--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/cackey/patches/05-cackey.c.patch Fri Jun 24 11:30:54 2016 -0700
@@ -0,0 +1,2121 @@
+In-house patch created to clear any merge conflicts from source in archive
+repo to build properly on Solaris.
+
+--- CACKey-0.7.4/cackey.c 2016-05-19 14:16:48.230399914 -0400
++++ CACKey-0.7.4/cackey.c 2015-07-16 12:20:20.000000000 -0400
+@@ -35,13 +35,10 @@
+ #ifdef HAVE_STDIO_H
+ # include <stdio.h>
+ #endif
+-<<<<<<< HEAD
+-=======
+ #define HAVE_ERRNO_H 1
+ #ifdef HAVE_ERRNO_H
+ # include <errno.h>
+ #endif
+->>>>>>> trunk
+ #ifdef HAVE_ZLIB_H
+ # ifdef HAVE_LIBZ
+ # include <zlib.h>
+@@ -51,12 +48,9 @@
+ # undef HAVE_LIBZ
+ # endif
+ #endif
+-<<<<<<< HEAD
+-=======
+ #ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
+ # include <sys/time.h>
+ #endif
+->>>>>>> trunk
+
+ #define CK_PTR *
+ #define CK_DEFINE_FUNCTION(returnType, name) returnType name
+@@ -73,17 +67,6 @@
+ #include "sha1.h"
+ #include "md5.h"
+
+-<<<<<<< HEAD
+-/*
+- * Include these source files in this translation unit so that we can bind to
+- * functions and not include any symbols in the output shared object.
+- */
+-#include "asn1-x509.c"
+-#include "sha1.c"
+-#include "md5.c"
+-
+-=======
+->>>>>>> trunk
+ #ifndef CACKEY_CRYPTOKI_VERSION_CODE
+ # define CACKEY_CRYPTOKI_VERSION_CODE 0x021e00
+ #endif
+@@ -102,10 +85,7 @@
+ #define GSCIS_INSTR_GET_CHALLENGE 0x84
+ #define GSCIS_INSTR_INTERNAL_AUTH 0x88
+ #define GSCIS_INSTR_VERIFY 0x20
+-<<<<<<< HEAD
+-=======
+ #define GSCIS_INSTR_CHANGE_REFERENCE 0x24
+->>>>>>> trunk
+ #define GSCIS_INSTR_SIGN 0x2A
+ #define GSCIS_INSTR_GET_PROP 0x56
+ #define GSCIS_INSTR_GET_ACR 0x4C
+@@ -173,13 +153,10 @@
+ #define GSCIS_TAG_SECURITY_CODE 0x57
+ #define GSCIS_TAG_CARDID_AID 0x58
+
+-<<<<<<< HEAD
+-=======
+ /*** PIV Codes ***/
+ #define NISTSP800_73_3_INSTR_GET_DATA 0xCB
+ #define NISTSP800_73_3_INSTR_GENAUTH 0x87
+
+->>>>>>> trunk
+ /*** PKI Information - EF 7000 ***/
+ #define GSCIS_TAG_CERTIFICATE 0x70
+ #define GSCIS_TAG_CERT_ISSUE_DATE 0x71
+@@ -187,8 +164,6 @@
+
+ /** Applet IDs **/
+ #define GSCIS_AID_CCC 0xA0, 0x00, 0x00, 0x01, 0x16, 0xDB, 0x00
+-<<<<<<< HEAD
+-=======
+ #define NISTSP800_73_3_PIV_AID 0xA0, 0x00, 0x00, 0x03, 0x08, 0x00, 0x00, 0x10, 0x00, 0x01, 0x00
+
+ /* PIV IDs */
+@@ -207,7 +182,6 @@
+ #define NISTSP800_73_3_OID_SIGNATURE 0x5F, 0xC1, 0x0A
+ #define NISTSP800_73_3_OID_KEYMGT 0x5F, 0xC1, 0x0B
+ #define NISTSP800_73_3_OID_CARDAUTH 0x5F, 0xC1, 0x01
+->>>>>>> trunk
+
+ /* Maximum size of data portion of APDUs */
+ /** Do not set this above 250 **/
+@@ -222,17 +196,6 @@
+ # ifdef HAVE_TIME_H
+ # include <time.h>
+ static time_t cackey_debug_start_time = 0;
+-<<<<<<< HEAD
+-# define CACKEY_DEBUG_PRINTTIME { if (cackey_debug_start_time == 0) { cackey_debug_start_time = time(NULL); }; fprintf(cackey_debug_fd(), "[%lu]: ", (unsigned long) (time(NULL) - cackey_debug_start_time)); }
+-# else
+-# define CACKEY_DEBUG_PRINTTIME /**/
+-# endif
+-
+-# define CACKEY_DEBUG_PRINTF(x...) { CACKEY_DEBUG_PRINTTIME; fprintf(cackey_debug_fd(), "%s():%i: ", __func__, __LINE__); fprintf(cackey_debug_fd(), x); fprintf(cackey_debug_fd(), "\n"); fflush(cackey_debug_fd()); }
+-# define CACKEY_DEBUG_PRINTBUF(f, x, y) { unsigned char *TMPBUF; unsigned long idx; TMPBUF = (unsigned char *) (x); CACKEY_DEBUG_PRINTTIME; fprintf(cackey_debug_fd(), "%s():%i: %s (%s/%lu = {%02x", __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0]); for (idx = 1; idx < (y); idx++) { fprintf(cackey_debug_fd(), ", %02x", TMPBUF[idx]); }; fprintf(cackey_debug_fd(), "})\n"); fflush(cackey_debug_fd()); }
+-# define CACKEY_DEBUG_PERROR(x) { fprintf(cackey_debug_fd(), "%s():%i: ", __func__, __LINE__); CACKEY_DEBUG_PRINTTIME; perror(x); fflush(cackey_debug_fd()); }
+-# define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", x, #x); free(x); }
+-=======
+ static unsigned long CACKEY_DEBUG_GETTIME(void) {
+ if (cackey_debug_start_time == 0) {
+ cackey_debug_start_time = time(NULL);
+@@ -254,17 +217,16 @@
+ fflush(cackey_debug_fd()); \
+ }
+ # define CACKEY_DEBUG_PRINTBUF(f, x, y) { \
+- static char buf_user[4096] = {0}, *buf_user_p, *buf_user_print; \
++ static char buf_user[4096] = {0}, *buf_user_p; \
+ unsigned long buf_user_size; \
+ unsigned char *TMPBUF; \
+ unsigned long idx; \
+ int snprintf_ret; \
+ TMPBUF = (unsigned char *) (x); \
+ buf_user[0] = 0; \
+- buf_user[2] = 0; \
+ buf_user_p = buf_user; \
+ buf_user_size = sizeof(buf_user); \
+- for (idx = 0; idx < (y); idx++) { \
++ for (idx = 1; idx < (y); idx++) { \
+ if (buf_user_size <= 0) { \
+ break; \
+ }; \
+@@ -276,12 +238,10 @@
+ buf_user_size -= snprintf_ret; \
+ }; \
+ buf_user[sizeof(buf_user) - 1] = '\0'; \
+- buf_user_print = buf_user + 2; \
+- fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s (%s/%lu = {%s})\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, f, #x, (unsigned long) (y), buf_user_print); \
++ fprintf(cackey_debug_fd(), "[%lu]: %s():%i: %s (%s/%lu = {%02x%s})\n", CACKEY_DEBUG_GETTIME(), __func__, __LINE__, f, #x, (unsigned long) (y), TMPBUF[0], buf_user); \
+ fflush(cackey_debug_fd()); \
+ }
+ # define free(x) { CACKEY_DEBUG_PRINTF("FREE(%p) (%s)", (void *) x, #x); free(x); }
+->>>>>>> trunk
+
+ static FILE *cackey_debug_fd(void) {
+ static FILE *fd = NULL;
+@@ -309,15 +269,12 @@
+ }
+ }
+
+-<<<<<<< HEAD
+-=======
+ #ifdef CACKEY_DEBUG_LOGFILE
+ if (logfile == NULL) {
+ logfile = CACKEY_DEBUG_LOGFILE;
+ }
+ #endif
+
+->>>>>>> trunk
+ if (logfile != NULL) {
+ CACKEY_DEBUG_PRINTF("Found log file: %s", logfile);
+
+@@ -331,11 +288,7 @@
+ if (fd == stderr) {
+ CACKEY_DEBUG_PRINTF("Returning stderr");
+ } else {
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Returning %p", fd);
+-=======
+ CACKEY_DEBUG_PRINTF("Returning %p", (void *) fd);
+->>>>>>> trunk
+ }
+
+ return(fd);
+@@ -346,14 +299,7 @@
+
+ retval = malloc(size);
+
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTTIME;
+- fprintf(cackey_debug_fd(), "%s():%i: ", func, line);
+- fprintf(cackey_debug_fd(), "MALLOC() = %p", retval);
+- fprintf(cackey_debug_fd(), "\n");
+-=======
+ fprintf(cackey_debug_fd(), "[%lu]: %s():%i: MALLOC() = %p\n", CACKEY_DEBUG_GETTIME(), func, line, retval);
+->>>>>>> trunk
+ fflush(cackey_debug_fd());
+
+ return(retval);
+@@ -365,14 +311,7 @@
+ retval = realloc(ptr, size);
+
+ if (retval != ptr) {
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTTIME;
+- fprintf(cackey_debug_fd(), "%s():%i: ", func, line);
+- fprintf(cackey_debug_fd(), "REALLOC(%p) = %p", ptr, retval);
+- fprintf(cackey_debug_fd(), "\n");
+-=======
+ fprintf(cackey_debug_fd(), "[%lu]: %s():%i: REALLOC(%p) = %p\n", CACKEY_DEBUG_GETTIME(), func, line, ptr, retval);
+->>>>>>> trunk
+ fflush(cackey_debug_fd());
+ }
+
+@@ -388,14 +327,7 @@
+
+ retval = strdup(ptr);
+
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTTIME;
+- fprintf(cackey_debug_fd(), "%s():%i: ", func, line);
+- fprintf(cackey_debug_fd(), "STRDUP_MALLOC() = %p", retval);
+- fprintf(cackey_debug_fd(), "\n");
+-=======
+ fprintf(cackey_debug_fd(), "[%lu]: %s():%i: STRDUP_MALLOC() = %p\n", CACKEY_DEBUG_GETTIME(), func, line, retval);
+->>>>>>> trunk
+ fflush(cackey_debug_fd());
+
+ return(retval);
+@@ -777,10 +709,6 @@
+ #else
+ # define CACKEY_DEBUG_PRINTF(x...) /**/
+ # define CACKEY_DEBUG_PRINTBUF(f, x, y) /**/
+-<<<<<<< HEAD
+-# define CACKEY_DEBUG_PERROR(x) /**/
+-=======
+->>>>>>> trunk
+ # define CACKEY_DEBUG_FUNC_TAG_TO_STR(x) "DEBUG_DISABLED"
+ # define CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(x) "DEBUG_DISABLED"
+ # define CACKEY_DEBUG_FUNC_OBJID_TO_STR(x) "DEBUG_DISABLED"
+@@ -788,11 +716,6 @@
+ # define CACKEY_DEBUG_FUNC_ATTRIBUTE_TO_STR(x) "DEBUG_DISABLED"
+ #endif
+
+-<<<<<<< HEAD
+-struct cackey_pcsc_identity {
+- unsigned char applet[7];
+- uint16_t file;
+-=======
+ /*
+ * Include these source files in this translation unit so that we can bind to
+ * functions and not include any symbols in the output shared object.
