PIN.");
         5276  +
         5277  +			return(CKR_OK);
         5278  +		case CACKEY_PCSC_E_BADPIN:
         5279  +			CACKEY_DEBUG_PRINTF("PIN was invalid.");
         5280  +
         5281  +			return(CKR_PIN_INVALID);
         5282  +		case CACKEY_PCSC_E_LOCKED:
         5283  +			CACKEY_DEBUG_PRINTF("Token is locked or this change is not permitted.");
         5284  +
         5285  +			return(CKR_PIN_LOCKED);
         5286  +		default:
         5287  +			CACKEY_DEBUG_PRINTF("Something else went wrong changing the PIN: %i", set_pin_ret);
         5288  +
         5289  +			return(CKR_GENERAL_ERROR);
         5290  +	}
         5291  +
         5292  +	return(CKR_GENERAL_ERROR);
  4920   5293   }
  4921   5294   
  4922   5295   CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
  4923   5296   	unsigned long idx;
  4924   5297   	int mutex_retval;
  4925   5298   	int found_session = 0;
  4926   5299   
................................................................................
  5200   5573   	CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
  5201   5574   
  5202   5575   	return(CKR_FUNCTION_NOT_SUPPORTED);
  5203   5576   }
  5204   5577   
  5205   5578   CK_DEFINE_FUNCTION(CK_RV, _C_LoginMutexArg)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, int lock_mutex) {
  5206   5579   	CK_SLOT_ID slotID;
  5207         -	FILE *pinfd;
  5208         -	char *pincmd, pinbuf[64], *fgets_ret;
         5580  +	cackey_ret get_pin_ret;
         5581  +	char pinbuf[64];
  5209   5582   	int mutex_retval;
  5210   5583   	int tries_remaining;
  5211   5584   	int login_ret;
  5212         -	int pclose_ret;
  5213   5585   
  5214   5586   	CACKEY_DEBUG_PRINTF("Called.");
  5215   5587   
  5216   5588   	if (!cackey_initialized) {
  5217   5589   		CACKEY_DEBUG_PRINTF("Error.  Not initialized.");
  5218   5590   
  5219   5591   		return(CKR_CRYPTOKI_NOT_INITIALIZED);
................................................................................
  5268   5640   		if (lock_mutex) {
  5269   5641   			cackey_mutex_unlock(cackey_biglock);
  5270   5642   		}
  5271   5643   
  5272   5644   		return(CKR_GENERAL_ERROR);
  5273   5645   	}
  5274   5646   
  5275         -	pincmd = cackey_pin_command;
  5276         -	if (pincmd != NULL) {
  5277         -		CACKEY_DEBUG_PRINTF("CACKEY_PIN_COMMAND = %s", pincmd);
  5278         -
         5647  +	if (cackey_pin_command != NULL) {
  5279   5648   		if (pPin != NULL) {
  5280   5649   			CACKEY_DEBUG_PRINTF("Protected authentication path in effect and PIN provided !?");
  5281   5650   		}
  5282   5651   
  5283         -		pinfd = popen(pincmd, "r");
  5284         -		if (pinfd == NULL) {
  5285         -			CACKEY_DEBUG_PRINTF("Error.  %s: Unable to run", pincmd);
         5652  +		get_pin_ret = cackey_get_pin(pinbuf);
         5653  +
         5654  +		if (get_pin_ret != CACKEY_PCSC_S_OK) {
         5655  +			CACKEY_DEBUG_PRINTF("cackey_get_pin() returned in failure, assuming the PIN was incorrect.");
  5286   5656   
  5287   5657   			if (lock_mutex) {
  5288   5658   				cackey_mutex_unlock(cackey_biglock);
  5289   5659   			}
  5290   5660   
  5291         -			CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT);
  5292         -
  5293   5661   			return(CKR_PIN_INCORRECT);
  5294   5662   		}
  5295   5663   
  5296         -		fgets_ret = fgets(pinbuf, sizeof(pinbuf), pinfd);
  5297         -		if (fgets_ret == NULL) {
  5298         -			pinbuf[0] = '\0';
  5299         -		}
  5300         -
  5301         -		pclose_ret = pclose(pinfd);
  5302         -		if (pclose_ret != 0) {
  5303         -			CACKEY_DEBUG_PRINTF("Error.  %s: exited with non-zero status of %i", pincmd, pclose_ret);
  5304         -
  5305         -			if (lock_mutex) {
  5306         -				cackey_mutex_unlock(cackey_biglock);
  5307         -			}
  5308         -
  5309         -			CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT);
  5310         -
  5311         -			return(CKR_PIN_INCORRECT);
  5312         -		}
  5313         -
  5314         -		if (strlen(pinbuf) < 1) {
  5315         -			CACKEY_DEBUG_PRINTF("Error.  %s: returned no data", pincmd);
  5316         -
  5317         -			if (lock_mutex) {
  5318         -				cackey_mutex_unlock(cackey_biglock);
  5319         -			}
  5320         -
  5321         -			CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT);
  5322         -
  5323         -			return(CKR_PIN_INCORRECT);
  5324         -		}
  5325         -
  5326         -		if (pinbuf[strlen(pinbuf) - 1] == '\n') {
  5327         -			pinbuf[strlen(pinbuf) - 1] = '\0';
  5328         -		}
  5329         -
  5330   5664   		pPin = (CK_UTF8CHAR_PTR) pinbuf;
  5331   5665   		ulPinLen = strlen(pinbuf);
  5332   5666   	}
  5333   5667   
  5334   5668   	login_ret = cackey_login(&cackey_slots[slotID], pPin, ulPinLen, &tries_remaining);
  5335   5669   	if (login_ret != CACKEY_PCSC_S_OK) {
  5336   5670   		if (lock_mutex) {

Modified cackey_builtin_certs.h from [954ba4d224] to [cffe24d77b].

cannot compute difference between binary files

Modified configure.ac from [b130174bba] to [60c4628f66].

     1         -AC_INIT(cackey, 0.7.0) 
            1  +AC_INIT(cackey, 0.7.3) 
     2      2   AC_CONFIG_HEADERS(config.h)
     3      3   
     4      4   dnl Locate standard tools
     5      5   AC_PROG_CC
     6      6   AC_PROG_MAKE_SET
     7      7   AC_PROG_INSTALL
     8      8   AC_AIX