No OneTemporary
Actions

Size

703 KB

Subscribers

None

View Options

This file is larger than 256 KB, so syntax highlighting was skipped.

This document is not UTF8. It was detected as Shift JIS and converted to UTF8 for display.

	diff --git a/AUTHORS b/AUTHORS
	index 70007d6..48aa3c8 100644
	--- a/AUTHORS
	+++ b/AUTHORS
	@@ -1,26 +1,29 @@
	Package: scute
	Maintainer: Damien Goutte-Gattat <dgouttegattat@incenp.org>
	Bug reports: https://bugs.gnupg.org/
	Security related bug reports: security@gnupg.org
	-License: GPLv2+ with exception for Mozilla
	+License: LGPL-2.1-or-later


	g10 Code GmbH <code@g10code.com>
	- Design and implementation

	Andreas Jellinghaus <aj@dungeon.inka.de>
	- Contributions to src/pkcs11.h.

	Alon Bar-Lev <alon.barlev@gmail.com>
	- Contributions to src/pkcs11.h.

	+Damien Goutte-Gattat <dgouttegattat@incenp.org>
	+ - Various changes.
	+

	Copyright 2006, 2008 g10 Code GmbH

	This file is free software; as a special exception the author gives
	unlimited permission to copy and/or distribute it, with or without
	modifications, as long as this notice is preserved.

	This file is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	diff --git a/COPYING b/COPYING
	deleted file mode 100644
	index 623b625..0000000
	--- a/COPYING
	+++ /dev/null
	@@ -1,340 +0,0 @@
	- GNU GENERAL PUBLIC LICENSE
	- Version 2, June 1991
	-
	- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
	- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
	- Everyone is permitted to copy and distribute verbatim copies
	- of this license document, but changing it is not allowed.
	-
	- Preamble
	-
	- The licenses for most software are designed to take away your
	-freedom to share and change it. By contrast, the GNU General Public
	-License is intended to guarantee your freedom to share and change free
	-software--to make sure the software is free for all its users. This
	-General Public License applies to most of the Free Software
	-Foundation's software and to any other program whose authors commit to
	-using it. (Some other Free Software Foundation software is covered by
	-the GNU Library General Public License instead.) You can apply it to
	-your programs, too.
	-
	- When we speak of free software, we are referring to freedom, not
	-price. Our General Public Licenses are designed to make sure that you
	-have the freedom to distribute copies of free software (and charge for
	-this service if you wish), that you receive source code or can get it
	-if you want it, that you can change the software or use pieces of it
	-in new free programs; and that you know you can do these things.
	-
	- To protect your rights, we need to make restrictions that forbid
	-anyone to deny you these rights or to ask you to surrender the rights.
	-These restrictions translate to certain responsibilities for you if you
	-distribute copies of the software, or if you modify it.
	-
	- For example, if you distribute copies of such a program, whether
	-gratis or for a fee, you must give the recipients all the rights that
	-you have. You must make sure that they, too, receive or can get the
	-source code. And you must show them these terms so they know their
	-rights.
	-
	- We protect your rights with two steps: (1) copyright the software, and
	-(2) offer you this license which gives you legal permission to copy,
	-distribute and/or modify the software.
	-
	- Also, for each author's protection and ours, we want to make certain
	-that everyone understands that there is no warranty for this free
	-software. If the software is modified by someone else and passed on, we
	-want its recipients to know that what they have is not the original, so
	-that any problems introduced by others will not reflect on the original
	-authors' reputations.
	-
	- Finally, any free program is threatened constantly by software
	-patents. We wish to avoid the danger that redistributors of a free
	-program will individually obtain patent licenses, in effect making the
	-program proprietary. To prevent this, we have made it clear that any
	-patent must be licensed for everyone's free use or not licensed at all.
	-
	- The precise terms and conditions for copying, distribution and
	-modification follow.
	-
	- GNU GENERAL PUBLIC LICENSE
	- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
	-
	- 0. This License applies to any program or other work which contains
	-a notice placed by the copyright holder saying it may be distributed
	-under the terms of this General Public License. The "Program", below,
	-refers to any such program or work, and a "work based on the Program"
	-means either the Program or any derivative work under copyright law:
	-that is to say, a work containing the Program or a portion of it,
	-either verbatim or with modifications and/or translated into another
	-language. (Hereinafter, translation is included without limitation in
	-the term "modification".) Each licensee is addressed as "you".
	-
	-Activities other than copying, distribution and modification are not
	-covered by this License; they are outside its scope. The act of
	-running the Program is not restricted, and the output from the Program
	-is covered only if its contents constitute a work based on the
	-Program (independent of having been made by running the Program).
	-Whether that is true depends on what the Program does.
	-
	- 1. You may copy and distribute verbatim copies of the Program's
	-source code as you receive it, in any medium, provided that you
	-conspicuously and appropriately publish on each copy an appropriate
	-copyright notice and disclaimer of warranty; keep intact all the
	-notices that refer to this License and to the absence of any warranty;
	-and give any other recipients of the Program a copy of this License
	-along with the Program.
	-
	-You may charge a fee for the physical act of transferring a copy, and
	-you may at your option offer warranty protection in exchange for a fee.
	-
	- 2. You may modify your copy or copies of the Program or any portion
	-of it, thus forming a work based on the Program, and copy and
	-distribute such modifications or work under the terms of Section 1
	-above, provided that you also meet all of these conditions:
	-
	- a) You must cause the modified files to carry prominent notices
	- stating that you changed the files and the date of any change.
	-
	- b) You must cause any work that you distribute or publish, that in
	- whole or in part contains or is derived from the Program or any
	- part thereof, to be licensed as a whole at no charge to all third
	- parties under the terms of this License.
	-
	- c) If the modified program normally reads commands interactively
	- when run, you must cause it, when started running for such
	- interactive use in the most ordinary way, to print or display an
	- announcement including an appropriate copyright notice and a
	- notice that there is no warranty (or else, saying that you provide
	- a warranty) and that users may redistribute the program under
	- these conditions, and telling the user how to view a copy of this
	- License. (Exception: if the Program itself is interactive but
	- does not normally print such an announcement, your work based on
	- the Program is not required to print an announcement.)
	-
	-These requirements apply to the modified work as a whole. If
	-identifiable sections of that work are not derived from the Program,
	-and can be reasonably considered independent and separate works in
	-themselves, then this License, and its terms, do not apply to those
	-sections when you distribute them as separate works. But when you
	-distribute the same sections as part of a whole which is a work based
	-on the Program, the distribution of the whole must be on the terms of
	-this License, whose permissions for other licensees extend to the
	-entire whole, and thus to each and every part regardless of who wrote it.
	-
	-Thus, it is not the intent of this section to claim rights or contest
	-your rights to work written entirely by you; rather, the intent is to
	-exercise the right to control the distribution of derivative or
	-collective works based on the Program.
	-
	-In addition, mere aggregation of another work not based on the Program
	-with the Program (or with a work based on the Program) on a volume of
	-a storage or distribution medium does not bring the other work under
	-the scope of this License.
	-
	- 3. You may copy and distribute the Program (or a work based on it,
	-under Section 2) in object code or executable form under the terms of
	-Sections 1 and 2 above provided that you also do one of the following:
	-
	- a) Accompany it with the complete corresponding machine-readable
	- source code, which must be distributed under the terms of Sections
	- 1 and 2 above on a medium customarily used for software interchange; or,
	-
	- b) Accompany it with a written offer, valid for at least three
	- years, to give any third party, for a charge no more than your
	- cost of physically performing source distribution, a complete
	- machine-readable copy of the corresponding source code, to be
	- distributed under the terms of Sections 1 and 2 above on a medium
	- customarily used for software interchange; or,
	-
	- c) Accompany it with the information you received as to the offer
	- to distribute corresponding source code. (This alternative is
	- allowed only for noncommercial distribution and only if you
	- received the program in object code or executable form with such
	- an offer, in accord with Subsection b above.)
	-
	-The source code for a work means the preferred form of the work for
	-making modifications to it. For an executable work, complete source
	-code means all the source code for all modules it contains, plus any
	-associated interface definition files, plus the scripts used to
	-control compilation and installation of the executable. However, as a
	-special exception, the source code distributed need not include
	-anything that is normally distributed (in either source or binary
	-form) with the major components (compiler, kernel, and so on) of the
	-operating system on which the executable runs, unless that component
	-itself accompanies the executable.
	-
	-If distribution of executable or object code is made by offering
	-access to copy from a designated place, then offering equivalent
	-access to copy the source code from the same place counts as
	-distribution of the source code, even though third parties are not
	-compelled to copy the source along with the object code.
	-
	- 4. You may not copy, modify, sublicense, or distribute the Program
	-except as expressly provided under this License. Any attempt
	-otherwise to copy, modify, sublicense or distribute the Program is
	-void, and will automatically terminate your rights under this License.
	-However, parties who have received copies, or rights, from you under
	-this License will not have their licenses terminated so long as such
	-parties remain in full compliance.
	-
	- 5. You are not required to accept this License, since you have not
	-signed it. However, nothing else grants you permission to modify or
	-distribute the Program or its derivative works. These actions are
	-prohibited by law if you do not accept this License. Therefore, by
	-modifying or distributing the Program (or any work based on the
	-Program), you indicate your acceptance of this License to do so, and
	-all its terms and conditions for copying, distributing or modifying
	-the Program or works based on it.
	-
	- 6. Each time you redistribute the Program (or any work based on the
	-Program), the recipient automatically receives a license from the
	-original licensor to copy, distribute or modify the Program subject to
	-these terms and conditions. You may not impose any further
	-restrictions on the recipients' exercise of the rights granted herein.
	-You are not responsible for enforcing compliance by third parties to
	-this License.
	-
	- 7. If, as a consequence of a court judgment or allegation of patent
	-infringement or for any other reason (not limited to patent issues),
	-conditions are imposed on you (whether by court order, agreement or
	-otherwise) that contradict the conditions of this License, they do not
	-excuse you from the conditions of this License. If you cannot
	-distribute so as to satisfy simultaneously your obligations under this
	-License and any other pertinent obligations, then as a consequence you
	-may not distribute the Program at all. For example, if a patent
	-license would not permit royalty-free redistribution of the Program by
	-all those who receive copies directly or indirectly through you, then
	-the only way you could satisfy both it and this License would be to
	-refrain entirely from distribution of the Program.
	-
	-If any portion of this section is held invalid or unenforceable under
	-any particular circumstance, the balance of the section is intended to
	-apply and the section as a whole is intended to apply in other
	-circumstances.
	-
	-It is not the purpose of this section to induce you to infringe any
	-patents or other property right claims or to contest validity of any
	-such claims; this section has the sole purpose of protecting the
	-integrity of the free software distribution system, which is
	-implemented by public license practices. Many people have made
	-generous contributions to the wide range of software distributed
	-through that system in reliance on consistent application of that
	-system; it is up to the author/donor to decide if he or she is willing
	-to distribute software through any other system and a licensee cannot
	-impose that choice.
	-
	-This section is intended to make thoroughly clear what is believed to
	-be a consequence of the rest of this License.
	-
	- 8. If the distribution and/or use of the Program is restricted in
	-certain countries either by patents or by copyrighted interfaces, the
	-original copyright holder who places the Program under this License
	-may add an explicit geographical distribution limitation excluding
	-those countries, so that distribution is permitted only in or among
	-countries not thus excluded. In such case, this License incorporates
	-the limitation as if written in the body of this License.
	-
	- 9. The Free Software Foundation may publish revised and/or new versions
	-of the General Public License from time to time. Such new versions will
	-be similar in spirit to the present version, but may differ in detail to
	-address new problems or concerns.
	-
	-Each version is given a distinguishing version number. If the Program
	-specifies a version number of this License which applies to it and "any
	-later version", you have the option of following the terms and conditions
	-either of that version or of any later version published by the Free
	-Software Foundation. If the Program does not specify a version number of
	-this License, you may choose any version ever published by the Free Software
	-Foundation.
	-
	- 10. If you wish to incorporate parts of the Program into other free
	-programs whose distribution conditions are different, write to the author
	-to ask for permission. For software which is copyrighted by the Free
	-Software Foundation, write to the Free Software Foundation; we sometimes
	-make exceptions for this. Our decision will be guided by the two goals
	-of preserving the free status of all derivatives of our free software and
	-of promoting the sharing and reuse of software generally.
	-
	- NO WARRANTY
	-
	- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
	-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
	-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
	-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
	-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
	-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
	-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
	-REPAIR OR CORRECTION.
	-
	- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
	-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
	-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
	-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
	-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
	-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
	-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
	-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
	-POSSIBILITY OF SUCH DAMAGES.
	-
	- END OF TERMS AND CONDITIONS
	-
	- How to Apply These Terms to Your New Programs
	-
	- If you develop a new program, and you want it to be of the greatest
	-possible use to the public, the best way to achieve this is to make it
	-free software which everyone can redistribute and change under these terms.
	-
	- To do so, attach the following notices to the program. It is safest
	-to attach them to the start of each source file to most effectively
	-convey the exclusion of warranty; and each file should have at least
	-the "copyright" line and a pointer to where the full notice is found.
	-
	- <one line to give the program's name and a brief idea of what it does.>
	- Copyright (C) <year> <name of author>
	-
	- This program is free software; you can redistribute it and/or modify
	- it under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- This program is distributed in the hope that it will be useful,
	- but WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	- GNU General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with this program; if not, write to the Free Software
	- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
	-
	-
	-Also add information on how to contact you by electronic and paper mail.
	-
	-If the program is interactive, make it output a short notice like this
	-when it starts in an interactive mode:
	-
	- Gnomovision version 69, Copyright (C) year name of author
	- Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
	- This is free software, and you are welcome to redistribute it
	- under certain conditions; type `show c' for details.
	-
	-The hypothetical commands `show w' and `show c' should show the appropriate
	-parts of the General Public License. Of course, the commands you use may
	-be called something other than `show w' and `show c'; they could even be
	-mouse-clicks or menu items--whatever suits your program.
	-
	-You should also get your employer (if you work as a programmer) or your
	-school, if any, to sign a "copyright disclaimer" for the program, if
	-necessary. Here is a sample; alter the names:
	-
	- Yoyodyne, Inc., hereby disclaims all copyright interest in the program
	- `Gnomovision' (which makes passes at compilers) written by James Hacker.
	-
	- <signature of Ty Coon>, 1 April 1989
	- Ty Coon, President of Vice
	-
	-This General Public License does not permit incorporating your program into
	-proprietary programs. If your program is a subroutine library, you may
	-consider it more useful to permit linking proprietary applications with the
	-library. If this is what you want to do, use the GNU Library General
	-Public License instead of this License.
	diff --git a/COPYING.LESSER b/COPYING.LESSER
	new file mode 100644
	index 0000000..89d4489
	--- /dev/null
	+++ b/COPYING.LESSER
	@@ -0,0 +1,508 @@
	+
	+ GNU LESSER GENERAL PUBLIC LICENSE
	+ Version 2.1, February 1999
	+
	+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
	+ 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	+ Everyone is permitted to copy and distribute verbatim copies
	+ of this license document, but changing it is not allowed.
	+
	+[This is the first released version of the Lesser GPL. It also counts
	+ as the successor of the GNU Library Public License, version 2, hence
	+ the version number 2.1.]
	+
	+ Preamble
	+
	+ The licenses for most software are designed to take away your
	+freedom to share and change it. By contrast, the GNU General Public
	+Licenses are intended to guarantee your freedom to share and change
	+free software--to make sure the software is free for all its users.
	+
	+ This license, the Lesser General Public License, applies to some
	+specially designated software packages--typically libraries--of the
	+Free Software Foundation and other authors who decide to use it. You
	+can use it too, but we suggest you first think carefully about whether
	+this license or the ordinary General Public License is the better
	+strategy to use in any particular case, based on the explanations
	+below.
	+
	+ When we speak of free software, we are referring to freedom of use,
	+not price. Our General Public Licenses are designed to make sure that
	+you have the freedom to distribute copies of free software (and charge
	+for this service if you wish); that you receive source code or can get
	+it if you want it; that you can change the software and use pieces of
	+it in new free programs; and that you are informed that you can do
	+these things.
	+
	+ To protect your rights, we need to make restrictions that forbid
	+distributors to deny you these rights or to ask you to surrender these
	+rights. These restrictions translate to certain responsibilities for
	+you if you distribute copies of the library or if you modify it.
	+
	+ For example, if you distribute copies of the library, whether gratis
	+or for a fee, you must give the recipients all the rights that we gave
	+you. You must make sure that they, too, receive or can get the source
	+code. If you link other code with the library, you must provide
	+complete object files to the recipients, so that they can relink them
	+with the library after making changes to the library and recompiling
	+it. And you must show them these terms so they know their rights.
	+
	+ We protect your rights with a two-step method: (1) we copyright the
	+library, and (2) we offer you this license, which gives you legal
	+permission to copy, distribute and/or modify the library.
	+
	+ To protect each distributor, we want to make it very clear that
	+there is no warranty for the free library. Also, if the library is
	+modified by someone else and passed on, the recipients should know
	+that what they have is not the original version, so that the original
	+author's reputation will not be affected by problems that might be
	+introduced by others.
	+^L
	+ Finally, software patents pose a constant threat to the existence of
	+any free program. We wish to make sure that a company cannot
	+effectively restrict the users of a free program by obtaining a
	+restrictive license from a patent holder. Therefore, we insist that
	+any patent license obtained for a version of the library must be
	+consistent with the full freedom of use specified in this license.
	+
	+ Most GNU software, including some libraries, is covered by the
	+ordinary GNU General Public License. This license, the GNU Lesser
	+General Public License, applies to certain designated libraries, and
	+is quite different from the ordinary General Public License. We use
	+this license for certain libraries in order to permit linking those
	+libraries into non-free programs.
	+
	+ When a program is linked with a library, whether statically or using
	+a shared library, the combination of the two is legally speaking a
	+combined work, a derivative of the original library. The ordinary
	+General Public License therefore permits such linking only if the
	+entire combination fits its criteria of freedom. The Lesser General
	+Public License permits more lax criteria for linking other code with
	+the library.
	+
	+ We call this license the "Lesser" General Public License because it
	+does Less to protect the user's freedom than the ordinary General
	+Public License. It also provides other free software developers Less
	+of an advantage over competing non-free programs. These disadvantages
	+are the reason we use the ordinary General Public License for many
	+libraries. However, the Lesser license provides advantages in certain
	+special circumstances.
	+
	+ For example, on rare occasions, there may be a special need to
	+encourage the widest possible use of a certain library, so that it
	+becomes a de-facto standard. To achieve this, non-free programs must
	+be allowed to use the library. A more frequent case is that a free
	+library does the same job as widely used non-free libraries. In this
	+case, there is little to gain by limiting the free library to free
	+software only, so we use the Lesser General Public License.
	+
	+ In other cases, permission to use a particular library in non-free
	+programs enables a greater number of people to use a large body of
	+free software. For example, permission to use the GNU C Library in
	+non-free programs enables many more people to use the whole GNU
	+operating system, as well as its variant, the GNU/Linux operating
	+system.
	+
	+ Although the Lesser General Public License is Less protective of the
	+users' freedom, it does ensure that the user of a program that is
	+linked with the Library has the freedom and the wherewithal to run
	+that program using a modified version of the Library.
	+
	+ The precise terms and conditions for copying, distribution and
	+modification follow. Pay close attention to the difference between a
	+"work based on the library" and a "work that uses the library". The
	+former contains code derived from the library, whereas the latter must
	+be combined with the library in order to run.
	+^L
	+ GNU LESSER GENERAL PUBLIC LICENSE
	+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
	+
	+ 0. This License Agreement applies to any software library or other
	+program which contains a notice placed by the copyright holder or
	+other authorized party saying it may be distributed under the terms of
	+this Lesser General Public License (also called "this License").
	+Each licensee is addressed as "you".
	+
	+ A "library" means a collection of software functions and/or data
	+prepared so as to be conveniently linked with application programs
	+(which use some of those functions and data) to form executables.
	+
	+ The "Library", below, refers to any such software library or work
	+which has been distributed under these terms. A "work based on the
	+Library" means either the Library or any derivative work under
	+copyright law: that is to say, a work containing the Library or a
	+portion of it, either verbatim or with modifications and/or translated
	+straightforwardly into another language. (Hereinafter, translation is
	+included without limitation in the term "modification".)
	+
	+ "Source code" for a work means the preferred form of the work for
	+making modifications to it. For a library, complete source code means
	+all the source code for all modules it contains, plus any associated
	+interface definition files, plus the scripts used to control
	+compilation and installation of the library.
	+
	+ Activities other than copying, distribution and modification are not
	+covered by this License; they are outside its scope. The act of
	+running a program using the Library is not restricted, and output from
	+such a program is covered only if its contents constitute a work based
	+on the Library (independent of the use of the Library in a tool for
	+writing it). Whether that is true depends on what the Library does
	+and what the program that uses the Library does.
	+
	+ 1. You may copy and distribute verbatim copies of the Library's
	+complete source code as you receive it, in any medium, provided that
	+you conspicuously and appropriately publish on each copy an
	+appropriate copyright notice and disclaimer of warranty; keep intact
	+all the notices that refer to this License and to the absence of any
	+warranty; and distribute a copy of this License along with the
	+Library.
	+
	+ You may charge a fee for the physical act of transferring a copy,
	+and you may at your option offer warranty protection in exchange for a
	+fee.
	+
	+ 2. You may modify your copy or copies of the Library or any portion
	+of it, thus forming a work based on the Library, and copy and
	+distribute such modifications or work under the terms of Section 1
	+above, provided that you also meet all of these conditions:
	+
	+ a) The modified work must itself be a software library.
	+
	+ b) You must cause the files modified to carry prominent notices
	+ stating that you changed the files and the date of any change.
	+
	+ c) You must cause the whole of the work to be licensed at no
	+ charge to all third parties under the terms of this License.
	+
	+ d) If a facility in the modified Library refers to a function or a
	+ table of data to be supplied by an application program that uses
	+ the facility, other than as an argument passed when the facility
	+ is invoked, then you must make a good faith effort to ensure that,
	+ in the event an application does not supply such function or
	+ table, the facility still operates, and performs whatever part of
	+ its purpose remains meaningful.
	+
	+ (For example, a function in a library to compute square roots has
	+ a purpose that is entirely well-defined independent of the
	+ application. Therefore, Subsection 2d requires that any
	+ application-supplied function or table used by this function must
	+ be optional: if the application does not supply it, the square
	+ root function must still compute square roots.)
	+
	+These requirements apply to the modified work as a whole. If
	+identifiable sections of that work are not derived from the Library,
	+and can be reasonably considered independent and separate works in
	+themselves, then this License, and its terms, do not apply to those
	+sections when you distribute them as separate works. But when you
	+distribute the same sections as part of a whole which is a work based
	+on the Library, the distribution of the whole must be on the terms of
	+this License, whose permissions for other licensees extend to the
	+entire whole, and thus to each and every part regardless of who wrote
	+it.
	+
	+Thus, it is not the intent of this section to claim rights or contest
	+your rights to work written entirely by you; rather, the intent is to
	+exercise the right to control the distribution of derivative or
	+collective works based on the Library.
	+
	+In addition, mere aggregation of another work not based on the Library
	+with the Library (or with a work based on the Library) on a volume of
	+a storage or distribution medium does not bring the other work under
	+the scope of this License.
	+
	+ 3. You may opt to apply the terms of the ordinary GNU General Public
	+License instead of this License to a given copy of the Library. To do
	+this, you must alter all the notices that refer to this License, so
	+that they refer to the ordinary GNU General Public License, version 2,
	+instead of to this License. (If a newer version than version 2 of the
	+ordinary GNU General Public License has appeared, then you can specify
	+that version instead if you wish.) Do not make any other change in
	+these notices.
	+^L
	+ Once this change is made in a given copy, it is irreversible for
	+that copy, so the ordinary GNU General Public License applies to all
	+subsequent copies and derivative works made from that copy.
	+
	+ This option is useful when you wish to copy part of the code of
	+the Library into a program that is not a library.
	+
	+ 4. You may copy and distribute the Library (or a portion or
	+derivative of it, under Section 2) in object code or executable form
	+under the terms of Sections 1 and 2 above provided that you accompany
	+it with the complete corresponding machine-readable source code, which
	+must be distributed under the terms of Sections 1 and 2 above on a
	+medium customarily used for software interchange.
	+
	+ If distribution of object code is made by offering access to copy
	+from a designated place, then offering equivalent access to copy the
	+source code from the same place satisfies the requirement to
	+distribute the source code, even though third parties are not
	+compelled to copy the source along with the object code.
	+
	+ 5. A program that contains no derivative of any portion of the
	+Library, but is designed to work with the Library by being compiled or
	+linked with it, is called a "work that uses the Library". Such a
	+work, in isolation, is not a derivative work of the Library, and
	+therefore falls outside the scope of this License.
	+
	+ However, linking a "work that uses the Library" with the Library
	+creates an executable that is a derivative of the Library (because it
	+contains portions of the Library), rather than a "work that uses the
	+library". The executable is therefore covered by this License.
	+Section 6 states terms for distribution of such executables.
	+
	+ When a "work that uses the Library" uses material from a header file
	+that is part of the Library, the object code for the work may be a
	+derivative work of the Library even though the source code is not.
	+Whether this is true is especially significant if the work can be
	+linked without the Library, or if the work is itself a library. The
	+threshold for this to be true is not precisely defined by law.
	+
	+ If such an object file uses only numerical parameters, data
	+structure layouts and accessors, and small macros and small inline
	+functions (ten lines or less in length), then the use of the object
	+file is unrestricted, regardless of whether it is legally a derivative
	+work. (Executables containing this object code plus portions of the
	+Library will still fall under Section 6.)
	+
	+ Otherwise, if the work is a derivative of the Library, you may
	+distribute the object code for the work under the terms of Section 6.
	+Any executables containing that work also fall under Section 6,
	+whether or not they are linked directly with the Library itself.
	+^L
	+ 6. As an exception to the Sections above, you may also combine or
	+link a "work that uses the Library" with the Library to produce a
	+work containing portions of the Library, and distribute that work
	+under terms of your choice, provided that the terms permit
	+modification of the work for the customer's own use and reverse
	+engineering for debugging such modifications.
	+
	+ You must give prominent notice with each copy of the work that the
	+Library is used in it and that the Library and its use are covered by
	+this License. You must supply a copy of this License. If the work
	+during execution displays copyright notices, you must include the
	+copyright notice for the Library among them, as well as a reference
	+directing the user to the copy of this License. Also, you must do one
	+of these things:
	+
	+ a) Accompany the work with the complete corresponding
	+ machine-readable source code for the Library including whatever
	+ changes were used in the work (which must be distributed under
	+ Sections 1 and 2 above); and, if the work is an executable linked
	+ with the Library, with the complete machine-readable "work that
	+ uses the Library", as object code and/or source code, so that the
	+ user can modify the Library and then relink to produce a modified
	+ executable containing the modified Library. (It is understood
	+ that the user who changes the contents of definitions files in the
	+ Library will not necessarily be able to recompile the application
	+ to use the modified definitions.)
	+
	+ b) Use a suitable shared library mechanism for linking with the
	+ Library. A suitable mechanism is one that (1) uses at run time a
	+ copy of the library already present on the user's computer system,
	+ rather than copying library functions into the executable, and (2)
	+ will operate properly with a modified version of the library, if
	+ the user installs one, as long as the modified version is
	+ interface-compatible with the version that the work was made with.
	+
	+ c) Accompany the work with a written offer, valid for at least
	+ three years, to give the same user the materials specified in
	+ Subsection 6a, above, for a charge no more than the cost of
	+ performing this distribution.
	+
	+ d) If distribution of the work is made by offering access to copy
	+ from a designated place, offer equivalent access to copy the above
	+ specified materials from the same place.
	+
	+ e) Verify that the user has already received a copy of these
	+ materials or that you have already sent this user a copy.
	+
	+ For an executable, the required form of the "work that uses the
	+Library" must include any data and utility programs needed for
	+reproducing the executable from it. However, as a special exception,
	+the materials to be distributed need not include anything that is
	+normally distributed (in either source or binary form) with the major
	+components (compiler, kernel, and so on) of the operating system on
	+which the executable runs, unless that component itself accompanies
	+the executable.
	+
	+ It may happen that this requirement contradicts the license
	+restrictions of other proprietary libraries that do not normally
	+accompany the operating system. Such a contradiction means you cannot
	+use both them and the Library together in an executable that you
	+distribute.
	+^L
	+ 7. You may place library facilities that are a work based on the
	+Library side-by-side in a single library together with other library
	+facilities not covered by this License, and distribute such a combined
	+library, provided that the separate distribution of the work based on
	+the Library and of the other library facilities is otherwise
	+permitted, and provided that you do these two things:
	+
	+ a) Accompany the combined library with a copy of the same work
	+ based on the Library, uncombined with any other library
	+ facilities. This must be distributed under the terms of the
	+ Sections above.
	+
	+ b) Give prominent notice with the combined library of the fact
	+ that part of it is a work based on the Library, and explaining
	+ where to find the accompanying uncombined form of the same work.
	+
	+ 8. You may not copy, modify, sublicense, link with, or distribute
	+the Library except as expressly provided under this License. Any
	+attempt otherwise to copy, modify, sublicense, link with, or
	+distribute the Library is void, and will automatically terminate your
	+rights under this License. However, parties who have received copies,
	+or rights, from you under this License will not have their licenses
	+terminated so long as such parties remain in full compliance.
	+
	+ 9. You are not required to accept this License, since you have not
	+signed it. However, nothing else grants you permission to modify or
	+distribute the Library or its derivative works. These actions are
	+prohibited by law if you do not accept this License. Therefore, by
	+modifying or distributing the Library (or any work based on the
	+Library), you indicate your acceptance of this License to do so, and
	+all its terms and conditions for copying, distributing or modifying
	+the Library or works based on it.
	+
	+ 10. Each time you redistribute the Library (or any work based on the
	+Library), the recipient automatically receives a license from the
	+original licensor to copy, distribute, link with or modify the Library
	+subject to these terms and conditions. You may not impose any further
	+restrictions on the recipients' exercise of the rights granted herein.
	+You are not responsible for enforcing compliance by third parties with
	+this License.
	+^L
	+ 11. If, as a consequence of a court judgment or allegation of patent
	+infringement or for any other reason (not limited to patent issues),
	+conditions are imposed on you (whether by court order, agreement or
	+otherwise) that contradict the conditions of this License, they do not
	+excuse you from the conditions of this License. If you cannot
	+distribute so as to satisfy simultaneously your obligations under this
	+License and any other pertinent obligations, then as a consequence you
	+may not distribute the Library at all. For example, if a patent
	+license would not permit royalty-free redistribution of the Library by
	+all those who receive copies directly or indirectly through you, then
	+the only way you could satisfy both it and this License would be to
	+refrain entirely from distribution of the Library.
	+
	+If any portion of this section is held invalid or unenforceable under
	+any particular circumstance, the balance of the section is intended to
	+apply, and the section as a whole is intended to apply in other
	+circumstances.
	+
	+It is not the purpose of this section to induce you to infringe any
	+patents or other property right claims or to contest validity of any
	+such claims; this section has the sole purpose of protecting the
	+integrity of the free software distribution system which is
	+implemented by public license practices. Many people have made
	+generous contributions to the wide range of software distributed
	+through that system in reliance on consistent application of that
	+system; it is up to the author/donor to decide if he or she is willing
	+to distribute software through any other system and a licensee cannot
	+impose that choice.
	+
	+This section is intended to make thoroughly clear what is believed to
	+be a consequence of the rest of this License.
	+
	+ 12. If the distribution and/or use of the Library is restricted in
	+certain countries either by patents or by copyrighted interfaces, the
	+original copyright holder who places the Library under this License
	+may add an explicit geographical distribution limitation excluding those
	+countries, so that distribution is permitted only in or among
	+countries not thus excluded. In such case, this License incorporates
	+the limitation as if written in the body of this License.
	+
	+ 13. The Free Software Foundation may publish revised and/or new
	+versions of the Lesser General Public License from time to time.
	+Such new versions will be similar in spirit to the present version,
	+but may differ in detail to address new problems or concerns.
	+
	+Each version is given a distinguishing version number. If the Library
	+specifies a version number of this License which applies to it and
	+"any later version", you have the option of following the terms and
	+conditions either of that version or of any later version published by
	+the Free Software Foundation. If the Library does not specify a
	+license version number, you may choose any version ever published by
	+the Free Software Foundation.
	+^L
	+ 14. If you wish to incorporate parts of the Library into other free
	+programs whose distribution conditions are incompatible with these,
	+write to the author to ask for permission. For software which is
	+copyrighted by the Free Software Foundation, write to the Free
	+Software Foundation; we sometimes make exceptions for this. Our
	+decision will be guided by the two goals of preserving the free status
	+of all derivatives of our free software and of promoting the sharing
	+and reuse of software generally.
	+
	+ NO WARRANTY
	+
	+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
	+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
	+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
	+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
	+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
	+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
	+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
	+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
	+
	+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
	+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
	+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
	+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
	+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
	+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
	+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
	+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
	+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
	+DAMAGES.
	+
	+ END OF TERMS AND CONDITIONS
	+^L
	+ How to Apply These Terms to Your New Libraries
	+
	+ If you develop a new library, and you want it to be of the greatest
	+possible use to the public, we recommend making it free software that
	+everyone can redistribute and change. You can do so by permitting
	+redistribution under these terms (or, alternatively, under the terms
	+of the ordinary General Public License).
	+
	+ To apply these terms, attach the following notices to the library.
	+It is safest to attach them to the start of each source file to most
	+effectively convey the exclusion of warranty; and each file should
	+have at least the "copyright" line and a pointer to where the full
	+notice is found.
	+
	+
	+ <one line to give the library's name and a brief idea of what it does.>
	+ Copyright (C) <year> <name of author>
	+
	+ This library is free software; you can redistribute it and/or
	+ modify it under the terms of the GNU Lesser General Public
	+ License as published by the Free Software Foundation; either
	+ version 2.1 of the License, or (at your option) any later version.
	+
	+ This library is distributed in the hope that it will be useful,
	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ Lesser General Public License for more details.
	+
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with this library; if not, write to the Free Software
	+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	+
	+Also add information on how to contact you by electronic and paper mail.
	+
	+You should also get your employer (if you work as a programmer) or
	+your school, if any, to sign a "copyright disclaimer" for the library,
	+if necessary. Here is a sample; alter the names:
	+
	+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
	+ library `Frob' (a library for tweaking knobs) written by James
	+ Random Hacker.
	+
	+ <signature of Ty Coon>, 1 April 1990
	+ Ty Coon, President of Vice
	+
	+That's all there is to it!
	diff --git a/Makefile.am b/Makefile.am
	index 68db8e8..808a956 100644
	--- a/Makefile.am
	+++ b/Makefile.am
	@@ -1,42 +1,33 @@
	# Makefile.am - Top level Makefile for scute.
	# Copyright (C) 2006 g10 Code GmbH
	-#
	+#
	# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	-#
	-# You should have received a copy of the GNU General Public License
	-# along with this program; if not, see <http://www.gnu.org/licenses/>.
	+# Lesser General Public License for more details.
	#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Foundation's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	## Process this file with automake to produce Makefile.in

	ACLOCAL_AMFLAGS = -I m4
	AUTOMAKE_OPTIONS = dist-bzip2 no-dist-gzip

	EXTRA_DIST = autogen.sh README.GIT

	if RUN_TESTS
	tests = tests
	else
	-tests =
	+tests =
	endif

	SUBDIRS = m4 src ${tests} doc
	diff --git a/README b/README
	index 4cd9a12..4d93733 100644
	--- a/README
	+++ b/README
	@@ -1,439 +1,426 @@
	Scute
	=====

	This is a PKCS #11 implementation for the GnuPG Agent using the GnuPG
	Smart Card Daemon. Currently, only the OpenPGP card is supported.

	TOC
	===

	* Purpose
	* Prerequisites
	* Installation
	* Client Authentication
	* Troubleshooting
	* Features and Limitations
	* Development
	* Mozilla Bugs
	* Copyright and License


	Purpose
	=======

	Scute enables you to use your OpenPGP smart card for client
	authentication with SSL in Mozilla. See below for more details on how
	to get this working.

	Scute also allows you to sign emails with Thunderbird, using the
	S/MIME protocol, and to sign OpenDocument and PDF files with
	LibreOffice.


	Prerequisites
	=============

	For the compilation:
	* libgpg-error 1.14
	* libassuan 2.0.0

	At runtime:
	* Mozilla (or any other supported application using PKCS #11).
	* GnuPG 2.0, in particular: gpg-agent, scdaemon
	* Pinentry

	Note that client authentication with TLS 1.2 and S/MIME signing
	require GnuPG 2.1.


	Installation
	============

	To install the PKCS #11 Module, follow the generic installation
	instructions in the file INSTALL that accompanies this software.

	After installation, you can configure Mozilla to use Scute by
	visiting the preferences dialog in the "advanced" category, under
	"Security Devices". There you can "load" the module from its
	installed path, e.g. "/usr/lib/scute.so".


	Client Authentication
	=====================

	For client authentication to work, several steps need to be completed.
	Depending on your situation, some of these steps may be performed by
	third parties, like service providers. However, they can also all be
	performed locally, if use of client authentication with a local
	service is desired.

	For this introduction, we assume an Apache web server with SSL at the
	server side, and a connecting client running Firefox. As a
	certification authority (CA) we use OpenSSL. Scute provides a PKCS #11
	compatible security device to Firefox for client authentication. This
	security device gives Firefox access to the client's OpenPGP smart
	card.

	The Client Perspective
	----------------------

	To get things started, we have to prepare an initialised OpenPGP smart
	card by uploading an off-card key or generating a key on the card.
	The card you got may already have been initialised. Otherwise, you
	can find more information on this step in the smartcard HowTo, which
	also documents other basic card operations:
	http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto.html

	Once the card is initialised, we have to generate a certificate
	signing request (CSR) to get the authentication key of the card
	(OPENPGP.3, the third key on the card) certified by the CA. This can
	be done using "gpgsm --gen-key". For the CSR, a distinguished name
	(DN) is required. Your CA will have more information about what this
	DN should contain. Below we use an example for a test-employee
	"Floppy Head" of the test-CA that ships with OpenSSL ("Snake Oil,
	Ltd.").

	Generating the CSR is then just a matter of answering a few questions:

	$ gpgsm --gen-key > client.csr
	Please select what kind of key you want:
	(1) RSA
	(2) Existing key
	(3) Existing key from card
	Your selection? 3
	Serial number of the card: 355F9746499F0D4B4ECEE4928B007D16
	Available keys:
	(1) D53137B94C38D9BF6A199706EA6D5253 OPENPGP.1
	(2) B0CD1A9DFC3539A1D6A8B851A11C8665 OPENPGP.2
	(3) 53DB41052CC590A40B403F3E6350E5DC OPENPGP.3
	Your selection? 3
	Possible actions for a RSA key:
	(1) sign, encrypt
	(2) sign
	(3) encrypt
	Your selection? 2
	Enter the X.509 subject name: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
	Enter email addresses (end with an empty line):
	> floppy.head@example.org
	>
	Enter DNS names (optional; end with an empty line):
	>
	Enter URIs (optional; end with an empty line):
	>
	Create self-signed certificate? (y/N) n
	These parameters are used:
	Key-Type: card:OPENPGP.3
	Key-Length: 1024
	Key-Usage: sign
	Name-DN: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
	Name-Email: floppy.head@example.org

	Proceed with creation? (y/N) y
	Now creating certificate request. This may take a while ...
	gpgsm: about to sign the CSR for key: &53DB41052CC590A40B403F3E6350E5DC
	gpgsm: certificate request created
	Ready. You should now send this request to your CA.

	It is required to enter the signing PIN of the card to complete this
	step. The certificate can then be found in the file "/tmp/floppy.csr".
	This file should then be sent to the CA for certification (see below).

	The CA will return to the client a certificate "/tmp/floppy.crt", who
	can then import the issuer certificate of the CA (in this example, we
	access directly the local server certificate) and its own certificate
	with gpgsm:

	$ gpgsm --import /etc/apache/ssl.crt/snakeoil-ca-rsa.crt
	gpgsm: total number processed: 1
	gpgsm: imported: 1
	marcus@ulysses:~/g10/projects/pkcs11-for-scdaemon/ca/usercert/card3$ gpgsm --import /tmp/floppy.crt
	gpgsm: total number processed: 1
	gpgsm: unchanged: 1

	$ gpgsm --list-keys Floppy
	Serial number: 08
	Issuer: /CN=Snake Oil CA/OU=Certificate Authority/O=Snake Oil, Ltd/L=Snake Town/ST=Snake Desert/C=XY/EMail=ca@snakeoil.dom
	Subject: /CN=Floppy Head/OU=Webserver Team/O=Snake Oil, Ltd/ST=Snake Desert/C=XY
	validity: 2006-10-11 13:17:08 through 2007-10-11 13:17:08
	key type: 1024 bit RSA
	fingerprint: C9:08:0E:86:92:6C:7B:4B:8C:23:1C:9D:D7:15:BF:D4:A4:00:54:11

	Now the client can configure his web browser. If desired, the client
	can install the web servers certificate (alternatively, Firefox will
	ask when establishing the initial connection).

	To actually perform the client authentication, the client needs to set
	up the web browser for use with Scute. The Scute PKCS #11 module,
	installed under /usr/lib/scute.so by default, needs to be loaded as
	a security device in Firefox under
	Preferences->Advanced->Security->Certificates->Security Devices->Load
	When the security device is loaded, card insertion should cause the
	security device list be updated with the inserted token (the card), and the certificate that has been imported into gpgsm should be visible under
	Preferences->Advanced->Security->Certificates->View Certificates
	automatically.

	Firefox will by default select the certificate to be used for client
	authentication automatically from the list of available certificates.
	This setting can be changed if desired in
	Preferences->Advanced->Security->Certificates ("Select one
	automatically" vs. "Ask me every time")

	When the client then attempts to open the URL "https://localhost/" in
	this example, the web server will require SSL authentication, which
	causes Firefox to look (or ask) for a client certificate. If the
	certificate on the card is suitable (or selected), the user will have
	to enter the PIN number on the card to sign into the web site.