+@@ -809,14 +732,11 @@
+
+ struct cackey_pcsc_identity {
+ cackey_pcsc_id_type id_type;
+->>>>>>> trunk
+
+ size_t certificate_len;
+ unsigned char *certificate;
+
+ ssize_t keysize;
+-<<<<<<< HEAD
+-=======
+
+ union {
+ struct {
+@@ -829,7 +749,6 @@
+ char label[32];
+ } piv;
+ } card;
+->>>>>>> trunk
+ };
+
+ struct cackey_identity {
+@@ -874,10 +793,7 @@
+
+ struct cackey_slot {
+ int active;
+-<<<<<<< HEAD
+-=======
+ int internal;
+->>>>>>> trunk
+
+ char *pcsc_reader;
+
+@@ -894,12 +810,9 @@
+ unsigned char *label;
+
+ DWORD protocol;
+-<<<<<<< HEAD
+-=======
+
+ unsigned int cached_certs_count;
+ struct cackey_pcsc_identity *cached_certs;
+->>>>>>> trunk
+ };
+
+ typedef enum {
+@@ -931,12 +844,7 @@
+ CACKEY_PCSC_E_LOCKED = -3,
+ CACKEY_PCSC_E_NEEDLOGIN = -4,
+ CACKEY_PCSC_E_TOKENABSENT = -6,
+-<<<<<<< HEAD
+ CACKEY_PCSC_E_RETRY = -7
+-=======
+- CACKEY_PCSC_E_RETRY = -7,
+- CACKEY_PCSC_E_NODATA = -8
+->>>>>>> trunk
+ } cackey_ret;
+
+ struct cackey_tlv_cardurl {
+@@ -974,19 +882,11 @@
+ #include "cackey_builtin_certs.h"
+ };
+
+-<<<<<<< HEAD
+-=======
+-#define CACKEY_MACRO_DEFAULT_XSTR(str) CACKEY_MACRO_DEFAULT_STR(str)
+-#define CACKEY_MACRO_DEFAULT_STR(str) #str
+-
+ /* Protected Authentication Path command */
++#define CACKEY_PIN_COMMAND_DEFAULT_XSTR(str) CACKEY_PIN_COMMAND_DEFAULT_STR(str)
++#define CACKEY_PIN_COMMAND_DEFAULT_STR(str) #str
+ static char *cackey_pin_command = NULL;
+
+-/* Reader Exclusion or Include-only */
+-static char *cackey_readers_include_only = NULL;
+-static char *cackey_readers_exclude = NULL;
+-
+->>>>>>> trunk
+ /* PCSC Global Handles */
+ static LPSCARDCONTEXT cackey_pcsc_handle = NULL;
+
+@@ -1046,14 +946,11 @@
+ CACKEY_DEBUG_PRINTF("Called.");
+
+ for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
+-<<<<<<< HEAD
+-=======
+ if (cackey_slots[idx].internal) {
+ /* Skip internal slots */
+ continue;
+ }
+
+->>>>>>> trunk
+ if (cackey_slots[idx].pcsc_card_connected) {
+ CACKEY_DEBUG_PRINTF("SCardDisconnect(%lu) called", (unsigned long) idx);
+
+@@ -1226,15 +1123,11 @@
+
+ slot->slot_reset = 1;
+ slot->pcsc_card_connected = 0;
+-<<<<<<< HEAD
+- slot->token_flags = CKF_LOGIN_REQUIRED;
+-=======
+ if (cackey_pin_command == NULL) {
+ slot->token_flags = CKF_LOGIN_REQUIRED;
+ } else {
+ slot->token_flags = 0;
+ }
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Returning.");
+
+@@ -1243,11 +1136,7 @@
+
+ /*
+ * SYNPOSIS
+-<<<<<<< HEAD
+- * LONG cackey_reconnect_card(struct cackey_slot *slot, DWORD default_protocol, LPDWORD selected_protocol);
+-=======
+ * LONG cackey_reconnect_card(struct cackey_slot *slot, DWORD default_protocol);
+->>>>>>> trunk
+ *
+ * ARGUMENTS
+ * cackey_slot *slot
+@@ -1256,12 +1145,6 @@
+ * DWORD default_protocol
+ * Protocol to attempt first
+ *
+-<<<<<<< HEAD
+- * LPDWORD selected_protocol
+- * [OUT] Protocol selected
+- *
+-=======
+->>>>>>> trunk
+ * RETURN VALUE
+ * The return value from SCardReconnect()
+ *
+@@ -1274,23 +1157,6 @@
+ * that T=1.
+ *
+ */
+-<<<<<<< HEAD
+-static LONG cackey_reconnect_card(struct cackey_slot *slot, DWORD default_protocol, LPDWORD selected_protocol) {
+- LONG scard_conn_ret;
+-
+- scard_conn_ret = SCardReconnect(slot->pcsc_card, SCARD_SHARE_SHARED, default_protocol, SCARD_RESET_CARD, selected_protocol);
+-
+- if (scard_conn_ret == SCARD_E_PROTO_MISMATCH) {
+- CACKEY_DEBUG_PRINTF("SCardReconnect() returned SCARD_E_PROTO_MISMATCH, trying with just T=0")
+- scard_conn_ret = SCardReconnect(slot->pcsc_card, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0, SCARD_RESET_CARD, selected_protocol);
+-
+- if (scard_conn_ret == SCARD_E_PROTO_MISMATCH) {
+- CACKEY_DEBUG_PRINTF("SCardReconnect() returned SCARD_E_PROTO_MISMATCH, trying with just T=1")
+- scard_conn_ret = SCardReconnect(slot->pcsc_card, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T1, SCARD_RESET_CARD, selected_protocol);
+- }
+- }
+-
+-=======
+ static LONG cackey_reconnect_card(struct cackey_slot *slot, DWORD default_protocol) {
+ DWORD selected_protocol;
+ LONG scard_conn_ret;
+@@ -1313,7 +1179,6 @@
+ slot->protocol = selected_protocol;
+ }
+
+->>>>>>> trunk
+ return(scard_conn_ret);
+ }
+
+@@ -1355,11 +1220,7 @@
+
+ /* Connect to reader, if needed */
+ if (!slot->pcsc_card_connected) {
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("SCardConnect(%s) called", slot->pcsc_reader);
+-=======
+ CACKEY_DEBUG_PRINTF("SCardConnect(%s) called for slot %p", slot->pcsc_reader, slot);
+->>>>>>> trunk
+ scard_conn_ret = SCardConnect(*cackey_pcsc_handle, slot->pcsc_reader, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &slot->pcsc_card, &protocol);
+
+ if (scard_conn_ret == SCARD_E_PROTO_MISMATCH) {
+@@ -1387,11 +1248,7 @@
+ }
+ }
+
+-<<<<<<< HEAD
+- scard_conn_ret = cackey_reconnect_card(slot, protocol, &protocol);
+-=======
+ scard_conn_ret = cackey_reconnect_card(slot, protocol);
+->>>>>>> trunk
+ }
+
+ if (scard_conn_ret != SCARD_S_SUCCESS) {
+@@ -1406,11 +1263,8 @@
+ slot->protocol = protocol;
+ }
+
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Returning in success");
+
+->>>>>>> trunk
+ return(CACKEY_PCSC_S_OK);
+ }
+
+@@ -1587,12 +1441,6 @@
+ * CACKEY_PCSC_E_GENERIC On error
+ * CACKEY_PCSC_E_TOKENABSENT If the sending failed because the token is
+ * absent
+-<<<<<<< HEAD
+-=======
+- * CACKEY_PCSC_E_RETRY If something that looks retry'able went
+- * wrong -- try the whole transaction over
+- * again
+->>>>>>> trunk
+ *
+ * NOTES
+ * This function will connect to the PC/SC Connection Manager via
+@@ -1603,18 +1451,10 @@
+ * goes away.
+ *
+ */
+-<<<<<<< HEAD
+-static cackey_ret cackey_send_apdu(struct cackey_slot *slot, unsigned char class, unsigned char instruction, unsigned char p1, unsigned char p2, unsigned char lc, unsigned char *data, unsigned char le, uint16_t *respcode, unsigned char *respdata, size_t *respdata_len) {
+- uint8_t major_rc, minor_rc;
+- size_t bytes_to_copy, tmp_respdata_len;
+- LPCSCARD_IO_REQUEST pioSendPci;
+- DWORD protocol;
+-=======
+ static cackey_ret cackey_send_apdu(struct cackey_slot *slot, unsigned char class, unsigned char instruction, unsigned char p1, unsigned char p2, unsigned int lc, unsigned char *data, unsigned int le, uint16_t *respcode, unsigned char *respdata, size_t *respdata_len) {
+ uint8_t major_rc, minor_rc;
+ size_t bytes_to_copy, tmp_respdata_len;
+ LPCSCARD_IO_REQUEST pioSendPci;
+->>>>>>> trunk
+ DWORD xmit_len, recv_len;
+ LONG scard_xmit_ret, scard_reconn_ret;
+ BYTE xmit_buf[1024], recv_buf[1024];
+@@ -1639,20 +1479,14 @@
+ /* Determine which protocol to send using */
+ switch (slot->protocol) {
+ case SCARD_PROTOCOL_T0:
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Protocol to send datagram is T=0");
+
+->>>>>>> trunk
+ pioSendPci = SCARD_PCI_T0;
+
+ break;
+ case SCARD_PROTOCOL_T1:
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Protocol to send datagram is T=1");
+
+->>>>>>> trunk
+ pioSendPci = SCARD_PCI_T1;
+
+ break;
+@@ -1669,9 +1503,6 @@
+ xmit_buf[xmit_len++] = p1;
+ xmit_buf[xmit_len++] = p2;
+ if (data) {
+-<<<<<<< HEAD
+- xmit_buf[xmit_len++] = lc;
+-=======
+ if (lc > 255) {
+ CACKEY_DEBUG_PRINTF("CAUTION! Using an Lc greater than 255 is untested. Lc = %u", lc);
+
+@@ -1681,16 +1512,12 @@
+ } else {
+ xmit_buf[xmit_len++] = lc;
+ }
+->>>>>>> trunk
+ for (idx = 0; idx < lc; idx++) {
+ xmit_buf[xmit_len++] = data[idx];
+ }
+ }
+
+ if (le != 0x00) {
+-<<<<<<< HEAD
+- xmit_buf[xmit_len++] = le;
+-=======
+ if (le > 256) {
+ CACKEY_DEBUG_PRINTF("CAUTION! Using an Le greater than 256 is untested. Le = %u", le);
+
+@@ -1702,17 +1529,12 @@
+ } else {
+ xmit_buf[xmit_len++] = le;
+ }
+->>>>>>> trunk
+ }
+
+ /* Begin Smartcard Transaction */
+ cackey_begin_transaction(slot);
+
+-<<<<<<< HEAD
+- if (class == GSCIS_CLASS_ISO7816 && instruction == GSCIS_INSTR_VERIFY && p1 == 0x00 && p2 == 0x00) {
+-=======
+ if (class == GSCIS_CLASS_ISO7816 && (instruction == GSCIS_INSTR_VERIFY || instruction == GSCIS_INSTR_CHANGE_REFERENCE) && p1 == 0x00) {
+->>>>>>> trunk
+ CACKEY_DEBUG_PRINTF("Sending APDU: <<censored>>");
+ } else {
+ CACKEY_DEBUG_PRINTBUF("Sending APDU:", xmit_buf, xmit_len);
+@@ -1727,11 +1549,8 @@
+ /* Begin Smartcard Transaction */
+ cackey_end_transaction(slot);
+
+-<<<<<<< HEAD
+-=======
+ cackey_reconnect_card(slot, slot->protocol);
+
+->>>>>>> trunk
+ return(CACKEY_PCSC_E_RETRY);
+ }
+
+@@ -1744,17 +1563,9 @@
+ if (scard_xmit_ret == SCARD_W_RESET_CARD) {
+ CACKEY_DEBUG_PRINTF("Reset required, please hold...");
+
+-<<<<<<< HEAD
+- scard_reconn_ret = cackey_reconnect_card(slot, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &protocol);
+-
+- if (scard_reconn_ret == SCARD_S_SUCCESS) {
+- /* Update protocol */
+- slot->protocol = protocol;
+-=======
+ scard_reconn_ret = cackey_reconnect_card(slot, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1);
+
+ if (scard_reconn_ret == SCARD_S_SUCCESS) {
+->>>>>>> trunk
+ switch (slot->protocol) {
+ case SCARD_PROTOCOL_T0:
+ pioSendPci = SCARD_PCI_T0;
+@@ -1831,16 +1642,7 @@
+ /* End Smartcard Transaction */
+ cackey_end_transaction(slot);
+
+-<<<<<<< HEAD
+ return(CACKEY_PCSC_E_GENERIC);
+-=======
+- /* Supply an invalid response code */
+- if (respcode) {
+- *respcode = 0;
+- }
+-
+- return(CACKEY_PCSC_E_NODATA);
+->>>>>>> trunk
+ }
+
+ /* Determine result code */
+@@ -1927,8 +1729,6 @@
+ return(CACKEY_PCSC_E_GENERIC);
+ }
+
+-<<<<<<< HEAD
+-=======
+ static unsigned char *cackey_read_bertlv_tag(unsigned char *buffer, size_t *buffer_len_p, unsigned char tag, unsigned char *outbuffer, size_t *outbuffer_len_p) {
+ unsigned char *buffer_p;
+ size_t outbuffer_len, buffer_len;
+@@ -2106,7 +1906,6 @@
+ return(size);
+ }
+
+->>>>>>> trunk
+ /*
+ * SYNPOSIS
+ * ssize_t cackey_read_buffer(struct cackey_slot *slot, unsigned char *buffer, size_t count, unsigned char t_or_v, size_t initial_offset);
+@@ -2584,8 +2383,6 @@
+ return;
+ }
+
+-<<<<<<< HEAD
+-=======
+ static struct cackey_pcsc_identity *cackey_copy_certs(struct cackey_pcsc_identity *dest, struct cackey_pcsc_identity *start, size_t count) {
+ size_t idx;
+
+@@ -2622,7 +2419,6 @@
+ return(dest);
+ }
+
+->>>>>>> trunk
+ /*
+ * SYNPOSIS
+ * ...
+@@ -2640,14 +2436,6 @@
+ static struct cackey_pcsc_identity *cackey_read_certs(struct cackey_slot *slot, struct cackey_pcsc_identity *certs, unsigned long *count) {
+ struct cackey_pcsc_identity *curr_id;
+ struct cackey_tlv_entity *ccc_tlv, *ccc_curr, *app_tlv, *app_curr;
+-<<<<<<< HEAD
+- unsigned char ccc_aid[] = {GSCIS_AID_CCC};
+- unsigned char curr_aid[7];
+- unsigned long outidx = 0;
+- cackey_ret transaction_ret;
+- int certs_resizable;
+- int send_ret, select_ret;
+-=======
+ unsigned char ccc_aid[] = {GSCIS_AID_CCC}, piv_aid[] = {NISTSP800_73_3_PIV_AID};
+ unsigned char *piv_oid, piv_oid_pivauth[] = {NISTSP800_73_3_OID_PIVAUTH}, piv_oid_signature[] = {NISTSP800_73_3_OID_SIGNATURE}, piv_oid_keymgt[] = {NISTSP800_73_3_OID_KEYMGT};
+ unsigned char curr_aid[7];
+@@ -2665,7 +2453,6 @@
+ int uncompress_ret;
+ z_stream gzip_stream;
+ #endif
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Called.");
+
+@@ -2683,8 +2470,6 @@
+ }
+ }
+
+-<<<<<<< HEAD
+-=======
+ if (!slot->slot_reset) {
+ if (slot->cached_certs) {
+ if (certs == NULL) {
+@@ -2708,7 +2493,6 @@
+ slot->cached_certs = NULL;
+ }
+
+->>>>>>> trunk
+ /* Begin a SmartCard transaction */
+ transaction_ret = cackey_begin_transaction(slot);
+ if (transaction_ret != CACKEY_PCSC_S_OK) {
+@@ -2717,7 +2501,6 @@
+ return(NULL);
+ }
+
+-<<<<<<< HEAD
+ if (certs == NULL) {
+ certs = malloc(sizeof(*certs) * 5);
+ *count = 5;
+@@ -2729,68 +2512,6 @@
+ /* Select the CCC Applet */
+ send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
+ if (send_ret != CACKEY_PCSC_S_OK) {
+- CACKEY_DEBUG_PRINTF("Unable to select CCC Applet, returning in failure");
+-
+- /* Terminate SmartCard Transaction */
+- cackey_end_transaction(slot);
+-
+- return(NULL);
+- }
+-
+- /* Read all the applets from the CCC's TLV */
+- ccc_tlv = cackey_read_tlv(slot);
+-
+- /* Look for CARDURLs that coorespond to PKI applets */
+- for (ccc_curr = ccc_tlv; ccc_curr; ccc_curr = ccc_curr->_next) {
+- CACKEY_DEBUG_PRINTF("Found tag: %s ... ", CACKEY_DEBUG_FUNC_TAG_TO_STR(ccc_curr->tag));
+-
+- if (ccc_curr->tag != GSCIS_TAG_CARDURL) {
+- CACKEY_DEBUG_PRINTF(" ... skipping it (we only care about CARDURLs)");
+-
+- continue;
+- }
+-
+- if ((ccc_curr->value_cardurl->apptype & CACKEY_TLV_APP_PKI) != CACKEY_TLV_APP_PKI) {
+- CACKEY_DEBUG_PRINTF(" ... skipping it (we only care about PKI applets, this applet supports: %s/%02x)", CACKEY_DEBUG_FUNC_APPTYPE_TO_STR(ccc_curr->value_cardurl->apptype), (unsigned int) ccc_curr->value_cardurl->apptype);
+-
+- continue;
+- }
+-
+- CACKEY_DEBUG_PRINTBUF("RID:", ccc_curr->value_cardurl->rid, sizeof(ccc_curr->value_cardurl->rid));
+- CACKEY_DEBUG_PRINTF("AppID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(ccc_curr->value_cardurl->appid), (unsigned long) ccc_curr->value_cardurl->appid);
+- CACKEY_DEBUG_PRINTF("ObjectID = %s/%04lx", CACKEY_DEBUG_FUNC_OBJID_TO_STR(ccc_curr->value_cardurl->objectid), (unsigned long) ccc_curr->value_cardurl->objectid);
+-
+- memcpy(curr_aid, ccc_curr->value_cardurl->rid, sizeof(ccc_curr->value_cardurl->rid));
+- curr_aid[sizeof(curr_aid) - 2] = (ccc_curr->value_cardurl->appid >> 8) & 0xff;
+- curr_aid[sizeof(curr_aid) - 1] = ccc_curr->value_cardurl->appid & 0xff;
+-
+- /* Select found applet ... */
+- select_ret = cackey_select_applet(slot, curr_aid, sizeof(curr_aid));
+- if (select_ret != CACKEY_PCSC_S_OK) {