	The CA Perspective
	------------------

	The CA will have to process the CSR submitted by the client. After
	verifying the identity of the submitter by some external means, the CA
	may use for example this OpenSSL command to create a certificate (we
	use the example CA shipping with the Apache SSL module on Ubuntu):

	# cd /etc/apache/ssl.crt/
	# openssl ca -in /tmp/floppy.csr -cert /etc/apache/ssl.crt/snakeoil-ca-rsa.crt -keyfile /etc/apache/ssl.key/snakeoil-ca-rsa.key -out /tmp/floppy.crt
	Using configuration from /usr/lib/ssl/openssl.cnf
	Check that the request matches the signature
	Signature ok
	Certificate Details:
	Serial Number: 8 (0x8)
	Validity
	Not Before: Oct 11 13:17:08 2006 GMT
	Not After : Oct 11 13:17:08 2007 GMT
	Subject:
	countryName = XY
	stateOrProvinceName = Snake Desert
	organizationName = Snake Oil, Ltd
	organizationalUnitName = Webserver Team
	commonName = Floppy Head
	X509v3 extensions:
	X509v3 Basic Constraints:
	CA:FALSE
	Netscape Comment:
	OpenSSL Generated Certificate
	X509v3 Subject Key Identifier:
	72:AF:B8:13:3D:3D:9D:02:93:E4:D4:56:0C:06:90:4C:26:85:85:5D
	X509v3 Authority Key Identifier:
	DirName:/C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Certificate Authority/CN=Snake Oil CA/emailAddress=ca@snakeoil.dom
	serial:00

	Certificate is to be certified until Oct 11 13:17:08 2007 GMT (365 days)
	Sign the certificate? [y/n]:y


	1 out of 1 certificate requests certified, commit? [y/n]y
	Write out database with 1 new entries
	Data Base Updated

	The resulting file, "/tmp/floppy.crt" is sent back from the CA to the
	client along with the issuer certificate.

	For more information how to set up and work with a CA using OpenSSL,
	please see the OpenSSL documentation.

	The Server Perspective
	----------------------

	The service provider will set up an Apache web server with SSL
	support, and configure it to accept certificates from the CA. This
	step is quite involved. Garex has a concise HowTo online at
	http://www.garex.net/apache/ about how to do this. Beside the
	creation of a certificate that has its own fully qualified domain name
	(FQDN) as common name (CN part of the DN), this involves installing
	the Apache SSL module and configuration for it, for example in
	httpd.conf:

	SSLEngine on
	SSLCertificateFile /etc/apache/ssl.crt/server.crt
	SSLCertificateKeyFile /etc/apache/ssl.key/server.key

	SSLVerifyClient require
	SSLVerifyDepth 1
	SSLCACertificateFile /etc/apache/ssl.crt/snakeoil-ca-rsa.crt

	The file server.key is not protected by a passphrase (if it is, this
	passphrase needs to be provided when starting up Apache), and
	server.crt has "CN=localhost" as part of its DN for this example.


	Troubleshooting
	===============

	Symptom: Loading the Scute security device in the security device
	manager of Firefox fails with "Unable to load module".

	Solution: Make sure that Scute is correctly installed, and that all
	libraries and executables are available. Make sure that gpg-agent is
	running and can be found via the environment variable GPG_AGENT_INFO.


	Symptom: Client authentication fails with "<example.com> has received
	an incorrect or unexpected message. Error code: -12227".

	Solution: Make sure that the correct OpenPGP card is inserted and the
	certificate available in GPGSM. Check that the OpenPGP card is
	detected correctly in the security device manager and the
	corresponding certificate is displayed in the certificate manager of
	Firefox.


	Symptom: The OpenPGP card is detected and displayed in the security
	device manager in Firefox, but no corresponding certificate is
	displayed in the certificate manager of Firefox.

	Solution: Make sure that the corresponding certificate is imported in
	GPGSM.


	Features and Limitations
	========================

	Scute implements version 2.20 of the PKCS #11 specification.

	The OpenPGP smart card application is supported in read-only mode.

	The following functions are not supported:

	* C_Initialize: No support for native thread package. Locking
	callbacks must be provided if multi-threaded operation is desired.

	* C_WaitForSlotEvent: Not implemented. The interface as specified by
	PKCS #11 is broken anyway, as the function can not safely be
	canceled. Thus, we require polling.

	* C_GetOperationState, C_SetOperationState: Not supported.

	* C_InitToken, C_InitPIN, C_SetPIN: Not supported. No write
	operations are allowed. To configure the token, please use the
	tools accompanying the GnuPG software suite.

	* C_Login, C_Logout: Not supported. No login into the token by the
	software is required. Passphrase queries are implemented by the use
	of GPG Agent and Pinentry.

	* C_EncryptInit, C_Encrypt, C_EncryptUpdate, C_EncryptFinal,
	C_DigestInit, C_Digest, C_DigestUpdate, C_DigestKey, C_DigestFinal,
	C_VerifyInit, C_Verify, C_VerifyUpdate, C_VerifyFinal,
	C_VerifyRecoverInit, C_VerifyRec: Not supported. Only secret key
	operations are supported.

	* C_DecryptInit, C_Decrypt: Not yet supported, but will be in the
	future.

	* C_SignUpdate, C_SignFinal, C_DecryptUpdate, C_DecryptFinal: No
	progressive crypto-operations are supported.

	* C_SignRecoverInit, C_SignRecover: Not supported.

	* C_DigestEncryptUpdate, C_DecryptDigestUpdate, C_SignEncryptUpdate,
	C_DecryptVerifyUpdate: Dual-purpose cryptographic functions are not
	supported.

	* C_GenerateKey, C_GenerateKeyPair, C_WrapKey, C_UnwrapKey,
	C_DeriveKey: Key management functions are not supported. Please use
	the tools accompanying the GnuPG software suite to generate and
	import keys for use with the token.

	* C_SeedRandom: Not supported.

	* C_CreateObject, C_CopyObject, C_DestroyObject, C_SetAttributeValue:
	Only read-only operations are supported on objects.

	* C_GetObjectSize: Not supported.

	* CKO_CERTIFICATE:
	The label specifies the key on the card used (e.g. OPENPGP.3). The
	ID is the fingerprint.

	* CKO_PRIVATE_KEY:
	The CKA_LOCAL attribute can not be supported by the OpenPGP card.
	It is always set to false (as the key on the card may be copied to
	the card from an external source).


	Development
	===========

	Scute is single-threaded. There is a global lock that is taken in all
	entry points of Scute, except for C_Initialize, C_Finalize,
	C_GetFunctionList, and stubs.


	Here are a couple of hints on how to develop PKCS #11 modules for
	Mozilla:

	libopensc2 ships with a pkcs11-spy library that can be loaded as a
	wrapper around the PKCS #11 library you want to use to log all
	functions invoked by Mozilla. Here is how to use it:

	Set the PKCS11SPY_OUTPUT environment variable to a filename.
	pkcs11-spy appends its log messages at the end of this file. Set the
	PKCS11SPY environment variable to the filename of the PKCS #11 module
	you actually want to use. Start Mozilla within this environment.

	There is a different, probably more powerful way to debug Mozilla PKCS
	#11 libraries. However, to be able to use it, you need to configure
	and compile the Mozilla NSS sources with --enable-debug. Instructions
	can be found at:
	http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html

	Here are a couple of links to more information about implementing a
	PKCS #11 module for Mozilla:

	Implementing PKCS #11 for the Netscape Security Library
	(Caution: The content may be out of date)
	http://docs.sun.com/source/816-6150-10/index.htm
	http://docs.sun.com/source/816-6150-10/pkcs.htm

	Common PKCS #11 Implementation Problems
	http://www.mozilla.org/projects/security/pki/pkcs11/netscape/problems.html

	PKCS #11 Conformance Testing
	http://www.mozilla.org/projects/security/pki/pkcs11/

	And of course the Mozilla NSS web page:
	http://www.mozilla.org/projects/security/pki/nss/


	Mozilla Bugs
	============

	Mozilla has a bug that causes the security devices list to become
	corrupt when a security device is unloaded: The wrong entry is removed
	from the list. This is corrected by waiting for a refresh or closing
	and reopening the security device manager.


	Copyright and License
	=====================

	Scute is copyrighted by g10 Code GmbH and licensed under the GNU
	-General Pubic License version 2 or later with this exception:
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify the software, you
	- may extend this exception to your version of the software, but you
	- are not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version and from all source files.
	-
	-
	-g10 Code GmbH
	-marcus@g10code.com
	+Lesser General Public License version 2.1 or later. See the file
	+COPYING.LESSER for details.


	Copyright 2006, 2009 g10 Code GmbH

	This file is free software; as a special exception the author gives
	unlimited permission to copy and/or distribute it, with or without
	modifications, as long as this notice is preserved.

	This file is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
	implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	diff --git a/configure.ac b/configure.ac
	index bc56dae..5c4a98a 100644
	--- a/configure.ac
	+++ b/configure.ac
	@@ -1,486 +1,477 @@
	# configure.ac: Configure script for Scute.
	# Copyright (C) 2006, 2007, 2008, 2009, 2010, 2015 g10 Code GmbH
	#
	# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	+# Lesser General Public License for more details.
	#
	-# You should have received a copy of the GNU General Public License
	-# along with this program; if not, see <http://www.gnu.org/licenses/>.
	-#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Foundation's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	# Process this file with autoconf to produce a configure script.

	AC_PREREQ(2.61)
	min_automake_version="1.14"

	# To build a release you need to create a tag with the version number
	# (git tag -s scute-1.n.m) and run "./autogen.sh --force". Please
	# bump the version number immediately after the release and do
	# another commit and push so that the git magic is able to work.
	m4_define([mym4_package],[scute])
	m4_define([mym4_major], [1])
	m4_define([mym4_minor], [6])
	m4_define([mym4_micro], [0])

	# To start a new development series, i.e a new major or minor number
	# you need to mark an arbitrary commit before the first beta release
	# with an annotated tag. For example the 1.5 branch starts off with
	# the tag "scute-1.5-base". This is used as the base for counting
	# beta numbers before the first release of a series.

	# Below is m4 magic to extract and compute the git revision number,
	# the decimalized short revision number, a beta version string and a
	# flag indicating a development version (mym4_isbeta). Note that the
	# m4 processing is done by autoconf and not during the configure run.
	m4_define([mym4_verslist], m4_split(m4_esyscmd([./autogen.sh --find-version] \
	mym4_package mym4_major mym4_minor mym4_micro),[:]))
	m4_define([mym4_isbeta], m4_argn(2, mym4_verslist))
	m4_define([mym4_version], m4_argn(4, mym4_verslist))
	m4_define([mym4_revision], m4_argn(7, mym4_verslist))
	m4_define([mym4_revision_dec], m4_argn(8, mym4_verslist))
	m4_esyscmd([echo ]mym4_version[>VERSION])
	AC_INIT([mym4_package],[mym4_version], [https://bugs.gnupg.org])

	# LT Version numbers, remember to change them just before a release.
	# (Code changed: REVISION++)
	# (Interfaces added/removed/changed: CURRENT++, REVISION=0)
	# (Interfaces added: AGE++)
	# (Interfaces removed/changed: AGE=0)
	#
	LIBSCUTE_LT_CURRENT=0
	LIBSCUTE_LT_AGE=0
	LIBSCUTE_LT_REVISION=3

	# Version numbers reported by the PKCS #11 module to its users.
	VERSION_MAJOR=1
	VERSION_MINOR=0

	NEED_GPG_ERROR_VERSION=1.24
	NEED_LIBASSUAN_VERSION=2.5.0
	NEED_GPGSM_VERSION=2.2.0
	# Some status variables to give feedback at the end of a configure run.
	have_gpg_error=no
	have_libassuan=no

	#
	# Provide information about the build.
	#
	BUILD_REVISION="mym4_revision"
	BUILD_REVISION_DEC="mym4_revision_dec"

	PACKAGE=$PACKAGE_NAME
	VERSION=$PACKAGE_VERSION

	AC_CONFIG_AUX_DIR([build-aux])
	AC_CONFIG_SRCDIR([src/cryptoki.h])
	AC_CONFIG_HEADER([config.h])
	AC_CONFIG_MACRO_DIR(m4)
	AM_INIT_AUTOMAKE
	AM_MAINTAINER_MODE
	AC_CANONICAL_HOST

	# Autobuilder support.
	AB_INIT

	# Enable GNU extensions on systems that have them.
	AC_GNU_SOURCE

	AH_VERBATIM([_REENTRANT],
	[/* To allow the use of scute in multithreaded programs we have to use
	special features from the library. */
	#ifndef _REENTRANT
	# define _REENTRANT 1
	#endif])

	# Checks for programs.
	AC_PROG_CC

	#
	# Setup gcc specific options
	#
	AC_MSG_NOTICE([checking for cc features])
	if test "$GCC" = yes; then
	mycflags=
	mycflags_save=$CFLAGS

	# Check whether gcc does not emit a diagnositc for unknow -Wno-*
	# options. This is the case for gcc >= 4.6
	AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options])
	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
	#if __GNUC__ < 4 \|\| (__GNUC__ == 4 && __GNUC_MINOR__ < 6 )
	#kickerror
	#endif]],[])],[_gcc_silent_wno=yes],[_gcc_silent_wno=no])
	AC_MSG_RESULT($_gcc_silent_wno)

	# Note that it is okay to use CFLAGS here because these are just
	# warning options and the user should have a chance of overriding
	# them.
	if test "$USE_MAINTAINER_MODE" = "yes"; then
	mycflags="$mycflags -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes"
	mycflags="$mycflags -Wformat -Wno-format-y2k -Wformat-security"
	if test x"$_gcc_silent_wno" = xyes ; then
	_gcc_wopt=yes
	else
	AC_MSG_CHECKING([if gcc supports -Wno-missing-field-initializers])
	CFLAGS="-Wno-missing-field-initializers"
	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
	[_gcc_wopt=yes],[_gcc_wopt=no])
	AC_MSG_RESULT($_gcc_wopt)
	fi
	if test x"$_gcc_wopt" = xyes ; then
	mycflags="$mycflags -W -Wno-sign-compare"
	mycflags="$mycflags -Wno-missing-field-initializers"
	fi

	AC_MSG_CHECKING([if gcc supports -Wdeclaration-after-statement])
	CFLAGS="-Wdeclaration-after-statement"
	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_wopt=yes,_gcc_wopt=no)
	AC_MSG_RESULT($_gcc_wopt)
	if test x"$_gcc_wopt" = xyes ; then
	mycflags="$mycflags -Wdeclaration-after-statement"
	fi
	else
	mycflags="$mycflags -Wall"
	fi

	if test x"$_gcc_silent_wno" = xyes ; then
	_gcc_psign=yes
	else
	AC_MSG_CHECKING([if gcc supports -Wno-pointer-sign])
	CFLAGS="-Wno-pointer-sign"
	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],
	[_gcc_psign=yes],[_gcc_psign=no])
	AC_MSG_RESULT($_gcc_psign)
	fi
	if test x"$_gcc_psign" = xyes ; then
	mycflags="$mycflags -Wno-pointer-sign"
	fi

	AC_MSG_CHECKING([if gcc supports -Wpointer-arith])
	CFLAGS="-Wpointer-arith"
	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])],_gcc_psign=yes,_gcc_psign=no)
	AC_MSG_RESULT($_gcc_psign)
	if test x"$_gcc_psign" = xyes ; then
	mycflags="$mycflags -Wpointer-arith"
	fi

	CFLAGS="$mycflags $mycflags_save"
	fi

	AC_ARG_ENABLE(optimization,
	AC_HELP_STRING([--disable-optimization],
	[disable compiler optimization]),
	[if test $enableval = no ; then
	CFLAGS=`echo $CFLAGS \| sed 's/-O[[0-9]]//'`
	fi])


	AC_SUBST(LIBSCUTE_LT_CURRENT)
	AC_SUBST(LIBSCUTE_LT_AGE)
	AC_SUBST(LIBSCUTE_LT_REVISION)
	AC_DEFINE_UNQUOTED(NEED_GPGSM_VERSION, "$NEED_GPGSM_VERSION",
	[Min. needed GPGSM version.])

	AC_SUBST(PACKAGE)
	AC_SUBST(VERSION)
	AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of this package])
	AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version of this package])
	AC_DEFINE_UNQUOTED(VERSION_MAJOR, $VERSION_MAJOR, [Major version number])
	AC_DEFINE_UNQUOTED(VERSION_MINOR, $VERSION_MINOR, [Minor version number])

	# Don't default to build static libs.
	# FIXME: Caution: Evil hack ahead. Libtool does not support linking a
	# static library to a shared library. But for libassuan, we need this.
	# Instead adding a lot of junk to Makefile.am to get this, we just override
	# all safety checks here. We are driving without seat belts now!
	# http://lists.cairographics.org/archives/cairo/2009-April/016962.html
	lt_cv_deplibs_check_method=pass_all
	LT_PREREQ([2.2.6])
	LT_INIT([win32-dll disable-static])
	LT_LANG([Windows Resource])

	# For now we hardcode the use of version scripts. It would be better
	# to write a test for this or even implement this within libtool.
	have_ld_version_script=no
	case "${host}" in
	--linux*)
	have_ld_version_script=yes
	;;
	--gnu*)
	have_ld_version_script=yes
	;;
	esac
	AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")

	GPGSM_DEFAULT=no
	GPG_CONNECT_AGENT_DEFAULT=no
	have_w32_system=no
	case "${host}" in
	-mingw32)
	# special stuff for Windoze NT
	GPGSM_DEFAULT='c:\\gnupg\\gpgsm.exe'
	GPG_CONNECT_AGENT_DEFAULT='c:\\gnupg\\gpg-connect-agent.exe'
	have_w32_system=yes
	;;
	*)
	;;
	esac

	if test "$have_w32_system" = yes; then
	AC_DEFINE(HAVE_W32_SYSTEM,1, [Defined if we run on a W32 API based system])
	fi
	AM_CONDITIONAL(HAVE_W32_SYSTEM, test "$have_w32_system" = yes)

	# Generate values for the DLL version info
	if test "$have_w32_system" = yes; then
	BUILD_TIMESTAMP=`date --iso-8601=minutes`
	changequote(,)dnl
	BUILD_FILEVERSION=`echo "$VERSION" \| sed 's/$[0-9.]$./\1./;s/\./,/g'`
	changequote([,])dnl
	BUILD_FILEVERSION="${BUILD_FILEVERSION}${BUILD_REVISION_DEC}"
	fi
	AC_SUBST(BUILD_REVISION)
	AC_SUBST(BUILD_REVISION_DEC)
	AC_SUBST(BUILD_TIMESTAMP)
	AC_SUBST(BUILD_FILEVERSION)

	# Checks for libraries.

	AC_CHECK_FUNCS([ttyname localtime_r timegm stpcpy])

	# Run the checks needed for estream-printf.c
	estream_PRINTF_INIT

	# The error code library. Error codes are sent over the IPC layer and
	# have to be interpreted.
	AM_PATH_GPG_ERROR("$NEED_GPG_ERROR_VERSION",
	have_gpg_error=yes, have_gpg_error=no)

	# The IPC library.
	AM_PATH_LIBASSUAN("$NEED_LIBASSUAN_VERSION",
	have_libassuan=yes, have_libassuan=no)

	# GPGSM
	NO_OVERRIDE=no
	AC_ARG_WITH(gpgsm,
	AC_HELP_STRING([--with-gpgsm=PATH], [use GpgSM binary at PATH]),
	GPGSM=$withval, NO_OVERRIDE=yes)
	if test "$NO_OVERRIDE" = "yes" \|\| test "$GPGSM" = "yes"; then
	GPGSM=
	NO_OVERRIDE=yes
	if test "$cross_compiling" != "yes"; then
	AC_PATH_PROG(GPGSM, gpgsm)
	fi
	if test -z "$GPGSM"; then
	GPGSM="$GPGSM_DEFAULT"
	fi
	fi
	if test "$GPGSM" = no; then
	if test "$NO_OVERRIDE" = "yes"; then
	if test "$cross_compiling" != "yes"; then
	AC_MSG_ERROR([
	***
	*** Could not find GpgSM, install GpgSM or use --with-gpgsm=PATH to enable it
	***])
	else
	AC_MSG_ERROR([
	***
	*** Can not determine path to GpgSM when cross-compiling, use --with-gpgsm=PATH
	***])
	fi
	fi
	else
	AC_DEFINE_UNQUOTED(GPGSM_PATH, "$GPGSM", [Path to the GPGSM binary.])
	AC_DEFINE(ENABLE_GPGSM,1,[Whether GPGSM support is enabled])
	fi
	AM_CONDITIONAL(HAVE_GPGSM, test "$GPGSM" != "no")


	dnl Check for GPGSM version requirement.
	GPGSM_VERSION=unknown
	ok=maybe
	if test -z "$GPGSM" -o "x$GPGSM" = "xno"; then
	ok=no
	else
	if test "$cross_compiling" = "yes"; then
	AC_MSG_WARN([GPGSM version can not be checked when cross compiling])
	ok=no
	else
	if test ! -x "$GPGSM"; then
	AC_MSG_WARN([GPGSM not executable, version check disabled])
	ok=no
	fi
	fi
	fi
	if test "$ok" = "maybe"; then
	AC_MSG_CHECKING(for GPGSM >= $NEED_GPGSM_VERSION)
	req_major=`echo $NEED_GPGSM_VERSION \| \
	sed 's/$[[0-9]]$\.$[[0-9]]$\.$[[0-9]]*$/\1/'`
	req_minor=`echo $NEED_GPGSM_VERSION \| \
	sed 's/$[[0-9]]$\.$[[0-9]]$\.$[[0-9]]*$/\2/'`
	req_micro=`echo $NEED_GPGSM_VERSION \| \
	sed 's/$[[0-9]]$\.$[[0-9]]$\.$[[0-9]]*$/\3/'`
	gpgsm_version=`$GPGSM --version \| grep ^gpgsm`
	major=`echo $gpgsm_version \| \
	sed 's/^gpgsm (GnuPG) $[[0-9]]$\.$[[0-9]]$\.$[[0-9]]$./\1/'`
	minor=`echo $gpgsm_version \| \
	sed 's/^gpgsm (GnuPG) $[[0-9]]$\.$[[0-9]]$\.$[[0-9]]$./\2/'`
	micro=`echo $gpgsm_version \| \
	sed 's/^gpgsm (GnuPG) $[[0-9]]$\.$[[0-9]]$\.$[[0-9]]$./\3/'`
	GPGSM_VERSION=`echo $gpgsm_version \| sed 's/^gpgsm (GnuPG) //'`

	if test "$major" -gt "$req_major"; then
	ok=yes
	else
	if test "$major" -eq "$req_major"; then
	if test "$minor" -gt "$req_minor"; then
	ok=yes
	else
	if test "$minor" -eq "$req_minor"; then
	if test "$micro" -ge "$req_micro"; then
	ok=yes
	fi
	fi
	fi
	fi
	fi
	if test "$ok" = "yes"; then
	AC_MSG_RESULT(yes)
	else
	AC_MSG_RESULT(no)
	AC_MSG_WARN([GPGSM must be at least version $NEED_GPGSM_VERSION])
	fi
	fi
	gpgsm_ok="$ok"

	# GPG_CONNECT_AGENT
	NO_OVERRIDE=no
	AC_ARG_WITH(gpg-connect-agent,
	AC_HELP_STRING([--with-gpg-connect-agent=PATH],
	[use gpg-connect-agent binary at PATH]),
	GPG_CONNECT_AGENT=$withval, NO_OVERRIDE=yes)
	if test "$NO_OVERRIDE" = "yes" \|\| test "$GPG_CONNECT_AGENT" = "yes"; then
	GPG_CONNECT_AGENT=
	NO_OVERRIDE=yes
	if test "$cross_compiling" != "yes"; then
	AC_CHECK_PROG(GPG_CONNECT_AGENT, gpg-connect-agent, gpg-connect-agent)
	fi
	if test -z "$GPG_CONNECT_AGENT"; then
	GPG_CONNECT_AGENT="$GPG_CONNECT_AGENT_DEFAULT"
	fi
	fi
	if test "$GPG_CONNECT_AGENT" = no; then
	if test "$NO_OVERRIDE" = "yes"; then
	if test "$cross_compiling" != "yes"; then
	AC_MSG_ERROR([
	***
	*** Could not find gpg-connect-agent, use --with-gpg-connect-agent=PATH to enable it
	***])
	else
	AC_MSG_ERROR([
	***
	*** Can not determine path to gpg-connect-agent when cross-compiling, use --with-gpg-connect-agent=PATH
	***])
	fi
	fi
	else
	AC_DEFINE_UNQUOTED(GPG_CONNECT_AGENT_PATH, "$GPG_CONNECT_AGENT",
	[Path to the GPG_CONNECT_AGENT binary.])
	fi


	# Checks for header files.
	AC_HEADER_STDC
	AC_CHECK_HEADERS([stdlib.h string.h])

	# Checks for typedefs, structures, and compiler characteristics.
	AC_HEADER_STDBOOL
	AC_C_INLINE

	# Checks for library functions.

	# Check for programs needed for the manual.
	AC_CHECK_PROG(CONVERT, convert, convert)
	AC_CHECK_PROG(EPSTOPDF, epstopdf, epstopdf)

	# Test if tests can be run
	ok=yes
	AM_CONDITIONAL(RUN_TESTS, test "$ok" = "yes")


	AH_BOTTOM([
	/* Prefix all estream functions. */
	#define _ESTREAM_EXT_SYM_PREFIX _scute_
	])


	# Print errors here so that they are visible all
	# together and the user can acquire them all together.

	die=no
	if test "$have_gpg_error" = "no"; then
	die=yes
	AC_MSG_NOTICE([[
	***
	*** You need libgpg-error to build this program.
	** This library is for example available at
	*** ftp://ftp.gnupg.org/pub/gcrypt/libgpg-error
	*** (at least version $NEED_GPG_ERROR_VERSION is required.)
	***]])
	fi
	if test "$have_libassuan" = "no"; then
	die=yes
	AC_MSG_NOTICE([[
	***
	*** You need libassuan to build this program.
	*** This library is for example available at
	*** ftp://ftp.gnupg.org/pub/gcrypt/alpha/libassuan/
	*** (at least version $NEED_LIBASSUAN_VERSION is required).
	***]])
	fi

	if test "$die" = "yes"; then
	AC_MSG_ERROR([[
	***
	*** Required libraries not found. Please consult the above messages
	*** and install them before running configure again.
	***]])
	fi

	AC_CONFIG_FILES([Makefile
	m4/Makefile
	src/Makefile
	tests/Makefile
	doc/manual/Makefile
	doc/Makefile
	src/versioninfo.rc])
	AC_OUTPUT

	echo "
	Scute v${VERSION} has been configured as follows:

	Revision: mym4_revision (mym4_revision_dec)
	Platform: $host

	GpgSM: ${GPGSM}
	Gpg-connect-agent: ${GPG_CONNECT_AGENT}

	"
	diff --git a/doc/Makefile.am b/doc/Makefile.am
	index 2c4ab5f..3f77522 100644
	--- a/doc/Makefile.am
	+++ b/doc/Makefile.am
	@@ -1,37 +1,27 @@
	# Makefile.am
	# Copyright (C) 2006 g10 Code GmbH
	-#
	-# This file is part of scute.
	+#
	+# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	-#
	-# You should have received a copy of the GNU General Public License
	-# along with Scute; if not, write to the Free Software Foundation,
	-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+# Lesser General Public License for more details.
	#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Foundation's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	## Process this file with automake to produce Makefile.in

	website = index.xhtml documentation.xhtml download.xhtml contact.xhtml \
	format/web.css format/scute-logo.svg format/scute-border.jpg

	EXTRA_DIST = $(addprefix website/, $(website))

	-SUBDIRS = manual
	\ No newline at end of file
	+SUBDIRS = manual
	diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am
	index 499e750..a3b8321 100644
	--- a/doc/manual/Makefile.am
	+++ b/doc/manual/Makefile.am
	@@ -1,60 +1,50 @@
	# Makefile.am - Doc directory Makefile for scute.
	# Copyright (C) 2006, 2007 g10 Code GmbH
	-#
	-# This file is part of scute.
	+#
	+# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	-#
	-# You should have received a copy of the GNU General Public License
	-# along with Scute; if not, write to the Free Software Foundation,
	-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+# Lesser General Public License for more details.
	#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Foundation's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	## Process this file with automake to produce Makefile.in

	DISTCLEANFILES = scute.tmp

	images = firefox-cm.png firefox-cm-view-detail.png firefox-cm-view.png \
	firefox-dm-load-after.png firefox-dm-load-before.png \
	firefox-dm-load.png firefox-dm-token-present.png firefox-pref.png \
	firefox-pref-view.png firefox-bad-pin.png \
	thunderbird-account-settings.png thunderbird-smime-button.png \
	libreoffice-certificate-selection.png \
	libreoffice-digital-signatures.png libreoffice-pdf-signature.png

	images_eps = $(images:.png=.eps)

	EXTRA_DIST = $(images)
	CLEANFILES = $(images_eps)

	info_TEXINFOS = scute.texi
	-scute_TEXINFOS = gpl.texi
	+scute_TEXINFOS = lesser.texi

	scute.html: scute.texi $(foreach i,$(images),scute.html/$(i))
	$(MAKEINFO) --html --output "$@" "$<"
	scute.html/%.png: %.png
	@mkdir -p scute.html
	cp -v "$<" "$@"

	scute.dvi: $(images_eps)
	scute.pdf: $(images)