+- CACKEY_DEBUG_PRINTF("Failed to select applet, skipping processing of this object");
+-
+- continue;
+- }
+-
+- /* ... and object (file) */
+- select_ret = cackey_select_file(slot, ccc_curr->value_cardurl->objectid);
+- if (select_ret != CACKEY_PCSC_S_OK) {
+- CACKEY_DEBUG_PRINTF("Failed to select file, skipping processing of this object");
+-
+- continue;
+- }
+-
+- /* Process this file's TLV looking for certificates */
+- app_tlv = cackey_read_tlv(slot);
+-
+- for (app_curr = app_tlv; app_curr; app_curr = app_curr->_next) {
+- CACKEY_DEBUG_PRINTF("Found tag: %s", CACKEY_DEBUG_FUNC_TAG_TO_STR(app_curr->tag));
+- if (app_curr->tag != GSCIS_TAG_CERTIFICATE) {
+- CACKEY_DEBUG_PRINTF(" ... skipping it (we only care about CERTIFICATEs)");
+-=======
+- /* Select the CCC Applet */
+- send_ret = cackey_select_applet(slot, ccc_aid, sizeof(ccc_aid));
+- if (send_ret != CACKEY_PCSC_S_OK) {
+ /* Try PIV application */
+ send_ret = cackey_select_applet(slot, piv_aid, sizeof(piv_aid));
+ if (send_ret == CACKEY_PCSC_S_OK) {
+@@ -2803,22 +2524,10 @@
+ /* Terminate SmartCard Transaction */
+ cackey_end_transaction(slot);
+
+- if (certs == NULL) {
+- *count = 0;
+- }
+-
+ return(NULL);
+ }
+ }
+
+- if (certs == NULL) {
+- certs = malloc(sizeof(*certs) * 5);
+- *count = 5;
+- certs_resizable = 1;
+- } else {
+- certs_resizable = 0;
+- }
+-
+ if (piv) {
+ for (idx = 0; idx < 3; idx++) {
+ switch (idx) {
+@@ -2867,46 +2576,10 @@
+ curr_id->certificate = NULL;
+
+ outidx--;
+->>>>>>> trunk
+
+ continue;
+ }
+
+-<<<<<<< HEAD
+- curr_id = &certs[outidx];
+- outidx++;
+-
+- memcpy(curr_id->applet, curr_aid, sizeof(curr_id->applet));
+- curr_id->file = ccc_curr->value_cardurl->objectid;
+- curr_id->keysize = -1;
+-
+- CACKEY_DEBUG_PRINTF("Filling curr_id->applet (%p) with %lu bytes:", curr_id->applet, (unsigned long) sizeof(curr_id->applet));
+- CACKEY_DEBUG_PRINTBUF("VAL:", curr_id->applet, sizeof(curr_id->applet));
+-
+- curr_id->certificate_len = app_curr->length;
+-
+- curr_id->certificate = malloc(curr_id->certificate_len);
+- memcpy(curr_id->certificate, app_curr->value, curr_id->certificate_len);
+-
+- if (outidx >= *count) {
+- if (certs_resizable) {
+- *count *= 2;
+- certs = realloc(certs, sizeof(*certs) * (*count));
+- } else {
+- break;
+- }
+- }
+- }
+-
+- cackey_free_tlv(app_tlv);
+-
+- if (outidx >= *count) {
+- break;
+- }
+- }
+-
+- cackey_free_tlv(ccc_tlv);
+-=======
+ #ifdef HAVE_LIBZ
+ if (curr_id->certificate_len > 4) {
+ if (memcmp(curr_id->certificate, "\x1f\x8b\x08\x00", 4) == 0) {
+@@ -3048,21 +2721,13 @@
+
+ cackey_free_tlv(ccc_tlv);
+ }
+->>>>>>> trunk
+
+ *count = outidx;
+
+ if (certs_resizable) {
+-<<<<<<< HEAD
+- certs = realloc(certs, sizeof(*certs) * (*count));
+- }
+-
+-=======
+ if (*count != 0) {
+ certs = realloc(certs, sizeof(*certs) * (*count));
+ } else {
+- free(certs);
+-
+ certs = NULL;
+ }
+ }
+@@ -3070,7 +2735,6 @@
+ slot->cached_certs = cackey_copy_certs(NULL, certs, *count);
+ slot->cached_certs_count = *count;
+
+->>>>>>> trunk
+ /* Terminate SmartCard Transaction */
+ cackey_end_transaction(slot);
+
+@@ -3092,24 +2756,15 @@
+ *
+ */
+ static ssize_t cackey_signdecrypt(struct cackey_slot *slot, struct cackey_identity *identity, unsigned char *buf, size_t buflen, unsigned char *outbuf, size_t outbuflen, int padInput, int unpadOutput) {
+-<<<<<<< HEAD
+- unsigned char *tmpbuf, *tmpbuf_s, *outbuf_s;
+- unsigned char bytes_to_send, p1;
+-=======
+ cackey_pcsc_id_type id_type;
+ unsigned char dyn_auth_template[10], *dyn_auth_tmpbuf;
+ unsigned char *tmpbuf, *tmpbuf_s, *outbuf_s, *outbuf_p;
+ unsigned char bytes_to_send, p1, class;
+->>>>>>> trunk
+ unsigned char blocktype;
+ cackey_ret send_ret;
+ uint16_t respcode;
+ ssize_t retval = 0, unpadoffset;
+-<<<<<<< HEAD
+- size_t tmpbuflen, padlen, tmpoutbuflen;
+-=======
+ size_t tmpbuflen, padlen, tmpoutbuflen, outbuf_len;
+->>>>>>> trunk
+ int free_tmpbuf = 0;
+ int le;
+
+@@ -3145,8 +2800,6 @@
+ return(-1);
+ }
+
+-<<<<<<< HEAD
+-=======
+ id_type = identity->pcsc_identity->id_type;
+ if (id_type == CACKEY_ID_TYPE_CERT_ONLY) {
+ CACKEY_DEBUG_PRINTF("Error. identity->pcsc_identity is CACKEY_ID_TYPE_CERT_ONLY, which cannot be used for sign/decrypt");
+@@ -3164,7 +2817,6 @@
+ return(-1);
+ }
+
+->>>>>>> trunk
+ /* Determine identity Key size */
+ if (identity->pcsc_identity->keysize < 0) {
+ identity->pcsc_identity->keysize = x509_to_keysize(identity->pcsc_identity->certificate, identity->pcsc_identity->certificate_len);
+@@ -3174,11 +2826,7 @@
+ if (padInput) {
+ if (identity->pcsc_identity->keysize > 0) {
+ if (buflen != identity->pcsc_identity->keysize) {
+-<<<<<<< HEAD
+ if (buflen > (identity->pcsc_identity->keysize + 3)) {
+-=======
+- if (buflen > (identity->pcsc_identity->keysize - 3)) {
+->>>>>>> trunk
+ CACKEY_DEBUG_PRINTF("Error. Message is too large to sign/decrypt");
+
+ return(-1);
+@@ -3190,11 +2838,6 @@
+
+ padlen = tmpbuflen - buflen - 3;
+
+-<<<<<<< HEAD
+-=======
+- CACKEY_DEBUG_PRINTF("Need to pad the buffer with %llu bytes (tmpbuflen = %llu, buflen = %llu)", (unsigned long long) padlen, (unsigned long long) tmpbuflen, (unsigned long long) buflen);
+-
+->>>>>>> trunk
+ /* RSA PKCS#1 EMSA-PKCS1-v1_5 Padding */
+ tmpbuf[0] = 0x00;
+ tmpbuf[1] = 0x01;
+@@ -3229,13 +2872,6 @@
+ cackey_begin_transaction(slot);
+
+ /* Select correct applet */
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->applet);
+- cackey_select_applet(slot, identity->pcsc_identity->applet, sizeof(identity->pcsc_identity->applet));
+-
+- /* Select correct file */
+- cackey_select_file(slot, identity->pcsc_identity->file);
+-=======
+ switch (id_type) {
+ case CACKEY_ID_TYPE_CAC:
+ CACKEY_DEBUG_PRINTF("Selecting applet found at %p ...", identity->pcsc_identity->card.cac.applet);
+@@ -3272,29 +2908,10 @@
+ case CACKEY_ID_TYPE_CERT_ONLY:
+ break;
+ }
+->>>>>>> trunk
+
+ tmpbuf_s = tmpbuf;
+ outbuf_s = outbuf;
+ while (tmpbuflen) {
+-<<<<<<< HEAD
+- if (tmpbuflen > 245) {
+- bytes_to_send = 245;
+- p1 = 0x80;
+- le = 0x00;
+- } else {
+- bytes_to_send = tmpbuflen;
+- p1 = 0x00;
+- le = 0x00;
+- }
+-
+- tmpoutbuflen = outbuflen;
+-
+- send_ret = cackey_send_apdu(slot, GSCIS_CLASS_GLOBAL_PLATFORM, GSCIS_INSTR_SIGNDECRYPT, p1, 0x00, bytes_to_send, tmpbuf, le, &respcode, outbuf, &tmpoutbuflen);
+- if (send_ret != CACKEY_PCSC_S_OK) {
+- CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- returning in error.");
+-
+-=======
+ tmpoutbuflen = outbuflen;
+
+ if (tmpbuflen > CACKEY_APDU_MTU) {
+@@ -3332,7 +2949,6 @@
+ }
+
+ if (send_ret != CACKEY_PCSC_S_OK) {
+->>>>>>> trunk
+ if (free_tmpbuf) {
+ if (tmpbuf_s) {
+ free(tmpbuf_s);
+@@ -3342,12 +2958,6 @@
+ /* End transaction */
+ cackey_end_transaction(slot);
+
+-<<<<<<< HEAD
+- if (respcode == 0x6982) {
+- CACKEY_DEBUG_PRINTF("Security status not satisified. Returning NEEDLOGIN");
+-
+- cackey_mark_slot_reset(slot);
+-=======
+ if (send_ret == CACKEY_PCSC_E_RETRY) {
+ CACKEY_DEBUG_PRINTF("ADPU Sending Failed -- retrying.");
+
+@@ -3365,7 +2975,6 @@
+
+ cackey_mark_slot_reset(slot);
+
+->>>>>>> trunk
+ slot->token_flags = CKF_LOGIN_REQUIRED;
+
+ return(CACKEY_PCSC_E_NEEDLOGIN);
+@@ -3375,23 +2984,11 @@
+ CACKEY_DEBUG_PRINTF("Token absent. Returning TOKENABSENT");
+
+ cackey_mark_slot_reset(slot);
+-<<<<<<< HEAD
+- slot->token_flags = CKF_LOGIN_REQUIRED;
+-=======
+->>>>>>> trunk
+
+ return(CACKEY_PCSC_E_TOKENABSENT);
+ }
+
+-<<<<<<< HEAD
+ return(-1);
+-=======
+- CACKEY_DEBUG_PRINTF("Something went wrong during signing, resetting the slot and hoping for the best.");
+-
+- cackey_mark_slot_reset(slot);
+-
+- return(CACKEY_PCSC_E_GENERIC);
+->>>>>>> trunk
+ }
+
+ tmpbuf += bytes_to_send;
+@@ -3423,8 +3020,6 @@
+ # endif
+ #endif
+
+-<<<<<<< HEAD
+-=======
+ /* We must remove the "7C" tag to get to the signature */
+ switch (id_type) {
+ case CACKEY_ID_TYPE_PIV:
+@@ -3454,7 +3049,6 @@
+ break;
+ }
+
+->>>>>>> trunk
+ /* Unpad reply */
+ if (unpadOutput) {
+ if (retval < 3) {
+@@ -3549,90 +3143,20 @@
+ * ...