	%.eps : %.png
	$(CONVERT) `test -f '$<' \|\| echo '$(srcdir)/'`$< $@
	diff --git a/doc/manual/gpl.texi b/doc/manual/gpl.texi
	deleted file mode 100644
	index c14b055..0000000
	--- a/doc/manual/gpl.texi
	+++ /dev/null
	@@ -1,397 +0,0 @@
	-@node Copying
	-@appendix GNU GENERAL PUBLIC LICENSE
	-
	-@cindex GPL, GNU General Public License
	-@center Version 2, June 1991
	-
	-@display
	-Copyright @copyright{} 1989, 1991 Free Software Foundation, Inc.
	-59 Temple Place -- Suite 330, Boston, MA 02111-1307, USA
	-
	-Everyone is permitted to copy and distribute verbatim copies
	-of this license document, but changing it is not allowed.
	-@end display
	-
	-@unnumberedsec Preamble
	-
	- The licenses for most software are designed to take away your
	-freedom to share and change it. By contrast, the GNU General Public
	-License is intended to guarantee your freedom to share and change free
	-software---to make sure the software is free for all its users. This
	-General Public License applies to most of the Free Software
	-Foundation's software and to any other program whose authors commit to
	-using it. (Some other Free Software Foundation software is covered by
	-the GNU Library General Public License instead.) You can apply it to
	-your programs, too.
	-
	- When we speak of free software, we are referring to freedom, not
	-price. Our General Public Licenses are designed to make sure that you
	-have the freedom to distribute copies of free software (and charge for
	-this service if you wish), that you receive source code or can get it
	-if you want it, that you can change the software or use pieces of it
	-in new free programs; and that you know you can do these things.
	-
	- To protect your rights, we need to make restrictions that forbid
	-anyone to deny you these rights or to ask you to surrender the rights.
	-These restrictions translate to certain responsibilities for you if you
	-distribute copies of the software, or if you modify it.
	-
	- For example, if you distribute copies of such a program, whether
	-gratis or for a fee, you must give the recipients all the rights that
	-you have. You must make sure that they, too, receive or can get the
	-source code. And you must show them these terms so they know their
	-rights.
	-
	- We protect your rights with two steps: (1) copyright the software, and
	-(2) offer you this license which gives you legal permission to copy,
	-distribute and/or modify the software.
	-
	- Also, for each author's protection and ours, we want to make certain
	-that everyone understands that there is no warranty for this free
	-software. If the software is modified by someone else and passed on, we
	-want its recipients to know that what they have is not the original, so
	-that any problems introduced by others will not reflect on the original
	-authors' reputations.
	-
	- Finally, any free program is threatened constantly by software
	-patents. We wish to avoid the danger that redistributors of a free
	-program will individually obtain patent licenses, in effect making the
	-program proprietary. To prevent this, we have made it clear that any
	-patent must be licensed for everyone's free use or not licensed at all.
	-
	- The precise terms and conditions for copying, distribution and
	-modification follow.
	-
	-@iftex
	-@appendixsubsec TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
	-@end iftex
	-@ifinfo
	-@center TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
	-@end ifinfo
	-
	-@enumerate
	-@item
	-This License applies to any program or other work which contains
	-a notice placed by the copyright holder saying it may be distributed
	-under the terms of this General Public License. The ``Program'', below,
	-refers to any such program or work, and a ``work based on the Program''
	-means either the Program or any derivative work under copyright law:
	-that is to say, a work containing the Program or a portion of it,
	-either verbatim or with modifications and/or translated into another
	-language. (Hereinafter, translation is included without limitation in
	-the term ``modification''.) Each licensee is addressed as ``you''.
	-
	-Activities other than copying, distribution and modification are not
	-covered by this License; they are outside its scope. The act of
	-running the Program is not restricted, and the output from the Program
	-is covered only if its contents constitute a work based on the
	-Program (independent of having been made by running the Program).
	-Whether that is true depends on what the Program does.
	-
	-@item
	-You may copy and distribute verbatim copies of the Program's
	-source code as you receive it, in any medium, provided that you
	-conspicuously and appropriately publish on each copy an appropriate
	-copyright notice and disclaimer of warranty; keep intact all the
	-notices that refer to this License and to the absence of any warranty;
	-and give any other recipients of the Program a copy of this License
	-along with the Program.
	-
	-You may charge a fee for the physical act of transferring a copy, and
	-you may at your option offer warranty protection in exchange for a fee.
	-
	-@item
	-You may modify your copy or copies of the Program or any portion
	-of it, thus forming a work based on the Program, and copy and
	-distribute such modifications or work under the terms of Section 1
	-above, provided that you also meet all of these conditions:
	-
	-@enumerate a
	-@item
	-You must cause the modified files to carry prominent notices
	-stating that you changed the files and the date of any change.
	-
	-@item
	-You must cause any work that you distribute or publish, that in
	-whole or in part contains or is derived from the Program or any
	-part thereof, to be licensed as a whole at no charge to all third
	-parties under the terms of this License.
	-
	-@item
	-If the modified program normally reads commands interactively
	-when run, you must cause it, when started running for such
	-interactive use in the most ordinary way, to print or display an
	-announcement including an appropriate copyright notice and a
	-notice that there is no warranty (or else, saying that you provide
	-a warranty) and that users may redistribute the program under
	-these conditions, and telling the user how to view a copy of this
	-License. (Exception: if the Program itself is interactive but
	-does not normally print such an announcement, your work based on
	-the Program is not required to print an announcement.)
	-@end enumerate
	-
	-These requirements apply to the modified work as a whole. If
	-identifiable sections of that work are not derived from the Program,
	-and can be reasonably considered independent and separate works in
	-themselves, then this License, and its terms, do not apply to those
	-sections when you distribute them as separate works. But when you
	-distribute the same sections as part of a whole which is a work based
	-on the Program, the distribution of the whole must be on the terms of
	-this License, whose permissions for other licensees extend to the
	-entire whole, and thus to each and every part regardless of who wrote it.
	-
	-Thus, it is not the intent of this section to claim rights or contest
	-your rights to work written entirely by you; rather, the intent is to
	-exercise the right to control the distribution of derivative or
	-collective works based on the Program.
	-
	-In addition, mere aggregation of another work not based on the Program
	-with the Program (or with a work based on the Program) on a volume of
	-a storage or distribution medium does not bring the other work under
	-the scope of this License.
	-
	-@item
	-You may copy and distribute the Program (or a work based on it,
	-under Section 2) in object code or executable form under the terms of
	-Sections 1 and 2 above provided that you also do one of the following:
	-
	-@enumerate a
	-@item
	-Accompany it with the complete corresponding machine-readable
	-source code, which must be distributed under the terms of Sections
	-1 and 2 above on a medium customarily used for software interchange; or,
	-
	-@item
	-Accompany it with a written offer, valid for at least three
	-years, to give any third party, for a charge no more than your
	-cost of physically performing source distribution, a complete
	-machine-readable copy of the corresponding source code, to be
	-distributed under the terms of Sections 1 and 2 above on a medium
	-customarily used for software interchange; or,
	-
	-@item
	-Accompany it with the information you received as to the offer
	-to distribute corresponding source code. (This alternative is
	-allowed only for noncommercial distribution and only if you
	-received the program in object code or executable form with such
	-an offer, in accord with Subsection b above.)
	-@end enumerate
	-
	-The source code for a work means the preferred form of the work for
	-making modifications to it. For an executable work, complete source
	-code means all the source code for all modules it contains, plus any
	-associated interface definition files, plus the scripts used to
	-control compilation and installation of the executable. However, as a
	-special exception, the source code distributed need not include
	-anything that is normally distributed (in either source or binary
	-form) with the major components (compiler, kernel, and so on) of the
	-operating system on which the executable runs, unless that component
	-itself accompanies the executable.
	-
	-If distribution of executable or object code is made by offering
	-access to copy from a designated place, then offering equivalent
	-access to copy the source code from the same place counts as
	-distribution of the source code, even though third parties are not
	-compelled to copy the source along with the object code.
	-
	-@item
	-You may not copy, modify, sublicense, or distribute the Program
	-except as expressly provided under this License. Any attempt
	-otherwise to copy, modify, sublicense or distribute the Program is
	-void, and will automatically terminate your rights under this License.
	-However, parties who have received copies, or rights, from you under
	-this License will not have their licenses terminated so long as such
	-parties remain in full compliance.
	-
	-@item
	-You are not required to accept this License, since you have not
	-signed it. However, nothing else grants you permission to modify or
	-distribute the Program or its derivative works. These actions are
	-prohibited by law if you do not accept this License. Therefore, by
	-modifying or distributing the Program (or any work based on the
	-Program), you indicate your acceptance of this License to do so, and
	-all its terms and conditions for copying, distributing or modifying
	-the Program or works based on it.
	-
	-@item
	-Each time you redistribute the Program (or any work based on the
	-Program), the recipient automatically receives a license from the
	-original licensor to copy, distribute or modify the Program subject to
	-these terms and conditions. You may not impose any further
	-restrictions on the recipients' exercise of the rights granted herein.
	-You are not responsible for enforcing compliance by third parties to
	-this License.
	-
	-@item
	-If, as a consequence of a court judgment or allegation of patent
	-infringement or for any other reason (not limited to patent issues),
	-conditions are imposed on you (whether by court order, agreement or
	-otherwise) that contradict the conditions of this License, they do not
	-excuse you from the conditions of this License. If you cannot
	-distribute so as to satisfy simultaneously your obligations under this
	-License and any other pertinent obligations, then as a consequence you
	-may not distribute the Program at all. For example, if a patent
	-license would not permit royalty-free redistribution of the Program by
	-all those who receive copies directly or indirectly through you, then
	-the only way you could satisfy both it and this License would be to
	-refrain entirely from distribution of the Program.
	-
	-If any portion of this section is held invalid or unenforceable under
	-any particular circumstance, the balance of the section is intended to
	-apply and the section as a whole is intended to apply in other
	-circumstances.
	-
	-It is not the purpose of this section to induce you to infringe any
	-patents or other property right claims or to contest validity of any
	-such claims; this section has the sole purpose of protecting the
	-integrity of the free software distribution system, which is
	-implemented by public license practices. Many people have made
	-generous contributions to the wide range of software distributed
	-through that system in reliance on consistent application of that
	-system; it is up to the author/donor to decide if he or she is willing
	-to distribute software through any other system and a licensee cannot
	-impose that choice.
	-
	-This section is intended to make thoroughly clear what is believed to
	-be a consequence of the rest of this License.
	-
	-@item
	-If the distribution and/or use of the Program is restricted in
	-certain countries either by patents or by copyrighted interfaces, the
	-original copyright holder who places the Program under this License
	-may add an explicit geographical distribution limitation excluding
	-those countries, so that distribution is permitted only in or among
	-countries not thus excluded. In such case, this License incorporates
	-the limitation as if written in the body of this License.
	-
	-@item
	-The Free Software Foundation may publish revised and/or new versions
	-of the General Public License from time to time. Such new versions will
	-be similar in spirit to the present version, but may differ in detail to
	-address new problems or concerns.
	-
	-Each version is given a distinguishing version number. If the Program
	-specifies a version number of this License which applies to it and ``any
	-later version'', you have the option of following the terms and conditions
	-either of that version or of any later version published by the Free
	-Software Foundation. If the Program does not specify a version number of
	-this License, you may choose any version ever published by the Free Software
	-Foundation.
	-
	-@item
	-If you wish to incorporate parts of the Program into other free
	-programs whose distribution conditions are different, write to the author
	-to ask for permission. For software which is copyrighted by the Free
	-Software Foundation, write to the Free Software Foundation; we sometimes
	-make exceptions for this. Our decision will be guided by the two goals
	-of preserving the free status of all derivatives of our free software and
	-of promoting the sharing and reuse of software generally.
	-
	-@iftex
	-@heading NO WARRANTY
	-@end iftex
	-@ifinfo
	-@center NO WARRANTY
	-@end ifinfo
	-
	-@item
	-BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
	-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
	-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
	-PROVIDE THE PROGRAM ``AS IS'' WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
	-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
	-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
	-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
	-REPAIR OR CORRECTION.
	-
	-@item
	-IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
	-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
	-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
	-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
	-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
	-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
	-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
	-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
	-POSSIBILITY OF SUCH DAMAGES.
	-@end enumerate
	-
	-@iftex
	-@heading END OF TERMS AND CONDITIONS
	-@end iftex
	-@ifinfo
	-@center END OF TERMS AND CONDITIONS
	-@end ifinfo
	-
	-@page
	-@unnumberedsec How to Apply These Terms to Your New Programs
	-
	- If you develop a new program, and you want it to be of the greatest
	-possible use to the public, the best way to achieve this is to make it
	-free software which everyone can redistribute and change under these terms.
	-
	- To do so, attach the following notices to the program. It is safest
	-to attach them to the start of each source file to most effectively
	-convey the exclusion of warranty; and each file should have at least
	-the ``copyright'' line and a pointer to where the full notice is found.
	-
	-@smallexample
	-@var{one line to give the program's name and an idea of what it does.}
	-Copyright (C) 19@var{yy} @var{name of author}
	-
	-This program is free software; you can redistribute it and/or
	-modify it under the terms of the GNU General Public License
	-as published by the Free Software Foundation; either version 2
	-of the License, or (at your option) any later version.
	-
	-This program is distributed in the hope that it will be useful,
	-but WITHOUT ANY WARRANTY; without even the implied warranty of
	-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	-GNU General Public License for more details.
	-
	-You should have received a copy of the GNU General Public License along
	-with this program; if not, write to the Free Software Foundation, Inc.,
	-59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
	-@end smallexample
	-
	-Also add information on how to contact you by electronic and paper mail.
	-
	-If the program is interactive, make it output a short notice like this
	-when it starts in an interactive mode:
	-
	-@smallexample
	-Gnomovision version 69, Copyright (C) 19@var{yy} @var{name of author}
	-Gnomovision comes with ABSOLUTELY NO WARRANTY; for details
	-type `show w'. This is free software, and you are welcome
	-to redistribute it under certain conditions; type `show c'
	-for details.
	-@end smallexample
	-
	-The hypothetical commands @samp{show w} and @samp{show c} should show
	-the appropriate parts of the General Public License. Of course, the
	-commands you use may be called something other than @samp{show w} and
	-@samp{show c}; they could even be mouse-clicks or menu items---whatever
	-suits your program.
	-
	-You should also get your employer (if you work as a programmer) or your
	-school, if any, to sign a ``copyright disclaimer'' for the program, if
	-necessary. Here is a sample; alter the names:
	-
	-@smallexample
	-@group
	-Yoyodyne, Inc., hereby disclaims all copyright
	-interest in the program `Gnomovision'
	-(which makes passes at compilers) written
	-by James Hacker.
	-
	-@var{signature of Ty Coon}, 1 April 1989
	-Ty Coon, President of Vice
	-@end group
	-@end smallexample
	-
	-This General Public License does not permit incorporating your program into
	-proprietary programs. If your program is a subroutine library, you may
	-consider it more useful to permit linking proprietary applications with the
	-library. If this is what you want to do, use the GNU Library General
	-Public License instead of this License.
	diff --git a/doc/manual/lesser.texi b/doc/manual/lesser.texi
	new file mode 100644
	index 0000000..64f3f7d
	--- /dev/null
	+++ b/doc/manual/lesser.texi
	@@ -0,0 +1,560 @@
	+@node Library Copying
	+@appendix GNU Lesser General Public License
	+
	+@cindex LGPL, GNU Lesser General Public License
	+@center Version 2.1, February 1999
	+
	+@display
	+Copyright @copyright{} 1991, 1999 Free Software Foundation, Inc.
	+59 Temple Place -- Suite 330, Boston, MA 02111-1307, USA
	+
	+Everyone is permitted to copy and distribute verbatim copies
	+of this license document, but changing it is not allowed.
	+
	+[This is the first released version of the Lesser GPL. It also counts
	+as the successor of the GNU Library Public License, version 2, hence the
	+version number 2.1.]
	+@end display
	+
	+@heading Preamble
	+
	+ The licenses for most software are designed to take away your
	+freedom to share and change it. By contrast, the GNU General Public
	+Licenses are intended to guarantee your freedom to share and change
	+free software---to make sure the software is free for all its users.
	+
	+ This license, the Lesser General Public License, applies to some
	+specially designated software---typically libraries---of the Free
	+Software Foundation and other authors who decide to use it. You can use
	+it too, but we suggest you first think carefully about whether this
	+license or the ordinary General Public License is the better strategy to
	+use in any particular case, based on the explanations below.
	+
	+ When we speak of free software, we are referring to freedom of use,
	+not price. Our General Public Licenses are designed to make sure that
	+you have the freedom to distribute copies of free software (and charge
	+for this service if you wish); that you receive source code or can get
	+it if you want it; that you can change the software and use pieces of it
	+in new free programs; and that you are informed that you can do these
	+things.
	+
	+ To protect your rights, we need to make restrictions that forbid
	+distributors to deny you these rights or to ask you to surrender these
	+rights. These restrictions translate to certain responsibilities for
	+you if you distribute copies of the library or if you modify it.
	+
	+ For example, if you distribute copies of the library, whether gratis
	+or for a fee, you must give the recipients all the rights that we gave
	+you. You must make sure that they, too, receive or can get the source
	+code. If you link other code with the library, you must provide
	+complete object files to the recipients, so that they can relink them
	+with the library after making changes to the library and recompiling
	+it. And you must show them these terms so they know their rights.
	+
	+ We protect your rights with a two-step method: (1) we copyright the
	+library, and (2) we offer you this license, which gives you legal
	+permission to copy, distribute and/or modify the library.
	+
	+ To protect each distributor, we want to make it very clear that
	+there is no warranty for the free library. Also, if the library is
	+modified by someone else and passed on, the recipients should know
	+that what they have is not the original version, so that the original
	+author's reputation will not be affected by problems that might be
	+introduced by others.
	+
	+ Finally, software patents pose a constant threat to the existence of
	+any free program. We wish to make sure that a company cannot
	+effectively restrict the users of a free program by obtaining a
	+restrictive license from a patent holder. Therefore, we insist that
	+any patent license obtained for a version of the library must be
	+consistent with the full freedom of use specified in this license.
	+
	+ Most GNU software, including some libraries, is covered by the
	+ordinary GNU General Public License. This license, the GNU Lesser
	+General Public License, applies to certain designated libraries, and
	+is quite different from the ordinary General Public License. We use
	+this license for certain libraries in order to permit linking those
	+libraries into non-free programs.
	+
	+ When a program is linked with a library, whether statically or using
	+a shared library, the combination of the two is legally speaking a
	+combined work, a derivative of the original library. The ordinary
	+General Public License therefore permits such linking only if the
	+entire combination fits its criteria of freedom. The Lesser General
	+Public License permits more lax criteria for linking other code with
	+the library.
	+
	+ We call this license the @dfn{Lesser} General Public License because it
	+does @emph{Less} to protect the user's freedom than the ordinary General
	+Public License. It also provides other free software developers Less
	+of an advantage over competing non-free programs. These disadvantages
	+are the reason we use the ordinary General Public License for many
	+libraries. However, the Lesser license provides advantages in certain
	+special circumstances.
	+
	+ For example, on rare occasions, there may be a special need to
	+encourage the widest possible use of a certain library, so that it becomes
	+a de-facto standard. To achieve this, non-free programs must be
	+allowed to use the library. A more frequent case is that a free
	+library does the same job as widely used non-free libraries. In this
	+case, there is little to gain by limiting the free library to free
	+software only, so we use the Lesser General Public License.
	+
	+ In other cases, permission to use a particular library in non-free
	+programs enables a greater number of people to use a large body of
	+free software. For example, permission to use the GNU C Library in
	+non-free programs enables many more people to use the whole GNU
	+operating system, as well as its variant, the GNU/Linux operating
	+system.
	+
	+ Although the Lesser General Public License is Less protective of the
	+users' freedom, it does ensure that the user of a program that is
	+linked with the Library has the freedom and the wherewithal to run
	+that program using a modified version of the Library.
	+
	+ The precise terms and conditions for copying, distribution and
	+modification follow. Pay close attention to the difference between a
	+``work based on the library'' and a ``work that uses the library''. The
	+former contains code derived from the library, whereas the latter must
	+be combined with the library in order to run.
	+
	+@iftex
	+@heading TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
	+@end iftex
	+@ifinfo
	+@center GNU LESSER GENERAL PUBLIC LICENSE
	+@center TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
	+@end ifinfo
	+
	+@enumerate 0
	+@item
	+This License Agreement applies to any software library or other program
	+which contains a notice placed by the copyright holder or other
	+authorized party saying it may be distributed under the terms of this
	+Lesser General Public License (also called ``this License''). Each
	+licensee is addressed as ``you''.
	+
	+ A ``library'' means a collection of software functions and/or data
	+prepared so as to be conveniently linked with application programs
	+(which use some of those functions and data) to form executables.
	+
	+ The ``Library'', below, refers to any such software library or work
	+which has been distributed under these terms. A ``work based on the
	+Library'' means either the Library or any derivative work under
	+copyright law: that is to say, a work containing the Library or a
	+portion of it, either verbatim or with modifications and/or translated
	+straightforwardly into another language. (Hereinafter, translation is
	+included without limitation in the term ``modification''.)
	+
	+ ``Source code'' for a work means the preferred form of the work for
	+making modifications to it. For a library, complete source code means
	+all the source code for all modules it contains, plus any associated
	+interface definition files, plus the scripts used to control compilation
	+and installation of the library.
	+
	+ Activities other than copying, distribution and modification are not
	+covered by this License; they are outside its scope. The act of
	+running a program using the Library is not restricted, and output from
	+such a program is covered only if its contents constitute a work based
	+on the Library (independent of the use of the Library in a tool for
	+writing it). Whether that is true depends on what the Library does
	+and what the program that uses the Library does.
	+
	+@item
	+You may copy and distribute verbatim copies of the Library's
	+complete source code as you receive it, in any medium, provided that
	+you conspicuously and appropriately publish on each copy an
	+appropriate copyright notice and disclaimer of warranty; keep intact
	+all the notices that refer to this License and to the absence of any
	+warranty; and distribute a copy of this License along with the
	+Library.
	+
	+ You may charge a fee for the physical act of transferring a copy,
	+and you may at your option offer warranty protection in exchange for a
	+fee.
	+
	+@item
	+You may modify your copy or copies of the Library or any portion
	+of it, thus forming a work based on the Library, and copy and
	+distribute such modifications or work under the terms of Section 1
	+above, provided that you also meet all of these conditions:
	+
	+@enumerate a
	+@item
	+The modified work must itself be a software library.
	+
	+@item
	+You must cause the files modified to carry prominent notices
	+stating that you changed the files and the date of any change.
	+
	+@item
	+You must cause the whole of the work to be licensed at no
	+charge to all third parties under the terms of this License.
	+
	+@item
	+If a facility in the modified Library refers to a function or a
	+table of data to be supplied by an application program that uses
	+the facility, other than as an argument passed when the facility
	+is invoked, then you must make a good faith effort to ensure that,
	+in the event an application does not supply such function or
	+table, the facility still operates, and performs whatever part of
	+its purpose remains meaningful.
	+
	+(For example, a function in a library to compute square roots has
	+a purpose that is entirely well-defined independent of the
	+application. Therefore, Subsection 2d requires that any
	+application-supplied function or table used by this function must
	+be optional: if the application does not supply it, the square
	+root function must still compute square roots.)
	+@end enumerate
	+
	+These requirements apply to the modified work as a whole. If
	+identifiable sections of that work are not derived from the Library,
	+and can be reasonably considered independent and separate works in
	+themselves, then this License, and its terms, do not apply to those
	+sections when you distribute them as separate works. But when you
	+distribute the same sections as part of a whole which is a work based
	+on the Library, the distribution of the whole must be on the terms of
	+this License, whose permissions for other licensees extend to the
	+entire whole, and thus to each and every part regardless of who wrote
	+it.
	+
	+Thus, it is not the intent of this section to claim rights or contest
	+your rights to work written entirely by you; rather, the intent is to
	+exercise the right to control the distribution of derivative or
	+collective works based on the Library.
	+
	+In addition, mere aggregation of another work not based on the Library
	+with the Library (or with a work based on the Library) on a volume of
	+a storage or distribution medium does not bring the other work under
	+the scope of this License.
	+
	+@item
	+You may opt to apply the terms of the ordinary GNU General Public
	+License instead of this License to a given copy of the Library. To do
	+this, you must alter all the notices that refer to this License, so
	+that they refer to the ordinary GNU General Public License, version 2,
	+instead of to this License. (If a newer version than version 2 of the
	+ordinary GNU General Public License has appeared, then you can specify
	+that version instead if you wish.) Do not make any other change in
	+these notices.
	+
	+ Once this change is made in a given copy, it is irreversible for
	+that copy, so the ordinary GNU General Public License applies to all
	+subsequent copies and derivative works made from that copy.
	+
	+ This option is useful when you wish to copy part of the code of
	+the Library into a program that is not a library.
	+
	+@item
	+You may copy and distribute the Library (or a portion or
	+derivative of it, under Section 2) in object code or executable form
	+under the terms of Sections 1 and 2 above provided that you accompany
	+it with the complete corresponding machine-readable source code, which
	+must be distributed under the terms of Sections 1 and 2 above on a
	+medium customarily used for software interchange.
	+
	+ If distribution of object code is made by offering access to copy
	+from a designated place, then offering equivalent access to copy the
	+source code from the same place satisfies the requirement to
	+distribute the source code, even though third parties are not
	+compelled to copy the source along with the object code.
	+
	+@item
	+A program that contains no derivative of any portion of the
	+Library, but is designed to work with the Library by being compiled or
	+linked with it, is called a ``work that uses the Library''. Such a
	+work, in isolation, is not a derivative work of the Library, and
	+therefore falls outside the scope of this License.
	+
	+ However, linking a ``work that uses the Library'' with the Library
	+creates an executable that is a derivative of the Library (because it
	+contains portions of the Library), rather than a ``work that uses the
	+library''. The executable is therefore covered by this License.
	+Section 6 states terms for distribution of such executables.
	+
	+ When a ``work that uses the Library'' uses material from a header file
	+that is part of the Library, the object code for the work may be a
	+derivative work of the Library even though the source code is not.
	+Whether this is true is especially significant if the work can be
	+linked without the Library, or if the work is itself a library. The
	+threshold for this to be true is not precisely defined by law.
	+
	+ If such an object file uses only numerical parameters, data
	+structure layouts and accessors, and small macros and small inline
	+functions (ten lines or less in length), then the use of the object
	+file is unrestricted, regardless of whether it is legally a derivative
	+work. (Executables containing this object code plus portions of the
	+Library will still fall under Section 6.)
	+
	+ Otherwise, if the work is a derivative of the Library, you may
	+distribute the object code for the work under the terms of Section 6.
	+Any executables containing that work also fall under Section 6,
	+whether or not they are linked directly with the Library itself.
	+
	+@item
	+As an exception to the Sections above, you may also combine or
	+link a ``work that uses the Library'' with the Library to produce a
	+work containing portions of the Library, and distribute that work
	+under terms of your choice, provided that the terms permit
	+modification of the work for the customer's own use and reverse
	+engineering for debugging such modifications.
	+
	+ You must give prominent notice with each copy of the work that the
	+Library is used in it and that the Library and its use are covered by
	+this License. You must supply a copy of this License. If the work
	+during execution displays copyright notices, you must include the
	+copyright notice for the Library among them, as well as a reference
	+directing the user to the copy of this License. Also, you must do one
	+of these things:
	+
	+@enumerate a
	+@item
	+Accompany the work with the complete corresponding
	+machine-readable source code for the Library including whatever
	+changes were used in the work (which must be distributed under
	+Sections 1 and 2 above); and, if the work is an executable linked
	+with the Library, with the complete machine-readable ``work that
	+uses the Library'', as object code and/or source code, so that the
	+user can modify the Library and then relink to produce a modified
	+executable containing the modified Library. (It is understood
	+that the user who changes the contents of definitions files in the
	+Library will not necessarily be able to recompile the application
	+to use the modified definitions.)
	+
	+@item
	+Use a suitable shared library mechanism for linking with the Library. A
	+suitable mechanism is one that (1) uses at run time a copy of the
	+library already present on the user's computer system, rather than
	+copying library functions into the executable, and (2) will operate
	+properly with a modified version of the library, if the user installs
	+one, as long as the modified version is interface-compatible with the
	+version that the work was made with.
	+
	+@item
	+Accompany the work with a written offer, valid for at
	+least three years, to give the same user the materials
	+specified in Subsection 6a, above, for a charge no more
	+than the cost of performing this distribution.
	+
	+@item
	+If distribution of the work is made by offering access to copy
	+from a designated place, offer equivalent access to copy the above
	+specified materials from the same place.
	+
	+@item
	+Verify that the user has already received a copy of these
	+materials or that you have already sent this user a copy.
	+@end enumerate
	+
	+ For an executable, the required form of the ``work that uses the
	+Library'' must include any data and utility programs needed for
	+reproducing the executable from it. However, as a special exception,
	+the materials to be distributed need not include anything that is
	+normally distributed (in either source or binary form) with the major
	+components (compiler, kernel, and so on) of the operating system on
	+which the executable runs, unless that component itself accompanies the
	+executable.
	+
	+ It may happen that this requirement contradicts the license
	+restrictions of other proprietary libraries that do not normally
	+accompany the operating system. Such a contradiction means you cannot
	+use both them and the Library together in an executable that you
	+distribute.
	+
	+@item
	+You may place library facilities that are a work based on the
	+Library side-by-side in a single library together with other library
	+facilities not covered by this License, and distribute such a combined
	+library, provided that the separate distribution of the work based on
	+the Library and of the other library facilities is otherwise
	+permitted, and provided that you do these two things:
	+
	+@enumerate a
	+@item
	+Accompany the combined library with a copy of the same work
	+based on the Library, uncombined with any other library
	+facilities. This must be distributed under the terms of the
	+Sections above.
	+
	+@item
	+Give prominent notice with the combined library of the fact
	+that part of it is a work based on the Library, and explaining
	+where to find the accompanying uncombined form of the same work.
	+@end enumerate
	+
	+@item
	+You may not copy, modify, sublicense, link with, or distribute
	+the Library except as expressly provided under this License. Any
	+attempt otherwise to copy, modify, sublicense, link with, or
	+distribute the Library is void, and will automatically terminate your
	+rights under this License. However, parties who have received copies,
	+or rights, from you under this License will not have their licenses
	+terminated so long as such parties remain in full compliance.
	+
	+@item
	+You are not required to accept this License, since you have not
	+signed it. However, nothing else grants you permission to modify or
	+distribute the Library or its derivative works. These actions are
	+prohibited by law if you do not accept this License. Therefore, by
	+modifying or distributing the Library (or any work based on the
	+Library), you indicate your acceptance of this License to do so, and
	+all its terms and conditions for copying, distributing or modifying
	+the Library or works based on it.
	+
	+@item
	+Each time you redistribute the Library (or any work based on the
	+Library), the recipient automatically receives a license from the
	+original licensor to copy, distribute, link with or modify the Library
	+subject to these terms and conditions. You may not impose any further
	+restrictions on the recipients' exercise of the rights granted herein.
	+You are not responsible for enforcing compliance by third parties with
	+this License.
	+
	+@item
	+If, as a consequence of a court judgment or allegation of patent
	+infringement or for any other reason (not limited to patent issues),
	+conditions are imposed on you (whether by court order, agreement or
	+otherwise) that contradict the conditions of this License, they do not
	+excuse you from the conditions of this License. If you cannot
	+distribute so as to satisfy simultaneously your obligations under this
	+License and any other pertinent obligations, then as a consequence you
	+may not distribute the Library at all. For example, if a patent
	+license would not permit royalty-free redistribution of the Library by
	+all those who receive copies directly or indirectly through you, then
	+the only way you could satisfy both it and this License would be to
	+refrain entirely from distribution of the Library.
	+
	+If any portion of this section is held invalid or unenforceable under any
	+particular circumstance, the balance of the section is intended to apply,
	+and the section as a whole is intended to apply in other circumstances.
	+
	+It is not the purpose of this section to induce you to infringe any
	+patents or other property right claims or to contest validity of any
	+such claims; this section has the sole purpose of protecting the
	+integrity of the free software distribution system which is
	+implemented by public license practices. Many people have made
	+generous contributions to the wide range of software distributed
	+through that system in reliance on consistent application of that
	+system; it is up to the author/donor to decide if he or she is willing
	+to distribute software through any other system and a licensee cannot
	+impose that choice.
	+
	+This section is intended to make thoroughly clear what is believed to
	+be a consequence of the rest of this License.
	+
	+@item
	+If the distribution and/or use of the Library is restricted in
	+certain countries either by patents or by copyrighted interfaces, the
	+original copyright holder who places the Library under this License may add
	+an explicit geographical distribution limitation excluding those countries,
	+so that distribution is permitted only in or among countries not thus
	+excluded. In such case, this License incorporates the limitation as if
	+written in the body of this License.
	+
	+@item
	+The Free Software Foundation may publish revised and/or new
	+versions of the Lesser General Public License from time to time.
	+Such new versions will be similar in spirit to the present version,
	+but may differ in detail to address new problems or concerns.
	+
	+Each version is given a distinguishing version number. If the Library
	+specifies a version number of this License which applies to it and
	+``any later version'', you have the option of following the terms and
	+conditions either of that version or of any later version published by
	+the Free Software Foundation. If the Library does not specify a
	+license version number, you may choose any version ever published by
	+the Free Software Foundation.
	+
	+@item
	+If you wish to incorporate parts of the Library into other free
	+programs whose distribution conditions are incompatible with these,
	+write to the author to ask for permission. For software which is
	+copyrighted by the Free Software Foundation, write to the Free
	+Software Foundation; we sometimes make exceptions for this. Our
	+decision will be guided by the two goals of preserving the free status
	+of all derivatives of our free software and of promoting the sharing
	+and reuse of software generally.
	+
	+@center NO WARRANTY
	+
	+@item
	+BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
	+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
	+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
	+OTHER PARTIES PROVIDE THE LIBRARY ``AS IS'' WITHOUT WARRANTY OF ANY
	+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
	+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
	+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
	+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
	+
	+@item
	+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
	+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
	+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
	+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
	+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
	+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
	+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
	+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
	+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
	+DAMAGES.
	+@end enumerate
	+
	+@iftex
	+@heading END OF TERMS AND CONDITIONS
	+@end iftex
	+@ifinfo
	+@center END OF TERMS AND CONDITIONS
	+@end ifinfo
	+
	+@page
	+@heading How to Apply These Terms to Your New Libraries
	+
	+ If you develop a new library, and you want it to be of the greatest
	+possible use to the public, we recommend making it free software that
	+everyone can redistribute and change. You can do so by permitting
	+redistribution under these terms (or, alternatively, under the terms of the
	+ordinary General Public License).
	+
	+ To apply these terms, attach the following notices to the library. It is
	+safest to attach them to the start of each source file to most effectively
	+convey the exclusion of warranty; and each file should have at least the
	+``copyright'' line and a pointer to where the full notice is found.
	+
	+@smallexample
	+@var{one line to give the library's name and an idea of what it does.}
	+Copyright (C) @var{year} @var{name of author}
	+
	+This library is free software; you can redistribute it and/or modify it
	+under the terms of the GNU Lesser General Public License as published by
	+the Free Software Foundation; either version 2.1 of the License, or (at
	+your option) any later version.
	+
	+This library is distributed in the hope that it will be useful, but
	+WITHOUT ANY WARRANTY; without even the implied warranty of
	+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+Lesser General Public License for more details.
	+
	+You should have received a copy of the GNU Lesser General Public
	+License along with this library; if not, write to the Free Software
	+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
	+USA.
	+@end smallexample
	+
	+Also add information on how to contact you by electronic and paper mail.
	+
	+You should also get your employer (if you work as a programmer) or your
	+school, if any, to sign a ``copyright disclaimer'' for the library, if
	+necessary. Here is a sample; alter the names:
	+
	+@smallexample
	+Yoyodyne, Inc., hereby disclaims all copyright interest in the library
	+`Frob' (a library for tweaking knobs) written by James Random Hacker.
	+
	+@var{signature of Ty Coon}, 1 April 1990
	+Ty Coon, President of Vice
	+@end smallexample
	+
	+That's all there is to it!
	diff --git a/doc/manual/scute.texi b/doc/manual/scute.texi
	index 70c1f35..b27da91 100644
	--- a/doc/manual/scute.texi
	+++ b/doc/manual/scute.texi
	@@ -1,878 +1,872 @@
	\input texinfo @c -- Texinfo --
	@setfilename scute.info
	@settitle The Scute Manual

	@dircategory GNU Utilities
	@direntry
	* Scute: (scute). PKCS #11 module for the OpenPGP Card
	@end direntry

	@include version.texi

	@c Unify some of the indices.
	@syncodeindex tp fn
	@syncodeindex pg fn

	@ifinfo
	This file documents the Scute module.

	This is Edition @value{EDITION}, last updated @value{UPDATED}, of
	@cite{The Scute Manual}, for Version @value{VERSION}.

	@c NOTE: Don't forget to update the year for the TeX version, too.
	Copyright @copyright{} 2002, 2003, 2004, 2005, 2006, 2007 g10 Code GmbH.

	-The Scute Manual is free software; you can redistribute it and/or modify
	-it under the terms of the GNU General Public License as published by the
	-Free Software Foundation; either version 2 of the License, or (at your
	-option) any later version.
	+The Scute Manual is free software; you can redistribute it and/or
	+modify it under the terms of the GNU Lesser General Public License as
	+published by the Free Software Foundation; either version 2.1 of the
	+License, or (at your option) any later version. The text of the
	+license can be found in the section entitled ``Library Copying''.

	The Scute Manual is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	General Public License for more details.

	-You should have received a copy of the GNU Lesser General Public License
	-along with this program; if not, write to the Free Software Foundation,
	-Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	-
	@end ifinfo

	@iftex
	@shorttitlepage The Scute Manual
	@end iftex
	@titlepage
	@center @titlefont{The Scute Manual}
	@sp 6
	@center Edition @value{EDITION}
	@sp 1
	@center last updated @value{UPDATED}
	@sp 1
	@center for version @value{VERSION}
	@page
	@vskip 0pt plus 1filll
	Copyright @copyright{} 2002, 2003, 2004, 2005, 2006, 2007 g10 Code GmbH.


	-The Scute Manual is free software; you can redistribute it and/or modify
	-it under the terms of the GNU General Public License as published by the
	-Free Software Foundation; either version 2 of the License, or (at your
	-option) any later version.
	+The Scute Manual is free software; you can redistribute it and/or
	+modify it under the terms of the GNU Lesser General Public License as
	+published by the Free Software Foundation; either version 2.1 of the
	+License, or (at your option) any later version. The text of the
	+license can be found in the section entitled ``Library Copying''.

	The Scute Manual is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	General Public License for more details.
	-
	-You should have received a copy of the GNU Lesser General Public License
	-along with this program; if not, write to the Free Software Foundation,
	-Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
	@end titlepage
	@page

	@ifnottex
	@node Top
	@top Main Menu
	This is Edition @value{EDITION}, last updated @value{UPDATED}, of
	@cite{The Scute Manual}, for Version @value{VERSION} of the Scute
	module.
	@end ifnottex

	@menu
	* Introduction:: How to use this manual.
	* Preparation:: What you should do before using Scute.
	* Client Authentication:: How to use Scute for client authentication.
	* Email Signing:: How to use Scute for S/MIME email signing.
	* Document Signing:: How to use Scute with LibreOffice.
	* Troubleshooting:: What to do when things go wrong.
	* Internals:: Technical details about Scute.

	Appendices

	-* Copying:: The GNU General Public License says
	+* Library Copying:: The GNU General Public License says
	how you can copy and share Scute.

	Indices

	* Concept Index:: Index of concepts and programs.


	@detailmenu
	--- The Detailed Node Listing ---

	Introduction

	* Getting Started:: Purpose of the manual, and how to use it.
	* Features:: Reasons to install and use Scute.
	* Overview:: Basic architecture of the Scute module.

	Preparation

	* Prerequisites:: Dependencies of Scute.
	* Building the Source:: How to build Scute.
	* Certificate Preparation:: Preparing certificates for use with Scute.

	Client Authentication

	* Application Configuration:: Preparing the application for use with Scute.
	* Authentication With Service:: Using Scute for client authentication.

	Email Signing

	Document Signing

	Troubleshooting

	Internals

	* Features and Limitations:: Details about the interfaces implemented.
	* Developing Scute:: How to understand or improve Scute.
	* Mozilla Compatibility:: Interoperability notes for Mozilla NSS.


	@end detailmenu
	@end menu

	@node Introduction
	@chapter Introduction

	This is a PKCS #11 implementation for the GnuPG Agent using the GnuPG
	Smart Card Daemon. Currently, only the OpenPGP card is supported.

	Scute enables use of the OpenPGP smart card in applications supporting
	PKCS #11 compliant security tokens. The main application at this time
	is client authentication in Mozilla-based web browsers. In the future,
	other applications will be supported.


	@menu
	* Getting Started:: Purpose of the manual, and how to use it.
	* Features:: Reasons to install and use Scute.
	* Overview:: Basic architecture of the Scute module.
	@end menu


	@node Getting Started
	@section Getting Started

	This manual documents the Scute module, how it can be used for common
	applications supported by it, and how it can be extended and improved by
	programmers. It is thus a user manual as well as a developer manual.

	The reader is assumed to possess basic knowledge about cryptography in
	general, and public key cryptography in particular. The underlying
	cryptographic engines that are used by the library are not explained,
	but where necessary, special features or requirements are provided.

	This manual can be used in several ways. If read from the beginning to
	the end, it gives a good introduction into the module and how it can be
	used in an application. Forward references are included where
	necessary. Later on, the manual can be used as a reference manual to
	get just the information needed about any particular application of the
	module.


	@node Features
	@section Features

	Scute is currently the only implementation of PKCS #11 for the OpenPGP
	smart card. Apart from that, it offers a couple of other benefits:

	@table @asis
	@item it's free software
	Anybody can use, modify, and redistribute it under the terms of the GNU
	-General Public License (@pxref{Copying}).
	+General Public License (@pxref{Library Copying}).

	@item it's built to grow
	Although Scute initially provided a single function, client
	authentication using OpenPGP smart cards in Mozilla-based web browsers,
	it was built with the intention of supporting other applications as well
	in the future.

	@item it's easy
	Building and installing Scute is easy, and preparing smart cards for use
	with Scute is a snatch using the GnuPG 2 framework. The integration
	of Scute into the application is seamless.
	@end table


	@node Overview
	@section Overview

	Scute is a security device that implements the PKCS #11 interface for
	security tokens. Applications which know how to use the PKCS #11
	interface to access security tokens for cryptographic operations can use
	Scute to access the OpenPGP smart card. An important example of such an
	application is the Firefox web browser by the Mozilla project, which
	uses the Mozilla Network Security Services library (NSS).

	Scute itself does not include a driver for the smart card itself.
	Instead, it uses the GnuPG 2 framework to access the smart cards and
	associated data like certificates. Scute acts as the glue between the
	application and GnuPG 2.

	Currently supported usages are client authentication over HTTPS with
	Firefox (allowing users to authenticate themselves to a remote web
	service without entering their log-in information), email signing
	with Thunderbird, and document signing with LibreOffice.


	@node Preparation
	@chapter Preparation

	To use Scute, you first have to install the software. You also have to
	prepare each card you want to use with Scute before it can be used.
	Furthermore, you need to configure the application to make use of Scute
	for cryptographic operations. This chapter explains each of these steps
	in detail.

	@menu
	* Prerequisites:: Dependencies of Scute.
	* Building the Source:: How to build Scute.
	* Certificate Preparation:: Preparing certificates for use with Scute.
	@end menu


	@node Prerequisites
	@section Prerequisites

	There are two types of dependencies for Scute: compile-time dependencies
	and run-time dependencies. The compile-time dependencies only need to
	be fulfilled when Scute is compiled and installed. The run-time
	dependencies need to be fulfilled when Scute is used in an application.

	Scute depends, in addition to the essential build utilities, on the
	following packages at build time:

	@table @code
	@item libgpg-error
	Scute uses the GnuPG 2 framework for error handling, so it depends on
	the GPG error library. The minimum version required is 1.14.

	@item libassuan
	Scute uses the GnuPG 2 framework for communication with the GPG Agent,
	so it depends on the Assuan library. The minimum version required is
	2.0.0.
	@end table

	At run-time, in addition to the run-time versions of the above
	libraries, you also need the following packages installed and
	configured:

	@table @asis
	@item GnuPG
	Scute uses the GnuPG 2 framework to access the OpenPGP card and for
	certificate management. The minimum version required is 2.0.0 for
	client authentication with TLS 1.0 and 1.1. Client authentication
	with TLS 1.2, email and document signing require GnuPG 2.1.0.

	@item Pinentry
	Pinentry is a dependency of GnuPG 2, so it also needs to be installed
	with it.

	@item Firefox et al.
	Firefox is the first application supported by Scute. In the future,
	other applications may be supported. The applications are not
	dependencies of Scute, but Scute can not be used stand-alone, so you can
	not experience it without an application.
	@end table


	@node Building the Source
	@section Building the Source

	Scute does comply to the GNU coding standards and thus can be compiled
	and installed according to the generic installation instructions found
	in the source package in the file @code{INSTALL}. There are no Scute
	specific options to the configure script.

	After installation, the @code{scute.so} module file can be found in
	the library directory of the installation path.


	@node Certificate Preparation
	@section Certificate Preparation

	To use an OpenPGP card with Scute, it first has to be initialized by
	generating or loading a key on the card, see
	@uref{http://www.gnupg.org/(en)/howtos/card-howto/en/smartcard-howto.html,
	the OpenPGP Card How-To}. Then a certificate has to be created and
	imported into GPGSM. This task involves three steps: First, a
	certificate signing request (@acronym{CSR}) has to be created that
	matches the key on the card. This certificate signing request then has
	to be submitted to a certificate authority (@acronym{CA}), which will
	create the certificate and send it back to you. At last, the
	certificate has to be imported into GPGSM. This section will explain
	all of these steps in detail.

	@menu
	* Creating a CSR:: How to create a card-based CSR.
	* Signing the CSR:: Obtain a certificate from the CSR.
	* Importing the Certificate:: How to import the certificate into GPGSM.
	* On-card Certificate:: How to store the certificate on the card.
	@end menu

	@node Creating a CSR
	@subsection Creating a CSR

	Before you start, make sure that the GPG Agent is running, see
	@ref{Prerequisites} and that your card is in the reader. There is no
	need to configure GPGSM, so you can create a CSR with the command:

	@example
	$ gpgsm --gen-key > floppy-head.csr
	Please select what kind of key you want:
	(1) RSA
	(2) Existing key
	(3) Existing key from card
	Your selection? 3
	@end example

	As we create a certificate for the OpenPGP Card, the option ``@code{[3]
	Direct from card}'' should be selected.

	@example
	Serial number of the card: 355F9746499F0D4B4ECEE4928B007D16
	Available keys:
	(1) D53137B94C38D9BF6A199706EA6D5253 OPENPGP.1
	(2) B0CD1A9DFC3539A1D6A8B851A11C8665 OPENPGP.2
	(3) 53DB41052CC590A40B403F3E6350E5DC OPENPGP.3
	Your selection? 3
	Possible actions for a RSA key:
	(1) sign, encrypt
	(2) sign
	(3) encrypt
	Your selection? 2
	@end example

	The only operation currently supported is client authentication. For
	this, the authentication key has to be selected. This is the third key
	on the card, so the options ``@code{[3] OPENPGP.3}'' and ``@code{[2]
	sign}'' should be chosen. Note that the key usage is only advisory, and
	the CA may assign different capabilities.

	@example
	Enter the X.509 subject name: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
	Enter email addresses (end with an empty line):
	> floppy.head@@example.org
	>
	Enter DNS names (optional; end with an empty line):
	>
	Enter URIs (optional; end with an empty line):
	>
	Create self-signed certificate? (y/N) n
	@end example

	As a last step, the common name and e-mail address of the key owner need
	to be specified by you. The above are only an example for a fictious
	person working at a fictious company. DNS names are only meaningful for
	server certificates and thus should be left empty.

	We have now entered all required information and gpgsm will display what
	it has gathered and ask whether to create the certificate request:

	@example
	These parameters are used:
	Key-Type: card:OPENPGP.3
	Key-Length: 1024
	Key-Usage: sign
	Name-DN: CN=Floppy Head,OU="Webserver Team",O="Snake Oil, Ltd",L="Snake Town",ST="Snake Desert",C=XY
	Name-Email: floppy.head@@example.org

	Proceed with creation? (y/N) y
	Now creating certificate request. This may take a while ...
	gpgsm: about to sign the CSR for key: &53DB41052CC590A40B403F3E6350E5DC
	@end example

	GPGSM will now start working on creating the request. During this time
	you will be asked once for a passphrase to unprotect the authentication
	key on the card. A pop up window will appear to ask for it.

	When it is ready, you should see the final notice:

	@example
	gpgsm: certificate request created
	Ready. You should now send this request to your CA.
	@end example

	Now, you may look at the created request:

	@example
	$ cat floppy-head.csr
	-----BEGIN CERTIFICATE REQUEST-----
	MIICCDCCAXECAQAwgYExCzAJBgNVBAYTAlhZMRUwEwYDVQQIEwxTbmFrZSBEZXNl
	cnQxEzARBgNVBAcTClNuYWtlIFRvd24xFzAVBgNVBAoTDlNuYWtlIE9pbCwgTHRk
	MRcwFQYDVQQLEw5XZWJzZXJ2ZXIgVGVhbTEUMBIGA1UEAxMLRmxvcHB5IEhlYWQw
	gaAwDQYJKoZIhvcNAQEBBQADgY4AMIGKAoGBANWaM9YS89AOx3GX1Rua+4DUHwbL
	wt0rBYdBddlabMMteVjUcOOhbFMirLpLAi1S8fUXNiy84ysOmFStmvSIXDsAgXq5
	1ESOU4SNg2zEkPDF1WYJ5BFIXdYq9i2k5W7+ctV8PkKv3e5IeYXTa5qppIPD31de
	gM8Qj7tK0hL/eNCfAgQAAQABoEUwQwYJKoZIhvcNAQkOMTYwNDAiBgNVHREEGzAZ
	gRdmbG9wcHkuaGVhZEBleGFtcGxlLmNvbTAOBgNVHQ8BAf8EBAMCBsAwDQYJKoZI
	hvcNAQEFBQADgYEAFC9q6+ib9YGCLB/2AlZR+/dvb+pEeXR1EbpV/dw/gjP1yPY6
	29n8ZIDLUvQvNCtfCcXFxFimVSSB/KmFXXsJbM+NXQyT6Ocn34iHmkf9IVRMWQWg
	ZBYfQVeXAd7XlxI6d1wXDLwD/26lTU/rH2JU6H1+zSfZxqwVC4Iu+kiN4Y8=
	-----END CERTIFICATE REQUEST-----
	$
	@end example

	@node Signing the CSR
	@subsection Signing the CSR

	The next step is to submit this certificate request to the CA, which can
	then create a certificate and send it back to you.

	If, for example, you use the CA @uref{http://www.cacert.org, CAcert},
	then you can log into your account at the CAcert website, choose
	``Client Certificates -> New'', check ``Show advanced options'', paste
	the above request block into the text field and click on ``Submit''.
	If everything works correctly, a certificate will be shown, which you
	can cut and paste into a new file @file{floppy-head.crt}.

	Alternatively if, for example, you set up your own CA with OpenSSL, then
	you can create your own certificate by issueing a command similar
	@code{openssl ca -in floppy-head.csr -cert snakeoil-ca-rsa.crt -keyfile
	snakeoil-ca-rsa.key -out floppy-head.crt}. Please see the OpenSSL
	documentation for more details on how to set up and administrate a
	certificate authority infrastructure.

	@node Importing the Certificate
	@subsection Importing the Certificate into GPGSM

	Once the CSR has been signed, you should end up with a certificate file
	@file{floppy-head.crt}, which you then have to import into GPGSM. It is
	also recommended that you import the root certificate of the CA first in
	the same fashion.

	@example
	$ gpgsm --import floppy-head.crt
	gpgsm: certificate imported
	-
	+
	gpgsm: total number processed: 1
	gpgsm: imported: 1
	@end example

	gpgsm tells you that it has imported the certificate. It is now
	associated with the key you used when creating the request. To see the
	content of your certificate, you may now enter:

	@example
	$ gpgsm -K Floppy
	/home/foo/.gnupg/pubring.kbx
	---------------------------
	Serial number: 10
	Issuer: /CN=Snake Oil CA/OU=Certificate Authority/O=Snake Oil, Ltd/L=Snake Town/ST=Snake Desert/C=XY/EMail=ca@@snakeoil.dom
	Subject: /CN=Floppy Head/OU=Webserver Team/O=Snake Oil, Ltd/ST=Snake Desert/C=XY
	validity: 2006-11-11 14:09:12 through 2007-11-11 14:09:12
	key type: 1024 bit RSA
	fingerprint: EC:93:A2:55:C6:58:7F:C9:9E:96:DB:12:6E:64:99:54:BB:E1:94:68
	@end example

	The option ``@code{-K}'' is used above because this will only list
	certificates for which a private key is available. To see more details,
	you may use ``@code{--dump-secret-keys}'' instead of ``@code{-K}''.

	@node On-card Certificate
	@subsection Loading the Certificate onto the Card

	This step is optional. You may choose to store the certificate directly
	into your OpenPGP card. The benefit of doing so is that Scute will then
	be able to fetch the certificate from the card without having to look
	into the GPGSM store.

	You need your certificate in the DER format. Export it from the GPGSM
	store with the following command:

	@example
	$ gpgsm -o floppy-head.crt --export Floppy
	@end example

	Then, fire up the GnuPG card editor to transfer the certificate to the
	card (note that the @code{writecert} command is not listed in the
	editor's online help):

	@example
	$ gpg2 --card-edit

	Application ID ...: D27600012301020000005000012340000
	[...]

	gpg/card> admin
	Admin commands are allowed

	gpg/card> writecert 3 < floppy-head.crt

	gpg/card> quit
	@end example


	@node Client Authentication
	@chapter Client Authentication

	@menu
	* Application Configuration:: Preparing the application for use with Scute.
	* Authentication With Service:: Using Scute for client authentication.
	@end menu

	Scute allows you to authenticate yourself to a website securely without
	entering a username or password by simply using your OpenPGP card.
	Currently, only Mozilla-based browsers like Firefox are supported,
	although other applications using Mozilla NSS or supporting PKCS #11
	modules may work.


	@node Application Configuration
	@section Application Configuration

	To prepare your application for use with Scute, you have to load the
	Scute module as a PKCS #11 module into the application. With Firefox,
	this can be done by choosing @code{Edit->Preferences} in the menu. In
	the preferences configuration dialog, you should select the
	@code{Advanced} configuration section, then the @code{Security} tab, and
	then select @code{Security Devices} in the category @code{Certificates}.

	@center @image{firefox-pref,13cm}

	In the devices manager dialog, you can select @code{Load} to load a new
	PKCS #11 device.

	@center @image{firefox-dm-load-before,13cm}

	In the pop-up dialog that follows, you can give a module name
	(e.g. ``@code{Scute}'') and a module filename. The latter should
	correspond to the full file name of the installed Scute module file
	@file{scute.so}. The default installation path is
	@file{/usr/local/lib}, which would mean that you have to provide the
	file name @file{/usr/local/lib/scute.so}. If you or your system
	administrator installed Scute in a different location, you have to
	adjust the file name correspondingly.

	@center @image{firefox-dm-load,8cm}

	After confirming installation of the security device, a pop-up window
	should confirm that the module was successfully loaded, and an entry for
	the security device should appear in the device manager list of
	@code{Security Modules and Devices}.

	@center @image{firefox-dm-load-after,15cm}

	When you insert the OpenPGP card for which you generated and imported a
	certificate earlier (see @ref{Certificate Preparation}), the device
	manager should detect this security token and display some information
	about it in the @code{Details} list when you select it from the module
	list.

	@center @image{firefox-dm-token-present,15cm}

	The client certificate will show up in the @code{Certificate Manager}
	under @code{Your Certificates}:

	@center @image{firefox-cm,13cm}

	@node Authentication With Service
	@section Authentication With Service

	Before you access a web service which requires client authentication,
	for instance a fictious web service
	@ifnottex
	@indicateurl{https://example.com},
	@end ifnottex
	@iftex
	@code{https://example.com},
	@end iftex
	the OpenPGP card should be present. In this case, a pop-up window will
	appear that requests you to enter the PIN number protecting the
	authentication key on the OpenPGP card. After entering the PIN number,
	your browser will be authenticated to the server. If the server accepts
	your request and certificate, this is all which is required. You should
	leave the card in the reader as long as the connection persists.
	Depending on how aggressively GPG Agent caches your PIN number, you may
	have to enter the PIN number again later to keep up the connection to
	the server.

	If the card is not present, or you enter the wrong PIN, or the server
	does not admit your certificate, you will get an error message. This
	error message is generated by the application and Scute can not
	influence it. Unfortunately, in Firefox (at least up to version
	38.5.0), this error message is not very user friendly. For example,
	entering a bad PIN results in the following generic error message, and
	the @code{Try Again} button does not work as expected:

	@center @image{firefox-bad-pin,11cm}

	@comment FIXME: Document possible error codes.


	@node Email Signing
	@chapter Email Signing

	Scute also allows you to use your card-based X.509 certificate to sign
	your emails with the S/MIME signature format. This has been tested
	with Mozilla Thunderbird only, but should work with any mail client
	with support for PKCS #11 (notably GNOME Evolution).

	You must first load the Scute module into your mail client. With
	Mozilla Thunderbird, the procedure is the same as the one described
	above for Mozilla Firefox.

	Then, open your accent configuration dialog (@code{Edit->Account
	Settings}), and in the @code{Security} tab, under the section
	@code{Digital Signing}, use the @code{Select...} button to associate
	your card-based certificate with your account.

	@center @image{thunderbird-account-settings,13cm}

	When writing a new message, you may then use the @code{S/MIME} button
	and select @code{Digitally sign this message} in the popup menu. You
	will be prompted for your User PIN before the message is sent.

	@center @image{thunderbird-smime-button,13cm}


	@node Document Signing
	@chapter Document Signing

	Scute can also be used with LibreOffice to sign OpenDocument files.

	First, you must load the Scute module into Mozilla Firefox according to
	the above procedure. Then, configure LibreOffice to use Firefox's
	certificate store by defining the @code{MOZILLA_CERTIFICATE_FOLDER}
	environment variable to your Firefox profile directory.

	Then, to sign the document you are editing, select the
	@code{File->Digital Signatures...} menu option to open the
	@code{Digital Signatures} dialog.

	@center @image{libreoffice-digital-signatures,13cm}

	Click the @code{Sign Document} button to open the certificate selection
	dialog. Select your card-based certificate, then validate. Enter your
	User PIN when prompted by GPG Agent.

	@center @image{libreoffice-certificate-selection,13cm}

	You may also sign a PDF export of your document. Select the
	@code{File->Export as PDF...} menu option to open the @code{PDF Options}
	dialog. In the @code{Digital Signatures} tab, use the @code{Select}
	button to open the certificate selection dialog as above. You will be
	prompted for your User PIN when you will click the @code{Export} button.

	@center @image{libreoffice-pdf-signature,13cm}


	@node Troubleshooting
	@chapter Troubleshooting

	@strong{Symptom:} Loading the Scute security device in the security
	device manager of Firefox fails with "Unable to load module".

	@strong{Solution:} Make sure that Scute is correctly installed, and that
	all libraries and executables are available. If you are using GnuPG
	2.0 (instead of 2.1), you may need to make sure that the GPG Agent is
	running and can be found via the environment variable
	@code{GPG_AGENT_INFO}. @xref{Invoking GPG-AGENT, , , gnupg, Using the
	GNU Privacy Guard}, for details on how to run the GPG Agent.


	@strong{Symptom:} Client authentication fails with "<example.com> has
	received an incorrect or unexpected message. Error code: -12227".

	@strong{Solution:} Make sure that the correct OpenPGP card is inserted
	and the certificate available in GPGSM. Check that the OpenPGP card is
	detected correctly in the security device manager and the corresponding
	certificate is displayed in the certificate manager of Firefox.
	@xref{Authentication With Service}.


	@strong{Symptom:} The OpenPGP card is detected and displayed in the
	security device manager in Firefox, but no corresponding certificate is
	displayed in the certificate manager of Firefox.

	@strong{Solution:} Make sure that the corresponding certificate is
	imported in GPGSM.

	@comment FIXME: Can this really happen???


	@node Internals
	@chapter Internals

	The following notes are intended for people interested in more technical
	details about Scute and its implementation. They give an overview about
	its scope and potential compatibility issues with applications.

	@menu
	* Features and Limitations:: Details about the interfaces implemented.
	* Developing Scute:: How to understand or improve Scute.
	* Mozilla Compatibility:: Interoperability notes for Mozilla NSS.
	@end menu


	@node Features and Limitations
	@section Features and Limitations

	Scute implements version 2.20 of the
	@uref{https://www.emc.com/emc-plus/rsa-labs/standards-initiatives/pkcs-11-cryptographic-token-interface-standard.htm, PKCS #11}
	specification.

	The @uref{http://www.g10code.com/p-card.html,OpenPGP smart card}
	application is supported in read-only mode.

	The following functions are not supported:

	@table @code
	@item C_Initialize
	No support for native thread package. Locking callbacks must be
	provided if multi-threaded operation is desired.

	@item C_WaitForSlotEvent
	Not implemented. The interface as specified by PKCS #11 is broken
	anyway, as the function can not safely be canceled. Thus, we require
	polling.

	@item C_GetOperationState
	@itemx C_SetOperationState
	Not supported.

	@item C_InitToken

	@itemx C_InitPIN
	@itemx C_SetPIN
	Not supported. No write operations are allowed. To configure the
	token, please use the tools accompanying the GnuPG software suite.

	@item C_Login
	@itemx C_Logout
	Not supported. No login into the token by the software is required.
	Passphrase queries are implemented by the use of GPG Agent and Pinentry.

	@item C_EncryptInit
	@itemx C_Encrypt
	@itemx C_EncryptUpdate
	@itemx C_EncryptFinal
	@itemx C_DigestInit
	@itemx C_Digest
	@itemx C_DigestUpdate
	@itemx C_DigestKey
	@itemx C_DigestFinal
	@itemx C_VerifyInit
	@itemx C_Verify
	@itemx C_VerifyUpdate
	@itemx C_VerifyFinal
	@itemx C_VerifyRecoverInit
	@itemx C_VerifyRec
	Not supported. Only secret key operations are supported.

	@item C_DecryptInit
	@itemx C_Decrypt
	Not yet supported, but will be in the future.

	@item C_SignUpdate
	@itemx C_SignFinal
	@itemx C_DecryptUpdate
	@itemx C_DecryptFinal
	No progressive crypto-operations are supported.

	@item C_SignRecoverInit
	@itemx C_SignRecover
	Not supported.

	@item C_DigestEncryptUpdate
	@itemx C_DecryptDigestUpdate
	@itemx C_SignEncryptUpdate
	@itemx C_DecryptVerifyUpdate
	Dual-purpose cryptographic functions are not supported.

	@item C_GenerateKey
	@itemx C_GenerateKeyPair
	@itemx C_WrapKey
	@itemx C_UnwrapKey
	@itemx C_DeriveKey
	Key management functions are not supported. Please use the tools
	accompanying the GnuPG software suite to generate and import keys for
	use with the token.

	@item C_SeedRandom
	Not supported.

	@item C_CreateObject
	@itemx C_CopyObject
	@itemx C_DestroyObject
	@itemx C_SetAttributeValue:
	Only read-only operations are supported on objects.

	@item C_GetObjectSize
	Not supported.

	@item CKO_CERTIFICATE
	The label specifies the key on the card used (e.g. @code{OPENPGP.3}).
	The ID is the fingerprint.

	@item CKO_PRIVATE_KEY:
	The @code{CKA_LOCAL} attribute can not be supported by the OpenPGP card.
	It is always set to false (as the key on the card may be copied to the
	card from an external source).
	@end table

	@node Developing Scute
	@section Developing Scute

	Scute is single-threaded. There is a global lock that is taken in all
	entry points of Scute, except for @code{C_Initialize},
	@code{C_Finalize}, @code{C_GetFunctionList}, and stubs.

	Here are a couple of hints on how to develop PKCS #11 modules for
	Mozilla:

	@code{libopensc2} ships with a @code{pkcs11-spy} library that can be
	loaded as a wrapper around the PKCS #11 library you want to use to log
	all functions invoked by Mozilla. Here is how to use it:

	Set the @code{PKCS11SPY_OUTPUT} environment variable to a filename.
	@code{pkcs11-spy} appends its log messages at the end of this file. Set
	the @code{PKCS11SPY} environment variable to the filename of the PKCS
	#11 module you actually want to use. Start Mozilla within this
	environment.

	There is a different, probably more powerful way to debug Mozilla PKCS
	#11 libraries. However, to be able to use it, you need to configure and
	compile the Mozilla NSS sources with @code{--enable-debug}.
	Instructions can be found at:
	@uref{https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/nss_tech_notes}

	Here are a couple of links to more information about implementing a
	PKCS #11 module for Mozilla:

	@table @uref
	@item https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11_Implement
	Guidelines for implementors of PKCS #11 modules targeting Mozilla

	@item http://www-archive.mozilla.org/projects/security/pki/pkcs11/
	PKCS #11 Conformance Testing

	@item https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
	The Mozilla NSS web page
	@end table


	@node Mozilla Compatibility
	@section Mozilla Compatibility

	Mozilla has a bug that causes the wrong security device to be unloaded
	when unloading a security device. Also, the displayed list becomes
	corrupt. When closing and reopening the security device manager, the
	list displayed is correct, but in anyway the wrong security module is
	unloaded.


	-@include gpl.texi
	+@include lesser.texi


	@node Concept Index
	@unnumbered Concept Index

	@printindex cp


	@summarycontents
	@contents
	@bye
	diff --git a/doc/website/contact.xhtml b/doc/website/contact.xhtml
	index d1e306b..600431f 100644
	--- a/doc/website/contact.xhtml
	+++ b/doc/website/contact.xhtml
	@@ -1,81 +1,72 @@
	<?xml version="1.0" encoding="ISO-8859-1" ?>
	<!-- contact.xhtml
	Copyright (C) 2006 g10 Code GmbH

	This file is part of Scute.
	-
	+
	Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	+ under the terms of the GNU Lesser General Public License as
	+ published by the Free Software Foundation; either version 2.1 of
	+ the License, or (at your option) any later version.

	Scute is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+ Lesser General Public License for more details.

	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. -->
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with this program; if not, see <https://gnu.org/licenses/>.
	+ SPDX-License-Identifier: LGPL-2.1-or-later
	+ -->
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<title>Scute</title>
	<link rel="stylesheet" type="text/css" href="format/web.css"/>
	</head>
	<body>
	<div id="body">
	<div id="toc">
	<object type="image/svg+xml" data="format/scute-logo.svg">
	Scute
	</object>
	<h1>Table Of Content</h1>
	<ul>
	<li><a href="index.xhtml">Introduction</a></li>
	<li><a href="documentation.xhtml">Documentation</a></li>
	<li><a href="download.xhtml">Download</a></li>
	<li><a href="contact.xhtml">Discussion</a></li>
	</ul>
	</div>
	<div id="main">
	<h1>Contact</h1>
	<p>
	Scute is developed and maintained
	by <a href="http://www.g10code.com/">g10 Code GmbH</a>. You
	can support its development
	by <a href="http://www.g10code.com/support.html">getting
	support contracts</a> for custom development, security
	consulting and training.
	</p>
	<h2>Bug Reports</h2>
	<p>
	All bug reports should be submitted to our <a
	href="https://bugs.gnupg.org/">bug tracking system</a> or
	sent via e-mail to the <a
	href="http://lists.gnupg.org/mailman/listinfo/gnupg-devel">GnuPG
	development mailing list.</a> Sensitive information can also
	be submitted by following the instructions in the file
	<code>AUTHORS</code> in the top-level directory of the source
	package.
	</p>
	<h2>Community</h2>
	<p>
	The members of our community can be reached via e-mail on the <a
	href="http://www.gnupg.org/documentation/mailing-lists.html">GnuPG
	mailing lists</a>.
	</p>
	</div>
	</div>
	</body>
	</html>
	diff --git a/doc/website/documentation.xhtml b/doc/website/documentation.xhtml
	index ef2373e..ba22bd9 100644
	--- a/doc/website/documentation.xhtml
	+++ b/doc/website/documentation.xhtml
	@@ -1,60 +1,51 @@
	<?xml version="1.0" encoding="ISO-8859-1" ?>
	<!-- documentation.xhtml
	Copyright (C) 2006 g10 Code GmbH

	This file is part of Scute.
	-
	+
	Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	+ under the terms of the GNU Lesser General Public License as
	+ published by the Free Software Foundation; either version 2.1 of
	+ the License, or (at your option) any later version.

	Scute is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+ Lesser General Public License for more details.

	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. -->
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with this program; if not, see <https://gnu.org/licenses/>.
	+ SPDX-License-Identifier: LGPL-2.1-or-later
	+ -->
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<title>Scute</title>
	<link rel="stylesheet" type="text/css" href="format/web.css"/>
	</head>
	<body>
	<div id="body">
	<div id="toc">
	<object type="image/svg+xml" data="format/scute-logo.svg">
	Scute
	</object>
	<h1>Table Of Content</h1>
	<ul>
	<li><a href="index.xhtml">Introduction</a></li>
	<li><a href="documentation.xhtml">Documentation</a></li>
	<li><a href="download.xhtml">Download</a></li>
	<li><a href="contact.xhtml">Discussion</a></li>
	</ul>
	</div>
	<div id="main">
	<h1>Documentation</h1>
	<p>
	The <a href="scute.html/index.html">Scute Manual</a> is
	available on-line.
	</p>
	</div>
	</div>
	</body>
	</html>
	diff --git a/doc/website/download.xhtml b/doc/website/download.xhtml
	index 5eee902..98c6b76 100644
	--- a/doc/website/download.xhtml
	+++ b/doc/website/download.xhtml
	@@ -1,211 +1,203 @@
	<?xml version="1.0" encoding="ISO-8859-1" ?>
	<!-- download.xhtml
	Copyright (C) 2006, 2008 g10 Code GmbH

	This file is part of Scute.
	-
	+
	Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	+ under the terms of the GNU Lesser General Public License as
	+ published by the Free Software Foundation; either version 2.1 of
	+ the License, or (at your option) any later version.

	Scute is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+ Lesser General Public License for more details.

	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. -->
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with this program; if not, see <https://gnu.org/licenses/>.
	+ SPDX-License-Identifier: LGPL-2.1-or-later
	+ -->
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
	"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
	<title>Scute</title>
	<link rel="stylesheet" type="text/css" href="format/web.css"/>
	</head>
	<body>
	<div id="body">
	<div id="toc">
	<object type="image/svg+xml" data="format/scute-logo.svg">
	Scute
	</object>
	<h1>Table Of Content</h1>
	<ul>
	<li><a href="index.xhtml">Introduction</a></li>
	<li><a href="documentation.xhtml">Documentation</a></li>
	<li><a href="download.xhtml">Download</a></li>
	<li><a href="contact.xhtml">Discussion</a></li>
	</ul>
	</div>
	<div id="main">
	<h1>Download</h1>
	<p>
	Scute is currently available in source format only, and
	should compile on any recent GNU/Linux system. It can also
	be cross-built for Windows 32-bit using MingW32.
	</p>
	<p>
	The most recent release of Scute is version 1.5.0.
	</p>
	<table>
	<caption>Scute source distributions.</caption>
	<tr>
	<th>Description</th>
	<th>Version</th>
	<th>Date</th>
	<th>Size</th>
	<th>Tarball</th>
	<th>Signature</th>
	</tr>
	<tr>
	<td>Scute source distribution</td>
	<td>1.5.0</td>
	<td>2017-07-14</td>
	<td>969 kB</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.5.0.tar.bz2">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.5.0.tar.bz2">
	download</a>
	</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.5.0.tar.bz2.sig">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.5.0.tar.bz2.sig">
	download</a>
	</td>
	</tr>
	<tr>
	<td>Scute source distribution</td>
	<td>1.4.0</td>
	<td>2010-04-21</td>
	<td>755 kB</td>
	<td>
	<a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.4.0.tar.bz2">
	download</a>
	</td>
	<td>
	<a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.4.0.tar.bz2.sig">
	download</a>
	</td>
	</tr>
	<tr>
	<td>Scute source distribution</td>
	<td>1.3.0</td>
	<td>2009-06-20</td>
	<td>754 kB</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.3.0.tar.bz2">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.3.0.tar.bz2">
	download</a>
	</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.3.0.tar.bz2.sig">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.3.0.tar.bz2.sig">
	download</a>
	</td>
	</tr>
	<tr>
	<td>Scute source distribution</td>
	<td>1.2.0</td>
	<td>2008-09-02</td>
	<td>731 kB</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.2.0.tar.bz2">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.2.0.tar.bz2">
	download</a>
	</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.2.0.tar.bz2.sig">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.2.0.tar.bz2.sig">
	download</a>
	</td>
	</tr>
	<tr>
	<td>Scute source distribution</td>
	<td>1.1.0</td>
	<td>2007-05-02</td>
	<td>675 kB</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.1.0.tar.bz2">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.1.0.tar.bz2">
	download</a>
	</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.1.0.tar.bz2.sig">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.1.0.tar.bz2.sig">
	download</a>
	</td>
	</tr>
	<tr>
	<td>Scute source distribution</td>
	<td>1.0.0</td>
	<td>2006-11-11</td>
	<td>325 kB</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.0.0.tar.bz2">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.0.0.tar.bz2">
	download</a>
	</td>
	<td>
	- <a href="ftp://ftp.gnupg.org/gcrypt/scute/scute-1.0.0.tar.bz2.sig">
	+ <a href="https://gnupg.org/ftp/gcrypt/scute/scute-1.0.0.tar.bz2.sig">
	download</a>
	</td>
	</tr>
	</table>
	<h2>Prerequisites</h2>
	<p>Scute requires the following packages to compile:
	<table>
	<caption>Compile-time dependencies of Scute</caption>
	<tr><th>Package</th><th>Min. Version</th></tr>
	<tr><td><a
	- href="http://www.gnupg.org/related_software/libgpg-error/">libgpg-error</a></td><td>1.14</td></tr>
	+ href="https://gnupg.org/software/libgpg-error/">libgpg-error</a></td><td>1.14</td></tr>
	<tr><td><a
	- href="http://www.gnupg.org/related_software/libassuan/">libassuan</a></td><td>2.0.0</td></tr>
	+ href="https://gnupg.org/software/libassuan/">libassuan</a></td><td>2.0.0</td></tr>
	</table>
	</p>
	<p>Scute also requires the following packages to run:
	<table>
	<caption>Run-time dependencies of Scute</caption>
	<tr><th>Package</th><th>Min. Version</th></tr>
	<tr><td><a
	- href="http://www.mozilla.com/">Firefox</a></td><td>any</td></tr>
	+ href="https://www.mozilla.com/">Firefox</a></td><td>any</td></tr>
	<tr><td><a
	- href="http://www.gnupg.org/">GnuPG</a></td><td>2.0</td></tr>
	+ href="https://gnupg.org/">GnuPG</a></td><td>2.0</td></tr>
	<tr><td><a
	- href="http://www.gnupg.org/related_software/pinentry/">PinEntry</a></td><td>0.7.0</td></tr>
	+ href="https://gnupg.org/software/pinentry/">PinEntry</a></td><td>0.7.0</td></tr>
	</table>
	</p>
	<h2>Installation</h2>
	<p>
	Canonical installation instructions can be found in the file
	<code>INSTALL</code> in the top-level directory of the
	source package. Instructions for users of Scute are
	available in the <a href="documentation.xhtml">documentation
	section</a>.
	</p>
	<h2>Development</h2>
	<p>
	The source of Scute is managed using the GIT distributed
	revision control system. The repository can be retrieved
	with the following command:
	<pre>
	$ git clone git://git.gnupg.org/scute.git
	</pre>
	Please send an e-mail to the <a
	- href="http://lists.gnupg.org/mailman/listinfo/gnupg-devel">GnuPG
	+ href="https://lists.gnupg.org/mailman/listinfo/gnupg-devel">GnuPG
	development mailing list</a> if you are interested in
	participating in the Scute development.
	</p>
	<p>
	A web interface to the <a
	- href="http://git.gnupg.org/cgi-bin/gitweb.cgi?p=scute.git">Scute
	+ href="https://git.gnupg.org/cgi-bin/gitweb.cgi?p=scute.git">Scute
	source repository</a> is available on-line, and contains
	up-to-date as well as archived versions of all files
	included in the Scute source package, including the most
	recent development changes.
	</p>
	</div>
	</div>
	</body>
	</html>
	+x
	diff --git a/doc/website/format/web.css b/doc/website/format/web.css
	index 44bcb7c..baf9098 100644
	--- a/doc/website/format/web.css
	+++ b/doc/website/format/web.css
	@@ -1,87 +1,77 @@
	/* web.css
	Copyright (C) 2006 g10 Code GmbH

	This file is part of Scute.
	-
	+
	Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	+ under the terms of the GNU Lesser General Public License as
	+ published by the Free Software Foundation; either version 2.1 of
	+ the License, or (at your option) any later version.

	Scute is distributed in the hope that it will be useful, but
	WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ Lesser General Public License for more details.
	+
	+ You should have received a copy of the GNU Lesser General Public
	+ License along with this program; if not, see <https://gnu.org/licenses/>.
	+ SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	/* Note that the dimensions here specify the view-port size, not the
	image size, which is specified in the SVG file itself. */

	body { font-family: "sans-serif";
	background-image: url("scute-border.jpg");
	background-repeat: repeat-y;
	margin: 0em;
	}

	/* Same constant also below for div#main. FIXME: Can be fixed by
	using another div for the body. */

	div#toc { margin-left: 150px; }

	div#toc object { width: 310px;
	height: 110px;
	float: left;
	margin-left: -45px }

	div#toc h1 { display: none; }

	div#toc ul { float: left;
	padding: 0em; }

	div#toc ul li { font-size: small; float: left;
	font-weight: bold;
	border-style: none none none solid;
	border-width: 3px 0px 3px 3px;
	padding: 0.6em 0em 0.6em 0.6em;
	margin: 0.6em 0em 0.6em 0.6em;
	text-align: center;
	list-style-type: none;
	}

	div#toc ul li:first-child { border-width: 3px 0px 3px 0px; }

	div#toc ul li a:link { text-decoration: none; color: black }
	div#toc ul li a:visited { text-decoration: none; color: black }
	div#toc ul li a:hover { text-decoration: underline; color: black }
	div#toc ul li a:active { text-decoration: underline; color: white;
	background-color: black; }

	div#main { clear: left;
	margin-left: 150px;
	margin-right: 15%; }

	div#main h1 { padding-top: 1em; }

	div#main table > caption { display: none; }

	div#main table { border-style: none none none solid;
	border-width: 3px;
	margin: 0.6em;
	text-align: left;
	}

	div#main table > tr > td,th { padding-left: 0.6em; }
	-
	diff --git a/src/Makefile.am b/src/Makefile.am
	index 9ceef93..266eb86 100644
	--- a/src/Makefile.am
	+++ b/src/Makefile.am
	@@ -1,135 +1,125 @@
	# Makefile.am - Makefile src/ for scute.
	# Copyright (C) 2006, 2008 g10 Code GmbH
	-#
	+#
	# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	-#
	-# You should have received a copy of the GNU General Public License
	-# along with Scute; if not, write to the Free Software Foundation,
	-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+# Lesser General Public License for more details.
	#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Foundation's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	## Process this file with automake to produce Makefile.in

	EXTRA_DIST = libscute.vers scute.def versioninfo.rc.in

	sources = cryptoki.h pkcs11.h debug.c debug.h settings.h support.h \
	locking.h locking.c error-mapping.h error-mapping.c \
	get-path.c agent.h agent.c \
	slots.h slots.c table.h table.c \
	cert.h cert-gpgsm.c cert-object.c gpgsm.h gpgsm.c \
	p11-cancelfunction.c p11-closeallsessions.c p11-closesession.c \
	p11-copyobject.c p11-createobject.c p11-decrypt.c \
	p11-decryptdigestupdate.c p11-decryptfinal.c p11-decryptinit.c \
	p11-decryptupdate.c p11-decryptverifyupdate.c p11-derivekey.c \
	p11-destroyobject.c p11-digest.c p11-digestencryptupdate.c \
	p11-digestfinal.c p11-digestinit.c p11-digestkey.c \
	p11-digestupdate.c p11-encrypt.c p11-encryptfinal.c \
	p11-encryptinit.c p11-encryptupdate.c p11-finalize.c \
	p11-findobjects.c p11-findobjectsfinal.c p11-findobjectsinit.c \
	p11-generatekey.c p11-generatekeypair.c p11-generaterandom.c \
	p11-getattributevalue.c p11-getfunctionlist.c \
	p11-getfunctionstatus.c p11-getinfo.c p11-getmechanisminfo.c \
	p11-getmechanismlist.c p11-getobjectsize.c \
	p11-getoperationstate.c p11-getsessioninfo.c p11-getslotinfo.c \
	p11-getslotlist.c p11-gettokeninfo.c p11-initialize.c \
	p11-initpin.c p11-inittoken.c p11-login.c p11-logout.c \
	p11-opensession.c p11-seedrandom.c p11-setattributevalue.c \
	p11-setoperationstate.c p11-setpin.c p11-sign.c \
	p11-signencryptupdate.c p11-signfinal.c p11-signinit.c \
	p11-signrecover.c p11-signrecoverinit.c p11-signupdate.c \
	p11-unwrapkey.c p11-verify.c p11-verifyfinal.c p11-verifyinit.c \
	p11-verifyrecover.c p11-verifyrecoverinit.c p11-verifyupdate.c \
	p11-waitforslotevent.c p11-wrapkey.c sexp-parse.h


	if HAVE_LD_VERSION_SCRIPT
	scute_version_script_cmd = -Wl,--version-script=$(srcdir)/libscute.vers
	else
	scute_version_script_cmd =
	endif


	lib_LTLIBRARIES = scute.la

	if HAVE_W32_SYSTEM

	RCCOMPILE = $(RC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
	$(AM_CPPFLAGS) $(CPPFLAGS)
	LTRCCOMPILE = $(LIBTOOL) --mode=compile --tag=RC $(RCCOMPILE)

	SUFFIXES: .rc .lo

	.rc.lo:
	$(LTRCCOMPILE) -i "$<" -o "$@"

	scute_res = versioninfo.lo
	scute_res_ldflag = -Wl,.libs/versioninfo.o

	no_undefined = -no-undefined
	export_symbols = -export-symbols $(srcdir)/scute.def

	install-def-file:
	$(INSTALL) $(srcdir)/scute.def $(DESTDIR)$(libdir)/scute.def

	uninstall-def-file:
	-rm $(DESTDIR)$(libdir)/scute.def

	# On Windows targets, link statically to libgpg-error and libassuan.
	scute_deps = $(scute_res) scute.def libgpg-error.a libassuan.a

	scute_libadd = -L.

	libgpg-error.a:
	ln -sf $$($(GPG_ERROR_CONFIG) --prefix)/lib/libgpg-error.a .

	libassuan.a:
	ln -sf $$($(LIBASSUAN_CONFIG) --prefix)/lib/libassuan.a .

	clean-local:
	rm -f libgpg-error.a libassuan.a

	else

	scute_res =
	scute_res_ldflag =
	no_undefined =
	export_symbols =
	install-def-file:
	uninstall-def-file:

	scute_deps =
	scute_libadd =

	endif

	scute_la_LDFLAGS = $(scute_res_ldflag) $(no_undefined) -module -avoid-version $(export_symbols) \
	$(scute_version_script_cmd) -version-info \
	@LIBSCUTE_LT_CURRENT@:@LIBSCUTE_LT_REVISION@:@LIBSCUTE_LT_AGE@
	scute_la_DEPENDENCIES = @LTLIBOBJS@ $(srcdir)/libscute.vers $(scute_deps)
	# scute_libadd must come BEFORE libassuan and gpg-error, because we
	# override it on Windows targets.
	scute_la_LIBADD = $(scute_libadd) \
	@LTLIBOBJS@ @LIBASSUAN_LIBS@ @GPG_ERROR_LIBS@

	scute_la_CPPFLAGS = -I$(srcdir)/../include \
	@LIBASSUAN_CFLAGS@ @GPG_ERROR_CFLAGS@
	scute_la_SOURCES = $(sources)
	diff --git a/src/agent.c b/src/agent.c
	index 9a25820..df9cdc1 100644
	--- a/src/agent.c
	+++ b/src/agent.c
	@@ -1,1226 +1,1217 @@
	/* agent.c - Talking to gpg-agent.
	- Copyright (C) 2006, 2007, 2008, 2015 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2007, 2008, 2015 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>
	#include <stdio.h>
	#include <locale.h>
	#include <errno.h>
	#include <string.h>
	#include <stdarg.h>

	#ifdef HAVE_W32_SYSTEM
	#define PATHSEP_C ';'
	#define WINVER 0x0500 /* Required for AllowSetForegroundWindow. */
	#include <windows.h>
	#else
	#define PATHSEP_C ':'
	#endif

	#include <assuan.h>
	#include <gpg-error.h>

	#include "debug.h"
	#include "support.h"
	#include "sexp-parse.h"
	#include "cert.h"
	#include "agent.h"


	/* The global agent context. */
	static assuan_context_t agent_ctx = NULL;

	/* The version number of the agent. */
	static int agent_version_major;
	static int agent_version_minor;



	/* Hack required for Windows. */
	void
	gnupg_allow_set_foregound_window (pid_t pid)
	{
	if (!pid \|\| pid == (pid_t)(-1))
	return;
	#ifdef HAVE_W32_SYSTEM
	else if (!AllowSetForegroundWindow (pid))
	DEBUG (DBG_CRIT, "AllowSetForegroundWindow(%lu) failed: %i\n",
	(unsigned long)pid, GetLastError ());
	#endif
	}



	/* Establish a connection to a running GPG agent. */
	static gpg_error_t
	agent_connect (assuan_context_t *ctx_r)
	{
	gpg_error_t err = 0;
	assuan_context_t ctx = NULL;
	char buffer[255];
	FILE *p;

	/* Use gpg-connect-agent to obtain the socket name
	* directly from the agent itself. */
	snprintf (buffer, sizeof buffer, "%s 'GETINFO socket_name' /bye",
	get_gpg_connect_agent_path ());
	#ifdef HAVE_W32_SYSTEM
	p = _popen (buffer, "r");
	#else
	p = popen (buffer, "r");
	#endif
	if (p)
	{
	int ret;

	ret = fscanf (p, "D %254s\nOK\n", buffer);
	if (ret == EOF) /* I/O error? */
	err = gpg_error_from_errno (errno);
	else if (ret != 1) /* Unexpected reply */
	err = gpg_error (GPG_ERR_NO_AGENT);

	pclose (p);
	}
	else
	err = gpg_error_from_errno (errno);

	/* Then connect to the socket we got. */
	if (!err)
	{
	err = assuan_new (&ctx);
	if (!err)
	{
	err = assuan_socket_connect (ctx, buffer, 0, 0);
	if (!err)
	{
	*ctx_r = ctx;
	if (_scute_debug_flags & DBG_ASSUAN)
	assuan_set_log_stream (*ctx_r, _scute_debug_stream);
	}
	else
	assuan_release (ctx);
	}
	}

	/* We do not try any harder. If gpg-connect-agent somehow failed
	* to give us a suitable socket, we probably cannot do better. */
	if (err)
	DEBUG (DBG_CRIT, "cannot connect to GPG agent: %s", gpg_strerror (err));

	return err;
	}


	/* This is the default inquiry callback. It mainly handles the
	Pinentry notifications. */
	static gpg_error_t
	default_inq_cb (void opaque, const char line)
	{
	(void)opaque;

	if (!strncmp (line, "PINENTRY_LAUNCHED", 17) && (line[17]==' '\|\|!line[17]))
	{
	gnupg_allow_set_foregound_window ((pid_t)strtoul (line+17, NULL, 10));
	/* We do not pass errors to avoid breaking other code. */
	}
	else
	DEBUG (DBG_CRIT, "ignoring gpg-agent inquiry `%s'\n", line);

	return 0;
	}


	/* Send a simple command to the agent. */
	static gpg_error_t
	agent_simple_cmd (assuan_context_t ctx, const char *fmt, ...)
	{
	gpg_error_t err;
	char *optstr;
	va_list arg;
	int res;

	va_start (arg, fmt);
	res = vasprintf (&optstr, fmt, arg);
	va_end (arg);

	if (res < 0)
	return gpg_error_from_errno (errno);

	err = assuan_transact (ctx, optstr, NULL, NULL, default_inq_cb,
	NULL, NULL, NULL);
	if (err)
	DEBUG (DBG_CRIT, "gpg-agent command '%s' failed: %s", optstr,
	gpg_strerror (err));
	free (optstr);

	return err;
	}


	/* Read and stroe the agent's version number. */
	static gpg_error_t
	read_version_cb (void opaque, const void buffer, size_t length)
	{
	char version[20];
	const char *s;

	(void) opaque;

	if (length > sizeof (version) -1)
	length = sizeof (version) - 1;
	strncpy (version, buffer, length);
	version[length] = 0;

	agent_version_major = atoi (version);
	s = strchr (version, '.');
	agent_version_minor = s? atoi (s+1) : 0;

	return 0;
	}


	/* Configure the GPG agent at connection CTX. */
	static gpg_error_t
	agent_configure (assuan_context_t ctx)
	{
	gpg_error_t err = 0;
	char *dft_display = NULL;
	char *dft_ttyname = NULL;
	char *dft_ttytype = NULL;
	#if defined(HAVE_SETLOCALE) && (defined(LC_CTYPE) \|\| defined(LC_MESSAGES))
	char *old_lc = NULL;
	char *dft_lc = NULL;
	#endif
	char *dft_xauthority = NULL;
	char *dft_pinentry_user_data = NULL;

	err = agent_simple_cmd (ctx, "RESET");
	if (err)
	return err;

	/* Set up display, terminal and locale options. */
	dft_display = getenv ("DISPLAY");
	if (dft_display)
	err = agent_simple_cmd (ctx, "OPTION display=%s", dft_display);
	if (err)
	return err;

	dft_ttyname = getenv ("GPG_TTY");
	if ((!dft_ttyname \|\| !*dft_ttyname) && ttyname (0))
	dft_ttyname = ttyname (0);
	if (dft_ttyname)
	{
	err = agent_simple_cmd (ctx, "OPTION ttyname=%s", dft_ttyname);
	if (err)
	return err;
	}

	dft_ttytype = getenv ("TERM");
	if (dft_ttytype)
	err = agent_simple_cmd (ctx, "OPTION ttytype=%s", dft_ttytype);
	if (err)
	return err;

	#if defined(HAVE_SETLOCALE) && defined(LC_CTYPE)
	old_lc = setlocale (LC_CTYPE, NULL);
	if (old_lc)
	{
	old_lc = strdup (old_lc);
	if (!old_lc)
	return gpg_error_from_errno (errno);
	}
	dft_lc = setlocale (LC_CTYPE, "");
	if (dft_lc)
	err = agent_simple_cmd ("OPTION lc-ctype=%s", dft_lc);
	if (old_lc)
	{
	setlocale (LC_CTYPE, old_lc);
	free (old_lc);
	}
	#endif
	if (err)
	return err;

	#if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
	old_lc = setlocale (LC_MESSAGES, NULL);
	if (old_lc)
	{
	old_lc = strdup (old_lc);
	if (!old_lc)
	err = gpg_error_from_errno (errno);
	}
	dft_lc = setlocale (LC_MESSAGES, "");
	if (dft_lc)
	err = agent_simple_cmd ("OPTION lc-messages=%s", dft_lc);
	if (old_lc)
	{
	setlocale (LC_MESSAGES, old_lc);
	free (old_lc);
	}
	#endif

	dft_xauthority = getenv ("XAUTHORITY");
	if (dft_xauthority)
	err = agent_simple_cmd (ctx, "OPTION xauthority=%s", dft_xauthority);
	if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
	err = 0;
	else if (err)
	return err;

	dft_pinentry_user_data = getenv ("PINENTRY_USER_DATA");
	if (dft_pinentry_user_data)
	err = agent_simple_cmd (ctx, "OPTION pinentry_user_data=%s",
	dft_pinentry_user_data);
	if (err && gpg_err_code (err) != GPG_ERR_UNKNOWN_OPTION)
	return err;

	err = agent_simple_cmd (ctx, "OPTION allow-pinentry-notify");
	if (err && gpg_err_code (err) != GPG_ERR_UNKNOWN_OPTION)
	return err;

	err = assuan_transact (ctx, "GETINFO version",
	read_version_cb, NULL,
	NULL, NULL, NULL, NULL);
	if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
	err = 0;
	else if (err)
	return err;


	return err;
	}


	/* Try to connect to the agent via socket. Handle the server's
	initial greeting. */
	gpg_error_t
	scute_agent_initialize (void)
	{
	gpg_error_t err = 0;

	if (agent_ctx)
	{
	DEBUG (DBG_CRIT, "GPG Agent connection already established");
	return 0;
	}

	DEBUG (DBG_INFO, "Establishing connection to gpg-agent");
	err = agent_connect (&agent_ctx);
	if (err)
	return err;

	err = agent_configure (agent_ctx);
	if (err)
	scute_agent_finalize ();

	return err;
	}


	int
	scute_agent_get_agent_version (int *minor)
	{
	*minor = agent_version_minor;
	return agent_version_major;
	}



	/* Return a new malloced string by unescaping the string S. Escaping
	is percent escaping and '+'/space mapping. A binary nul will
	silently be replaced by a 0xFF. Function returns NULL to indicate
	an out of memory status. */
	static char *
	unescape_status_string (const unsigned char *src)
	{
	char *buffer;
	char *dst;

	buffer = malloc (strlen (src) + 1);
	if (!buffer)
	return NULL;

	dst = buffer;
	while (*src)
	{
	if (*src == '%' && src[1] && src[2])
	{
	src++;
	*dst = xtoi_2 (src);
	if (*dst == '\0')
	*dst = '\xff';
	dst++;
	src += 2;
	}
	else if (*src == '+')
	{
	*(dst++) = ' ';
	src++;
	}
	else
	(dst++) = (src++);
	}
	*dst = 0;

	return buffer;
	}


	/* Take a 20 byte hexencoded string and put it into the provided
	20 byte buffer FPR in binary format. Returns true if successful,
	and false otherwise. */
	static int
	unhexify_fpr (const char hexstr, unsigned char fpr)
	{
	const char *src;
	int cnt;

	/* Check for invalid or wrong length. */
	for (src = hexstr, cnt = 0; hexdigitp (src); src++, cnt++)
	;
	if ((*src && !spacep (src)) \|\| (cnt != 40))
	return 0;

	for (src = hexstr, cnt = 0; *src && !spacep (src); src += 2, cnt++)
	fpr[cnt] = xtoi_2 (src);

	return 1;
	}

	/* Return true if HEXSTR is a valid keygrip. */
	static unsigned int
	hexgrip_valid_p (const char *hexstr)
	{
	const char *s;
	int n;

	for (s=hexstr, n=0; hexdigitp (s); s++, n++)
	;
	if ((s && s != ' ') \|\| n != 40)
	return 0; /* Bad keygrip */
	else
	return 1; /* Valid. */
	}