+ *
+ */
+-<<<<<<< HEAD
+-static cackey_ret cackey_login(struct cackey_slot *slot, unsigned char *pin, unsigned long pin_len, int *tries_remaining_p) {
+- unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+- uint16_t response_code;
+- int tries_remaining;
+- int send_ret;
+-
+- /* Indicate that we do not know about how many tries are remaining */
+- if (tries_remaining_p) {
+- *tries_remaining_p = -1;
+- }
+-
+- /* Apparently, CAC PINs are *EXACTLY* 8 bytes long -- pad with 0xFF if too short */
+- if (pin_len >= 8) {
+- memcpy(cac_pin, pin, 8);
+- } else {
+- memcpy(cac_pin, pin, pin_len);
+- }
+-
+- /* Issue PIN Verify */
+- send_ret = cackey_send_apdu(slot, GSCIS_CLASS_ISO7816, GSCIS_INSTR_VERIFY, 0x00, 0x00, sizeof(cac_pin), cac_pin, 0x00, &response_code, NULL, NULL);
+- if (send_ret != CACKEY_PCSC_S_OK) {
+- if ((response_code & 0x63C0) == 0x63C0) {
+- tries_remaining = (response_code & 0xF);
+-
+- CACKEY_DEBUG_PRINTF("PIN Verification failed, %i tries remaining", tries_remaining);
+-
+- if (tries_remaining_p) {
+- *tries_remaining_p = tries_remaining;
+- }
+-
+- return(CACKEY_PCSC_E_BADPIN);
+- }
+-
+- if (response_code == 0x6983) {
+- CACKEY_DEBUG_PRINTF("PIN Verification failed, device is locked");
+-
+- return(CACKEY_PCSC_E_LOCKED);
+- }
+-
+- return(CACKEY_PCSC_E_GENERIC);
+- }
+-
+- CACKEY_DEBUG_PRINTF("PIN Verification succeeded");
+-
+- return(CACKEY_PCSC_S_OK);
+-}
+-
+-/*
+- * SYNPOSIS
+- * ...
+- *
+- * ARGUMENTS
+- * ...
+- *
+- * RETURN VALUE
+- * ...
+- *
+- * NOTES
+- * ...
+- *
+- */
+-static cackey_ret cackey_token_present(struct cackey_slot *slot) {
+- cackey_ret pcsc_connect_ret;
+- DWORD reader_len, state, protocol, atr_len;
+-=======
+ static cackey_ret cackey_token_present(struct cackey_slot *slot) {
+ cackey_ret pcsc_connect_ret;
+ DWORD reader_len = 0, state = 0, protocol = 0, atr_len;
+->>>>>>> trunk
+ BYTE atr[MAX_ATR_SIZE];
+ LONG status_ret, scard_reconn_ret;
+
+ CACKEY_DEBUG_PRINTF("Called.");
+
+-<<<<<<< HEAD
+-=======
+ if (slot->internal) {
+ CACKEY_DEBUG_PRINTF("Returning token present (internal token)");
+
+ return(CACKEY_PCSC_S_TOKENPRESENT);
+ }
+
+->>>>>>> trunk
+ pcsc_connect_ret = cackey_connect_card(slot);
+ if (pcsc_connect_ret != CACKEY_PCSC_S_OK) {
+ CACKEY_DEBUG_PRINTF("Unable to connect to card, returning token absent");
+@@ -3640,11 +3164,8 @@
+ return(CACKEY_PCSC_E_TOKENABSENT);
+ }
+
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Calling SCardStatus() to determine card status");
+
+->>>>>>> trunk
+ atr_len = sizeof(atr);
+ status_ret = SCardStatus(slot->pcsc_card, NULL, &reader_len, &state, &protocol, atr, &atr_len);
+
+@@ -3659,11 +3180,8 @@
+ return(CACKEY_PCSC_E_TOKENABSENT);
+ }
+
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Calling SCardStatus() again");
+
+->>>>>>> trunk
+ atr_len = sizeof(atr);
+ status_ret = SCardStatus(slot->pcsc_card, NULL, &reader_len, &state, &protocol, atr, &atr_len);
+ }
+@@ -3674,16 +3192,8 @@
+ if (status_ret == SCARD_W_RESET_CARD) {
+ CACKEY_DEBUG_PRINTF("Reset required, please hold...");
+
+-<<<<<<< HEAD
+- scard_reconn_ret = cackey_reconnect_card(slot, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &protocol);
+- if (scard_reconn_ret == SCARD_S_SUCCESS) {
+- /* Update protocol */
+- slot->protocol = protocol;
+-
+-=======
+ scard_reconn_ret = cackey_reconnect_card(slot, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1);
+ if (scard_reconn_ret == SCARD_S_SUCCESS) {
+->>>>>>> trunk
+ /* Re-establish transaction, if it was present */
+ if (slot->transaction_depth > 0) {
+ slot->transaction_depth--;
+@@ -3735,11 +3245,6 @@
+ * ...
+ *
+ */
+-<<<<<<< HEAD
+-static ssize_t cackey_pcsc_identity_to_label(struct cackey_pcsc_identity *identity, unsigned char *label_buf, unsigned long label_buf_len) {
+- unsigned long certificate_len;
+- char *label_asn1;
+-=======
+ static cackey_ret cackey_set_pin(struct cackey_slot *slot, unsigned char *old_pin, unsigned long old_pin_len, unsigned char *pin, unsigned long pin_len) {
+ struct cackey_pcsc_identity *pcsc_identities;
+ unsigned char cac_pin[8] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+@@ -3821,9 +3326,6 @@
+ CACKEY_DEBUG_PRINTF("PIN Change succeeded");
+
+ return(CACKEY_PCSC_S_OK);
+-
+- /* Disable a warning, since this is only used in debug mode */
+- tries_remaining = tries_remaining;
+ }
+
+ /*
+@@ -3912,9 +3414,9 @@
+ }
+
+ if (response_code == 0x6d00) {
+- if (retries > 0) {
++ if (have_piv == 1 && retries > 0) {
+ CACKEY_DEBUG_PRINTF("Got ISO 7816 Response \"6D 00\" in response to a VERIFY request.");
+- CACKEY_DEBUG_PRINTF("We did not expect this because it is not mentioned in NIST SP 800-73-3 Part 2 Section 3.2.1 or GSC-IS v2.1");
++ CACKEY_DEBUG_PRINTF("We did not expect this because it is not mentioned in NIST SP 800-73-3 Part 2 Section 3.2.1");
+ CACKEY_DEBUG_PRINTF("We are going to try to reset the card and select the applet again.");
+
+ cackey_mark_slot_reset(slot);
+@@ -3965,7 +3467,6 @@
+ static ssize_t cackey_pcsc_identity_to_label(struct cackey_pcsc_identity *identity, unsigned char *label_buf, unsigned long label_buf_len) {
+ unsigned long certificate_len;
+ void *label_asn1;
+->>>>>>> trunk
+ void *certificate;
+ int x509_read_ret;
+
+@@ -4241,15 +3742,6 @@
+ case CKA_LABEL:
+ CACKEY_DEBUG_PRINTF("Requesting attribute CKA_LABEL (0x%08lx) ...", (unsigned long) curr_attr_type);
+
+-<<<<<<< HEAD
+- /* XXX: Determine name */
+- ulValueLen = snprintf((char *) ucTmpBuf, sizeof(ucTmpBuf), "Identity #%lu", (unsigned long) identity_num);
+- pValue = ucTmpBuf;
+-
+- if (ulValueLen >= sizeof(ucTmpBuf)) {
+- ulValueLen = 0;
+- pValue = NULL;
+-=======
+ if (identity->id_type == CACKEY_ID_TYPE_PIV) {
+ pValue = identity->card.piv.label;
+ ulValueLen = strlen(pValue);
+@@ -4261,7 +3753,6 @@
+ ulValueLen = 0;
+ pValue = NULL;
+ }
+->>>>>>> trunk
+ }
+
+ CACKEY_DEBUG_PRINTF(" ... returning (%p/%lu)", pValue, (unsigned long) ulValueLen);
+@@ -4650,11 +4141,7 @@
+
+ *pulCount = numattrs;
+
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Returning %lu objects (%p).", numattrs, retval);
+-=======
+ CACKEY_DEBUG_PRINTF("Returning %lu objects (%p).", numattrs, (void *) retval);
+->>>>>>> trunk
+
+ return(retval);
+ }
+@@ -4688,8 +4175,6 @@
+ free(identities);
+ }
+
+-<<<<<<< HEAD
+-=======
+ static unsigned long cackey_read_dod_identities(struct cackey_identity *identities, unsigned long num_dod_certs) {
+ unsigned long cert_idx, id_idx = 0;
+
+@@ -4714,36 +4199,10 @@
+ return(id_idx);
+ }
+
+->>>>>>> trunk
+ static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) {
+ struct cackey_pcsc_identity *pcsc_identities;
+ struct cackey_identity *identities;
+ unsigned long num_ids, id_idx, curr_id_type;
+-<<<<<<< HEAD
+- unsigned long num_certs, num_extra_certs, cert_idx;
+- int include_extra_certs = 1;
+-
+- CACKEY_DEBUG_PRINTF("Called.");
+-
+- if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) {
+- CACKEY_DEBUG_PRINTF("Asked not to include extra (DoD) certificates");
+-
+- include_extra_certs = 0;
+- }
+-
+- if (include_extra_certs) {
+- num_extra_certs = sizeof(extra_certs) / sizeof(extra_certs[0]);
+-
+- CACKEY_DEBUG_PRINTF("Including %i DoD Certificates as objects on this token", num_extra_certs);
+- } else {
+- num_extra_certs = 0;
+- }
+-
+- if (ids_found == NULL) {
+- CACKEY_DEBUG_PRINTF("Error. ids_found is NULL");
+-
+- return(NULL);
+-=======
+ unsigned long num_certs, num_dod_certs, cert_idx;
+ int include_extra_certs = 0, include_dod_certs;
+
+@@ -4801,21 +4260,16 @@
+ *ids_found = num_ids;
+
+ return(identities);
+->>>>>>> trunk
+ }
+
+ pcsc_identities = cackey_read_certs(slot, NULL, &num_certs);
+ if (pcsc_identities != NULL) {
+ /* Convert number of Certs to number of objects */
+ num_ids = (CKO_PRIVATE_KEY - CKO_CERTIFICATE + 1) * num_certs;
+-<<<<<<< HEAD