	/* Take the serial number from LINE and return it verbatim in a newly
	allocated string. We make sure that only hex characters are
	returned. */
	static char *
	store_serialno (const char *line)
	{
	const char *src;
	char *ptr;

	for (src = line; hexdigitp (src); src++)
	;
	ptr = malloc (src + 1 - line);

	if (ptr)
	{
	memcpy (ptr, line, src - line);
	ptr[src - line] = 0;
	}

	return ptr;
	}


	/* Release the card info structure INFO. */
	void
	scute_agent_release_card_info (struct agent_card_info_s *info)
	{
	if (!info)
	return;

	free (info->serialno);
	free (info->dispserialno);
	free (info->cardtype);
	free (info->disp_name);
	free (info->disp_lang);
	free (info->pubkey_url);
	free (info->login_data);
	while (info->kinfo)
	{
	key_info_t ki = info->kinfo->next;
	free (info->kinfo);
	info->kinfo = ki;
	}

	memset (info, 0, sizeof (*info));
	}


	/* Return the key info object for the key KEYREF. If it is not found
	* NULL is returned. */
	key_info_t
	scute_find_kinfo (agent_card_info_t info, const char *keyref)
	{
	key_info_t kinfo;

	for (kinfo = info->kinfo; kinfo; kinfo = kinfo->next)
	if (!strcmp (kinfo->keyref, keyref))
	return kinfo;
	return NULL;
	}


	/* Create a new key info object with KEYREF. All fields but the
	* keyref are zeroed out. The created object is appended to the list
	* at INFO. */
	static key_info_t
	create_kinfo (agent_card_info_t info, const char *keyref)
	{
	key_info_t kinfo, ki;

	kinfo = calloc (1, sizeof *kinfo + strlen (keyref));
	if (!kinfo)
	return NULL;
	strcpy (kinfo->keyref, keyref);

	if (!info->kinfo)
	info->kinfo = kinfo;
	else
	{
	for (ki=info->kinfo; ki->next; ki = ki->next)
	;
	ki->next = kinfo;
	}
	return kinfo;
	}


	/* FIXME: We are not returning out of memory errors. */
	static gpg_error_t
	learn_status_cb (void opaque, const char line)
	{
	agent_card_info_t parm = opaque;
	const char *keyword = line;
	int keywordlen;
	key_info_t kinfo;
	const char *keyref;
	int i;

	for (keywordlen = 0; *line && !spacep (line); line++, keywordlen++)
	;
	while (spacep (line))
	line++;

	if (keywordlen == 8 && !memcmp (keyword, "SERIALNO", keywordlen))
	{
	free (parm->serialno);
	parm->serialno = store_serialno (line);
	}
	else if (keywordlen == 13 && !memcmp (keyword, "$DISPSERIALNO", keywordlen))
	{
	free (parm->dispserialno);
	parm->dispserialno = unescape_status_string (line);
	}
	else if (keywordlen == 7 && !memcmp (keyword, "APPTYPE", keywordlen))
	{
	parm->is_piv = !strcmp (line, "PIV");
	}
	else if (keywordlen == 8 && !memcmp (keyword, "CARDTYPE", keywordlen))
	{
	free (parm->cardtype);
	parm->cardtype = unescape_status_string (line);
	}
	else if (keywordlen == 9 && !memcmp (keyword, "DISP-NAME", keywordlen))
	{
	if (parm->disp_name)
	free (parm->disp_name);
	parm->disp_name = unescape_status_string (line);
	}
	else if (keywordlen == 9 && !memcmp (keyword, "DISP-LANG", keywordlen))
	{
	if (parm->disp_lang)
	free (parm->disp_lang);
	parm->disp_lang = unescape_status_string (line);
	}
	else if (keywordlen == 8 && !memcmp (keyword, "DISP-SEX", keywordlen))
	{
	parm->disp_sex = line == '1'? 1 : line == '2' ? 2: 0;
	}
	else if (keywordlen == 10 && !memcmp (keyword, "PUBKEY-URL", keywordlen))
	{
	if (parm->pubkey_url)
	free (parm->pubkey_url);
	parm->pubkey_url = unescape_status_string (line);
	}
	else if (keywordlen == 10 && !memcmp (keyword, "LOGIN-DATA", keywordlen))
	{
	if (parm->login_data)
	free (parm->login_data);
	parm->login_data = unescape_status_string (line);
	}
	else if (keywordlen == 11 && !memcmp (keyword, "SIG-COUNTER", keywordlen))
	{
	parm->sig_counter = strtoul (line, NULL, 0);
	}
	else if (keywordlen == 10 && !memcmp (keyword, "CHV-STATUS", keywordlen))
	{
	char p, buf;

	buf = p = unescape_status_string (line);
	if (buf)
	{
	while (spacep (p))
	p++;
	parm->chv1_cached = atoi (p);
	while (*p && !spacep (p))
	p++;
	while (spacep (p))
	p++;
	for (i = 0; *p && i < 3; i++)
	{
	parm->chvmaxlen[i] = atoi (p);
	while (*p && !spacep (p))
	p++;
	while (spacep (p))
	p++;
	}
	for (i=0; *p && i < 3; i++)
	{
	parm->chvretry[i] = atoi (p);
	while (*p && !spacep (p))
	p++;
	while (spacep (p))
	p++;
	}
	free (buf);
	}
	}
	else if (keywordlen == 7 && !memcmp (keyword, "KEY-FPR", keywordlen))
	{
	int no = atoi (line);
	while (*line && !spacep (line))
	line++;
	while (spacep (line))
	line++;
	if (no == 1)
	parm->fpr1valid = unhexify_fpr (line, parm->fpr1);
	else if (no == 2)
	parm->fpr2valid = unhexify_fpr (line, parm->fpr2);
	else if (no == 3)
	parm->fpr3valid = unhexify_fpr (line, parm->fpr3);
	}
	else if (keywordlen == 6 && !memcmp (keyword, "CA-FPR", keywordlen))
	{
	int no = atoi (line);
	while (*line && !spacep (line))
	line++;
	while (spacep (line))
	line++;
	if (no == 1)
	parm->cafpr1valid = unhexify_fpr (line, parm->cafpr1);
	else if (no == 2)
	parm->cafpr2valid = unhexify_fpr (line, parm->cafpr2);
	else if (no == 3)
	parm->cafpr3valid = unhexify_fpr (line, parm->cafpr3);
	}
	else if (keywordlen == 11 && !memcmp (keyword, "KEYPAIRINFO", keywordlen))
	{
	/* The format of such a line is:
	* KEYPARINFO <hexgrip> <keyref>
	*/
	const char *hexgrip = line;

	while (*line && !spacep (line))
	line++;
	while (spacep (line))
	line++;
	keyref = line;

	if (hexgrip_valid_p (hexgrip))
	{
	/* Check whether we already have an item for the keyref. */
	kinfo = scute_find_kinfo (parm, keyref);
	if (!kinfo) /* New entry. */
	{
	kinfo = create_kinfo (parm, keyref);
	if (!kinfo)
	goto no_core;
	}
	else /* Existing entry - clear the grip. */
	*kinfo->grip = 0;

	strncpy (kinfo->grip, hexgrip, sizeof kinfo->grip);
	kinfo->grip[sizeof kinfo->grip -1] = 0;
	}
	}
	else if (keywordlen == 6 && !memcmp (keyword, "EXTCAP", keywordlen))
	{
	char p, p2, *buf;
	int abool;

	buf = p = unescape_status_string (line);
	if (buf)
	{
	for (p = strtok (buf, " "); p; p = strtok (NULL, " "))
	{
	p2 = strchr (p, '=');
	if (p2)
	{
	*p2++ = 0;
	abool = (*p2 == '1');
	if (!strcmp (p, "gc"))
	parm->rng_available = abool;
	/* We're currently not interested in the
	* other capabilities. */
	}
	}
	free (buf);
	}
	}
	return 0;

	no_core:
	return gpg_error_from_syserror ();
	}


	/* Call the agent to learn about a smartcard. */
	gpg_error_t
	scute_agent_learn (struct agent_card_info_s *info)
	{
	gpg_error_t err;

	memset (info, 0, sizeof (*info));
	err = assuan_transact (agent_ctx, "LEARN --sendinfo",
	NULL, NULL,
	default_inq_cb, NULL,
	learn_status_cb, info);
	if (gpg_err_source(err) == GPG_ERR_SOURCE_SCD
	&& gpg_err_code (err) == GPG_ERR_CARD_REMOVED)
	{
	/* SCD session is in card removed state. clear that state. */
	err = assuan_transact (agent_ctx, "SCD SERIALNO",
	NULL, NULL, NULL, NULL, NULL, NULL);
	if (!err)
	{
	memset (info, 0, sizeof (*info));
	err = assuan_transact (agent_ctx, "LEARN --sendinfo",
	NULL, NULL,
	default_inq_cb, NULL,
	learn_status_cb, info);
	}
	}
	if (!err)
	{
	/* Also try to get the human readabale serial number. */
	err = assuan_transact (agent_ctx, "SCD GETATTR $DISPSERIALNO",
	NULL, NULL,
	default_inq_cb, NULL,
	learn_status_cb, info);
	if (gpg_err_code (err) == GPG_ERR_INV_NAME
	\|\| gpg_err_code (err) == GPG_ERR_UNSUPPORTED_OPERATION)
	err = 0; /* Not implemented or GETATTR not supported. */
	}


	return err;
	}



	static gpg_error_t
	geteventcounter_status_cb (void opaque, const char line)
	{
	int *result = opaque;
	const char *keyword = line;
	int keywordlen;

	for (keywordlen=0; *line && !spacep (line); line++, keywordlen++)
	;
	while (spacep (line))
	line++;

	if (keywordlen == 12 && !memcmp (keyword, "EVENTCOUNTER", keywordlen))
	{
	static int any_count;
	static unsigned int last_count;
	unsigned int count;

	if (sscanf (line, "%u %u %u ", &count) == 1)
	{
	if (any_count && last_count != count)
	*result = 1;
	any_count = 1;
	last_count = count;
	}
	}

	return 0;
	}


	static gpg_error_t
	read_status_cb (void opaque, const void buffer, size_t length)
	{
	char *flag = opaque;

	if (length == 0)
	*flag = 'r';
	else
	flag = ((char *) buffer);

	return 0;
	}


	/* Check the agent status. This returns 0 if a token is present,
	GPG_ERR_CARD_REMOVED if no token is present, and an error code
	otherwise. */
	gpg_error_t
	scute_agent_check_status (void)
	{
	static char last_flag;
	gpg_error_t err;
	int any = 0;
	char flag = '-';

	/* First we look at the eventcounter to see if anything happened at
	all. This is a low overhead function which won't even clutter a
	gpg-agent log file. There is no need for error checking here. */
	if (last_flag)
	assuan_transact (agent_ctx, "GETEVENTCOUNTER",
	NULL, NULL,
	NULL, NULL,
	geteventcounter_status_cb, &any);

	if (any \|\| !last_flag)
	{
	err = assuan_transact (agent_ctx, "SCD GETINFO status",
	read_status_cb, &flag,
	default_inq_cb, NULL,
	NULL, NULL);
	if (err)
	return err;
	last_flag = flag;
	}
	else
	flag = last_flag;


	if (flag == 'r')
	return gpg_error (GPG_ERR_CARD_REMOVED);

	return 0;
	}


	/* We only support RSA signatures up to 4096 bits. */
	#define MAX_SIGNATURE_BITS 4096

	/* Enough space to hold a 4096 bit RSA signature in an S-expression. */
	#define MAX_SIGNATURE_LEN 640 /* FIXME: magic value */

	struct signature
	{
	unsigned char data[MAX_SIGNATURE_LEN];
	int len;
	};

	static gpg_error_t
	pksign_cb (void opaque, const void buffer, size_t length)
	{
	struct signature *sig = opaque;

	if (sig->len + length > MAX_SIGNATURE_LEN)
	{
	DEBUG (DBG_INFO, "maximum signature length exceeded");
	return gpg_error (GPG_ERR_BAD_DATA);
	}

	memcpy (&sig->data[sig->len], buffer, length);
	sig->len += length;

	return 0;
	}

	/* Parse the result of an pksign operation which is a s-expression in
	canonical form that looks like (7:sig-val(3:rsa(1:s<LENGTH>:<DATA>))).
	The raw result is stored in RESULT of size LEN, and LEN is
	adjusted to the actual size. */
	static gpg_error_t
	pksign_parse_result (const struct signature *sig,
	unsigned char result, unsigned int len)
	{
	gpg_error_t err;
	const unsigned char *s = sig->data;
	size_t n;
	int depth;

	if (*s++ != '(')
	gpg_error (GPG_ERR_INV_SEXP);

	n = snext (&s);
	if (! n)
	return gpg_error (GPG_ERR_INV_SEXP);
	if (! smatch (&s, n, "sig-val"))
	return gpg_error (GPG_ERR_UNKNOWN_SEXP);

	if (*s++ != '(')
	gpg_error (GPG_ERR_UNKNOWN_SEXP);

	n = snext (&s);
	if (! n)
	return gpg_error (GPG_ERR_INV_SEXP);
	if (! smatch (&s, n, "rsa"))
	return gpg_error (GPG_ERR_UNKNOWN_SEXP);

	if (*s++ != '(')
	gpg_error (GPG_ERR_UNKNOWN_SEXP);

	n = snext (&s);
	if (! n)
	return gpg_error (GPG_ERR_INV_SEXP);
	if (! smatch (&s, n, "s"))
	return gpg_error (GPG_ERR_UNKNOWN_SEXP);

	n = snext (&s);
	if (! n)
	return gpg_error (GPG_ERR_INV_SEXP);

	/* Remove a possible prepended zero byte. */
	if (!*s && n > 1)
	{
	n -= 1;
	s += 1;
	}

	if (*len < (unsigned int) n)
	return gpg_error (GPG_ERR_INV_LENGTH);

	*len = (unsigned int) n;
	memcpy (result, s, n);
	s += n;

	depth = 3;
	err = sskip (&s, &depth);
	if (err)
	return err;
	if (s - sig->data != sig->len \|\| depth != 0)
	return gpg_error (GPG_ERR_INV_SEXP);

	return 0;
	}

	/* Decodes the hash DATA of size LEN (if necessary). Returns a
	pointer to the raw hash data in R_DATA, the size in R_LEN, and the
	name of the hash function in R_HASH.

	Prior to TLSv1.2, the hash function was the concatenation of MD5
	and SHA1 applied to the data respectively, and no encoding was
	applied. From TLSv1.2 on, the hash value is prefixed with an hash
	identifier and encoded using ASN1.

	FIXME: Reference. */
	static gpg_error_t
	decode_hash (const unsigned char *data, int len,
	const unsigned char *r_data, size_t r_len,
	const char **r_hash)
	{
	static unsigned char rmd160_prefix[15] = /* Object ID is 1.3.36.3.2.1 */
	{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
	0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
	static unsigned char sha1_prefix[15] = /* (1.3.14.3.2.26) */
	{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
	0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
	static unsigned char sha224_prefix[19] = /* (2.16.840.1.101.3.4.2.4) */
	{ 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
	0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
	0x1C };
	static unsigned char sha256_prefix[19] = /* (2.16.840.1.101.3.4.2.1) */
	{ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
	0x00, 0x04, 0x20 };
	static unsigned char sha384_prefix[19] = /* (2.16.840.1.101.3.4.2.2) */
	{ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
	0x00, 0x04, 0x30 };
	static unsigned char sha512_prefix[19] = /* (2.16.840.1.101.3.4.2.3) */
	{ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
	0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
	0x00, 0x04, 0x40 };

	#define HANDLE(hash,hashlen) \
	if (len == sizeof hash ## _prefix + (hashlen) \
	&& !memcmp (data, hash ## _prefix, sizeof hash ## _prefix)) \
	{ \
	*r_data = data + sizeof hash ## _prefix; \
	*r_len = hashlen; \
	*r_hash = #hash; \
	}

	if (len == 36)
	{
	/* Prior to TLSv1.2, a combination of MD5 and SHA1 was used. */
	*r_data = data;
	*r_len = 36;
	*r_hash = "tls-md5sha1";
	}
	/* TLSv1.2 encodes the hash value using ASN1. */
	else HANDLE (sha1, 20)
	else HANDLE (rmd160, 20)
	else HANDLE (sha224, 28)
	else HANDLE (sha256, 32)
	else HANDLE (sha384, 48)
	else HANDLE (sha512, 64)
	else
	return gpg_error (GPG_ERR_INV_ARG);

	#undef HANDLE

	return 0;
	}


	/* Call the agent to sign (DATA,LEN) using the key described by
	* HEXGRIP. Stores the signature in SIG_RESULT and its lengtn at
	* SIG_LEN; SIGLEN must initially point to the allocated size of
	* SIG_RESULT. */
	gpg_error_t
	scute_agent_sign (const char hexgrip, unsigned char data, int len,
	unsigned char sig_result, unsigned int sig_len)
	{
	char cmd[150];
	gpg_error_t err;
	const char *hash;
	const unsigned char *raw_data;
	size_t raw_len;
	#define MAX_DATA_LEN 64 /* Size of an SHA512 sum. */
	unsigned char pretty_data[2 * MAX_DATA_LEN + 1];
	int i;
	struct signature sig;

	sig.len = 0;

	if (sig_len == NULL)
	return gpg_error (GPG_ERR_INV_ARG);

	err = decode_hash (data, len, &raw_data, &raw_len, &hash);
	if (err)
	return err;

	if (sig_result == NULL)
	{
	*sig_len = raw_len;
	return 0;
	}

	if (!hexgrip \|\| !sig_result)
	return gpg_error (GPG_ERR_INV_ARG);

	snprintf (cmd, sizeof (cmd), "SIGKEY %s", hexgrip);

	err = assuan_transact (agent_ctx, cmd, NULL, NULL, default_inq_cb,
	NULL, NULL, NULL);
	if (err)
	return err;

	for (i = 0; i < raw_len; i++)
	snprintf (&pretty_data[2 * i], 3, "%02X", raw_data[i]);
	pretty_data[2 * raw_len] = '\0';

	snprintf (cmd, sizeof (cmd), "SETHASH --hash=%s %s", hash, pretty_data);
	err = assuan_transact (agent_ctx, cmd, NULL, NULL, default_inq_cb,
	NULL, NULL, NULL);
	if (err)
	return err;

	err = assuan_transact (agent_ctx, "PKSIGN",
	pksign_cb, &sig, default_inq_cb, NULL, NULL, NULL);
	if (err)
	return err;

	err = pksign_parse_result (&sig, sig_result, sig_len);
	return err;
	}


	/* Determine if FPR is trusted. */
	gpg_error_t
	scute_agent_is_trusted (const char fpr, bool is_trusted)
	{
	gpg_error_t err;
	bool trusted = false;
	char cmd[150];

	snprintf (cmd, sizeof (cmd), "ISTRUSTED %s", fpr);
	err = assuan_transact (agent_ctx, cmd, NULL, NULL, default_inq_cb,
	NULL, NULL, NULL);
	if (err && gpg_err_code (err) != GPG_ERR_NOT_TRUSTED)
	return err;
	else if (!err)
	trusted = true;

	*is_trusted = trusted;
	return 0;
	}


	#define GET_CERT_INIT_SIZE 2048

	struct get_cert_s
	{
	unsigned char *cert_der;
	int cert_der_len;
	int cert_der_size;
	};


	gpg_error_t
	get_cert_data_cb (void opaque, const void data, size_t data_len)
	{
	struct get_cert_s *cert_s = opaque;
	int needed_size;

	needed_size = cert_s->cert_der_len + data_len;
	if (needed_size > cert_s->cert_der_size)
	{
	unsigned char *new_cert_der;
	int new_cert_der_size = cert_s->cert_der_size;

	if (new_cert_der_size == 0)
	new_cert_der_size = GET_CERT_INIT_SIZE;
	while (new_cert_der_size < needed_size)
	new_cert_der_size *= 2;

	if (cert_s->cert_der == NULL)
	new_cert_der = malloc (new_cert_der_size);
	else
	new_cert_der = realloc (cert_s->cert_der, new_cert_der_size);

	if (new_cert_der == NULL)
	return gpg_error_from_syserror ();

	cert_s->cert_der = new_cert_der;
	cert_s->cert_der_size = new_cert_der_size;
	}

	memcpy (cert_s->cert_der + cert_s->cert_der_len, data, data_len);
	cert_s->cert_der_len += data_len;

	return 0;
	}


	/* Try to get certificate for CERTREF. */
	gpg_error_t
	scute_agent_get_cert (const char certref, struct cert cert)
	{
	gpg_error_t err;
	char cmd[150];
	struct get_cert_s cert_s;

	cert_s.cert_der = NULL;
	cert_s.cert_der_len = 0;
	cert_s.cert_der_size = 0;

	snprintf (cmd, sizeof (cmd), "SCD READCERT %s", certref);
	err = assuan_transact (agent_ctx, cmd, get_cert_data_cb, &cert_s,
	NULL, NULL, NULL, NULL);
	/* Just to be safe... */
	if (!err && (cert_s.cert_der_len <= 16 \|\| cert_s.cert_der[0] != 0x30))
	{
	DEBUG (DBG_INFO, "bad card certificate rejected");
	err = gpg_error (GPG_ERR_BAD_CERT);
	}
	if (err)
	{
	if (cert_s.cert_der)
	free (cert_s.cert_der);
	return err;
	}

	DEBUG (DBG_INFO, "got certificate from card with length %i",
	cert_s.cert_der_len);

	cert->cert_der = cert_s.cert_der;
	cert->cert_der_len = cert_s.cert_der_len;
	strncpy (cert->certref, certref, sizeof cert->certref -1);
	cert->certref[sizeof cert->certref - 1] = 0;

	return 0;
	}

	struct random_request
	{
	unsigned char *buffer;
	size_t len;
	};

	gpg_error_t
	get_challenge_data_cb (void opaque, const void line, size_t len)
	{
	struct random_request *request = opaque;

	if (len != request->len)
	return gpg_error (GPG_ERR_INV_LENGTH);

	memcpy (request->buffer, line, len);

	return 0;
	}

	gpg_error_t
	scute_agent_get_random (unsigned char *data, size_t len)
	{
	char command[16];
	gpg_error_t err;
	struct random_request request;

	snprintf (command, sizeof(command), "SCD RANDOM %zu", len);

	request.buffer = data;
	request.len = len;
	err = assuan_transact (agent_ctx, command, get_challenge_data_cb,
	&request, NULL, NULL, NULL, NULL);

	return err;
	}


	void
	scute_agent_finalize (void)
	{
	if (!agent_ctx)
	{
	DEBUG (DBG_CRIT, "no GPG Agent connection established");
	return;
	}

	DEBUG (DBG_INFO, "releasing agent context");
	assuan_release (agent_ctx);
	agent_ctx = NULL;
	}
	diff --git a/src/cert-gpgsm.c b/src/cert-gpgsm.c
	index 14a675a..c3d8e31 100644
	--- a/src/cert-gpgsm.c
	+++ b/src/cert-gpgsm.c
	@@ -1,642 +1,633 @@
	/* cert-gpgsm.c - Scute certificate searching.
	- Copyright (C) 2006, 2007 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2007 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <time.h>
	#include <string.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <stdbool.h>

	#include <gpg-error.h>
	#include <assuan.h>

	#include "agent.h"
	#include "cert.h"
	#include "support.h"
	#include "debug.h"


	/* The maximum length of a key listing line. We take the double of
	* the allowed Assuan line length plus some extra space to avoid a
	* memmove after a part of a line has been processed. */
	#define MAX_LINE_LEN (ASSUAN_LINELENGTH*2 + 200)

	struct keylist_ctx
	{
	/* The pending line in an active key listing. */
	char pending[MAX_LINE_LEN + 1];
	unsigned int pending_len;

	/* The current certificate. */
	struct cert cert;

	/* The caller's search callback, invoked for each certificate. */
	cert_search_cb_t search_cb;
	void *search_cb_hook;
	};


	/* Support macros */
	#define atoi_1(p) (*(p) - '0' )
	#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
	#define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))


	/* Local prototypes */
	static gpg_error_t export_cert (const char fpr, struct cert cert);




	/* Release allocated storage for the certificate CERT and reset the
	certificate. */
	static void
	cert_reset (struct cert *cert)
	{
	if (cert->issuer_serial)
	free (cert->issuer_serial);
	if (cert->issuer_name)
	free (cert->issuer_name);
	if (cert->uid)
	free (cert->uid);
	if (cert->cert_der)
	free (cert->cert_der);

	memset (cert, '\0', sizeof (struct cert));
	}


	/* Parse the string TIMESTAMP into a time_t. The string may either be
	seconds since Epoch or in the ISO 8601 format like
	"20390815T143012". Returns 0 for an empty string or seconds since
	Epoch. Leading spaces are skipped. If ENDP is not NULL, it will
	point to the next non-parsed character in TIMESTRING. */
	static time_t
	parse_timestamp (const char timestamp, char *endp)
	{
	/* Need to skip leading spaces, because that is what strtoul does
	but not our ISO 8601 checking code. */
	while (timestamp && timestamp== ' ')
	timestamp++;
	if (!*timestamp)
	return 0;

	if (strlen (timestamp) >= 15 && timestamp[8] == 'T')
	{
	struct tm buf;
	int year;

	year = atoi_4 (timestamp);
	if (year < 1900)
	return (time_t)(-1);

	/* Fixme: We would better use a configure test to see whether
	mktime can handle dates beyond 2038. */
	if (sizeof (time_t) <= 4 && year >= 2038)
	return (time_t)2145914603; /* 2037-12-31 23:23:23 */

	memset (&buf, 0, sizeof buf);
	buf.tm_year = year - 1900;
	buf.tm_mon = atoi_2 (timestamp+4) - 1;
	buf.tm_mday = atoi_2 (timestamp+6);
	buf.tm_hour = atoi_2 (timestamp+9);
	buf.tm_min = atoi_2 (timestamp+11);
	buf.tm_sec = atoi_2 (timestamp+13);

	if (endp)
	endp = (char)(timestamp + 15);
	#ifdef HAVE_TIMEGM
	return timegm (&buf);
	#else
	/* FIXME: Need to set TZ to UTC, but that is not
	thread-safe. */
	return mktime (&buf);
	#endif

	}
	else
	return (time_t)strtoul (timestamp, endp, 10);
	}


	/* Decode the C formatted string SRC and store the result in the
	buffer *DESTP which is LEN bytes long. If LEN is zero, then a
	large enough buffer is allocated with malloc and *DESTP is set to
	the result. Currently, LEN is only used to specify if allocation
	is desired or not, the caller is expected to make sure that *DESTP
	is large enough if LEN is not zero. */
	static gpg_error_t
	decode_c_string (const char src, char *destp, size_t len)
	{
	char *dest;

	/* Set up the destination buffer. */
	if (len)
	{
	if (len < strlen (src) + 1)
	return gpg_error (GPG_ERR_INTERNAL);

	dest = *destp;
	}
	else
	{
	/* The converted string will never be larger than the original
	string. */
	dest = malloc (strlen (src) + 1);
	if (!dest)
	return gpg_error_from_syserror ();

	*destp = dest;
	}

	/* Convert the string. */
	while (*src)
	{
	if (*src != '\\')
	{
	(dest++) = (src++);
	continue;
	}

	switch (src[1])
	{
	#define DECODE_ONE(match,result) \
	case match: \
	src += 2; \
	*(dest++) = result; \
	break;

	DECODE_ONE ('\'', '\'');
	DECODE_ONE ('\"', '\"');
	DECODE_ONE ('\?', '\?');
	DECODE_ONE ('\\', '\\');
	DECODE_ONE ('a', '\a');
	DECODE_ONE ('b', '\b');
	DECODE_ONE ('f', '\f');
	DECODE_ONE ('n', '\n');
	DECODE_ONE ('r', '\r');
	DECODE_ONE ('t', '\t');
	DECODE_ONE ('v', '\v');

	case 'x':
	{
	int val = xtoi_2 (&src[2]);

	if (val == -1)
	{
	/* Should not happen. */
	(dest++) = (src++);
	(dest++) = (src++);
	if (*src)
	(dest++) = (src++);
	if (*src)
	(dest++) = (src++);
	}
	else
	{
	if (!val)
	{
	/* A binary zero is not representable in a C
	string. */
	*(dest++) = '\\';
	*(dest++) = '0';
	}
	else
	((unsigned char ) dest++) = val;
	src += 4;
	}
	}
	break;

	default:
	{
	/* Should not happen. */
	(dest++) = (src++);
	(dest++) = (src++);
	}
	}
	}
	*(dest++) = 0;

	return 0;
	}



	/* Helper for keylist_cb. This fucntion is invoked for each complete
	* line assembled by keylist_cb. */
	static gpg_error_t
	keylist_cb_line (struct keylist_ctx *ctx)
	{
	char *line;
	enum { RT_NONE, RT_CRT, RT_CRS, RT_FPR, RT_GRP, RT_UID } rectype = RT_NONE;
	#define NR_FIELDS 16
	char *field[NR_FIELDS];
	int fields = 0;
	struct cert *cert;

	/* Strip a trailing carriage return. */
	if (ctx->pending_len > 0
	&& ctx->pending[ctx->pending_len - 1] == '\r')
	ctx->pending_len--;
	ctx->pending[ctx->pending_len - 1] = '\0';
	ctx->pending_len = 0;

	cert = &ctx->cert;
	line = ctx->pending;
	while (line && fields < NR_FIELDS)
	{
	field[fields++] = line;
	line = strchr (line, ':');
	if (line)
	*(line++) = '\0';
	}

	if (!strcmp (field[0], "crt"))
	rectype = RT_CRT;
	else if (!strcmp (field[0], "crs"))
	rectype = RT_CRS;
	else if (!strcmp (field[0], "fpr"))
	rectype = RT_FPR;
	else if (!strcmp (field[0], "grp"))
	rectype = RT_GRP;
	else if (!strcmp (field[0], "uid"))
	rectype = RT_UID;
	else
	rectype = RT_NONE;

	switch (rectype)
	{
	case RT_CRT:
	case RT_CRS:
	/* Reinitialize CERT. */
	if (cert->valid)
	{
	gpg_error_t err;

	/* Return the cert. */
	err = export_cert (ctx->cert.fpr, &ctx->cert);
	if (!err)
	err = ctx->search_cb (ctx->search_cb_hook, &ctx->cert);
	if (err)
	return err;

	cert_reset (cert);
	}

	cert->valid = true;

	#if 0
	/* Field 2 has the trust info. */
	if (fields >= 2)
	set_mainkey_trust_info (key, field[1]);
	#endif

	/* Field 3 has the key length. */
	if (fields >= 3)
	{
	int i = atoi (field[2]);
	/* Ignore invalid values. */
	if (i > 1)
	cert->length = i;
	}

	/* Field 4 has the public key algorithm. */
	if (fields >= 4)
	{
	int i = atoi (field[3]);
	if (i >= 1 && i < 128)
	cert->pubkey_algo = i;
	}

	/* Field 5 has the long keyid. Allow short key IDs for the
	output of an external keyserver listing. */
	if (fields >= 5 && strlen (field[4]) <= sizeof (cert->keyid) - 1)
	strcpy (cert->keyid, field[4]);

	/* Field 6 has the timestamp (seconds). */
	if (fields >= 6)
	cert->timestamp = parse_timestamp (field[5], NULL);

	/* Field 7 has the expiration time (seconds). */
	if (fields >= 7)
	cert->expires = parse_timestamp (field[6], NULL);

	/* Field 8 has the X.509 serial number. */
	if (fields >= 8)
	{
	cert->issuer_serial = strdup (field[7]);
	if (!cert->issuer_serial)
	return gpg_error_from_syserror ();
	}

	#if 0
	/* Field 9 has the ownertrust. */
	if (fields >= 9)
	set_ownertrust (key, field[8]);
	#endif

	/* Field 10 is the issuer name. */
	if (fields >= 10)
	if (decode_c_string (field[9], &cert->issuer_name, 0))
	return gpg_error (GPG_ERR_ENOMEM); /* FIXME */

	/* Field 11 has the signature class. */

	#if 0
	/* Field 12 has the capabilities. */
	if (fields >= 12)
	set_mainkey_capability (key, field[11]);
	#endif
	break;

	case RT_UID:
	if (cert->valid)
	{
	/* Field 2 has the trust info, and field 10 has the user ID.
	Note that more than one UID field can appear. We only
	remember the last one. It's not used anyway. */
	if (fields >= 10 && !cert->uid)
	{
	if (decode_c_string (field[9], &cert->uid, 0))
	return gpg_error (GPG_ERR_ENOMEM); /* FIXME */
	}
	}
	break;

	case RT_FPR:
	if (cert->valid)
	{
	/* Field 10 has the fingerprint (take only the first one). */
	if (fields >= 10 && strlen (field[9]) <= sizeof (cert->fpr) - 1)
	strcpy (cert->fpr, field[9]);

	/* Field 13 has the gpgsm chain ID (take only the first one). */
	if (fields >= 13 && strlen (field[12])
	<= sizeof (cert->chain_id) - 1)
	strcpy (cert->chain_id, field[12]);
	}
	break;

	case RT_GRP:
	if (cert->valid)
	{
	/* Field 10 has the key grip. */
	if (fields >= 10 && strlen (field[9]) <= sizeof (cert->grip) - 1)
	strcpy (cert->grip, field[9]);
	}
	break;

	case RT_NONE:
	/* Unknown record. */
	break;
	}

	return 0;
	}


	/* This is the data line callback handler provided to assuan_transact
	* in scute_gpgsm_search_certs_by_{grip,fpr}. It buffers incomplete
	* lines, and is also used to handle the EOF signal directly outside
	* of assuan_transact. */
	static gpg_error_t
	keylist_cb (void hook, const void line_data, size_t line_len)
	{
	struct keylist_ctx *ctx = hook;
	const char *line = line_data;
	gpg_error_t err;

	if (!line)
	{
	/* This indicates an EOF. */

	/* Check for a pending line, in case GPGSM didn't close with a
	newline. */
	if (ctx->pending_len)
	{
	err = keylist_cb_line (ctx);
	if (err)
	return err;
	}

	/* Check for a pending certificate and return it. */
	if (ctx->cert.valid)
	{
	err = export_cert (ctx->cert.fpr, &ctx->cert);
	if (!err)
	err = ctx->search_cb (ctx->search_cb_hook, &ctx->cert);
	}
	else
	err = 0;

	return err;
	}

	while (line_len)
	{
	if (*line == '\n')
	{
	err = keylist_cb_line (ctx);
	if (err)
	return err;
	}
	else
	{
	if (ctx->pending_len >= MAX_LINE_LEN)
	return gpg_error (GPG_ERR_LINE_TOO_LONG);

	ctx->pending[ctx->pending_len++] = *line;
	}
	line++;
	line_len--;
	}

	return 0;
	}




	struct export_hook
	{
	/* The exported data. */
	char *buffer;

	/* The length of the exported data buffer. */
	unsigned int buffer_len;

	/* The size of the allocated exported data buffer. */
	unsigned int buffer_size;
	};

	#define EXP_DATA_START 4096

	static gpg_error_t
	export_cert_cb (void hook, const void line_data, size_t line_len)
	{
	struct export_hook *exp = hook;
	const char *line = line_data;

	if (exp->buffer_size - exp->buffer_len < line_len)
	{
	unsigned int new_buffer_size = exp->buffer_size ?
	(exp->buffer_size * 2) : EXP_DATA_START;
	char *new_buffer = realloc (exp->buffer, new_buffer_size);

	if (!new_buffer)
	return gpg_error_from_syserror ();

	exp->buffer = new_buffer;
	exp->buffer_size = new_buffer_size;
	}

	memcpy (exp->buffer + exp->buffer_len, line, line_len);
	exp->buffer_len += line_len;

	return 0;
	}


	/* Export the certifciate using a second assuan connection. This is
	* called during the key listing after a "crt" record has been
	* received. */
	static gpg_error_t
	export_cert (const char fpr, struct cert cert)
	{
	gpg_error_t err;
	assuan_context_t ctx;
	const char *argv[] = { "gpgsm", "--server", NULL };
	#define COMMANDLINELEN 80
	char cmd[COMMANDLINELEN];
	struct export_hook exp;

	err = assuan_new (&ctx);
	if (err)
	{
	DEBUG (DBG_CRIT, "failed to allocate assuan context: %s",
	gpg_strerror (err));
	return err;
	}

	err = assuan_pipe_connect (ctx, get_gpgsm_path (), argv, NULL,
	NULL, NULL, 128);
	if (err)
	{
	assuan_release (ctx);
	DEBUG (DBG_CRIT, "spawning %s\n", get_gpgsm_path ());
	return err;
	}

	exp.buffer = NULL;
	exp.buffer_len = 0;
	exp.buffer_size = 0;

	snprintf (cmd, sizeof (cmd), "EXPORT --data -- %s", cert->fpr);
	err = assuan_transact (ctx, cmd, export_cert_cb, &exp,
	NULL, NULL, NULL, NULL);
	assuan_release (ctx);

	if (!err)
	{
	cert->cert_der = exp.buffer;
	cert->cert_der_len = exp.buffer_len;
	}

	if (!err)
	err = scute_agent_is_trusted (fpr, &cert->is_trusted);

	return err;
	}


	/* Search for certificates using a key listing using PATTERN which is
	* described by MODE. Invoke SEARCH_CB for each certificate found. */
	gpg_error_t
	scute_gpgsm_search_certs (enum keylist_modes mode, const char *pattern,
	cert_search_cb_t search_cb,
	void *search_cb_hook)
	{
	gpg_error_t err;
	assuan_context_t ctx;
	const char *argv[] = { "gpgsm", "--server", NULL };
	char line[ASSUAN_LINELENGTH];
	struct keylist_ctx keylist_ctx;

	err = assuan_new (&ctx);
	if (err)
	{
	DEBUG (DBG_CRIT, "failed to allocate assuan context: %s",
	gpg_strerror (err));
	return err;
	}

	err = assuan_pipe_connect (ctx, get_gpgsm_path (), argv, NULL,
	NULL, NULL, 128);
	if (err)
	{
	assuan_release (ctx);
	DEBUG (DBG_CRIT, "failed to spawn %s\n", get_gpgsm_path ());
	return err;
	}

	memset (&keylist_ctx, 0, sizeof keylist_ctx);
	keylist_ctx.search_cb = search_cb;
	keylist_ctx.search_cb_hook = search_cb_hook;

	err = assuan_transact (ctx, "OPTION with-key-data", NULL, NULL,
	NULL, NULL, NULL, NULL);
	if (err)
	goto leave;


	snprintf (line, sizeof line, "LISTKEYS %s%s",
	mode == KEYLIST_BY_GRIP? "&":"",
	pattern);
	err = assuan_transact (ctx, line,
	keylist_cb, &keylist_ctx,
	NULL, NULL,
	NULL, NULL);
	if (err)
	goto leave;

	/* Signal the EOF. This is not done by Assuan for us. */
	err = keylist_cb (&keylist_ctx, NULL, 0);
	if (err)
	goto leave;

	leave:
	cert_reset (&keylist_ctx.cert);
	assuan_release (ctx);
	return err;
	}
	diff --git a/src/cert-object.c b/src/cert-object.c
	index a0f07bd..d3a594d 100644
	--- a/src/cert-object.c
	+++ b/src/cert-object.c
	@@ -1,817 +1,808 @@
	/* cert-object.c - Convert a GPGSM certificate into a PKCS #11 object.
	- Copyright (C) 2006, 2007 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2007 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdbool.h>
	#include <stdlib.h>
	#include <assert.h>
	#include <string.h>
	#include <time.h>

	#include <gpg-error.h>

	#include "cryptoki.h"
	#include "support.h"
	#include "cert.h"
	#include "debug.h"


	#define atoi_1(p) (*(p) - '0' )
	#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
	#define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))


	#if 0 /* Currently not used. */
	static bool
	time_to_ck_date (time_t atime, CK_DATE ckdate)
	{
	struct tm broken_time;
	int nr;

	if (!*atime)
	return false;

	#ifdef HAVE_LOCALTIME_R
	if (!localtime_r (atime, &broken_time))
	return false;
	#else
	{
	/* FIXME: This is not thread-safe, but it minimizes risk. */
	struct tm *b_time = localtime (atime);
	if (!b_time)
	return false;
	memcpy (&broken_time, b_time, sizeof (*b_time));
	}
	#endif

	/* We can only represent years until 9999. */
	if (!(broken_time.tm_year >= 0 && broken_time.tm_year <= 8099
	&& broken_time.tm_mon >= 0 && broken_time.tm_mon <= 11
	&& broken_time.tm_mday >= 1 && broken_time.tm_mday <= 31))
	{
	DEBUG (DBG_INFO, "unrepresentable time %i-%i-%i",
	broken_time.tm_year, broken_time.tm_mon, broken_time.tm_mday);
	return false;
	}

	#define LAST_DIGIT(d) (((d) % 10) + '0')
	nr = broken_time.tm_year + 1900;
	ckdate->year[3] = LAST_DIGIT (nr);
	nr = nr / 10;
	ckdate->year[2] = LAST_DIGIT (nr);
	nr = nr / 10;
	ckdate->year[1] = LAST_DIGIT (nr);
	nr = nr / 10;
	ckdate->year[0] = LAST_DIGIT (nr);

	nr = broken_time.tm_mon + 1;
	ckdate->month[1] = LAST_DIGIT (nr);
	nr = nr / 10;
	ckdate->month[0] = LAST_DIGIT (nr);

	nr = broken_time.tm_mday;
	ckdate->day[1] = LAST_DIGIT (nr);
	nr = nr / 10;
	ckdate->day[0] = LAST_DIGIT (nr);

	return true;
	}
	#endif /0/

	static gpg_error_t
	asn1_get_len (unsigned char *asn1, int asn1_len, int *rlen)
	{
	unsigned char ptr = asn1;
	int len = *asn1_len;
	int cnt;
	int result = 0;

	if (len < 1)
	{
	DEBUG (DBG_INFO, "unexpected end of certificate");
	return gpg_error (GPG_ERR_GENERAL);
	}

	if (*ptr & 0x80)
	{
	cnt = *ptr & 0x7f;
	ptr++;
	len--;
	}
	else
	cnt = 1;

	/* We only support a limited number of length bytes. */
	if (cnt > 2)
	{
	DEBUG (DBG_INFO, "unsupported length field");
	return gpg_error (GPG_ERR_GENERAL);
	}
	if (len < cnt)
	{
	DEBUG (DBG_INFO, "unexpected end of certificate");
	return gpg_error (GPG_ERR_GENERAL);
	}

	while (cnt--)
	{
	result = (result << 8) \| *ptr;
	ptr++;
	len--;
	}

	*asn1 = ptr;
	*asn1_len = len;
	*rlen = result;
	return 0;
	}


	/* A path to an ASN.1 element that can be looked up with
	asn1_get_element. The last element in the list is returned (that
	one should have ENTER being false. */
	struct asn1_path
	{
	unsigned char tag;
	/* True if we should enter the element, false if we should skip
	it. */
	bool enter;
	};

	static gpg_error_t
	asn1_get_element (unsigned char *cert, int cert_len,
	unsigned char *sub_start, int sub_len,
	struct asn1_path *path, int path_size)
	{
	gpg_error_t err;
	unsigned char *prev_certp = NULL;
	unsigned char *certp = cert;
	int cert_left = cert_len;
	int len;
	int i;

	for (i = 0; i < path_size; i++)
	{
	prev_certp = certp;
	if (cert_left < 1)
	{
	DEBUG (DBG_INFO, "unexpected end of certificate");
	return gpg_error (GPG_ERR_GENERAL);
	}
	if (*certp != path[i].tag)
	{
	DEBUG (DBG_INFO, "wrong element in lookup path");
	return gpg_error (GPG_ERR_GENERAL);
	}
	certp++;
	cert_left--;
	err = asn1_get_len (&certp, &cert_left, &len);
	if (err)
	return err;
	if (!path[i].enter)
	{
	if (cert_left < len)
	{
	DEBUG (DBG_INFO, "unexpected end of certificate");
	return gpg_error (GPG_ERR_GENERAL);
	}
	certp += len;
	cert_left -= len;
	}
	else
	{
	/* Special code to deal with ASN.1 data encapsulated in a
	bit string. */
	if (path[i].tag == '\x03')
	{
	if (cert_left < 1)
	{
	DEBUG (DBG_INFO, "unexpected end of certificate");
	return gpg_error (GPG_ERR_GENERAL);
	}
	if (*certp != '\x00')
	{
	DEBUG (DBG_INFO, "expected binary encapsulation missing");
	return gpg_error (GPG_ERR_GENERAL);
	}
	certp++;
	cert_left--;
	}
	}
	}

	/* We found the subject. */
	*sub_start = prev_certp;
	*sub_len = certp - prev_certp;

	return 0;
	}


	static gpg_error_t
	asn1_get_issuer (unsigned char *cert, int cert_len,
	unsigned char *sub_start, int sub_len)
	{
	/* The path to the issuer entry in the DER file. This is
	Sequence->Sequence->Version,Serial,AlgID,Issuer. */
	struct asn1_path path[] = { { '\x30', true }, { '\x30', true },
	{ '\xa0', false }, { '\x02', false },
	{ '\x30', false }, { '\x30', false } };

	return asn1_get_element (cert, cert_len, sub_start, sub_len,
	path, DIM (path));
	}


	static gpg_error_t
	asn1_get_subject (unsigned char *cert, int cert_len,
	unsigned char *sub_start, int sub_len)
	{
	/* The path to the subject entry in the DER file. This is
	Sequence->Sequence->Version,Serial,AlgID,Issuer,Time,Subject. */
	struct asn1_path path[] = { { '\x30', true }, { '\x30', true },
	{ '\xa0', false }, { '\x02', false },
	{ '\x30', false }, { '\x30', false },
	{ '\x30', false }, { '\x30', false } };

	return asn1_get_element (cert, cert_len, sub_start, sub_len,
	path, DIM (path));
	}


	static gpg_error_t
	asn1_get_serial (unsigned char *cert, int cert_len,
	unsigned char *sub_start, int sub_len)
	{
	/* The path to the serial entry in the DER file. This is
	Sequence->Sequence->Version,Serial. */
	struct asn1_path path[] = { { '\x30', true }, { '\x30', true },
	{ '\xa0', false }, { '\x02', false } };

	return asn1_get_element (cert, cert_len, sub_start, sub_len,
	path, DIM (path));
	}


	static gpg_error_t
	asn1_get_modulus (unsigned char *cert, int cert_len,
	unsigned char *sub_start, int sub_len)
	{
	gpg_error_t err;
	int len;
	struct asn1_path path[] = { { '\x30', true }, { '\x30', true },
	{ '\xa0', false }, { '\x02', false },
	{ '\x30', false }, { '\x30', false },
	{ '\x30', false }, { '\x30', false },
	{ '\x30', true }, { '\x30', false },
	{ '\x03', true }, { '\x30', true },
	{ '\x02', false } };

	/* The path to the modulus entry in the DER file. This is
	Sequence->Sequence->Version,Serial,AlgID,Issuer,Time,Subject,
	Sequence->Sequence,Bitstring->Sequence->Integer,Integer */

	err = asn1_get_element (cert, cert_len, sub_start, sub_len,
	path, DIM (path));
	if (err)
	return err;

	if (*sub_len < 1)
	{
	DEBUG (DBG_INFO, "modulus too short");
	return gpg_error (GPG_ERR_GENERAL);
	}

	(*sub_start)++;
	(*sub_len)--;
	err = asn1_get_len (sub_start, sub_len, &len);
	if (err)
	return err;

	/* PKCS #11 expects an unsigned big integer. */
	while (*sub_start == '\x00' && sub_len > 0)
	{
	(*sub_start)++;
	(*sub_len)--;
	}

	return 0;
	}

	static gpg_error_t
	asn1_get_public_exp (unsigned char *cert, int cert_len,
	unsigned char *sub_start, int sub_len)
	{
	gpg_error_t err;
	int len;

	/* The path to the public exp entry in the DER file. This is
	Sequence->Sequence->Version,Serial,AlgID,Issuer,Time,Subject,
	Sequence->Sequence,Bitstring->Sequence->Integer,Integer */
	struct asn1_path path[] = { { '\x30', true }, { '\x30', true },
	{ '\xa0', false }, { '\x02', false },
	{ '\x30', false }, { '\x30', false },
	{ '\x30', false }, { '\x30', false },
	{ '\x30', true }, { '\x30', false },
	{ '\x03', true }, { '\x30', true },
	{ '\x02', false }, { '\x02', false } };

	err = asn1_get_element (cert, cert_len, sub_start, sub_len,
	path, DIM (path));
	if (err)
	return err;

	if (*sub_len < 1)
	{
	DEBUG (DBG_INFO, "public exponent too short");
	return gpg_error (GPG_ERR_GENERAL);
	}

	(*sub_start)++;
	(*sub_len)--;
	err = asn1_get_len (sub_start, sub_len, &len);
	if (err)
	return err;

	/* PKCS #11 expects an unsigned big integer. */
	while (*sub_start == '\x00' && sub_len > 0)
	{
	(*sub_start)++;
	(*sub_len)--;
	}

	return 0;
	}


	static gpg_error_t
	attr_one (CK_ATTRIBUTE_PTR attr, CK_ULONG *attr_count,
	CK_ATTRIBUTE_TYPE type, CK_VOID_PTR val, CK_ULONG size)
	{
	CK_ULONG i = *attr_count;
	attr[i].type = type;
	attr[i].ulValueLen = size;
	attr[i].pValue = malloc (size);
	if (attr[i].pValue == NULL)
	{
	DEBUG (DBG_CRIT, "out of memory");
	return gpg_error (GPG_ERR_ENOMEM);
	}
	memcpy (attr[i].pValue, val, size);
	(*attr_count)++;
	return 0;
	}


	static gpg_error_t
	attr_empty (CK_ATTRIBUTE_PTR attr, CK_ULONG *attr_count,
	CK_ATTRIBUTE_TYPE type)
	{
	CK_ULONG i = *attr_count;
	attr[i].type = type;
	attr[i].ulValueLen = 0;
	attr[i].pValue = NULL_PTR;
	(*attr_count)++;
	return 0;
	}


	void
	scute_attr_free (CK_ATTRIBUTE_PTR attr, CK_ULONG attr_count)
	{
	while (0 < attr_count--)
	free (attr[attr_count].pValue);
	}


	gpg_error_t
	scute_attr_cert (struct cert cert, const char grip,
	CK_ATTRIBUTE_PTR attrp, CK_ULONG attr_countp)
	{
	CK_RV err = 0;
	CK_ATTRIBUTE_PTR attr;
	CK_ULONG attr_count;

	unsigned char *subject_start;
	int subject_len;
	unsigned char *issuer_start;
	int issuer_len;
	unsigned char *serial_start;
	int serial_len;

	CK_OBJECT_CLASS obj_class = CKO_CERTIFICATE;
	CK_BBOOL obj_token = CK_TRUE;
	CK_BBOOL obj_private = CK_FALSE;
	CK_BBOOL obj_modifiable = CK_FALSE;
	CK_CERTIFICATE_TYPE obj_cert_type = CKC_X_509;
	CK_BBOOL obj_trusted = cert->is_trusted;
	CK_ULONG obj_cert_cat = 0;
	CK_BYTE obj_check_value[3] = { '\0', '\0', '\0' };
	CK_DATE obj_start_date;
	CK_DATE obj_end_date;
	CK_ULONG obj_java_midp_sec_domain = 0;

	err = asn1_get_subject (cert->cert_der, cert->cert_der_len,
	&subject_start, &subject_len);
	if (err)
	{
	DEBUG (DBG_INFO, "rejecting certificate: could not get subject: %s",
	gpg_strerror (err));
	return err;
	}

	err = asn1_get_issuer (cert->cert_der, cert->cert_der_len,
	&issuer_start, &issuer_len);
	if (err)
	{
	DEBUG (DBG_INFO, "rejecting certificate: could not get issuer: %s",
	gpg_strerror (err));
	return err;
	}

	err = asn1_get_serial (cert->cert_der, cert->cert_der_len,
	&serial_start, &serial_len);
	if (err)
	{
	DEBUG (DBG_INFO, "rejecting certificate: could not get serial: %s",
	gpg_strerror (err));
	return err;
	}


	#define NR_ATTR_CERT 20
	attr = malloc (sizeof (CK_ATTRIBUTE) * NR_ATTR_CERT);
	attr_count = 0;
	if (!attr)
	{
	DEBUG (DBG_INFO, "out of memory");
	return gpg_error (GPG_ERR_ENOMEM);
	}

	if (!err)
	err = attr_one (attr, &attr_count, CKA_CLASS,
	&obj_class, sizeof obj_class);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_TOKEN,
	&obj_token, sizeof obj_token);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_PRIVATE,
	&obj_private, sizeof obj_private);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_MODIFIABLE,
	&obj_modifiable, sizeof obj_modifiable);
	if (!err)
	{
	if (*cert->certref)
	err = attr_one (attr, &attr_count, CKA_LABEL,
	cert->certref, strlen (cert->certref));
	else
	err = attr_one (attr, &attr_count, CKA_LABEL,
	"DummyLabel", 10);
	}
	if (!err)
	err = attr_one (attr, &attr_count, CKA_CERTIFICATE_TYPE,
	&obj_cert_type, sizeof obj_cert_type);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_TRUSTED,
	&obj_trusted, sizeof obj_trusted);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_CERTIFICATE_CATEGORY,
	&obj_cert_cat, sizeof obj_cert_cat);

	/* FIXME: Calculate check_value. */
	if (!err)
	err = attr_one (attr, &attr_count, CKA_CHECK_VALUE,
	&obj_check_value, sizeof obj_check_value);

	#if 0
	if (time_to_ck_date (&cert->timestamp, &obj_start_date))
	{
	if (!err)
	err = attr_one (attr, &attr_count, CKA_START_DATE,
	&obj_start_date, sizeof obj_start_date);
	}

	if (time_to_ck_date (&cert->expires, &obj_end_date))
	{
	if (!err)
	err = attr_one (attr, &attr_count, CKA_END_DATE,
	&obj_end_date, sizeof obj_end_date);
	}
	#else
	/* For now, we disable these fields. We can parse them from the
	certificate just as the other data. However, we would like to
	avoid parsing the certificates at all, let's see how much
	functionality we really need in the PKCS#11 token first. */
	(void)obj_start_date;
	(void)obj_end_date;
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_START_DATE);
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_END_DATE);
	#endif

	/* Note: This attribute is mandatory. Without it, Firefox client
	authentication won't work. */
	if (!err)
	err = attr_one (attr, &attr_count, CKA_SUBJECT,
	subject_start, subject_len);

	/* We construct the CKA_ID from the CERTREF and the KEYGRIP. This
	* allows us to use both values as needed. */
	if (!err)
	{
	char cka_id_buffer[200];

	snprintf (cka_id_buffer, sizeof cka_id_buffer, "%s %s",
	*cert->certref ? cert->certref:"-",
	grip && *grip? grip : "?" );
	err = attr_one (attr, &attr_count, CKA_ID,
	cka_id_buffer, strlen (cka_id_buffer));
	}


	if (!err)
	err = attr_one (attr, &attr_count, CKA_ISSUER,
	issuer_start, issuer_len);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_SERIAL_NUMBER,
	serial_start, serial_len);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_VALUE,
	cert->cert_der, cert->cert_der_len);

	if (!err)
	err = attr_empty (attr, &attr_count, CKA_URL);
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_HASH_OF_SUBJECT_PUBLIC_KEY);
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_HASH_OF_ISSUER_PUBLIC_KEY);

	if (!err)
	err = attr_one (attr, &attr_count, CKA_JAVA_MIDP_SECURITY_DOMAIN,
	&obj_java_midp_sec_domain, sizeof obj_java_midp_sec_domain);

	if (err)
	{
	DEBUG (DBG_INFO, "could not build certificate object: %s",
	gpg_strerror (err));
	scute_attr_free (attr, attr_count);
	return err;
	}

	/* FIXME: Not completely safe. */
	assert (NR_ATTR_CERT >= attr_count);

	*attrp = attr;
	*attr_countp = attr_count;
	return 0;
	}


	gpg_error_t
	scute_attr_prv (struct cert cert, const char grip,
	CK_ATTRIBUTE_PTR attrp, CK_ULONG attr_countp)
	{
	CK_RV err = 0;
	CK_ATTRIBUTE_PTR attr;
	CK_ULONG attr_count;

	unsigned char *subject_start;
	int subject_len;
	unsigned char *modulus_start;
	int modulus_len;
	unsigned char *public_exp_start;
	int public_exp_len;

	CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
	CK_BBOOL obj_token = CK_TRUE;
	CK_BBOOL obj_private = CK_FALSE;
	CK_BBOOL obj_modifiable = CK_FALSE;
	CK_KEY_TYPE obj_key_type = CKK_RSA;
	CK_DATE obj_start_date;
	CK_DATE obj_end_date;
	CK_BBOOL obj_derive = CK_FALSE;
	CK_BBOOL obj_local = CK_FALSE; /* FIXME: Unknown. */
	CK_MECHANISM_TYPE obj_key_gen = CKM_RSA_PKCS_KEY_PAIR_GEN;
	CK_MECHANISM_TYPE obj_mechanisms[] = { CKM_RSA_PKCS };

	CK_BBOOL obj_sensitive = CK_TRUE;
	CK_BBOOL obj_decrypt = CK_FALSE; /* Authentication only for now. */
	CK_BBOOL obj_sign = CK_TRUE;
	CK_BBOOL obj_sign_recover = CK_FALSE;
	CK_BBOOL obj_unwrap = CK_FALSE;
	CK_BBOOL obj_extractable = CK_FALSE;
	CK_BBOOL obj_always_sensitive = CK_TRUE;
	CK_BBOOL obj_never_extractable = CK_TRUE;
	CK_BBOOL obj_wrap_with_trusted = CK_FALSE;
	CK_BBOOL obj_always_authenticate = CK_FALSE;

	err = asn1_get_subject (cert->cert_der, cert->cert_der_len,
	&subject_start, &subject_len);
	if (err)
	{
	DEBUG (DBG_INFO, "rejecting certificate: could not get subject: %s",
	gpg_strerror (err));
	return err;
	}
	err = asn1_get_modulus (cert->cert_der, cert->cert_der_len,
	&modulus_start, &modulus_len);
	if (err)
	{
	DEBUG (DBG_INFO, "rejecting certificate: could not get modulus: %s",
	gpg_strerror (err));
	return err;
	}
	err = asn1_get_public_exp (cert->cert_der, cert->cert_der_len,
	&public_exp_start, &public_exp_len);
	if (err)
	{
	DEBUG (DBG_INFO, "rejecting certificate: could not get public exp: %s",
	gpg_strerror (err));
	return err;
	}

	#define NR_ATTR_PRV 27
	attr = malloc (sizeof (CK_ATTRIBUTE) * NR_ATTR_PRV);
	attr_count = 0;
	if (!attr)
	{
	DEBUG (DBG_INFO, "out of core");
	return gpg_error (GPG_ERR_ENOMEM);
	}

	if (!err)
	err = attr_one (attr, &attr_count, CKA_CLASS,
	&obj_class, sizeof obj_class);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_TOKEN,
	&obj_token, sizeof obj_token);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_PRIVATE,
	&obj_private, sizeof obj_private);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_MODIFIABLE,
	&obj_modifiable, sizeof obj_modifiable);
	if (!err)
	{
	if (*cert->certref)
	err = attr_one (attr, &attr_count, CKA_LABEL,
	cert->certref, strlen (cert->certref));
	else
	err = attr_one (attr, &attr_count, CKA_LABEL,
	"DummyLabel", 10);
	}

	if (!err)
	err = attr_one (attr, &attr_count, CKA_KEY_TYPE,
	&obj_key_type, sizeof obj_key_type);

	/* We construct the CKA_ID from the CERTREF and the KEYGRIP. This
	* allows us to use both values as needed. */
	if (!err)
	{
	char cka_id_buffer[200];

	snprintf (cka_id_buffer, sizeof cka_id_buffer, "%s %s",
	*cert->certref ? cert->certref:"-",
	grip && *grip? grip : "?" );
	err = attr_one (attr, &attr_count, CKA_ID,
	cka_id_buffer, strlen (cka_id_buffer));
	}

	#if 0
	/* For now, we disable these fields. We can parse them from the
	certificate just as the other data. However, we would like to
	avoid parsing the certificates at all, let's see how much
	functionality we really need in the PKCS#11 token first. */

	/* This code currently only works for certificates retrieved through
	gpgsm. */
	if (time_to_ck_date (&cert->timestamp, &obj_start_date))
	{
	if (!err)
	err = attr_one (attr, &attr_count, CKA_START_DATE,
	&obj_start_date, sizeof obj_start_date);
	}

	if (time_to_ck_date (&cert->expires, &obj_end_date))
	{
	if (!err)
	err = attr_one (attr, &attr_count, CKA_END_DATE,
	&obj_end_date, sizeof obj_end_date);
	}
	#else
	/* For now, we disable these fields. We can parse them from the
	certificate just as the other data. However, we would like to
	avoid parsing the certificates at all, let's see how much
	functionality we really need in the PKCS#11 token first. */
	(void)obj_start_date;
	(void)obj_end_date;
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_START_DATE);
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_END_DATE);
	#endif

	if (!err)
	err = attr_one (attr, &attr_count, CKA_DERIVE,
	&obj_derive, sizeof obj_derive);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_LOCAL,
	&obj_local, sizeof obj_local);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_KEY_GEN_MECHANISM,
	&obj_key_gen, sizeof obj_key_gen);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_ALLOWED_MECHANISMS,
	&obj_mechanisms, sizeof obj_mechanisms);

	if (!err)
	err = attr_one (attr, &attr_count, CKA_SUBJECT,
	subject_start, subject_len);

	if (!err)
	err = attr_one (attr, &attr_count, CKA_SENSITIVE,
	&obj_sensitive, sizeof obj_sensitive);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_DECRYPT,
	&obj_decrypt, sizeof obj_decrypt);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_SIGN,
	&obj_sign, sizeof obj_sign);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_SIGN_RECOVER,
	&obj_sign_recover, sizeof obj_sign_recover);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_UNWRAP,
	&obj_unwrap, sizeof obj_unwrap);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_EXTRACTABLE,
	&obj_extractable, sizeof obj_extractable);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_ALWAYS_SENSITIVE,
	&obj_always_sensitive, sizeof obj_always_sensitive);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_NEVER_EXTRACTABLE,
	&obj_never_extractable, sizeof obj_never_extractable);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_WRAP_WITH_TRUSTED,
	&obj_wrap_with_trusted, sizeof obj_wrap_with_trusted);
	if (!err)
	err = attr_empty (attr, &attr_count, CKA_UNWRAP_TEMPLATE);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_ALWAYS_AUTHENTICATE,
	&obj_always_authenticate, sizeof obj_always_authenticate);

	if (!err)
	err = attr_one (attr, &attr_count, CKA_MODULUS,
	modulus_start, modulus_len);
	if (!err)
	err = attr_one (attr, &attr_count, CKA_PUBLIC_EXPONENT,
	public_exp_start, public_exp_len);

	if (err)
	{
	DEBUG (DBG_INFO, "could not build private certificate object: %s",
	gpg_strerror (err));
	scute_attr_free (attr, attr_count);
	return err;
	}

	/* FIXME: Not completely safe. */
	assert (NR_ATTR_PRV >= attr_count);

	*attrp = attr;
	*attr_countp = attr_count;
	return 0;
	}
	diff --git a/src/cryptoki.h b/src/cryptoki.h
	index 1446e4f..fed3747 100644
	--- a/src/cryptoki.h
	+++ b/src/cryptoki.h
	@@ -1,37 +1,28 @@
	/* cryptoki.h - A wrapper for the cryptoki interface.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#ifndef _CRYPTOKI_H_
	#define _CRYPTOKI_H_ 1


	#define CRYPTOKI_EXPORTS
	#include "pkcs11.h"

	#endif /* !_CRYPTOKI_H_ */
	diff --git a/src/debug.c b/src/debug.c
	index 82638c6..66ab8c4 100644
	--- a/src/debug.c
	+++ b/src/debug.c
	@@ -1,142 +1,133 @@
	/* debug.c - Cryptoki implementation.
	- Copyright (C) 2008 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2008 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <ctype.h>
	#include <stdio.h>
	#include <stdlib.h>

	#include <assuan.h>
	#include <gpg-error.h>
	#include <string.h>

	#include "debug.h"


	FILE *_scute_debug_stream;

	unsigned int _scute_debug_flags;


	#ifdef HAVE_W32_SYSTEM
	#define PATHSEP_C ';'
	#else
	#define PATHSEP_C ':'
	#endif


	/* Remove leading and trailing white spaces. */
	static char *
	trim_spaces (char *str)
	{
	char string, p, *mark;

	string = str;
	/* Find first non space character. */
	for (p = string; p && isspace ((unsigned char *) p); p++)
	;
	/* Move characters. */
	for (mark = NULL; (string = p); string++, p++)
	if (isspace ((unsigned char ) p))
	{
	if (!mark)
	mark = string;
	}
	else
	mark = NULL;
	if (mark)
	mark = '\0'; / Remove trailing spaces. */

	return str;
	}

	#include <errno.h>

	void
	_scute_debug_init (void)
	{
	static int initialized;

	if (!initialized)
	{
	char *e;
	const char s1, s2;
	FILE *stream;

	e = getenv ("SCUTE_DEBUG");

	initialized = 1;
	-
	+
	stream = stderr;
	if (e)
	{
	_scute_debug_flags = atoi (e);
	s1 = strchr (e, PATHSEP_C);
	if (s1)
	{
	#ifndef HAVE_W32_SYSTEM
	if (getuid () == geteuid ())
	{
	#endif
	char *p;
	FILE *fp;

	s1++;
	if (!(s2 = strchr (s1, PATHSEP_C)))
	s2 = s1 + strlen (s1);
	p = malloc (s2 - s1 + 1);
	if (p)
	{
	memcpy (p, s1, s2 - s1);
	p[s2-s1] = 0;
	trim_spaces (p);
	fp = fopen (p,"a");
	if (fp)
	{
	setvbuf (fp, NULL, _IOLBF, 0);
	stream = fp;
	}
	free (p);
	}
	#ifndef HAVE_W32_SYSTEM
	}
	#endif
	}
	}

	if (_scute_debug_flags > 0)
	fprintf (stream, "scute debug init: flags=0x%x\n", _scute_debug_flags);

	assuan_set_assuan_log_prefix ("scute-assuan");
	_scute_debug_stream = stream;
	}
	}
	diff --git a/src/debug.h b/src/debug.h
	index a123636..3a223fb 100644
	--- a/src/debug.h
	+++ b/src/debug.h
	@@ -1,56 +1,47 @@
	/* debug.c - Debug interface.
	- Copyright (C) 2006, 2008 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2008 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#ifndef DEBUG_H
	#define DEBUG_H 1

	#include <stdio.h>

	#define DEBUG_PREFIX "scute: "

	#define DBG_CRIT 0
	#define DBG_INFO (1 << 0)
	#define DBG_ASSUAN (1 << 1)

	extern FILE *_scute_debug_stream;
	extern unsigned int _scute_debug_flags;

	#define DEBUG(flag, format, ...) \
	do \
	{ \
	if (_scute_debug_flags & (flag) \|\| flag == DBG_CRIT) \
	fprintf (_scute_debug_stream, \
	DEBUG_PREFIX "%s: " format "\n", __func__, ##__VA_ARGS__); \
	} \
	while (0)

	void _scute_debug_init (void);


	#endif /* !DEBUG_H */
	diff --git a/src/dllmain.c b/src/dllmain.c
	index 440b2b7..9e48f9d 100644
	--- a/src/dllmain.c
	+++ b/src/dllmain.c
	@@ -1,49 +1,50 @@
	-/* main.cc - DLL entry point
	- Copyright (C) 2007 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or
	- modify it under the terms of the GNU Lesser General Public License
	- as published by the Free Software Foundation; either version 2.1
	- of the License, or (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful,
	- but WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU Lesser General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
	+/* dllmain.c - DLL entry point (Windows)
	+ * Copyright (C) 2007 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdarg.h>
	#include <stdio.h>
	#include <windows.h>
	#include <shlobj.h>

	#include <gpg-error.h>
	#include <assuan.h>


	/* Entry point called by DLL loader. */
	STDAPI
	DllMain (HINSTANCE hinst, DWORD reason, LPVOID reserved)
	{
	if (reason == DLL_PROCESS_ATTACH)
	{
	WSADATA wsadat;
	-
	+
	WSAStartup (0x202, &wsadat);
	}
	else if (reason == DLL_PROCESS_DETACH)
	{
	WSACleanup ();
	}
	-
	+
	return TRUE;
	}
	diff --git a/src/error-mapping.c b/src/error-mapping.c
	index ce6b0b6..fdad5ab 100644
	--- a/src/error-mapping.c
	+++ b/src/error-mapping.c
	@@ -1,92 +1,83 @@
	/* error-mapping.c - Scute error mapping.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <errno.h>

	#include <gpg-error.h>

	#include "cryptoki.h"
	#include "debug.h"

	#include "error-mapping.h"


	/* Map a system error code to a cryptoki return value. */
	CK_RV
	scute_sys_to_ck (int err)
	{
	switch (err)
	{
	case 0:
	return CKR_OK;
	-
	+
	case ENOMEM:
	return CKR_HOST_MEMORY;

	default:
	/* CKR_GENERAL_ERROR is too strong. */
	return CKR_FUNCTION_FAILED;
	}
	}


	/* Map a GnuPG error code to a cryptoki return value. */
	CK_RV
	scute_gpg_err_to_ck (gpg_error_t err)
	{
	if (err)
	DEBUG (DBG_CRIT, "Error occurred: %s (%s)\n", gpg_strerror (err),
	gpg_strsource (err));

	switch (gpg_err_code (err))
	{
	case GPG_ERR_NO_ERROR:
	return CKR_OK;

	case GPG_ERR_NO_AGENT:
	return CKR_GENERAL_ERROR;

	case GPG_ERR_ENOMEM:
	return CKR_HOST_MEMORY;

	case GPG_ERR_BAD_PIN:
	return CKR_PIN_INCORRECT;

	case GPG_ERR_PIN_BLOCKED:
	return CKR_PIN_LOCKED;

	default:
	/* CKR_GENERAL_ERROR is too strong. */
	return CKR_FUNCTION_FAILED;
	}
	}
	diff --git a/src/error-mapping.h b/src/error-mapping.h
	index 5cc88a9..f4781bf 100644
	--- a/src/error-mapping.h
	+++ b/src/error-mapping.h
	@@ -1,45 +1,36 @@
	/* error-mapping.c - Scute error mapping interface.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#ifndef ERROR_MAPPING_H
	#define ERROR_MAPPING_H 1

	#include <errno.h>

	#include <gpg-error.h>

	#include "cryptoki.h"

	/* Map a system error code to a cryptoki return value. */
	CK_RV scute_sys_to_ck (int err);

	/* Map a GnuPG error code to a cryptoki return value. */
	CK_RV scute_gpg_err_to_ck (gpg_error_t err);

	#endif /* !ERROR_MAPPING_H */
	diff --git a/src/get-path.c b/src/get-path.c
	index bb24b12..521c727 100644
	--- a/src/get-path.c
	+++ b/src/get-path.c
	@@ -1,311 +1,302 @@
	/* agent.c - Talking to gpg-agent.
	- Copyright (C) 2008 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	-
	-#ifdef HAVE_CONFIG_H
	+ * Copyright (C) 2008 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */
	+
	+#if HAVE_CONFIG_H
	#include <config.h>
	#endif
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#ifdef HAVE_W32_SYSTEM
	#include <windows.h>
	#include <shlobj.h>
	#include <io.h>
	#endif

	#include "support.h"

	#ifdef HAVE_W32_SYSTEM
	#define RTLD_LAZY 0

	static __inline__ void *
	dlopen (const char * name, int flag)
	{
	void * hd = LoadLibrary (name);
	return hd;
	}

	static __inline__ void *
	dlsym (void * hd, const char * sym)
	{
	if (hd && sym)
	{
	void * fnc = GetProcAddress (hd, sym);
	if (!fnc)
	return NULL;
	return fnc;
	}
	return NULL;
	}

	static __inline__ int
	dlclose (void * hd)
	{
	if (hd)
	{
	FreeLibrary (hd);
	return 0;
	}
	return -1;
	-}
	+}


	/* Return a string from the W32 Registry or NULL in case of error.
	Caller must release the return value. A NULL for root is an alias
	for HKEY_CURRENT_USER, HKEY_LOCAL_MACHINE in turn. */
	static char *
	read_w32_registry_string (const char root, const char dir, const char *name)
	{
	HKEY root_key, key_handle;
	DWORD n1, nbytes, type;
	char *result = NULL;
	-
	+
	if ( !root )
	root_key = HKEY_CURRENT_USER;
	else if ( !strcmp( root, "HKEY_CLASSES_ROOT" ) )
	root_key = HKEY_CLASSES_ROOT;
	else if ( !strcmp( root, "HKEY_CURRENT_USER" ) )
	root_key = HKEY_CURRENT_USER;
	else if ( !strcmp( root, "HKEY_LOCAL_MACHINE" ) )
	root_key = HKEY_LOCAL_MACHINE;
	else if ( !strcmp( root, "HKEY_USERS" ) )
	root_key = HKEY_USERS;
	else if ( !strcmp( root, "HKEY_PERFORMANCE_DATA" ) )
	root_key = HKEY_PERFORMANCE_DATA;
	else if ( !strcmp( root, "HKEY_CURRENT_CONFIG" ) )
	root_key = HKEY_CURRENT_CONFIG;
	else
	return NULL;
	-
	+
	if ( RegOpenKeyEx ( root_key, dir, 0, KEY_READ, &key_handle ) )
	{
	if (root)
	return NULL; /* no need for a RegClose, so return direct */
	/* It seems to be common practise to fall back to HKLM. */
	if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) )
	return NULL; /* still no need for a RegClose, so return direct */
	}

	nbytes = 1;
	if ( RegQueryValueEx( key_handle, name, 0, NULL, NULL, &nbytes ) )
	{
	if (root)
	goto leave;
	/* Try to fallback to HKLM also vor a missing value. */
	RegCloseKey (key_handle);
	if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, dir, 0, KEY_READ, &key_handle) )
	return NULL; /* Nope. */
	if (RegQueryValueEx ( key_handle, name, 0, NULL, NULL, &nbytes))
	goto leave;
	}
	result = malloc ( (n1=nbytes+1) );
	if ( !result )
	goto leave;
	if ( RegQueryValueEx ( key_handle, name, 0, &type, result, &n1 ) )
	{
	free(result); result = NULL;
	goto leave;
	}
	result[nbytes] = 0; /* Make sure it is really a string. */
	- if (type == REG_EXPAND_SZ && strchr (result, '%'))
	+ if (type == REG_EXPAND_SZ && strchr (result, '%'))
	{
	char *tmp;
	-
	+
	n1 += 1000;
	tmp = malloc (n1+1);
	if (!tmp)
	goto leave;
	nbytes = ExpandEnvironmentStrings (result, tmp, n1);
	if (nbytes && nbytes > n1)
	{
	free (tmp);
	n1 = nbytes;
	tmp = malloc (n1 + 1);
	if (!tmp)
	goto leave;
	nbytes = ExpandEnvironmentStrings (result, tmp, n1);
	if (nbytes && nbytes > n1) {
	free (tmp); /* Oops - truncated, better don't expand at all. */
	goto leave;
	}
	tmp[nbytes] = 0;
	free (result);
	result = tmp;
	}
	else if (nbytes) /* Okay, reduce the length. */
	{
	tmp[nbytes] = 0;
	free (result);
	result = malloc (strlen (tmp)+1);
	if (!result)
	result = tmp;
	- else
	+ else
	{
	strcpy (result, tmp);
	free (tmp);
	}
	}
	else /* Error - don't expand. */
	{
	free (tmp);
	}
	}

	leave:
	RegCloseKey( key_handle );
	return result;
	}


	/* This is a helper function to load and run a Windows function from
	either of one DLLs. */
	static HRESULT
	w32_shgetfolderpath (HWND a, int b, HANDLE c, DWORD d, LPSTR e)
	{
	static int initialized;
	static HRESULT (WINAPI * func)(HWND,int,HANDLE,DWORD,LPSTR);

	if (!initialized)
	{
	static char *dllnames[] = { "shell32.dll", "shfolder.dll", NULL };
	void *handle;
	int i;

	initialized = 1;

	for (i=0, handle = NULL; !handle && dllnames[i]; i++)
	{
	handle = dlopen (dllnames[i], RTLD_LAZY);
	if (handle)
	{
	func = dlsym (handle, "SHGetFolderPathA");
	if (!func)
	{
	dlclose (handle);
	handle = NULL;
	}
	}
	}
	}

	if (func)
	return func (a,b,c,d,e);
	else
	return -1;
	}


	static char *
	find_program_in_inst_dir (const char *name)
	{
	char *result = NULL;
	char *tmp;

	tmp = read_w32_registry_string ("HKEY_LOCAL_MACHINE",
	"Software\\GNU\\GnuPG",
	"Install Directory");
	if (!tmp)
	return NULL;

	result = malloc (strlen (tmp) + 1 + strlen (name) + 1);
	if (!result)
	{
	free (tmp);
	return NULL;
	}

	strcpy (stpcpy (stpcpy (result, tmp), "\\"), name);
	free (tmp);
	if (access (result, F_OK))
	{
	free (result);
	return NULL;
	}

	return result;
	}



	static char *
	find_program_at_standard_place (const char *name)
	{
	char path[MAX_PATH];
	char *result = NULL;
	-
	- if (w32_shgetfolderpath (NULL, CSIDL_PROGRAM_FILES, NULL, 0, path) >= 0)
	+
	+ if (w32_shgetfolderpath (NULL, CSIDL_PROGRAM_FILES, NULL, 0, path) >= 0)
	{
	result = malloc (strlen (path) + 1 + strlen (name) + 1);
	if (result)
	{
	strcpy (stpcpy (stpcpy (result, path), "\\"), name);
	if (access (result, F_OK))
	{
	free (result);
	result = NULL;
	}
	}
	}
	return result;
	}
	#endif


	const char *
	get_gpgsm_path (void)
	{
	static const char *pgmname;

	#ifdef HAVE_W32_SYSTEM
	if (!pgmname)
	pgmname = find_program_in_inst_dir ("gpgsm.exe");
	if (!pgmname)
	pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpgsm.exe");
	#endif
	if (!pgmname)
	pgmname = GPGSM_PATH;
	return pgmname;
	}


	const char *
	get_gpg_connect_agent_path (void)
	{
	static const char *pgmname;

	#ifdef HAVE_W32_SYSTEM
	if (!pgmname)
	pgmname = find_program_in_inst_dir ("gpg-connect-agent.exe");
	if (!pgmname)
	pgmname = find_program_at_standard_place ("GNU\\GnuPG\\gpg-connect-agent.exe");
	#endif
	if (!pgmname)
	pgmname = GPG_CONNECT_AGENT_PATH;
	return pgmname;
	}
	diff --git a/src/gpgsm.c b/src/gpgsm.c
	index b0d4c4c..5c3e220 100644
	--- a/src/gpgsm.c
	+++ b/src/gpgsm.c
	@@ -1,166 +1,157 @@
	/* gpgsm.c - Talking to gpgsm.
	- Copyright (C) 2006, 2008 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2008 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <assert.h>
	#include <locale.h>
	#include <errno.h>
	#include <string.h>
	#include <stdbool.h>
	#include <time.h>

	#include <assuan.h>
	#include <gpg-error.h>

	#include "cryptoki.h"
	#include "support.h"
	#include "cert.h"
	#include "agent.h"
	#include "gpgsm.h"
	#include "debug.h"


	/* Communication object for search_cb. */
	struct search_cb_parm
	{
	bool found; /* Set to true if a private key object was found. */
	cert_get_cb_t cert_get_cb;
	void *hook;
	bool with_chain;
	const char *grip;
	};


	static gpg_error_t
	search_cb (void hook, struct cert cert)
	{
	struct search_cb_parm *ctx = hook;
	gpg_error_t err = 0;

	CK_ATTRIBUTE_PTR attrp;
	CK_ULONG attr_countp;

	/* Add the private key object only once. */
	if (!ctx->found)
	{
	err = scute_attr_prv (cert, ctx->grip, &attrp, &attr_countp);
	if (err)
	return err;

	err = (*ctx->cert_get_cb) (ctx->hook, attrp, attr_countp);
	if (err)
	{
	scute_attr_free (attrp, attr_countp);
	return err;
	}

	ctx->found = true;
	}

	/* Add the certificate chain recursively before adding the
	certificate. But ignore errors. If the chain is incomplete, we
	might still be able to proceed, for example with client
	authentication. */
	if (ctx->with_chain && strcmp (cert->chain_id, cert->fpr))
	scute_gpgsm_search_certs (KEYLIST_BY_FPR, cert->chain_id, search_cb, ctx);

	/* Turn this certificate into a certificate object. */
	err = scute_attr_cert (cert, ctx->grip, &attrp, &attr_countp);
	if (err)
	return err;

	err = (*ctx->cert_get_cb) (ctx->hook, attrp, attr_countp);
	if (err)
	{
	scute_attr_free (attrp, attr_countp);
	return err;
	}

	return err;
	}


	/* Create the attributes required for a new certificate object. If
	* CERTREF is not NULL it is used to locate the cert directly from the
	* card; if CERTREF is NULL or a cert was not found on the card, GRIP
	* is used to find the certificate in the local key store of gpgsm.
	*
	* FIXME: This is all pretty questionable because our input data
	* always comes from the card.
	*
	* Returns allocated attributes for the certificate object in ATTRP
	* and ATTR_COUNTP, and for the private key object in PRV_ATTRP and
	* PRV_ATTR_COUNTP. */
	gpg_error_t
	scute_gpgsm_get_cert (char grip, const char certref,
	cert_get_cb_t cert_get_cb, void *hook)
	{
	gpg_error_t err;
	struct search_cb_parm search;

	search.found = false;
	search.cert_get_cb = cert_get_cb;
	search.hook = hook;
	search.with_chain = false;
	search.grip = grip;

	DEBUG (DBG_INFO, "scute_gpgsm_get_cert: certref='%s'", certref);

	/* If the cert is requested from the card, we try to get it from
	* the card as well. */
	if (certref)
	{
	struct cert cert;

	memset (&cert, '\0', sizeof (cert));
	err = scute_agent_get_cert (certref, &cert);
	if (! err)
	{
	#if 0
	/* For now, we don't need no stinking chain. */

	/* As we only have the DER certificate from the card, we need to
	parse that and fill out the missing info and try to get the
	certificate chain from gpgsm. */
	err = scute_cert_from_der (&cert);
	#endif
	if (! err)
	err = search_cb (&search, &cert);
	return err;
	}
	}

	DEBUG (DBG_INFO, "scute_gpgsm_get_cert: falling back to gpgsm");
	search.with_chain = true;
	err = scute_gpgsm_search_certs (KEYLIST_BY_GRIP, grip, search_cb, &search);
	return err;
	}
	diff --git a/src/libscute.vers b/src/libscute.vers
	index b8be2e9..2a5705b 100644
	--- a/src/libscute.vers
	+++ b/src/libscute.vers
	@@ -1,107 +1,97 @@
	# libscute.vers - List of symbols to export.
	# Copyright (C) 2002, 2004, 2005, 2006 g10 Code GmbH
	#
	# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	+# Lesser General Public License for more details.
	#
	-# You should have received a copy of the GNU General Public License
	-# along with Scute; if not, write to the Free Software Foundation,
	-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Fondations's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	#----------------------------------------------------------
	# Please remember to add new functions also to scute.def
	#----------------------------------------------------------