+- num_ids += num_extra_certs * 3;
+-=======
+
+ if (include_extra_certs) {
+ num_ids += cackey_read_dod_identities(NULL, num_dod_certs);
+ }
+->>>>>>> trunk
+
+ identities = malloc(num_ids * sizeof(*identities));
+
+@@ -4835,29 +4289,6 @@
+ }
+ }
+
+-<<<<<<< HEAD
+- cackey_free_certs(pcsc_identities, num_certs, 1);
+-
+- /* Add DoD Certificates and Netscape Trust Objects */
+- for (cert_idx = 0; cert_idx < num_extra_certs; cert_idx++) {
+- identities[id_idx].pcsc_identity = NULL;
+- identities[id_idx].attributes = cackey_get_attributes(CKO_CERTIFICATE, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
+- id_idx++;
+-
+- identities[id_idx].pcsc_identity = NULL;
+- identities[id_idx].attributes = cackey_get_attributes(CKO_PUBLIC_KEY, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
+- id_idx++;
+-
+- identities[id_idx].pcsc_identity = NULL;
+- identities[id_idx].attributes = cackey_get_attributes(CKO_NETSCAPE_TRUST, &extra_certs[cert_idx], 0xf000 | cert_idx, &identities[id_idx].attributes_count);
+- id_idx++;
+- }
+-
+- *ids_found = num_ids;
+- return(identities);
+- }
+-
+-=======
+ if (include_extra_certs) {
+ CACKEY_DEBUG_PRINTF("Including US Government Certificates on hardware slot");
+
+@@ -4872,17 +4303,10 @@
+ }
+
+
+->>>>>>> trunk
+ *ids_found = 0;
+ return(NULL);
+ }
+
+-<<<<<<< HEAD
+-CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) {
+- CK_C_INITIALIZE_ARGS CK_PTR args;
+- uint32_t idx;
+- int mutex_init_ret;
+-=======
+ static cackey_ret cackey_get_pin(char *pinbuf) {
+ FILE *pinfd;
+ char *fgets_ret;
+@@ -4941,7 +4365,6 @@
+ uint32_t idx, highest_slot;
+ int mutex_init_ret;
+ int include_dod_certs;
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Called.");
+
+@@ -4982,8 +4405,6 @@
+ cackey_slots[idx].slot_reset = 0;
+ cackey_slots[idx].token_flags = 0;
+ cackey_slots[idx].label = NULL;
+-<<<<<<< HEAD
+-=======
+ cackey_slots[idx].internal = 0;
+ }
+
+@@ -5013,7 +4434,6 @@
+ cackey_slots[highest_slot].label = (unsigned char *) "US Government Certificates";
+ cackey_slots[highest_slot].pcsc_reader = "CACKey";
+ cackey_slots[highest_slot].token_flags = 0;
+->>>>>>> trunk
+ }
+
+ cackey_initialized = 1;
+@@ -5030,56 +4450,25 @@
+ cackey_biglock_init = 1;
+ }
+
+-<<<<<<< HEAD
+-=======
+ /* Define a command to prompt user for a PIN */
+ #ifdef CACKEY_PIN_COMMAND_DEFAULT
+- cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT));
++ cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_DEFAULT);
+ #endif
+
+ #ifdef CACKEY_PIN_COMMAND_XONLY_DEFAULT
+ if (getenv("DISPLAY") != NULL) {
+- cackey_pin_command = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT));
++ cackey_pin_command = CACKEY_PIN_COMMAND_DEFAULT_XSTR(CACKEY_PIN_COMMAND_XONLY_DEFAULT);
+ }
+ #endif
+
+ if (getenv("CACKEY_PIN_COMMAND") != NULL) {
+- cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND"));
++ cackey_pin_command = getenv("CACKEY_PIN_COMMAND");
+ }
+
+ if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
+- cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
++ cackey_pin_command = getenv("CACKEY_PIN_COMMAND_XONLY");
+ }
+
+-#ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT
+- cackey_readers_include_only = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_INCLUDE_ONLY_DEFAULT));
+-#endif
+-
+-#ifdef CACKEY_READERS_EXCLUDE_DEFAULT
+- cackey_readers_exclude = strdup(CACKEY_MACRO_DEFAULT_XSTR(CACKEY_READERS_EXCLUDE_DEFAULT));
+-#endif
+-
+- if (getenv("CACKEY_READERS_INCLUDE_ONLY") != NULL) {
+- cackey_readers_include_only = strdup(getenv("CACKEY_READERS_INCLUDE_ONLY"));
+-
+- if (cackey_readers_include_only[0] == '\0') {
+- free(cackey_readers_include_only);
+-
+- cackey_readers_include_only = NULL;
+- }
+- }
+-
+- if (getenv("CACKEY_READERS_EXCLUDE") != NULL) {
+- cackey_readers_exclude = strdup(getenv("CACKEY_READERS_EXCLUDE"));
+-
+- if (cackey_readers_exclude[0] == '\0') {
+- free(cackey_readers_exclude);
+-
+- cackey_readers_exclude = NULL;
+- }
+- }
+-
+->>>>>>> trunk
+ CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
+
+ return(CKR_OK);
+@@ -5108,17 +4497,6 @@
+ }
+ }
+
+-<<<<<<< HEAD
+- cackey_slots_disconnect_all();
+-
+- for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
+- if (cackey_slots[idx].pcsc_reader) {
+- free(cackey_slots[idx].pcsc_reader);
+- }
+- }
+-
+- cackey_pcsc_disconnect();
+-=======
+ cackey_slots_disconnect_all();
+
+ for (idx = 0; idx < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); idx++) {
+@@ -5139,25 +4517,6 @@
+
+ cackey_pcsc_disconnect();
+
+- if (cackey_pin_command != NULL) {
+- free(cackey_pin_command);
+-
+- cackey_pin_command = NULL;
+- }
+-
+- if (cackey_readers_include_only != NULL) {
+- free(cackey_readers_include_only);
+-
+- cackey_readers_include_only = NULL;
+- }
+-
+- if (cackey_readers_exclude != NULL) {
+- free(cackey_readers_exclude);
+-
+- cackey_readers_exclude = NULL;
+- }
+->>>>>>> trunk
+-
+ cackey_initialized = 0;
+
+ CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
+@@ -5206,27 +4565,15 @@
+ * Process list of readers, and create mapping between reader name and slot ID
+ */
+ CK_DEFINE_FUNCTION(CK_RV, C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
+-<<<<<<< HEAD
+- int mutex_retval;
+- int pcsc_connect_ret;
+- CK_ULONG count, slot_count = 0, currslot;
+- char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
+- DWORD pcsc_readers_len;
+- LONG scard_listreaders_ret;
+- size_t curr_reader_len;
+-=======
+ static int first_call = 1;
+ int mutex_retval;
+ int pcsc_connect_ret;
+ CK_ULONG count, slot_count = 0, currslot, slot_idx;
+ char *pcsc_readers, *pcsc_readers_s, *pcsc_readers_e;
+- char *reader_check_pattern;
+ DWORD pcsc_readers_len;
+ LONG scard_listreaders_ret;
+ size_t curr_reader_len;
+ int slot_reset;
+- int include_reader;
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Called.");
+
+@@ -5250,28 +4597,6 @@
+ }
+
+ /* Clear list of slots */
+-<<<<<<< HEAD
+- if (pSlotList) {
+- CACKEY_DEBUG_PRINTF("Purging all slot information.");
+-
+- /* Only update the list of slots if we are actually being supply the slot information */
+- cackey_slots_disconnect_all();
+-
+- for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
+- if (cackey_slots[currslot].pcsc_reader) {
+- free(cackey_slots[currslot].pcsc_reader);
+-
+- cackey_slots[currslot].pcsc_reader = NULL;
+- }
+-
+- if (cackey_slots[currslot].label) {
+- free(cackey_slots[currslot].label);
+-
+- cackey_slots[currslot].label = NULL;
+- }
+-
+- cackey_slots[currslot].active = 0;
+-=======
+ slot_reset = 0;
+ if (pSlotList) {
+ if (first_call) {
+@@ -5324,16 +4649,12 @@
+ }
+ } else {
+
+->>>>>>> trunk
+ }
+ }
+
+ /* Determine list of readers */
+ pcsc_connect_ret = cackey_pcsc_connect();
+-<<<<<<< HEAD
+-=======
+ /* XXX: CAN HANG HERE ! */
+->>>>>>> trunk
+ if (pcsc_connect_ret != CACKEY_PCSC_S_OK) {
+ CACKEY_DEBUG_PRINTF("Connection to PC/SC failed, assuming no slots");
+
+@@ -5364,9 +4685,6 @@
+ /* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
+ /* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
+ currslot = 1;
+-<<<<<<< HEAD
+- while (pcsc_readers < pcsc_readers_e) {
+-=======
+ slot_count = 0;
+ while (pcsc_readers < pcsc_readers_e) {
+ /* Find next available slot */
+@@ -5376,7 +4694,6 @@
+ }
+ }
+
+->>>>>>> trunk
+ curr_reader_len = strlen(pcsc_readers);
+
+ if ((pcsc_readers + curr_reader_len) > pcsc_readers_e) {
+@@ -5393,55 +4710,8 @@
+ break;
+ }
+
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Found reader: %s", pcsc_readers);
+-
+- /* Only update the list of slots if we are actually being asked supply the slot information */
+- if (pSlotList) {
+- cackey_slots[currslot].active = 1;
+- cackey_slots[currslot].pcsc_reader = strdup(pcsc_readers);
+- cackey_slots[currslot].pcsc_card_connected = 0;
+- cackey_slots[currslot].transaction_depth = 0;