	SCUTE_1.0 {
	global:
	C_CancelFunction;
	C_CloseAllSessions;
	C_CloseSession;
	C_CopyObject;
	C_CreateObject;
	C_Decrypt;
	C_DecryptDigestUpdate;
	C_DecryptFinal;
	C_DecryptInit;
	C_DecryptUpdate;
	C_DecryptVerifyUpdate;
	C_DeriveKey;
	C_DestroyObject;
	C_Digest;
	C_DigestEncryptUpdate;
	C_DigestFinal;
	C_DigestInit;
	C_DigestKey;
	C_DigestUpdate;
	C_Encrypt;
	C_EncryptFinal;
	C_EncryptInit;
	C_EncryptUpdate;
	C_Finalize;
	C_FindObjects;
	C_FindObjectsFinal;
	C_FindObjectsInit;
	C_GenerateKey;
	C_GenerateKeyPair;
	C_GenerateRandom;
	C_GetAttributeValue;
	C_GetFunctionList;
	C_GetFunctionStatus;
	C_GetInfo;
	C_GetMechanismInfo;
	C_GetMechanismList;
	C_GetObjectSize;
	C_GetOperationState;
	C_GetSessionInfo;
	C_GetSlotInfo;
	C_GetSlotList;
	C_GetTokenInfo;
	C_InitPIN;
	C_InitToken;
	C_Initialize;
	C_Login;
	C_Logout;
	C_OpenSession;
	C_SeedRandom;
	C_SetAttributeValue;
	C_SetOperationState;
	C_SetPIN;
	C_Sign;
	C_SignEncryptUpdate;
	C_SignFinal;
	C_SignInit;
	C_SignRecover;
	C_SignRecoverInit;
	C_SignUpdate;
	C_UnwrapKey;
	C_Verify;
	C_VerifyFinal;
	C_VerifyInit;
	C_VerifyRecover;
	C_VerifyRecoverInit;
	C_VerifyUpdate;
	C_WaitForSlotEvent;
	C_WrapKey;
	local:
	*;

	};
	diff --git a/src/locking.c b/src/locking.c
	index d377f5a..696c7db 100644
	--- a/src/locking.c
	+++ b/src/locking.c
	@@ -1,115 +1,106 @@
	/* locking.c - Locking support.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif
	#include <string.h>


	#include "locking.h"

	/* Our copy of the initialization arguments. */
	static CK_C_INITIALIZE_ARGS init_args;

	/* The global lock. */
	mutex_t scute_lock;


	/* Initialize the locking support. ARGS is as provided to
	C_Initialize. */
	CK_RV
	scute_locking_initialize (CK_C_INITIALIZE_ARGS_PTR args)
	{
	CK_RV err;

	if (args)
	init_args = *args;

	err = scute_mutex_create (&scute_lock);
	if (err)
	{
	if (args)
	memset (&init_args, 0, sizeof (init_args));
	return err;
	}

	return CKR_OK;
	}


	/* Finalize the locking support. ARGS is as provided to
	C_Initialize. */
	void
	scute_locking_finalize (void)
	{
	(void) scute_mutex_destroy (scute_lock);

	memset (&init_args, 0, sizeof (init_args));
	}


	CK_RV
	scute_mutex_create (mutex_t *mutexp)
	{
	if (init_args.CreateMutex)
	return (*init_args.CreateMutex) (mutexp);

	return 0;
	}


	CK_RV
	scute_mutex_destroy (mutex_t mutex)
	{
	if (init_args.DestroyMutex)
	return (*init_args.DestroyMutex) (mutex);

	return 0;
	}


	CK_RV
	scute_mutex_lock (mutex_t mutex)
	{
	if (init_args.LockMutex)
	return (*init_args.LockMutex) (mutex);

	return 0;
	}


	CK_RV
	scute_mutex_unlock (mutex_t mutex)
	{
	if (init_args.LockMutex)
	return (*init_args.UnlockMutex) (mutex);

	return 0;
	}
	diff --git a/src/locking.h b/src/locking.h
	index 8710de2..e45e0b4 100644
	--- a/src/locking.h
	+++ b/src/locking.h
	@@ -1,83 +1,74 @@
	/* locking.h - Scute locking interface.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#ifndef LOCKING_H
	#define LOCKING_H 1

	#include "cryptoki.h"


	/* The lock type. */
	typedef void *mutex_t;


	/* Initialize the locking support. ARGS is as provided to
	C_Initialize. */
	CK_RV scute_locking_initialize (CK_C_INITIALIZE_ARGS_PTR args);

	/* Finalize the locking support. ARGS is as provided to
	C_Initialize. */
	void scute_locking_finalize (void);


	/* Create a new mutex object. */
	CK_RV scute_mutex_create (mutex_t *mutexp);

	/* Destroy an existing mutex object. */
	CK_RV scute_mutex_destroy (mutex_t mutex);

	/* Lock a mutex object. */
	CK_RV scute_mutex_lock (mutex_t mutex);

	/* Unlock a mutex object. */
	CK_RV scute_mutex_unlock (mutex_t mutex);


	/* Scute is single-threaded, thus there is a single global lock taken
	at all entry points except for C_GetFunctionList, C_Initialize,
	C_Finalize and stubs. */

	/* The global lock. */
	extern mutex_t scute_lock;

	/* Take the global lock. */
	static inline CK_RV
	scute_global_lock (void)
	{
	return scute_mutex_lock (scute_lock);
	}

	/* Release the global lock. */
	static inline void
	scute_global_unlock (void)
	{
	(void) scute_mutex_unlock (scute_lock);
	}

	#endif /* !LOCKING_H */
	diff --git a/src/p11-cancelfunction.c b/src/p11-cancelfunction.c
	index 458385d..2215720 100644
	--- a/src/p11-cancelfunction.c
	+++ b/src/p11-cancelfunction.c
	@@ -1,42 +1,33 @@
	/* p11-cancelfunction.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_CancelFunction (CK_SESSION_HANDLE hSession)
	{
	(void) hSession;
	return CKR_FUNCTION_NOT_PARALLEL;
	}
	diff --git a/src/p11-closeallsessions.c b/src/p11-closeallsessions.c
	index c09df24..f024d23 100644
	--- a/src/p11-closeallsessions.c
	+++ b/src/p11-closeallsessions.c
	@@ -1,59 +1,50 @@
	/* p11-closeallsessions.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_CloseAllSessions (CK_SLOT_ID slotID)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup (slotID, &slot);
	if (err)
	goto out;

	err = slot_close_all_sessions (slot);

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-closesession.c b/src/p11-closesession.c
	index aeb09d4..669b842 100644
	--- a/src/p11-closesession.c
	+++ b/src/p11-closesession.c
	@@ -1,60 +1,51 @@
	/* p11-closesession.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_CloseSession (CK_SESSION_HANDLE hSession)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = slot_close_session (slot, session);

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-copyobject.c b/src/p11-copyobject.c
	index 8230595..015584f 100644
	--- a/src/p11-copyobject.c
	+++ b/src/p11-copyobject.c
	@@ -1,48 +1,39 @@
	/* p11-copyobject.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_CopyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
	CK_OBJECT_HANDLE_PTR phNewObject)
	{
	(void) hSession;
	(void) hObject;
	(void) pTemplate;
	(void) ulCount;
	(void) phNewObject;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-createobject.c b/src/p11-createobject.c
	index be62075..55b615c 100644
	--- a/src/p11-createobject.c
	+++ b/src/p11-createobject.c
	@@ -1,46 +1,37 @@
	/* p11-createobject.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_CreateObject (CK_SESSION_HANDLE hSession, CK_ATTRIBUTE_PTR pTemplate,
	CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phObject)
	{
	(void) hSession;
	(void) pTemplate;
	(void) ulCount;
	(void) phObject;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-decrypt.c b/src/p11-decrypt.c
	index 4764102..8530720 100644
	--- a/src/p11-decrypt.c
	+++ b/src/p11-decrypt.c
	@@ -1,49 +1,40 @@
	/* p11-decrypt.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_Decrypt (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
	CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
	{
	/* FIXME: Implement this. */
	(void) hSession;
	(void) pEncryptedData;
	(void) ulEncryptedDataLen;
	(void) pData;
	(void) pulDataLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-decryptdigestupdate.c b/src/p11-decryptdigestupdate.c
	index 80943c1..fc5a0d4 100644
	--- a/src/p11-decryptdigestupdate.c
	+++ b/src/p11-decryptdigestupdate.c
	@@ -1,48 +1,39 @@
	/* p11-decryptdigestupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DecryptDigestUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
	CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
	{
	(void) hSession;
	(void) pEncryptedPart;
	(void) ulEncryptedPartLen;
	(void) pPart;
	(void) pulPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-decryptfinal.c b/src/p11-decryptfinal.c
	index 77e41c9..d855280 100644
	--- a/src/p11-decryptfinal.c
	+++ b/src/p11-decryptfinal.c
	@@ -1,46 +1,37 @@
	/* p11-decryptfinal.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DecryptFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
	CK_ULONG_PTR pulLastPartLen)
	{
	/* FIXME: Implement this. */
	(void) hSession;
	(void) pLastPart;
	(void) pulLastPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-decryptinit.c b/src/p11-decryptinit.c
	index 1f73d8a..dce1e00 100644
	--- a/src/p11-decryptinit.c
	+++ b/src/p11-decryptinit.c
	@@ -1,46 +1,37 @@
	/* p11-decryptinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DecryptInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hKey)
	{
	/* FIXME: Implement this. */
	(void) hSession;
	(void) pMechanism;
	(void) hKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-decryptupdate.c b/src/p11-decryptupdate.c
	index 4939475..79843a1 100644
	--- a/src/p11-decryptupdate.c
	+++ b/src/p11-decryptupdate.c
	@@ -1,48 +1,39 @@
	/* p11-decryptupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DecryptUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pEncryptedPart,CK_ULONG ulEncryptedPartLen,
	CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
	{
	(void) hSession;
	(void) pEncryptedPart;
	(void) ulEncryptedPartLen;
	(void) pPart;
	(void) pulPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-decryptverifyupdate.c b/src/p11-decryptverifyupdate.c
	index d98e546..b32361f 100644
	--- a/src/p11-decryptverifyupdate.c
	+++ b/src/p11-decryptverifyupdate.c
	@@ -1,48 +1,39 @@
	/* p11-decryptverifyupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DecryptVerifyUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
	CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
	{
	(void) hSession;
	(void) pEncryptedPart;
	(void) ulEncryptedPartLen;
	(void) pPart;
	(void) pulPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-derivekey.c b/src/p11-derivekey.c
	index 615ef88..23e10cf 100644
	--- a/src/p11-derivekey.c
	+++ b/src/p11-derivekey.c
	@@ -1,49 +1,40 @@
	/* p11-derivekey.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DeriveKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hBaseKey, CK_ATTRIBUTE_PTR pTemplate,
	CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hBaseKey;
	(void) pTemplate;
	(void) ulAttributeCount;
	(void) phKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-destroyobject.c b/src/p11-destroyobject.c
	index 7f942a4..7c119f1 100644
	--- a/src/p11-destroyobject.c
	+++ b/src/p11-destroyobject.c
	@@ -1,43 +1,34 @@
	/* p11-destroyobject.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	CK_RV CK_SPEC
	C_DestroyObject (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject)
	{
	/* FIXME: Implement this. */
	(void) hSession;
	(void) hObject;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-digest.c b/src/p11-digest.c
	index 393a588..414dc76 100644
	--- a/src/p11-digest.c
	+++ b/src/p11-digest.c
	@@ -1,47 +1,38 @@
	/* p11-digest.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_Digest (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
	CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
	{
	(void) hSession;
	(void) pData;
	(void) ulDataLen;
	(void) pDigest;
	(void) pulDigestLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-digestencryptupdate.c b/src/p11-digestencryptupdate.c
	index b608b74..67efcef 100644
	--- a/src/p11-digestencryptupdate.c
	+++ b/src/p11-digestencryptupdate.c
	@@ -1,49 +1,40 @@
	/* p11-digestencryptupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DigestEncryptUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
	CK_BYTE_PTR pEncryptedPart,
	CK_ULONG_PTR pulEncryptedPartLen)
	{
	(void) hSession;
	(void) pPart;
	(void) ulPartLen;
	(void) pEncryptedPart;
	(void) pulEncryptedPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-digestfinal.c b/src/p11-digestfinal.c
	index ba29f24..edec94c 100644
	--- a/src/p11-digestfinal.c
	+++ b/src/p11-digestfinal.c
	@@ -1,45 +1,36 @@
	/* p11-digestfinal.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DigestFinal (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen)
	{
	(void) hSession;
	(void) pDigest;
	(void) pulDigestLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-digestinit.c b/src/p11-digestinit.c
	index a4da028..c52359e 100644
	--- a/src/p11-digestinit.c
	+++ b/src/p11-digestinit.c
	@@ -1,43 +1,34 @@
	/* p11-digestinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_DigestInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism)
	{
	(void) hSession;
	(void) pMechanism;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-digestkey.c b/src/p11-digestkey.c
	index 0ccf809..5480798 100644
	--- a/src/p11-digestkey.c
	+++ b/src/p11-digestkey.c
	@@ -1,42 +1,33 @@
	/* p11-digestkey.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	CK_RV CK_SPEC
	C_DigestKey (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
	{
	(void) hSession;
	(void) hKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-digestupdate.c b/src/p11-digestupdate.c
	index 6567582..59c3f84 100644
	--- a/src/p11-digestupdate.c
	+++ b/src/p11-digestupdate.c
	@@ -1,44 +1,35 @@
	/* p11-digestupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	CK_RV CK_SPEC
	C_DigestUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
	{
	(void) hSession;
	(void) pPart;
	(void) ulPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-encrypt.c b/src/p11-encrypt.c
	index 254f265..f56768a 100644
	--- a/src/p11-encrypt.c
	+++ b/src/p11-encrypt.c
	@@ -1,47 +1,38 @@
	/* p11-encrypt.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
	CK_BYTE_PTR pEncryptedData, CK_ULONG_PTR pulEncryptedDataLen)
	{
	(void) hSession;
	(void) pData;
	(void) ulDataLen;
	(void) pEncryptedData;
	(void) pulEncryptedDataLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-encryptfinal.c b/src/p11-encryptfinal.c
	index 74010c4..c27eb14 100644
	--- a/src/p11-encryptfinal.c
	+++ b/src/p11-encryptfinal.c
	@@ -1,45 +1,36 @@
	/* p11-encryptfinal.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_EncryptFinal (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastEncryptedPart,
	CK_ULONG_PTR pulLastEncryptedPartLen)
	{
	(void) hSession;
	(void) pLastEncryptedPart;
	(void) pulLastEncryptedPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-encryptinit.c b/src/p11-encryptinit.c
	index 0fca3af..d769a91 100644
	--- a/src/p11-encryptinit.c
	+++ b/src/p11-encryptinit.c
	@@ -1,44 +1,35 @@
	/* p11-encryptinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	CK_RV CK_SPEC
	C_EncryptInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-encryptupdate.c b/src/p11-encryptupdate.c
	index 43f9bce..432fdf3 100644
	--- a/src/p11-encryptupdate.c
	+++ b/src/p11-encryptupdate.c
	@@ -1,47 +1,38 @@
	/* p11-encryptupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	CK_RV CK_SPEC
	C_EncryptUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
	CK_BYTE_PTR pEncryptedPart, CK_ULONG_PTR pulEncryptedPartLen)
	{
	(void) hSession;
	(void) pPart;
	(void) ulPartLen;
	(void) pEncryptedPart;
	(void) pulEncryptedPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-finalize.c b/src/p11-finalize.c
	index de5f989..7dbd00b 100644
	--- a/src/p11-finalize.c
	+++ b/src/p11-finalize.c
	@@ -1,63 +1,54 @@
	/* p11-finalize.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif
	#ifdef HAVE_W32_SYSTEM
	#define __USE_W32_SOCKETS 1
	#include <windows.h>
	#endif

	#include "cryptoki.h"

	#include "slots.h"
	#include "agent.h"
	#include "locking.h"


	CK_RV CK_SPEC
	C_Finalize (CK_VOID_PTR pReserved)
	{
	/* This is one of the few functions which do not need to take the
	global lock. */

	if (pReserved != NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	scute_slots_finalize ();
	scute_agent_finalize ();
	scute_locking_finalize ();

	#ifdef HAVE_W32_SYSTEM
	WSACleanup ();
	#endif

	return CKR_OK;
	}
	diff --git a/src/p11-findobjects.c b/src/p11-findobjects.c
	index 26fa879..b355189 100644
	--- a/src/p11-findobjects.c
	+++ b/src/p11-findobjects.c
	@@ -1,83 +1,74 @@
	/* p11-findobjects.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <assert.h>
	#include <string.h>

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"

	#define MIN(a,b) ((a) < (b) ? (a) : (b))


	CK_RV CK_SPEC
	C_FindObjects (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject,
	CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount)
	{
	CK_RV err = CKR_OK;
	CK_ULONG count;
	slot_iterator_t slot;
	session_iterator_t session;
	object_iterator_t *oids;
	int oids_len;

	if (!pulObjectCount)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = session_get_search_result (slot, session, &oids, &oids_len);
	assert (!err);

	count = MIN ((int) ulMaxObjectCount, oids_len);
	memcpy (phObject, oids, sizeof (CK_OBJECT_HANDLE) * count);

	oids_len = oids_len - count;
	memmove (oids, oids + count, sizeof (CK_OBJECT_HANDLE) * oids_len);
	err = session_set_search_result (slot, session, oids, oids_len);
	assert (!err);

	*pulObjectCount = count;

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-findobjectsfinal.c b/src/p11-findobjectsfinal.c
	index 4737b27..64b3dcc 100644
	--- a/src/p11-findobjectsfinal.c
	+++ b/src/p11-findobjectsfinal.c
	@@ -1,62 +1,53 @@
	/* p11-findobjectsfinal.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_FindObjectsFinal (CK_SESSION_HANDLE hSession)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = session_set_search_result (slot, session, NULL, 0);

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-findobjectsinit.c b/src/p11-findobjectsinit.c
	index 4db1d26..cecfb68 100644
	--- a/src/p11-findobjectsinit.c
	+++ b/src/p11-findobjectsinit.c
	@@ -1,138 +1,129 @@
	/* p11-findobjectsinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <string.h>
	#include <errno.h>
	#include <stdlib.h>

	#include "cryptoki.h"

	#include "locking.h"
	#include "error-mapping.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_FindObjectsInit (CK_SESSION_HANDLE hSession,
	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;
	object_iterator_t object;
	object_iterator_t *search_result;
	int search_result_len = 0;

	if (ulCount && pTemplate == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = slot_get_object_count (slot, &search_result_len);
	if (err)
	goto out;

	search_result = malloc (search_result_len * sizeof (object_iterator_t));
	if (!search_result)
	{
	err = scute_sys_to_ck (errno);
	goto out;
	}
	search_result_len = 0;

	err = objects_iterate_first (slot, &object);
	if (err)
	{
	free (search_result);
	goto out;
	}

	while (!objects_iterate_last (slot, &object) && !err)
	{
	CK_ATTRIBUTE_PTR attr;
	CK_ULONG attr_count;

	err = slot_get_object (slot, object, &attr, &attr_count);
	if (!err)
	{
	CK_ULONG count = ulCount;

	/* For each template attribute, check if it matches the
	object. */
	while (count--)
	{
	CK_ULONG i;

	for (i = 0; i < attr_count; i++)
	if (attr[i].type == pTemplate[count].type)
	break;

	/* Lots of ways not to match. */
	if (i == attr_count)
	break;
	if (pTemplate[count].ulValueLen != attr[i].ulValueLen)
	break;
	if (memcmp (pTemplate[count].pValue, attr[i].pValue,
	attr[i].ulValueLen))
	break;
	}

	if (count == (CK_ULONG) -1)
	{
	/* Got a match. */
	search_result[search_result_len++] = object;
	}

	err = objects_iterate_next (slot, &object);
	}
	}

	if (err)
	{
	free (search_result);
	goto out;
	}

	err = session_set_search_result (slot, session, search_result,
	search_result_len);

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-generatekey.c b/src/p11-generatekey.c
	index 587ad94..e916442 100644
	--- a/src/p11-generatekey.c
	+++ b/src/p11-generatekey.c
	@@ -1,48 +1,39 @@
	/* p11-generatekey.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_GenerateKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
	CK_OBJECT_HANDLE_PTR phKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) pTemplate;
	(void) ulCount;
	(void) phKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-generatekeypair.c b/src/p11-generatekeypair.c
	index d37a2e1..3873633 100644
	--- a/src/p11-generatekeypair.c
	+++ b/src/p11-generatekeypair.c
	@@ -1,55 +1,46 @@
	/* p11-generatekeypair.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_GenerateKeyPair (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_ATTRIBUTE_PTR pPublicKeyTemplate,
	CK_ULONG ulPublicKeyAttributeCount,
	CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
	CK_ULONG ulPrivateKeyAttributeCount,
	CK_OBJECT_HANDLE_PTR phPublicKey,
	CK_OBJECT_HANDLE_PTR phPrivateKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) pPublicKeyTemplate;
	(void) ulPublicKeyAttributeCount;
	(void) pPrivateKeyTemplate;
	(void) ulPrivateKeyAttributeCount;
	(void) phPublicKey;
	(void) phPrivateKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-generaterandom.c b/src/p11-generaterandom.c
	index 338f957..f5cc8e9 100644
	--- a/src/p11-generaterandom.c
	+++ b/src/p11-generaterandom.c
	@@ -1,64 +1,55 @@
	/* p11-generaterandom.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"
	#include "agent.h"
	#include "error-mapping.h"


	CK_RV CK_SPEC
	C_GenerateRandom (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
	{
	CK_RV err;
	slot_iterator_t slot;
	session_iterator_t session;

	if (pRandomData == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (!err)
	err = scute_gpg_err_to_ck (scute_agent_get_random (pRandomData,
	ulRandomLen));

	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-getattributevalue.c b/src/p11-getattributevalue.c
	index 4dd31c8..7532033 100644
	--- a/src/p11-getattributevalue.c
	+++ b/src/p11-getattributevalue.c
	@@ -1,103 +1,94 @@
	/* p11-getattributevalue.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <string.h>

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_GetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;
	CK_ATTRIBUTE_PTR attr;
	CK_ULONG attr_count;

	if (pTemplate == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = slot_get_object (slot, hObject, &attr, &attr_count);
	if (err)
	goto out;

	while (ulCount--)
	{
	CK_ULONG i;

	for (i = 0; i < attr_count; i++)
	if (attr[i].type == pTemplate[ulCount].type)
	break;

	if (i == attr_count)
	{
	pTemplate[ulCount].ulValueLen = -1;
	err = CKR_ATTRIBUTE_TYPE_INVALID;
	}
	else
	{
	CK_ATTRIBUTE_PTR attribute = &attr[i];

	pTemplate[ulCount].ulValueLen = attribute->ulValueLen;

	if (pTemplate[ulCount].pValue)
	{
	if (pTemplate[ulCount].ulValueLen >= attribute->ulValueLen)
	memcpy (pTemplate[ulCount].pValue,
	attribute->pValue, attribute->ulValueLen);
	else
	{
	pTemplate[ulCount].ulValueLen = -1;
	err = CKR_BUFFER_TOO_SMALL;
	}
	}
	}
	}

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-getfunctionlist.c b/src/p11-getfunctionlist.c
	index f06f8ca..3987758 100644
	--- a/src/p11-getfunctionlist.c
	+++ b/src/p11-getfunctionlist.c
	@@ -1,126 +1,117 @@
	/* p11-getfunctionlist.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "settings.h"


	/* The list of exported functions. */
	static CK_FUNCTION_LIST function_list =
	{
	version: { major: VERSION_MAJOR, minor: VERSION_MINOR },
	C_Initialize: C_Initialize,
	C_Finalize: C_Finalize,
	C_GetInfo: C_GetInfo,
	C_GetFunctionList: C_GetFunctionList,
	C_GetSlotList: C_GetSlotList,
	C_GetSlotInfo: C_GetSlotInfo,
	C_GetTokenInfo: C_GetTokenInfo,
	C_GetMechanismList: C_GetMechanismList,
	C_GetMechanismInfo: C_GetMechanismInfo,
	C_InitToken: C_InitToken,
	C_InitPIN: C_InitPIN,
	C_SetPIN: C_SetPIN,
	C_OpenSession: C_OpenSession,
	C_CloseSession: C_CloseSession,
	C_CloseAllSessions: C_CloseAllSessions,
	C_GetSessionInfo: C_GetSessionInfo,
	C_GetOperationState: C_GetOperationState,
	C_SetOperationState: C_SetOperationState,
	C_Login: C_Login,
	C_Logout: C_Logout,
	C_CreateObject: C_CreateObject,
	C_CopyObject: C_CopyObject,
	C_DestroyObject: C_DestroyObject,
	C_GetObjectSize: C_GetObjectSize,
	C_GetAttributeValue: C_GetAttributeValue,
	C_SetAttributeValue: C_SetAttributeValue,
	C_FindObjectsInit: C_FindObjectsInit,
	C_FindObjects: C_FindObjects,
	C_FindObjectsFinal: C_FindObjectsFinal,
	C_EncryptInit: C_EncryptInit,
	C_Encrypt: C_Encrypt,
	C_EncryptUpdate: C_EncryptUpdate,
	C_EncryptFinal: C_EncryptFinal,
	C_DecryptInit: C_DecryptInit,
	C_Decrypt: C_Decrypt,
	C_DecryptUpdate: C_DecryptUpdate,
	C_DecryptFinal: C_DecryptFinal,
	C_DigestInit: C_DigestInit,
	C_Digest: C_Digest,
	C_DigestUpdate: C_DigestUpdate,
	C_DigestKey: C_DigestKey,
	C_DigestFinal: C_DigestFinal,
	C_SignInit: C_SignInit,
	C_Sign: C_Sign,
	C_SignUpdate: C_SignUpdate,
	C_SignFinal: C_SignFinal,
	C_SignRecoverInit: C_SignRecoverInit,
	C_SignRecover: C_SignRecover,
	C_VerifyInit: C_VerifyInit,
	C_Verify: C_Verify,
	C_VerifyUpdate: C_VerifyUpdate,
	C_VerifyFinal: C_VerifyFinal,
	C_VerifyRecoverInit: C_VerifyRecoverInit,
	C_VerifyRecover: C_VerifyRecover,
	C_DigestEncryptUpdate: C_DigestEncryptUpdate,
	C_DecryptDigestUpdate: C_DecryptDigestUpdate,
	C_SignEncryptUpdate: C_SignEncryptUpdate,
	C_DecryptVerifyUpdate: C_DecryptVerifyUpdate,
	C_GenerateKey: C_GenerateKey,
	C_GenerateKeyPair: C_GenerateKeyPair,
	C_WrapKey: C_WrapKey,
	C_UnwrapKey: C_UnwrapKey,
	C_DeriveKey: C_DeriveKey,
	C_SeedRandom: C_SeedRandom,
	C_GenerateRandom: C_GenerateRandom,
	C_GetFunctionStatus: C_GetFunctionStatus,
	C_CancelFunction: C_CancelFunction,
	C_WaitForSlotEvent: C_WaitForSlotEvent
	};


	CK_RV CK_SPEC
	C_GetFunctionList (CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
	{
	/* This is one of the few functions which do not need to take the
	global lock. */

	if (ppFunctionList == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	*ppFunctionList = &function_list;

	return CKR_OK;
	}
	diff --git a/src/p11-getfunctionstatus.c b/src/p11-getfunctionstatus.c
	index 8fe156c..2a325cd 100644
	--- a/src/p11-getfunctionstatus.c
	+++ b/src/p11-getfunctionstatus.c
	@@ -1,42 +1,33 @@
	/* p11-getfunctionstatus.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_GetFunctionStatus (CK_SESSION_HANDLE hSession)
	{
	(void) hSession;
	return CKR_FUNCTION_NOT_PARALLEL;
	}
	diff --git a/src/p11-getinfo.c b/src/p11-getinfo.c
	index 5e053dd..28bb841 100644
	--- a/src/p11-getinfo.c
	+++ b/src/p11-getinfo.c
	@@ -1,55 +1,46 @@
	/* p11-getinfo.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "support.h"
	#include "settings.h"


	CK_RV CK_SPEC
	C_GetInfo (CK_INFO_PTR pInfo)
	{
	if (pInfo == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	pInfo->cryptokiVersion.major = CRYPTOKI_VERSION_MAJOR;
	pInfo->cryptokiVersion.minor = CRYPTOKI_VERSION_MINOR;
	scute_copy_string (pInfo->manufacturerID, MANUFACTURER_ID, 32);
	pInfo->flags = 0;
	scute_copy_string (pInfo->libraryDescription, LIBRARY_DESCRIPTION, 32);
	pInfo->libraryVersion.major = VERSION_MAJOR;
	pInfo->libraryVersion.minor = VERSION_MINOR;

	return CKR_OK;
	}
	diff --git a/src/p11-getmechanisminfo.c b/src/p11-getmechanisminfo.c
	index 2c11e95..3a1184a 100644
	--- a/src/p11-getmechanisminfo.c
	+++ b/src/p11-getmechanisminfo.c
	@@ -1,68 +1,59 @@
	/* p11-getmechanisminfo.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_GetMechanismInfo (CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
	CK_MECHANISM_INFO_PTR pInfo)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	mechanism_iterator_t mechanism;

	if (pInfo == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup (slotID, &slot);
	if (err)
	goto out;

	err = mechanisms_lookup (slot, &mechanism, type);
	if (err)
	goto out;

	pInfo = (mechanism_get_info (slot, mechanism));

	out:
	scute_global_unlock ();
	return CKR_OK;
	}
	diff --git a/src/p11-getmechanismlist.c b/src/p11-getmechanismlist.c
	index 2309424..0af104d 100644
	--- a/src/p11-getmechanismlist.c
	+++ b/src/p11-getmechanismlist.c
	@@ -1,91 +1,82 @@
	/* p11-getmechanismlist.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_GetMechanismList (CK_SLOT_ID slotID, CK_MECHANISM_TYPE_PTR pMechanismList,
	CK_ULONG_PTR pulCount)
	{
	CK_RV err = CKR_OK;
	CK_ULONG left;
	slot_iterator_t slot;
	mechanism_iterator_t mechanism;

	if (pulCount == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup (slotID, &slot);
	if (err)
	goto out;

	/* Leave LEFT positive for the whole search when only counting. */
	left = pMechanismList ? *pulCount : 1;
	*pulCount = 0;
	err = mechanisms_iterate_first (slot, &mechanism);
	if (err)
	goto out;

	while (!mechanisms_iterate_last (slot, &mechanism) && left && !err)
	{
	(*pulCount)++;

	if (pMechanismList)
	{
	*(pMechanismList++) = mechanism_get_type (slot, mechanism);
	left--;
	}
	err = mechanisms_iterate_next (slot, &mechanism);
	}

	if (err)
	goto out;

	if (!mechanisms_iterate_last (slot, &mechanism) && !left)
	{
	err = CKR_BUFFER_TOO_SMALL;
	goto out;
	}

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-getobjectsize.c b/src/p11-getobjectsize.c
	index f8076dc..4a84ac3 100644
	--- a/src/p11-getobjectsize.c
	+++ b/src/p11-getobjectsize.c
	@@ -1,45 +1,36 @@
	/* p11-getobjectsize.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_GetObjectSize (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
	CK_ULONG_PTR pulSize)
	{
	(void) hSession;
	(void) hObject;
	(void) pulSize;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-getoperationstate.c b/src/p11-getoperationstate.c
	index ecc4930..31ee416 100644
	--- a/src/p11-getoperationstate.c
	+++ b/src/p11-getoperationstate.c
	@@ -1,45 +1,36 @@
	/* p11-getoperationstate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_GetOperationState (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pOperationState,
	CK_ULONG_PTR pulOperationStateLen)
	{
	(void) hSession;
	(void) pOperationState;
	(void) pulOperationStateLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-getsessioninfo.c b/src/p11-getsessioninfo.c
	index 4ada773..e365c47 100644
	--- a/src/p11-getsessioninfo.c
	+++ b/src/p11-getsessioninfo.c
	@@ -1,100 +1,91 @@
	/* p11-getsessioninfo.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <assert.h>

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_GetSessionInfo (CK_SESSION_HANDLE hSession, CK_SESSION_INFO_PTR pInfo)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;
	bool rw;

	if (pInfo == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = slots_update_slot (slot);
	if (err)
	goto out;

	/* We have to re-lookup the session handle, as it might just have
	become invalid. */
	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	rw = session_get_rw (slot, session);
	switch (slot_get_status (slot))
	{
	case SLOT_LOGIN_PUBLIC:
	pInfo->state = rw ? CKS_RW_PUBLIC_SESSION : CKS_RO_PUBLIC_SESSION;
	break;

	case SLOT_LOGIN_USER:
	pInfo->state = rw ? CKS_RW_USER_FUNCTIONS : CKS_RO_USER_FUNCTIONS;
	break;

	case SLOT_LOGIN_SO:
	assert (rw);
	pInfo->state = CKS_RW_SO_FUNCTIONS;
	break;

	default:
	assert (!"Unhandled slot login state.");
	break;
	}

	pInfo->slotID = slot_get_id (slot);
	pInfo->flags = CKF_SERIAL_SESSION
	\| (rw ? CKF_RW_SESSION : 0);
	pInfo->ulDeviceError = 0;

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-getslotinfo.c b/src/p11-getslotinfo.c
	index 27b35df..c5bd8ed 100644
	--- a/src/p11-getslotinfo.c
	+++ b/src/p11-getslotinfo.c
	@@ -1,87 +1,78 @@
	/* p11-getslotinfo.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>
	#include <string.h>

	#include "cryptoki.h"

	#include "agent.h"
	#include "locking.h"
	#include "support.h"
	#include "settings.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_GetSlotInfo (CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	const char *s;
	int minor;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup (slotID, &slot);
	if (err)
	goto out;

	err = slots_update_slot (slot);
	if (err)
	goto out;

	/* FIXME: Query some of this from SCD. */
	scute_copy_string (pInfo->slotDescription, SLOT_DESCRIPTION, 64);
	scute_copy_string (pInfo->manufacturerID, SLOT_MANUFACTURER_ID, 32);

	pInfo->flags = CKF_REMOVABLE_DEVICE \| CKF_HW_SLOT;
	if (slot_token_present (slot))
	pInfo->flags \|= CKF_TOKEN_PRESENT;

	/* Use the gpg-agent version for the hardware version.. */
	pInfo->hardwareVersion.major = scute_agent_get_agent_version (&minor);
	pInfo->hardwareVersion.minor = minor;

	/* Use Scute version as Firmware version. */
	s = PACKAGE_VERSION;
	pInfo->firmwareVersion.major = atoi (s);
	s = strchr (s, '.');
	pInfo->firmwareVersion.minor = s? atoi (s+1): 0;

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-getslotlist.c b/src/p11-getslotlist.c
	index d494ed9..0d7999c 100644
	--- a/src/p11-getslotlist.c
	+++ b/src/p11-getslotlist.c
	@@ -1,106 +1,97 @@
	/* p11-getslotlist.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	/* Return the list of available slots. With TOKENPRESENT set only
	* slots with a present tokens are returned. If PSLOTLIST is NULL the
	* function only counts the number of slots and stores that number at
	* PULCOUNT. Further this also updates the inetrnal state and thus
	* this needs to be called to check for new devices. If PSLOTLIST is
	* not NULL it must point to an array which receives the slot
	* information. PULCOUNT must point to a variable which initially
	* holds the number of allocated slot items and will be updated on
	* return to the stored number of slot items.
	*/
	CK_RV CK_SPEC
	C_GetSlotList (CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList,
	CK_ULONG_PTR pulCount)
	{
	CK_RV err = CKR_OK;
	CK_ULONG left;
	slot_iterator_t slot;

	if (pulCount == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	if (pSlotList == NULL_PTR)
	{
	err = slots_update ();
	if (err)
	goto out;
	}

	/* Leave LEFT positive for the whole search when only counting. */
	left = pSlotList ? *pulCount : 1;
	*pulCount = 0;
	err = slots_iterate_first (&slot);
	if (err)
	goto out;

	while (!slots_iterate_last (&slot) && left && !err)
	{
	if (!tokenPresent \|\| slot_token_present (slot))
	{
	(*pulCount)++;

	if (pSlotList)
	{
	*(pSlotList++) = slot_get_id (slot);
	left--;
	}
	}
	err = slots_iterate_next (&slot);
	}

	if (err)
	goto out;

	if (!slots_iterate_last (&slot) && !left)
	{
	err = CKR_BUFFER_TOO_SMALL;
	goto out;
	}

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-gettokeninfo.c b/src/p11-gettokeninfo.c
	index bb9190a..b7cc1c7 100644
	--- a/src/p11-gettokeninfo.c
	+++ b/src/p11-gettokeninfo.c
	@@ -1,118 +1,109 @@
	/* p11-gettokeninfo.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "support.h"
	#include "settings.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_GetTokenInfo (CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	int len;
	int max;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup (slotID, &slot);
	if (err)
	goto out;

	if (!slot_token_present (slot))
	{
	err = CKR_TOKEN_NOT_PRESENT;
	goto out;
	}

	scute_copy_string (pInfo->label, slot_token_label (slot), 32);
	scute_copy_string (pInfo->manufacturerID,
	slot_token_manufacturer (slot), 32);
	scute_copy_string (pInfo->model, slot_token_application (slot), 16);
	scute_copy_string (pInfo->serialNumber, slot_token_serial (slot), 16);

	pInfo->flags = CKF_TOKEN_INITIALIZED
	\| CKF_PROTECTED_AUTHENTICATION_PATH \| CKF_WRITE_PROTECTED
	\| CKF_USER_PIN_INITIALIZED;

	if (slot_token_has_rng (slot))
	pInfo->flags \|= CKF_RNG;

	/* FIXME: CKF_USER_PIN_INITIALIZED only if PIN is not default pin?
	FIXME: CKF_LOGIN_REQUIRED needed? We could implement login via
	the "SCD CHECKPIN" command. I am not sure how this mixes with
	CKF_PROTECTED_AUTHENTICATION_PATH.

	Not supported:
	CKF_RESTORE_KEY_NOT_NEEDED, CKF_DUAL_CRYPTO_OPERATIONS.

	FIXME: We can support those, but do we worry about SO operations?
	CKF_SO_PIN_COUNT_LOW, CKF_SO_PIN_FINAL_TRY, CKF_SO_PIN_LOCKED.