+- cackey_slots[currslot].transaction_need_hw_lock = 0;
+- cackey_slots[currslot].slot_reset = 1;
+- cackey_slots[currslot].token_flags = CKF_LOGIN_REQUIRED;
+- cackey_slots[currslot].label = NULL;
+-
+- cackey_mark_slot_reset(&cackey_slots[currslot]);
+-=======
+ CACKEY_DEBUG_PRINTF("Found reader: %s (currslot = %lu)", pcsc_readers, (unsigned long) currslot);
+
+- if (cackey_readers_include_only != NULL) {
+- CACKEY_DEBUG_PRINTF("Asked to include only readers matching: %s", cackey_readers_include_only);
+-
+- include_reader = 0;
+- reader_check_pattern = cackey_readers_include_only;
+- } else if (cackey_readers_exclude != NULL) {
+- CACKEY_DEBUG_PRINTF("Asked to exclude readers matching: %s", cackey_readers_exclude);
+-
+- include_reader = 1;
+- reader_check_pattern = cackey_readers_exclude;
+- } else {
+- include_reader = 1;
+- reader_check_pattern = NULL;
+- }
+-
+- if (reader_check_pattern != NULL) {
+- if (strstr(pcsc_readers, reader_check_pattern) != NULL) {
+- CACKEY_DEBUG_PRINTF("This reader matched the pattern.");
+-
+- include_reader = !include_reader;
+- }
+- }
+-
+- if (include_reader != 1) {
+- CACKEY_DEBUG_PRINTF("Skipping this reader.");
+-
+- pcsc_readers += curr_reader_len + 1;
+-
+- continue;
+- }
+-
+ /* Only update the list of slots if we are actually being asked supply the slot information */
+ if (pSlotList) {
+ if (slot_reset) {
+@@ -5467,28 +4737,18 @@
+
+ slot_count++;
+ }
+->>>>>>> trunk
+ }
+ currslot++;
+
+ pcsc_readers += curr_reader_len + 1;
+ }
+
+-<<<<<<< HEAD
+- /* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
+- /* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
+- if (currslot > 1) {
+- /* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
+- /* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
+- slot_count = currslot - 1;
+-=======
+ for (currslot = 0; currslot < (sizeof(cackey_slots) / sizeof(cackey_slots[0])); currslot++) {
+ if (cackey_slots[currslot].active) {
+ CACKEY_DEBUG_PRINTF("Found active slot %lu, reader = %s", (unsigned long) currslot, cackey_slots[currslot].pcsc_reader);
+
+ slot_count++;
+ }
+->>>>>>> trunk
+ }
+ } else {
+ CACKEY_DEBUG_PRINTF("Second call to SCardListReaders failed, return %s/%li", CACKEY_DEBUG_FUNC_SCARDERR_TO_STR(scard_listreaders_ret), (long) scard_listreaders_ret);
+@@ -5519,15 +4779,6 @@
+ if (count < slot_count) {
+ CACKEY_DEBUG_PRINTF("Error. User allocated %lu entries, but we have %lu entries.", count, slot_count);
+
+-<<<<<<< HEAD
+- return(CKR_BUFFER_TOO_SMALL);
+- }
+-
+- for (currslot = 0; currslot < slot_count; currslot++) {
+- /* Start with Slot ID 1, to avoid a bug in GDM on RHEL */
+- /* Bug 594911: https://bugzilla.redhat.com/show_bug.cgi?id=594911 */
+- pSlotList[currslot] = currslot + 1;
+-=======
+ CACKEY_DEBUG_PRINTF("Returning CKR_BUFFER_TOO_SMALL");
+
+ return(CKR_BUFFER_TOO_SMALL);
+@@ -5561,7 +4812,6 @@
+ CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
+
+ return(CKR_GENERAL_ERROR);
+->>>>>>> trunk
+ }
+
+ *pulCount = slot_count;
+@@ -5613,15 +4863,11 @@
+ return(CKR_SLOT_ID_INVALID);
+ }
+
+-<<<<<<< HEAD
+- pInfo->flags = CKF_REMOVABLE_DEVICE | CKF_HW_SLOT;
+-=======
+ pInfo->flags = CKF_HW_SLOT;
+
+ if (!cackey_slots[slotID].internal) {
+ pInfo->flags |= CKF_REMOVABLE_DEVICE;
+ }
+->>>>>>> trunk
+
+ if (cackey_token_present(&cackey_slots[slotID]) == CACKEY_PCSC_S_TOKENPRESENT) {
+ pInfo->flags |= CKF_TOKEN_PRESENT;
+@@ -5764,13 +5010,10 @@
+
+ pInfo->flags = CKF_WRITE_PROTECTED | CKF_USER_PIN_INITIALIZED | CKF_TOKEN_INITIALIZED | cackey_slots[slotID].token_flags;
+
+-<<<<<<< HEAD
+-=======
+ if (cackey_pin_command != NULL) {
+ pInfo->flags |= CKF_PROTECTED_AUTHENTICATION_PATH;
+ }
+
+->>>>>>> trunk
+ pInfo->ulMaxSessionCount = (sizeof(cackey_sessions) / sizeof(cackey_sessions[0])) - 1;
+ pInfo->ulSessionCount = CK_UNAVAILABLE_INFORMATION;
+ pInfo->ulMaxRwSessionCount = 0;
+@@ -5933,17 +5176,12 @@
+ return(CKR_TOKEN_WRITE_PROTECTED);
+ }
+
+-<<<<<<< HEAD
+-/* We don't support this method. */
+-CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) {
+-=======
+ CK_DEFINE_FUNCTION(CK_RV, C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldPinLen, CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewPinLen) {
+ char oldpinbuf[64], newpinbuf[64];
+ cackey_ret set_pin_ret, get_pin_ret;
+ CK_SLOT_ID slotID;
+ int mutex_retval;
+
+->>>>>>> trunk
+ CACKEY_DEBUG_PRINTF("Called.");
+
+ if (!cackey_initialized) {
+@@ -5952,11 +5190,6 @@
+ return(CKR_CRYPTOKI_NOT_INITIALIZED);
+ }
+
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Returning CKR_FUNCTION_NOT_SUPPORTED (%i)", CKR_FUNCTION_NOT_SUPPORTED);
+-
+- return(CKR_FUNCTION_NOT_SUPPORTED);
+-=======
+ mutex_retval = cackey_mutex_lock(cackey_biglock);
+ if (mutex_retval != 0) {
+ CACKEY_DEBUG_PRINTF("Error. Locking failed.");
+@@ -6091,7 +5324,6 @@
+ }
+
+ return(CKR_GENERAL_ERROR);
+->>>>>>> trunk
+ }
+
+ CK_DEFINE_FUNCTION(CK_RV, C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication, CK_NOTIFY notify, CK_SESSION_HANDLE_PTR phSession) {
+@@ -6377,15 +5609,10 @@
+ return(CKR_FUNCTION_NOT_SUPPORTED);
+ }
+
+-<<<<<<< HEAD
+-CK_DEFINE_FUNCTION(CK_RV, C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) {
+- CK_SLOT_ID slotID;
+-=======
+ CK_DEFINE_FUNCTION(CK_RV, _C_LoginMutexArg)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, int lock_mutex) {
+ CK_SLOT_ID slotID;
+ cackey_ret get_pin_ret;
+ char pinbuf[64];
+->>>>>>> trunk
+ int mutex_retval;
+ int tries_remaining;
+ int login_ret;
+@@ -6410,17 +5637,6 @@
+ return(CKR_USER_TYPE_INVALID);
+ }
+
+-<<<<<<< HEAD
+- mutex_retval = cackey_mutex_lock(cackey_biglock);
+- if (mutex_retval != 0) {
+- CACKEY_DEBUG_PRINTF("Error. Locking failed.");
+-
+- return(CKR_GENERAL_ERROR);
+- }
+-
+- if (!cackey_sessions[hSession].active) {
+- cackey_mutex_unlock(cackey_biglock);
+-=======
+ if (lock_mutex) {
+ mutex_retval = cackey_mutex_lock(cackey_biglock);
+ if (mutex_retval != 0) {
+@@ -6434,7 +5650,6 @@
+ if (lock_mutex) {
+ cackey_mutex_unlock(cackey_biglock);
+ }
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Error. Session not active.");
+
+@@ -6446,35 +5661,23 @@
+ if (slotID < 0 || slotID >= (sizeof(cackey_slots) / sizeof(cackey_slots[0]))) {
+ CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), outside of valid range", slotID);
+
+-<<<<<<< HEAD
+-=======
+ if (lock_mutex) {
+ cackey_mutex_unlock(cackey_biglock);
+ }
+
+->>>>>>> trunk
+ return(CKR_GENERAL_ERROR);
+ }
+
+ if (cackey_slots[slotID].active == 0) {
+ CACKEY_DEBUG_PRINTF("Error. Invalid slot requested (%lu), slot not currently active", slotID);
+
+-<<<<<<< HEAD
+- cackey_mutex_unlock(cackey_biglock);
+-=======
+ if (lock_mutex) {
+ cackey_mutex_unlock(cackey_biglock);
+ }
+->>>>>>> trunk
+
+ return(CKR_GENERAL_ERROR);
+ }
+
+-<<<<<<< HEAD
+- login_ret = cackey_login(&cackey_slots[slotID], pPin, ulPinLen, &tries_remaining);
+- if (login_ret != CACKEY_PCSC_S_OK) {
+- cackey_mutex_unlock(cackey_biglock);
+-=======
+ if (cackey_pin_command != NULL) {
+ if (pPin != NULL) {
+ CACKEY_DEBUG_PRINTF("Protected authentication path in effect and PIN provided !?");
+@@ -6501,18 +5704,14 @@
+ if (lock_mutex) {
+ cackey_mutex_unlock(cackey_biglock);
+ }
+->>>>>>> trunk
+
+ if (login_ret == CACKEY_PCSC_E_LOCKED) {
+ CACKEY_DEBUG_PRINTF("Error. Token is locked.");
+
+ cackey_slots[slotID].token_flags |= CKF_USER_PIN_LOCKED;
+
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Returning CKR_PIN_LOCKED (%i)", (int) CKR_PIN_LOCKED);
+
+->>>>>>> trunk
+ return(CKR_PIN_LOCKED);
+ } else if (login_ret == CACKEY_PCSC_E_BADPIN) {
+ CACKEY_DEBUG_PRINTF("Error. Invalid PIN.");
+@@ -6523,11 +5722,8 @@
+ cackey_slots[slotID].token_flags |= CKF_USER_PIN_FINAL_TRY;
+ }
+
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Returning CKR_PIN_INCORRECT (%i)", (int) CKR_PIN_INCORRECT);
+
+->>>>>>> trunk
+ return(CKR_PIN_INCORRECT);
+ }
+
+@@ -6540,13 +5736,6 @@
+
+ cackey_sessions[hSession].state = CKS_RO_USER_FUNCTIONS;
+
+-<<<<<<< HEAD
+- mutex_retval = cackey_mutex_unlock(cackey_biglock);
+- if (mutex_retval != 0) {
+- CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
+-
+- return(CKR_GENERAL_ERROR);
+-=======
+ if (lock_mutex) {
+ mutex_retval = cackey_mutex_unlock(cackey_biglock);
+ if (mutex_retval != 0) {
+@@ -6554,7 +5743,6 @@
+
+ return(CKR_GENERAL_ERROR);
+ }
+->>>>>>> trunk
+ }
+
+ CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
+@@ -6562,13 +5750,10 @@
+ return(CKR_OK);
+ }
+
+-<<<<<<< HEAD
+-=======
+ CK_DEFINE_FUNCTION(CK_RV, C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen) {
+ return(_C_LoginMutexArg(hSession, userType, pPin, ulPinLen, 1));
+ }
+
+->>>>>>> trunk
+ CK_DEFINE_FUNCTION(CK_RV, C_Logout)(CK_SESSION_HANDLE hSession) {
+ CK_SLOT_ID slotID;
+ int mutex_retval;
+@@ -6619,16 +5804,12 @@
+ }
+
+ cackey_sessions[hSession].state = CKS_RO_PUBLIC_SESSION;
+-<<<<<<< HEAD
+- cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
+-=======
+
+ if (cackey_pin_command == NULL) {
+ cackey_slots[slotID].token_flags = CKF_LOGIN_REQUIRED;
+ } else {
+ cackey_slots[slotID].token_flags = 0;
+ }
+->>>>>>> trunk
+
+ mutex_retval = cackey_mutex_unlock(cackey_biglock);
+ if (mutex_retval != 0) {
+@@ -7041,13 +6222,10 @@
+ CK_ULONG curr_id_idx, curr_out_id_idx, curr_attr_idx, sess_attr_idx;
+ CK_ULONG matched_count, prev_matched_count;
+ int mutex_retval;
+-<<<<<<< HEAD
+-=======
+ #ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
+ struct timeval start, end;
+ uint64_t start_int, end_int;
+ #endif
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Called.");
+
+@@ -7113,13 +6291,10 @@
+ return(CKR_OPERATION_NOT_INITIALIZED);
+ }
+
+-<<<<<<< HEAD
+-=======
+ #ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
+ gettimeofday(&start, NULL);
+ #endif
+
+->>>>>>> trunk
+ curr_out_id_idx = 0;
+ for (curr_id_idx = cackey_sessions[hSession].search_curr_id; curr_id_idx < cackey_sessions[hSession].identities_count && ulMaxObjectCount; curr_id_idx++) {
+ curr_id = &cackey_sessions[hSession].identities[curr_id_idx];
+@@ -7165,8 +6340,6 @@
+ cackey_sessions[hSession].search_curr_id = curr_id_idx;
+ *pulObjectCount = curr_out_id_idx;
+
+-<<<<<<< HEAD
+-=======
+ #ifdef CACKEY_DEBUG_SEARCH_SPEEDTEST
+ gettimeofday(&end, NULL);
+ start_int = (start.tv_sec * 1000000) + start.tv_usec;
+@@ -7174,7 +6347,6 @@
+ fprintf(stderr, "Search took %lu microseconds\n", (unsigned long) (end_int - start_int));
+ #endif
+
+->>>>>>> trunk
+ mutex_retval = cackey_mutex_unlock(cackey_biglock);
+ if (mutex_retval != 0) {
+ CACKEY_DEBUG_PRINTF("Error. Unlocking failed.");
+@@ -7562,15 +6734,12 @@
+ /* Ask card to decrypt */
+ buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
+
+-<<<<<<< HEAD
+-=======
+ if (buflen == CACKEY_PCSC_E_NEEDLOGIN && cackey_pin_command != NULL) {
+ if (_C_LoginMutexArg(hSession, CKU_USER, NULL, 0, 0) == CKR_OK) {
+ buflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].decrypt_identity, pEncryptedPart, ulEncryptedPartLen, buf, sizeof(buf), 0, 1);
+ }
+ }
+
+->>>>>>> trunk
+ if (buflen < 0) {
+ /* Decryption failed. */
+ if (buflen == CACKEY_PCSC_E_NEEDLOGIN) {
+@@ -7578,11 +6747,8 @@
+ } else if (buflen == CACKEY_PCSC_E_TOKENABSENT) {
+ retval = CKR_DEVICE_REMOVED;
+ } else {
+-<<<<<<< HEAD
+-=======
+ CACKEY_DEBUG_PRINTF("Failed to send APDU, error = %li", (long int) buflen);
+
+->>>>>>> trunk
+ retval = CKR_GENERAL_ERROR;
+ }
+ } else if (((unsigned long) buflen) > *pulPartLen && pPart) {
+@@ -7822,11 +6988,7 @@
+ cackey_sessions[hSession].sign_bufused = 0;
+ cackey_sessions[hSession].sign_buf = malloc(sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
+
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identity #%lu)", (unsigned long) hSession, &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
+-=======
+ CACKEY_DEBUG_PRINTF("Session %lu sign_identity is %p (identity #%lu)", (unsigned long) hSession, (void *) &cackey_sessions[hSession].identities[hKey], (unsigned long) hKey);
+->>>>>>> trunk
+ cackey_sessions[hSession].sign_identity = &cackey_sessions[hSession].identities[hKey];
+
+ mutex_retval = cackey_mutex_unlock(cackey_biglock);
+@@ -7933,11 +7095,6 @@
+
+ CK_DEFINE_FUNCTION(CK_RV, C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen) {
+ int mutex_retval;
+-<<<<<<< HEAD
+-=======
+- int resizeRetry;
+- int needResize;
+->>>>>>> trunk
+
+ CACKEY_DEBUG_PRINTF("Called.");
+
+@@ -7998,47 +7155,12 @@
+ switch (cackey_sessions[hSession].sign_mechanism) {
+ case CKM_RSA_PKCS:
+ /* Accumulate directly */
+-<<<<<<< HEAD
+ if ((cackey_sessions[hSession].sign_bufused + ulPartLen) > cackey_sessions[hSession].sign_buflen) {
+-=======
+- for (resizeRetry = 0; resizeRetry < 11; resizeRetry++) {
+- needResize = 0;
+- if ((cackey_sessions[hSession].sign_bufused + ulPartLen) > cackey_sessions[hSession].sign_buflen) {
+- needResize = 1;
+- }
+-
+- if (!needResize) {
+- break;
+- }
+-
+- CACKEY_DEBUG_PRINTF("Resizing signing buffer (try #%i of 10 -- 11th is fatal)", resizeRetry);
+-
+- if (resizeRetry == 10) {
+- free(cackey_sessions[hSession].sign_buf);
+-
+- cackey_sessions[hSession].sign_buflen = 0;
+- cackey_sessions[hSession].sign_buf = NULL;
+-
+- break;
+- }
+-
+->>>>>>> trunk
+ cackey_sessions[hSession].sign_buflen *= 2;
+
+ cackey_sessions[hSession].sign_buf = realloc(cackey_sessions[hSession].sign_buf, sizeof(*cackey_sessions[hSession].sign_buf) * cackey_sessions[hSession].sign_buflen);
+ }
+
+-<<<<<<< HEAD
+-=======
+- if (cackey_sessions[hSession].sign_buf == NULL) {
+- cackey_mutex_unlock(cackey_biglock);
+-
+- CACKEY_DEBUG_PRINTF("Error. Signing buffer is NULL.");
+-
+- return(CKR_GENERAL_ERROR);
+- }
+-
+->>>>>>> trunk
+ memcpy(cackey_sessions[hSession].sign_buf + cackey_sessions[hSession].sign_bufused, pPart, ulPartLen);
+
+ cackey_sessions[hSession].sign_bufused += ulPartLen;
+@@ -8128,11 +7250,6 @@
+ switch (cackey_sessions[hSession].sign_mechanism) {
+ case CKM_RSA_PKCS:
+ /* Ask card to sign */
+-<<<<<<< HEAD
+- CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
+- sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
+-
+-=======
+ CACKEY_DEBUG_PRINTF("Asking to sign from identity %p in session %lu", (void *) cackey_sessions[hSession].sign_identity, (unsigned long) hSession);
+ sigbuflen = cackey_signdecrypt(&cackey_slots[slotID], cackey_sessions[hSession].sign_identity, cackey_sessions[hSession].sign_buf, cackey_sessions[hSession].sign_bufused, sigbuf, sizeof(sigbuf), 1, 0);
+
+@@ -8142,7 +7259,6 @@
+ }
+ }
+
+->>>>>>> trunk
+ if (sigbuflen < 0) {
+ /* Signing failed. */
+ if (sigbuflen == CACKEY_PCSC_E_NEEDLOGIN) {
+@@ -8485,10 +7601,6 @@
+ }
+
+ CK_DEFINE_FUNCTION(CK_RV, C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList) {
+-<<<<<<< HEAD
+-=======
+- static CK_FUNCTION_LIST_PTR spFunctionList = NULL;
+->>>>>>> trunk
+ CK_FUNCTION_LIST_PTR pFunctionList;
+
+ CACKEY_DEBUG_PRINTF("Called.");
+@@ -8499,17 +7611,6 @@
+ return(CKR_ARGUMENTS_BAD);
+ }
+
+-<<<<<<< HEAD
+-=======
+- if (spFunctionList != NULL) {
+- *ppFunctionList = spFunctionList;
+-
+- CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
+-
+- return(CKR_OK);
+- }
+-
+->>>>>>> trunk
+ pFunctionList = malloc(sizeof(*pFunctionList));
+
+ pFunctionList->version.major = ((CACKEY_CRYPTOKI_VERSION_CODE) >> 16) & 0xff;
+@@ -8584,17 +7685,10 @@
+ pFunctionList->C_CancelFunction = C_CancelFunction;
+ pFunctionList->C_GetFunctionList = C_GetFunctionList;
+
+-<<<<<<< HEAD
+-=======
+- spFunctionList = pFunctionList;
+->>>>>>> trunk
+ *ppFunctionList = pFunctionList;
+
+ CACKEY_DEBUG_PRINTF("Returning CKR_OK (%i)", CKR_OK);
+
+ return(CKR_OK);
+ }
+-<<<<<<< HEAD
+
+-=======
+->>>>>>> trunk