	Not supported: CKF_USER_PIN_TO_BE_CHANGED, CKF_SO_PIN_TO_BE_CHANGED. */

	slot_token_pincount (slot, &max, &len);
	if (len < max)
	pInfo->flags \|= CKF_USER_PIN_COUNT_LOW;
	if (len == 1)
	pInfo->flags \|= CKF_USER_PIN_FINAL_TRY;
	else if (len == 0)
	pInfo->flags \|= CKF_USER_PIN_LOCKED;

	pInfo->ulMaxSessionCount = CK_EFFECTIVELY_INFINITE;
	pInfo->ulSessionCount = CK_UNAVAILABLE_INFORMATION;
	pInfo->ulMaxRwSessionCount = CK_EFFECTIVELY_INFINITE;
	pInfo->ulRwSessionCount = CK_UNAVAILABLE_INFORMATION;
	slot_token_maxpinlen (slot, &pInfo->ulMaxPinLen, &pInfo->ulMinPinLen);

	/* FIXME: Get the data from SCD? */
	pInfo->ulTotalPublicMemory = CK_UNAVAILABLE_INFORMATION;
	pInfo->ulFreePublicMemory = CK_UNAVAILABLE_INFORMATION;
	pInfo->ulTotalPrivateMemory = CK_UNAVAILABLE_INFORMATION;
	pInfo->ulFreePrivateMemory = CK_UNAVAILABLE_INFORMATION;
	slot_token_version (slot, &pInfo->hardwareVersion.major,
	&pInfo->hardwareVersion.minor,
	&pInfo->firmwareVersion.major,
	&pInfo->firmwareVersion.minor);
	scute_copy_string (pInfo->utcTime, "0000000000000000", 16);

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-initialize.c b/src/p11-initialize.c
	index d52ab59..386df0e 100644
	--- a/src/p11-initialize.c
	+++ b/src/p11-initialize.c
	@@ -1,129 +1,120 @@
	/* p11-initialize.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdbool.h>

	#ifdef HAVE_W32_SYSTEM
	#define __USE_W32_SOCKETS 1
	#include <windows.h>
	#endif

	#include <assuan.h>
	#include <gpg-error.h>

	#include "cryptoki.h"

	#include "settings.h"
	#include "locking.h"
	#include "agent.h"
	#include "error-mapping.h"
	#include "slots.h"
	#include "debug.h"


	CK_RV CK_SPEC
	C_Initialize (CK_VOID_PTR pInitArgs)
	{
	CK_RV err;

	#ifdef HAVE_W32_SYSTEM
	WSADATA wsadat;

	WSAStartup (0x202, &wsadat);
	#endif

	/* This is one of the few functions which do not need to take the
	global lock. */

	assuan_set_gpg_err_source (GPG_ERR_SOURCE_ANY);

	_scute_debug_init ();

	/* Check the threading configuration. */
	if (pInitArgs != NULL_PTR)
	{
	CK_C_INITIALIZE_ARGS_PTR args = pInitArgs;
	bool callbacks;

	if (args->pReserved != NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	if (NEED_TO_CREATE_THREADS
	&& (args->flags & CKF_LIBRARY_CANT_CREATE_OS_THREADS))
	return CKR_NEED_TO_CREATE_THREADS;

	/* Either all pointers are provided, or none are. */
	if (args->CreateMutex == NULL_PTR)
	{
	if (args->DestroyMutex != NULL_PTR \|\| args->LockMutex != NULL_PTR
	\|\| args->UnlockMutex != NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	callbacks = false;
	}
	else
	{
	if (args->DestroyMutex == NULL_PTR \|\| args->LockMutex == NULL_PTR
	\|\| args->UnlockMutex == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	callbacks = true;
	}

	/* FIXME: At this point, we do not support using the native
	thread package. */
	if (!callbacks && (args->flags & CKF_OS_LOCKING_OK))
	return CKR_CANT_LOCK;
	}

	err = scute_locking_initialize (pInitArgs);
	if (err)
	return err;

	err = scute_agent_initialize ();
	if (err)
	{
	scute_locking_finalize ();
	return scute_gpg_err_to_ck (err);
	}

	err = scute_slots_initialize ();
	if (err)
	{
	scute_agent_finalize ();
	scute_locking_finalize ();
	return err;
	}

	return err;
	}
	diff --git a/src/p11-initpin.c b/src/p11-initpin.c
	index 1c7d327..50b9913 100644
	--- a/src/p11-initpin.c
	+++ b/src/p11-initpin.c
	@@ -1,44 +1,35 @@
	/* p11-initpin.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_InitPIN (CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
	{
	(void) hSession;
	(void) pPin;
	(void) ulPinLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-inittoken.c b/src/p11-inittoken.c
	index 0586c4e..6e90674 100644
	--- a/src/p11-inittoken.c
	+++ b/src/p11-inittoken.c
	@@ -1,46 +1,37 @@
	/* p11-inittoken.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_InitToken (CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen,
	CK_UTF8CHAR_PTR pLabel)
	{
	(void) slotID;
	(void) pPin;
	(void) ulPinLen;
	(void) pLabel;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-login.c b/src/p11-login.c
	index afb6a8e..bbaef78 100644
	--- a/src/p11-login.c
	+++ b/src/p11-login.c
	@@ -1,46 +1,37 @@
	/* p11-login.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_Login (CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
	CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen)
	{
	(void) hSession;
	(void) userType;
	(void) pPin;
	(void) ulPinLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-logout.c b/src/p11-logout.c
	index bb83a3b..db7d7c3 100644
	--- a/src/p11-logout.c
	+++ b/src/p11-logout.c
	@@ -1,42 +1,33 @@
	/* p11-logout.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_Logout (CK_SESSION_HANDLE hSession)
	{
	(void) hSession;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-opensession.c b/src/p11-opensession.c
	index 32f197c..bf6e7b9 100644
	--- a/src/p11-opensession.c
	+++ b/src/p11-opensession.c
	@@ -1,79 +1,70 @@
	/* p11-opensession.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	CK_RV CK_SPEC
	C_OpenSession (CK_SLOT_ID slotID, CK_FLAGS flags, CK_VOID_PTR pApplication,
	CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;

	if (!(flags & CKF_SERIAL_SESSION))
	return CKR_SESSION_PARALLEL_NOT_SUPPORTED;

	/* We only support read-only operation for now. */
	if (flags & CKF_RW_SESSION)
	return CKR_TOKEN_WRITE_PROTECTED;

	/* We ignore the notification callback data in pApplication and
	Notify. We never call back into the application. */
	(void)pApplication;
	(void)Notify;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup (slotID, &slot);
	if (err)
	goto out;

	err = slot_create_session (slot, &session, flags & CKF_RW_SESSION);
	if (err)
	goto out;

	/* FIXME: Further initialisation comes here. */

	*phSession = session;

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-seedrandom.c b/src/p11-seedrandom.c
	index 883e2e3..f21d61b 100644
	--- a/src/p11-seedrandom.c
	+++ b/src/p11-seedrandom.c
	@@ -1,44 +1,35 @@
	/* p11-seedrandom.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SeedRandom (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, CK_ULONG ulSeedLen)
	{
	(void) hSession;
	(void) pSeed;
	(void) ulSeedLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-setattributevalue.c b/src/p11-setattributevalue.c
	index 92117b7..bb3734c 100644
	--- a/src/p11-setattributevalue.c
	+++ b/src/p11-setattributevalue.c
	@@ -1,46 +1,37 @@
	/* p11-setattributevalue.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SetAttributeValue (CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject,
	CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
	{
	(void) hSession;
	(void) hObject;
	(void) pTemplate;
	(void) ulCount;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-setoperationstate.c b/src/p11-setoperationstate.c
	index 716b93b..f9d465a 100644
	--- a/src/p11-setoperationstate.c
	+++ b/src/p11-setoperationstate.c
	@@ -1,49 +1,40 @@
	/* p11-setoperationstate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SetOperationState (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
	CK_OBJECT_HANDLE hEncryptionKey,
	CK_OBJECT_HANDLE hAuthenticationKey)
	{
	(void) hSession;
	(void) pOperationState;
	(void) ulOperationStateLen;
	(void) hEncryptionKey;
	(void) hAuthenticationKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-setpin.c b/src/p11-setpin.c
	index ce8eefc..e5df166 100644
	--- a/src/p11-setpin.c
	+++ b/src/p11-setpin.c
	@@ -1,48 +1,39 @@
	/* p11-setpin.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SetPIN (CK_SESSION_HANDLE hSession,
	CK_UTF8CHAR_PTR pOldPin, CK_ULONG ulOldLen,
	CK_UTF8CHAR_PTR pNewPin, CK_ULONG ulNewLen)
	{
	(void) hSession;
	(void) pOldPin;
	(void) ulOldLen;
	(void) pNewPin;
	(void) ulNewLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-sign.c b/src/p11-sign.c
	index 344bfd8..870f08c 100644
	--- a/src/p11-sign.c
	+++ b/src/p11-sign.c
	@@ -1,81 +1,72 @@
	/* p11-sign.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"


	/* Sign the data (PDATA,ULDATALEN) using the information recorded in
	* the HSESSION by C_SignInit. PSIGNAURE is a buffer to receive the
	* signature. The length of that buffer must be stored in a variable
	* to which PULSIGNATURELEN points to; on success that length is
	* updated to the actual length of the signature in PULSIGNATURE.
	*
	* If the function returns CKR_BUFFER_TOO_SMALL no further C_SignInit
	* is required, instead the function can be called again with a larger
	* buffer. On a successful operation CKR_OK is returned and other
	* signatures may be created without an new C_SignInit. On all other
	* return codes a new C_SignInit is required.
	*/
	CK_RV CK_SPEC
	C_Sign (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
	CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;

	if (pData == NULL_PTR \|\| pulSignatureLen == NULL_PTR)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	/* FIXME: Check that C_SignInit has been called. */

	err = session_sign (slot, session, pData, ulDataLen,
	pSignature, pulSignatureLen);

	out:
	/* FIXME: Update the flag which indicates whether C_SignInit has
	* been called. */
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-signencryptupdate.c b/src/p11-signencryptupdate.c
	index 21377a7..f5a6bac 100644
	--- a/src/p11-signencryptupdate.c
	+++ b/src/p11-signencryptupdate.c
	@@ -1,49 +1,40 @@
	/* p11-signencryptupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SignEncryptUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pPart, CK_ULONG ulPartLen,
	CK_BYTE_PTR pEncryptedPart,
	CK_ULONG_PTR pulEncryptedPartLen)
	{
	(void) hSession;
	(void) pPart;
	(void) ulPartLen;
	(void) pEncryptedPart;
	(void) pulEncryptedPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-signfinal.c b/src/p11-signfinal.c
	index f136c0f..1d26075 100644
	--- a/src/p11-signfinal.c
	+++ b/src/p11-signfinal.c
	@@ -1,45 +1,36 @@
	/* p11-signfinal.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SignFinal (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
	{
	(void) hSession;
	(void) pSignature;
	(void) pulSignatureLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-signinit.c b/src/p11-signinit.c
	index 598d91d..2c54502 100644
	--- a/src/p11-signinit.c
	+++ b/src/p11-signinit.c
	@@ -1,71 +1,62 @@
	/* p11-signinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"

	#include "locking.h"
	#include "slots.h"

	/* Prepare a signature operation. HSESSION is the session's handle.
	* PMECHANISM describes the mechanism to be used. HKEY describes the
	* key to be used. After calling this function either C_Sign or
	* (C_SignUpdate, C_SignFinal) can be used to actually sign the data.
	* The preparation is valid until C_Sign or C_SignFinal. */
	CK_RV CK_SPEC
	C_SignInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hKey)
	{
	CK_RV err = CKR_OK;
	slot_iterator_t slot;
	session_iterator_t session;

	if (pMechanism == NULL_PTR \|\| pMechanism->mechanism != CKM_RSA_PKCS)
	return CKR_ARGUMENTS_BAD;

	if (hKey == CK_INVALID_HANDLE)
	return CKR_ARGUMENTS_BAD;

	err = scute_global_lock ();
	if (err)
	return err;

	err = slots_lookup_session (hSession, &slot, &session);
	if (err)
	goto out;

	err = session_set_signing_key (slot, session, hKey);

	out:
	scute_global_unlock ();
	return err;
	}
	diff --git a/src/p11-signrecover.c b/src/p11-signrecover.c
	index c7e097d..5c93e56 100644
	--- a/src/p11-signrecover.c
	+++ b/src/p11-signrecover.c
	@@ -1,48 +1,39 @@
	/* p11-signrecover.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SignRecover (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pData, CK_ULONG ulDataLen,
	CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
	{
	(void) hSession;
	(void) pData;
	(void) ulDataLen;
	(void) pSignature;
	(void) pulSignatureLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-signrecoverinit.c b/src/p11-signrecoverinit.c
	index 39b18bb..744ca29 100644
	--- a/src/p11-signrecoverinit.c
	+++ b/src/p11-signrecoverinit.c
	@@ -1,45 +1,36 @@
	/* p11-signrecoverinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SignRecoverInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-signupdate.c b/src/p11-signupdate.c
	index b8e2500..c958db6 100644
	--- a/src/p11-signupdate.c
	+++ b/src/p11-signupdate.c
	@@ -1,44 +1,35 @@
	/* p11-signupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_SignUpdate (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
	{
	(void) hSession;
	(void) pPart;
	(void) ulPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-unwrapkey.c b/src/p11-unwrapkey.c
	index ac1f6e0..34bee37 100644
	--- a/src/p11-unwrapkey.c
	+++ b/src/p11-unwrapkey.c
	@@ -1,52 +1,43 @@
	/* p11-unwrapkey.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_UnwrapKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey,
	CK_ULONG ulWrappedKeyLen, CK_ATTRIBUTE_PTR pTemplate,
	CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hUnwrappingKey;
	(void) pWrappedKey;
	(void) ulWrappedKeyLen;
	(void) pTemplate;
	(void) ulAttributeCount;
	(void) phKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-verify.c b/src/p11-verify.c
	index e4eb00e..0de9f72 100644
	--- a/src/p11-verify.c
	+++ b/src/p11-verify.c
	@@ -1,47 +1,38 @@
	/* p11-verify.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_Verify (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen,
	CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
	{
	(void) hSession;
	(void) pData;
	(void) ulDataLen;
	(void) pSignature;
	(void) ulSignatureLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-verifyfinal.c b/src/p11-verifyfinal.c
	index 1ac34da..174d73e 100644
	--- a/src/p11-verifyfinal.c
	+++ b/src/p11-verifyfinal.c
	@@ -1,45 +1,36 @@
	/* p11-verifyfinal.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_VerifyFinal (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen)
	{
	(void) hSession;
	(void) pSignature;
	(void) ulSignatureLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-verifyinit.c b/src/p11-verifyinit.c
	index b548849..6b519fd 100644
	--- a/src/p11-verifyinit.c
	+++ b/src/p11-verifyinit.c
	@@ -1,45 +1,36 @@
	/* p11-verifyinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_VerifyInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-verifyrecover.c b/src/p11-verifyrecover.c
	index c8df451..9b6a434 100644
	--- a/src/p11-verifyrecover.c
	+++ b/src/p11-verifyrecover.c
	@@ -1,48 +1,39 @@
	/* p11-verifyrecover.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_VerifyRecover (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen,
	CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
	{
	(void) hSession;
	(void) pSignature;
	(void) ulSignatureLen;
	(void) pData;
	(void) pulDataLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-verifyrecoverinit.c b/src/p11-verifyrecoverinit.c
	index fe45cd4..f85d40e 100644
	--- a/src/p11-verifyrecoverinit.c
	+++ b/src/p11-verifyrecoverinit.c
	@@ -1,45 +1,36 @@
	/* p11-verifyrecoverinit.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_VerifyRecoverInit (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hKey)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hKey;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-verifyupdate.c b/src/p11-verifyupdate.c
	index 7d7699e..666c36d 100644
	--- a/src/p11-verifyupdate.c
	+++ b/src/p11-verifyupdate.c
	@@ -1,45 +1,36 @@
	/* p11-verifyupdate.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_VerifyUpdate (CK_SESSION_HANDLE hSession,
	CK_BYTE_PTR pPart, CK_ULONG ulPartLen)
	{
	(void) hSession;
	(void) pPart;
	(void) ulPartLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-waitforslotevent.c b/src/p11-waitforslotevent.c
	index af443fb..0211575 100644
	--- a/src/p11-waitforslotevent.c
	+++ b/src/p11-waitforslotevent.c
	@@ -1,45 +1,36 @@
	/* p11-waitforslotevent.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_WaitForSlotEvent (CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved)
	{
	/* See the TODO file why this is not implemented. */
	(void) flags;
	(void) pSlot;
	(void) pReserved;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/p11-wrapkey.c b/src/p11-wrapkey.c
	index e717957..4a39963 100644
	--- a/src/p11-wrapkey.c
	+++ b/src/p11-wrapkey.c
	@@ -1,49 +1,40 @@
	/* p11-wrapkey.c - Cryptoki implementation.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include "cryptoki.h"


	CK_RV CK_SPEC
	C_WrapKey (CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
	CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
	CK_BYTE_PTR pWrappedKey, CK_ULONG_PTR pulWrappedKeyLen)
	{
	(void) hSession;
	(void) pMechanism;
	(void) hWrappingKey;
	(void) hKey;
	(void) pWrappedKey;
	(void) pulWrappedKeyLen;
	return CKR_FUNCTION_NOT_SUPPORTED;
	}
	diff --git a/src/pkcs11.h b/src/pkcs11.h
	index 03e904b..6efefa9 100644
	--- a/src/pkcs11.h
	+++ b/src/pkcs11.h
	@@ -1,1365 +1,1370 @@
	/* pkcs11.h
	- Copyright 2006, 2007 g10 Code GmbH
	- Copyright 2006 Andreas Jellinghaus
	-
	- This file is free software; as a special exception the author gives
	- unlimited permission to copy and/or distribute it, with or without
	- modifications, as long as this notice is preserved.
	-
	- This file is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY, to the extent permitted by law; without even
	- the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
	- PURPOSE. */
	-
	-/* Please submit changes back to the Scute project at
	- http://www.scute.org/ (or send them to marcus@g10code.com), so that
	- they can be picked up by other projects from there as well. */
	+ * Copyright 2006, 2007 g10 Code GmbH
	+ * Copyright 2006 Andreas Jellinghaus
	+ *
	+ * This file is free software; as a special exception the authors give
	+ * unlimited permission to copy and/or distribute it, with or without
	+ * modifications, as long as this notice is preserved.
	+ *
	+ * This file is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY, to the extent permitted by law; without even
	+ * the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
	+ * PURPOSE.
	+ * SPDX-License-Identifier: FSFULLR
	+ */

	/* This file is a modified implementation of the PKCS #11 standard by
	- RSA Security Inc. It is mostly a drop-in replacement, with the
	- following change:
	-
	- This header file does not require any macro definitions by the user
	- (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
	- for you (if useful, some are missing, let me know if you need
	- more).
	-
	- There is an additional API available that does comply better to the
	- GNU coding standard. It can be switched on by defining
	- CRYPTOKI_GNU before including this header file. For this, the
	- following changes are made to the specification:
	-
	- All structure types are changed to a "struct ck_foo" where CK_FOO
	- is the type name in PKCS #11.
	-
	- All non-structure types are changed to ck_foo_t where CK_FOO is the
	- lowercase version of the type name in PKCS #11. The basic types
	- (CK_ULONG et al.) are removed without substitute.
	-
	- All members of structures are modified in the following way: Type
	- indication prefixes are removed, and underscore characters are
	- inserted before words. Then the result is lowercased.
	-
	- Note that function names are still in the original case, as they
	- need for ABI compatibility.
	-
	- CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
	- <stdbool.h>.
	+ * RSA Security Inc. It is mostly a drop-in replacement, with the
	+ * following change:
	+ *
	+ * This header file does not require any macro definitions by the user
	+ * (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
	+ * for you (if useful, some are missing, let me know if you need
	+ * more).
	+ *
	+ * There is an additional API available that does comply better to the
	+ * GNU coding standard. It can be switched on by defining
	+ * CRYPTOKI_GNU before including this header file. For this, the
	+ * following changes are made to the specification:
	+ *
	+ * All structure types are changed to a "struct ck_foo" where CK_FOO
	+ * is the type name in PKCS #11.
	+ *
	+ * All non-structure types are changed to ck_foo_t where CK_FOO is the
	+ * lowercase version of the type name in PKCS #11. The basic types
	+ * (CK_ULONG et al.) are removed without substitute.
	+ *
	+ * All members of structures are modified in the following way: Type
	+ * indication prefixes are removed, and underscore characters are
	+ * inserted before words. Then the result is lowercased.
	+ *
	+ * Note that function names are still in the original case, as they
	+ * need for ABI compatibility.
	+ *
	+ * CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
	+ * <stdbool.h>.
	+ *
	+ * If CRYPTOKI_COMPAT is defined before including this header file,
	+ * then none of the API changes above take place, and the API is the
	+ * one defined by the PKCS #11 standard.
	+ *
	+ *
	+ * Please submit changes back to the Scute project with a request to
	+ * https://dev.gnupg.org, so that they can be picked up by other
	+ * projects from there as well.
	+ */

	- If CRYPTOKI_COMPAT is defined before including this header file,
	- then none of the API changes above take place, and the API is the
	- one defined by the PKCS #11 standard. */

	#ifndef PKCS11_H
	#define PKCS11_H 1

	#if defined(__cplusplus)
	extern "C" {
	#endif


	/* The version of cryptoki we implement. The revision is changed with
	each modification of this file. If you do not use the "official"
	version of this file, please consider deleting the revision macro
	(you may use a macro with a different name to keep track of your
	versions). */
	#define CRYPTOKI_VERSION_MAJOR 2
	#define CRYPTOKI_VERSION_MINOR 20
	#define CRYPTOKI_VERSION_REVISION 6


	/* Compatibility interface is default, unless CRYPTOKI_GNU is
	given. */
	#ifndef CRYPTOKI_GNU
	#ifndef CRYPTOKI_COMPAT
	#define CRYPTOKI_COMPAT 1
	#endif
	#endif

	/* System dependencies. */

	#if defined(_WIN32) \|\| defined(CRYPTOKI_FORCE_WIN32)

	/* There is a matching pop below. */
	#pragma pack(push, cryptoki, 1)

	#ifdef CRYPTOKI_EXPORTS
	#define CK_SPEC __declspec(dllexport)
	#else
	#define CK_SPEC __declspec(dllimport)
	#endif

	#else

	#define CK_SPEC

	#endif


	#ifdef CRYPTOKI_COMPAT
	/* If we are in compatibility mode, switch all exposed names to the
	PKCS #11 variant. There are corresponding #undefs below. */

	#define ck_flags_t CK_FLAGS
	#define ck_version _CK_VERSION

	#define ck_info _CK_INFO
	#define cryptoki_version cryptokiVersion
	#define manufacturer_id manufacturerID
	#define library_description libraryDescription
	#define library_version libraryVersion

	#define ck_notification_t CK_NOTIFICATION
	#define ck_slot_id_t CK_SLOT_ID

	#define ck_slot_info _CK_SLOT_INFO
	#define slot_description slotDescription
	#define hardware_version hardwareVersion
	#define firmware_version firmwareVersion

	#define ck_token_info _CK_TOKEN_INFO
	#define serial_number serialNumber
	#define max_session_count ulMaxSessionCount
	#define session_count ulSessionCount
	#define max_rw_session_count ulMaxRwSessionCount
	#define rw_session_count ulRwSessionCount
	#define max_pin_len ulMaxPinLen
	#define min_pin_len ulMinPinLen
	#define total_public_memory ulTotalPublicMemory
	#define free_public_memory ulFreePublicMemory
	#define total_private_memory ulTotalPrivateMemory
	#define free_private_memory ulFreePrivateMemory
	#define utc_time utcTime

	#define ck_session_handle_t CK_SESSION_HANDLE
	#define ck_user_type_t CK_USER_TYPE
	#define ck_state_t CK_STATE

	#define ck_session_info _CK_SESSION_INFO
	#define slot_id slotID
	#define device_error ulDeviceError

	#define ck_object_handle_t CK_OBJECT_HANDLE
	#define ck_object_class_t CK_OBJECT_CLASS
	#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
	#define ck_key_type_t CK_KEY_TYPE
	#define ck_certificate_type_t CK_CERTIFICATE_TYPE
	#define ck_attribute_type_t CK_ATTRIBUTE_TYPE

	#define ck_attribute _CK_ATTRIBUTE
	#define value pValue
	#define value_len ulValueLen

	#define ck_date _CK_DATE

	#define ck_mechanism_type_t CK_MECHANISM_TYPE

	#define ck_mechanism _CK_MECHANISM
	#define parameter pParameter
	#define parameter_len ulParameterLen

	#define ck_mechanism_info _CK_MECHANISM_INFO
	#define min_key_size ulMinKeySize
	#define max_key_size ulMaxKeySize

	#define ck_rv_t CK_RV
	#define ck_notify_t CK_NOTIFY

	#define ck_function_list _CK_FUNCTION_LIST

	#define ck_createmutex_t CK_CREATEMUTEX
	#define ck_destroymutex_t CK_DESTROYMUTEX
	#define ck_lockmutex_t CK_LOCKMUTEX
	#define ck_unlockmutex_t CK_UNLOCKMUTEX

	#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
	#define create_mutex CreateMutex
	#define destroy_mutex DestroyMutex
	#define lock_mutex LockMutex
	#define unlock_mutex UnlockMutex
	#define reserved pReserved

	#endif /* CRYPTOKI_COMPAT */



	typedef unsigned long ck_flags_t;

	struct ck_version
	{
	unsigned char major;
	unsigned char minor;
	};


	struct ck_info
	{
	struct ck_version cryptoki_version;
	unsigned char manufacturer_id[32];
	ck_flags_t flags;
	unsigned char library_description[32];
	struct ck_version library_version;
	};


	typedef unsigned long ck_notification_t;

	#define CKN_SURRENDER (0UL)


	typedef unsigned long ck_slot_id_t;


	struct ck_slot_info
	{
	unsigned char slot_description[64];
	unsigned char manufacturer_id[32];
	ck_flags_t flags;
	struct ck_version hardware_version;
	struct ck_version firmware_version;
	};


	#define CKF_TOKEN_PRESENT (1UL << 0)
	#define CKF_REMOVABLE_DEVICE (1UL << 1)
	#define CKF_HW_SLOT (1UL << 2)
	#define CKF_ARRAY_ATTRIBUTE (1UL << 30)


	struct ck_token_info
	{
	unsigned char label[32];
	unsigned char manufacturer_id[32];
	unsigned char model[16];
	unsigned char serial_number[16];
	ck_flags_t flags;
	unsigned long max_session_count;
	unsigned long session_count;
	unsigned long max_rw_session_count;
	unsigned long rw_session_count;
	unsigned long max_pin_len;
	unsigned long min_pin_len;
	unsigned long total_public_memory;
	unsigned long free_public_memory;
	unsigned long total_private_memory;
	unsigned long free_private_memory;
	struct ck_version hardware_version;
	struct ck_version firmware_version;
	unsigned char utc_time[16];
	};


	#define CKF_RNG (1UL << 0)
	#define CKF_WRITE_PROTECTED (1UL << 1)
	#define CKF_LOGIN_REQUIRED (1UL << 2)
	#define CKF_USER_PIN_INITIALIZED (1UL << 3)
	#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5)
	#define CKF_CLOCK_ON_TOKEN (1UL << 6)
	#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8)
	#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9)
	#define CKF_TOKEN_INITIALIZED (1UL << 10)
	#define CKF_SECONDARY_AUTHENTICATION (1UL << 11)
	#define CKF_USER_PIN_COUNT_LOW (1UL << 16)
	#define CKF_USER_PIN_FINAL_TRY (1UL << 17)
	#define CKF_USER_PIN_LOCKED (1UL << 18)
	#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19)
	#define CKF_SO_PIN_COUNT_LOW (1UL << 20)
	#define CKF_SO_PIN_FINAL_TRY (1UL << 21)
	#define CKF_SO_PIN_LOCKED (1UL << 22)
	#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23)

	#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
	#define CK_EFFECTIVELY_INFINITE (0UL)


	typedef unsigned long ck_session_handle_t;

	#define CK_INVALID_HANDLE (0UL)


	typedef unsigned long ck_user_type_t;

	#define CKU_SO (0UL)
	#define CKU_USER (1UL)
	#define CKU_CONTEXT_SPECIFIC (2UL)


	typedef unsigned long ck_state_t;

	#define CKS_RO_PUBLIC_SESSION (0UL)
	#define CKS_RO_USER_FUNCTIONS (1UL)
	#define CKS_RW_PUBLIC_SESSION (2UL)
	#define CKS_RW_USER_FUNCTIONS (3UL)
	#define CKS_RW_SO_FUNCTIONS (4UL)


	struct ck_session_info
	{
	ck_slot_id_t slot_id;
	ck_state_t state;
	ck_flags_t flags;
	unsigned long device_error;
	};

	#define CKF_RW_SESSION (1UL << 1)
	#define CKF_SERIAL_SESSION (1UL << 2)


	typedef unsigned long ck_object_handle_t;


	typedef unsigned long ck_object_class_t;

	#define CKO_DATA (0UL)
	#define CKO_CERTIFICATE (1UL)
	#define CKO_PUBLIC_KEY (2UL)
	#define CKO_PRIVATE_KEY (3UL)
	#define CKO_SECRET_KEY (4UL)
	#define CKO_HW_FEATURE (5UL)
	#define CKO_DOMAIN_PARAMETERS (6UL)
	#define CKO_MECHANISM (7UL)
	#define CKO_VENDOR_DEFINED (1UL << 31)


	typedef unsigned long ck_hw_feature_type_t;

	#define CKH_MONOTONIC_COUNTER (1UL)
	#define CKH_CLOCK (2UL)
	#define CKH_USER_INTERFACE (3UL)
	#define CKH_VENDOR_DEFINED (1UL << 31)


	typedef unsigned long ck_key_type_t;

	#define CKK_RSA (0UL)
	#define CKK_DSA (1UL)
	#define CKK_DH (2UL)
	#define CKK_ECDSA (3UL)
	#define CKK_EC (3UL)
	#define CKK_X9_42_DH (4UL)
	#define CKK_KEA (5UL)
	#define CKK_GENERIC_SECRET (0x10UL)
	#define CKK_RC2 (0x11UL)
	#define CKK_RC4 (0x12UL)
	#define CKK_DES (0x13UL)
	#define CKK_DES2 (0x14UL)
	#define CKK_DES3 (0x15UL)
	#define CKK_CAST (0x16UL)
	#define CKK_CAST3 (0x17UL)
	#define CKK_CAST128 (0x18UL)
	#define CKK_RC5 (0x19UL)
	#define CKK_IDEA (0x1aUL)
	#define CKK_SKIPJACK (0x1bUL)
	#define CKK_BATON (0x1cUL)
	#define CKK_JUNIPER (0x1dUL)
	#define CKK_CDMF (0x1eUL)
	#define CKK_AES (0x1fUL)
	#define CKK_BLOWFISH (0x20UL)
	#define CKK_TWOFISH (0x21UL)
	#define CKK_GOSTR3410 (0x30UL)
	#define CKK_VENDOR_DEFINED (1UL << 31)


	typedef unsigned long ck_certificate_type_t;

	#define CKC_X_509 (0UL)
	#define CKC_X_509_ATTR_CERT (1UL)
	#define CKC_WTLS (2UL)
	#define CKC_VENDOR_DEFINED (1UL << 31)


	typedef unsigned long ck_attribute_type_t;

	#define CKA_CLASS (0UL)
	#define CKA_TOKEN (1UL)
	#define CKA_PRIVATE (2UL)
	#define CKA_LABEL (3UL)
	#define CKA_APPLICATION (0x10UL)
	#define CKA_VALUE (0x11UL)
	#define CKA_OBJECT_ID (0x12UL)
	#define CKA_CERTIFICATE_TYPE (0x80UL)
	#define CKA_ISSUER (0x81UL)
	#define CKA_SERIAL_NUMBER (0x82UL)
	#define CKA_AC_ISSUER (0x83UL)
	#define CKA_OWNER (0x84UL)
	#define CKA_ATTR_TYPES (0x85UL)
	#define CKA_TRUSTED (0x86UL)
	#define CKA_CERTIFICATE_CATEGORY (0x87UL)
	#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL)
	#define CKA_URL (0x89UL)
	#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL)
	#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL)
	#define CKA_CHECK_VALUE (0x90UL)
	#define CKA_KEY_TYPE (0x100UL)
	#define CKA_SUBJECT (0x101UL)
	#define CKA_ID (0x102UL)
	#define CKA_SENSITIVE (0x103UL)
	#define CKA_ENCRYPT (0x104UL)
	#define CKA_DECRYPT (0x105UL)
	#define CKA_WRAP (0x106UL)
	#define CKA_UNWRAP (0x107UL)
	#define CKA_SIGN (0x108UL)
	#define CKA_SIGN_RECOVER (0x109UL)
	#define CKA_VERIFY (0x10aUL)
	#define CKA_VERIFY_RECOVER (0x10bUL)
	#define CKA_DERIVE (0x10cUL)
	#define CKA_START_DATE (0x110UL)
	#define CKA_END_DATE (0x111UL)
	#define CKA_MODULUS (0x120UL)
	#define CKA_MODULUS_BITS (0x121UL)
	#define CKA_PUBLIC_EXPONENT (0x122UL)
	#define CKA_PRIVATE_EXPONENT (0x123UL)
	#define CKA_PRIME_1 (0x124UL)
	#define CKA_PRIME_2 (0x125UL)
	#define CKA_EXPONENT_1 (0x126UL)
	#define CKA_EXPONENT_2 (0x127UL)
	#define CKA_COEFFICIENT (0x128UL)
	#define CKA_PRIME (0x130UL)
	#define CKA_SUBPRIME (0x131UL)
	#define CKA_BASE (0x132UL)
	#define CKA_PRIME_BITS (0x133UL)
	#define CKA_SUB_PRIME_BITS (0x134UL)
	#define CKA_VALUE_BITS (0x160UL)
	#define CKA_VALUE_LEN (0x161UL)
	#define CKA_EXTRACTABLE (0x162UL)
	#define CKA_LOCAL (0x163UL)
	#define CKA_NEVER_EXTRACTABLE (0x164UL)
	#define CKA_ALWAYS_SENSITIVE (0x165UL)
	#define CKA_KEY_GEN_MECHANISM (0x166UL)
	#define CKA_MODIFIABLE (0x170UL)
	#define CKA_ECDSA_PARAMS (0x180UL)
	#define CKA_EC_PARAMS (0x180UL)
	#define CKA_EC_POINT (0x181UL)
	#define CKA_SECONDARY_AUTH (0x200UL)
	#define CKA_AUTH_PIN_FLAGS (0x201UL)
	#define CKA_ALWAYS_AUTHENTICATE (0x202UL)
	#define CKA_WRAP_WITH_TRUSTED (0x210UL)
	#define CKA_GOSTR3410_PARAMS (0x250UL)
	#define CKA_GOSTR3411_PARAMS (0x251UL)
	#define CKA_GOST28147_PARAMS (0x252UL)
	#define CKA_HW_FEATURE_TYPE (0x300UL)
	#define CKA_RESET_ON_INIT (0x301UL)
	#define CKA_HAS_RESET (0x302UL)
	#define CKA_PIXEL_X (0x400UL)
	#define CKA_PIXEL_Y (0x401UL)
	#define CKA_RESOLUTION (0x402UL)
	#define CKA_CHAR_ROWS (0x403UL)
	#define CKA_CHAR_COLUMNS (0x404UL)
	#define CKA_COLOR (0x405UL)
	#define CKA_BITS_PER_PIXEL (0x406UL)
	#define CKA_CHAR_SETS (0x480UL)
	#define CKA_ENCODING_METHODS (0x481UL)
	#define CKA_MIME_TYPES (0x482UL)
	#define CKA_MECHANISM_TYPE (0x500UL)
	#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL)
	#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL)
	#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL)
	#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE \| 0x211UL)
	#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE \| 0x212UL)
	#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE \| 0x600UL)
	#define CKA_VENDOR_DEFINED (1UL << 31)


	struct ck_attribute
	{
	ck_attribute_type_t type;
	void *value;
	unsigned long value_len;
	};


	struct ck_date
	{
	unsigned char year[4];
	unsigned char month[2];
	unsigned char day[2];
	};


	typedef unsigned long ck_mechanism_type_t;

	#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL)
	#define CKM_RSA_PKCS (1UL)
	#define CKM_RSA_9796 (2UL)
	#define CKM_RSA_X_509 (3UL)
	#define CKM_MD2_RSA_PKCS (4UL)
	#define CKM_MD5_RSA_PKCS (5UL)
	#define CKM_SHA1_RSA_PKCS (6UL)
	#define CKM_RIPEMD128_RSA_PKCS (7UL)
	#define CKM_RIPEMD160_RSA_PKCS (8UL)
	#define CKM_RSA_PKCS_OAEP (9UL)
	#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL)
	#define CKM_RSA_X9_31 (0xbUL)
	#define CKM_SHA1_RSA_X9_31 (0xcUL)
	#define CKM_RSA_PKCS_PSS (0xdUL)
	#define CKM_SHA1_RSA_PKCS_PSS (0xeUL)
	#define CKM_DSA_KEY_PAIR_GEN (0x10UL)
	#define CKM_DSA (0x11UL)
	#define CKM_DSA_SHA1 (0x12UL)
	#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL)
	#define CKM_DH_PKCS_DERIVE (0x21UL)
	#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL)
	#define CKM_X9_42_DH_DERIVE (0x31UL)
	#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL)
	#define CKM_X9_42_MQV_DERIVE (0x33UL)
	#define CKM_SHA256_RSA_PKCS (0x40UL)
	#define CKM_SHA384_RSA_PKCS (0x41UL)
	#define CKM_SHA512_RSA_PKCS (0x42UL)
	#define CKM_SHA256_RSA_PKCS_PSS (0x43UL)
	#define CKM_SHA384_RSA_PKCS_PSS (0x44UL)
	#define CKM_SHA512_RSA_PKCS_PSS (0x45UL)
	#define CKM_RC2_KEY_GEN (0x100UL)
	#define CKM_RC2_ECB (0x101UL)
	#define CKM_RC2_CBC (0x102UL)
	#define CKM_RC2_MAC (0x103UL)
	#define CKM_RC2_MAC_GENERAL (0x104UL)
	#define CKM_RC2_CBC_PAD (0x105UL)
	#define CKM_RC4_KEY_GEN (0x110UL)
	#define CKM_RC4 (0x111UL)
	#define CKM_DES_KEY_GEN (0x120UL)
	#define CKM_DES_ECB (0x121UL)
	#define CKM_DES_CBC (0x122UL)
	#define CKM_DES_MAC (0x123UL)
	#define CKM_DES_MAC_GENERAL (0x124UL)
	#define CKM_DES_CBC_PAD (0x125UL)
	#define CKM_DES2_KEY_GEN (0x130UL)
	#define CKM_DES3_KEY_GEN (0x131UL)
	#define CKM_DES3_ECB (0x132UL)
	#define CKM_DES3_CBC (0x133UL)
	#define CKM_DES3_MAC (0x134UL)
	#define CKM_DES3_MAC_GENERAL (0x135UL)
	#define CKM_DES3_CBC_PAD (0x136UL)
	#define CKM_CDMF_KEY_GEN (0x140UL)
	#define CKM_CDMF_ECB (0x141UL)
	#define CKM_CDMF_CBC (0x142UL)
	#define CKM_CDMF_MAC (0x143UL)
	#define CKM_CDMF_MAC_GENERAL (0x144UL)
	#define CKM_CDMF_CBC_PAD (0x145UL)
	#define CKM_MD2 (0x200UL)
	#define CKM_MD2_HMAC (0x201UL)
	#define CKM_MD2_HMAC_GENERAL (0x202UL)
	#define CKM_MD5 (0x210UL)
	#define CKM_MD5_HMAC (0x211UL)
	#define CKM_MD5_HMAC_GENERAL (0x212UL)
	#define CKM_SHA_1 (0x220UL)
	#define CKM_SHA_1_HMAC (0x221UL)
	#define CKM_SHA_1_HMAC_GENERAL (0x222UL)
	#define CKM_RIPEMD128 (0x230UL)
	#define CKM_RIPEMD128_HMAC (0x231UL)
	#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL)
	#define CKM_RIPEMD160 (0x240UL)
	#define CKM_RIPEMD160_HMAC (0x241UL)
	#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL)
	#define CKM_SHA256 (0x250UL)
	#define CKM_SHA256_HMAC (0x251UL)
	#define CKM_SHA256_HMAC_GENERAL (0x252UL)
	#define CKM_SHA384 (0x260UL)
	#define CKM_SHA384_HMAC (0x261UL)
	#define CKM_SHA384_HMAC_GENERAL (0x262UL)
	#define CKM_SHA512 (0x270UL)
	#define CKM_SHA512_HMAC (0x271UL)
	#define CKM_SHA512_HMAC_GENERAL (0x272UL)
	#define CKM_CAST_KEY_GEN (0x300UL)
	#define CKM_CAST_ECB (0x301UL)
	#define CKM_CAST_CBC (0x302UL)
	#define CKM_CAST_MAC (0x303UL)
	#define CKM_CAST_MAC_GENERAL (0x304UL)
	#define CKM_CAST_CBC_PAD (0x305UL)
	#define CKM_CAST3_KEY_GEN (0x310UL)
	#define CKM_CAST3_ECB (0x311UL)
	#define CKM_CAST3_CBC (0x312UL)
	#define CKM_CAST3_MAC (0x313UL)
	#define CKM_CAST3_MAC_GENERAL (0x314UL)
	#define CKM_CAST3_CBC_PAD (0x315UL)
	#define CKM_CAST5_KEY_GEN (0x320UL)
	#define CKM_CAST128_KEY_GEN (0x320UL)
	#define CKM_CAST5_ECB (0x321UL)
	#define CKM_CAST128_ECB (0x321UL)
	#define CKM_CAST5_CBC (0x322UL)
	#define CKM_CAST128_CBC (0x322UL)
	#define CKM_CAST5_MAC (0x323UL)
	#define CKM_CAST128_MAC (0x323UL)
	#define CKM_CAST5_MAC_GENERAL (0x324UL)
	#define CKM_CAST128_MAC_GENERAL (0x324UL)
	#define CKM_CAST5_CBC_PAD (0x325UL)
	#define CKM_CAST128_CBC_PAD (0x325UL)
	#define CKM_RC5_KEY_GEN (0x330UL)
	#define CKM_RC5_ECB (0x331UL)
	#define CKM_RC5_CBC (0x332UL)
	#define CKM_RC5_MAC (0x333UL)
	#define CKM_RC5_MAC_GENERAL (0x334UL)
	#define CKM_RC5_CBC_PAD (0x335UL)
	#define CKM_IDEA_KEY_GEN (0x340UL)
	#define CKM_IDEA_ECB (0x341UL)
	#define CKM_IDEA_CBC (0x342UL)
	#define CKM_IDEA_MAC (0x343UL)
	#define CKM_IDEA_MAC_GENERAL (0x344UL)
	#define CKM_IDEA_CBC_PAD (0x345UL)
	#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL)
	#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL)
	#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL)
	#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL)
	#define CKM_XOR_BASE_AND_DATA (0x364UL)
	#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL)
	#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL)
	#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL)
	#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL)
	#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL)
	#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL)
	#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL)
	#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL)
	#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL)
	#define CKM_SSL3_MD5_MAC (0x380UL)
	#define CKM_SSL3_SHA1_MAC (0x381UL)
	#define CKM_MD5_KEY_DERIVATION (0x390UL)
	#define CKM_MD2_KEY_DERIVATION (0x391UL)
	#define CKM_SHA1_KEY_DERIVATION (0x392UL)
	#define CKM_PBE_MD2_DES_CBC (0x3a0UL)
	#define CKM_PBE_MD5_DES_CBC (0x3a1UL)
	#define CKM_PBE_MD5_CAST_CBC (0x3a2UL)
	#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL)
	#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL)
	#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL)
	#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL)
	#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL)
	#define CKM_PBE_SHA1_RC4_128 (0x3a6UL)
	#define CKM_PBE_SHA1_RC4_40 (0x3a7UL)
	#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL)
	#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL)
	#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL)
	#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL)
	#define CKM_PKCS5_PBKD2 (0x3b0UL)
	#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL)
	#define CKM_KEY_WRAP_LYNKS (0x400UL)
	#define CKM_KEY_WRAP_SET_OAEP (0x401UL)
	#define CKM_SKIPJACK_KEY_GEN (0x1000UL)
	#define CKM_SKIPJACK_ECB64 (0x1001UL)
	#define CKM_SKIPJACK_CBC64 (0x1002UL)
	#define CKM_SKIPJACK_OFB64 (0x1003UL)
	#define CKM_SKIPJACK_CFB64 (0x1004UL)
	#define CKM_SKIPJACK_CFB32 (0x1005UL)
	#define CKM_SKIPJACK_CFB16 (0x1006UL)
	#define CKM_SKIPJACK_CFB8 (0x1007UL)
	#define CKM_SKIPJACK_WRAP (0x1008UL)
	#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL)
	#define CKM_SKIPJACK_RELAYX (0x100aUL)
	#define CKM_KEA_KEY_PAIR_GEN (0x1010UL)
	#define CKM_KEA_KEY_DERIVE (0x1011UL)
	#define CKM_FORTEZZA_TIMESTAMP (0x1020UL)
	#define CKM_BATON_KEY_GEN (0x1030UL)
	#define CKM_BATON_ECB128 (0x1031UL)
	#define CKM_BATON_ECB96 (0x1032UL)
	#define CKM_BATON_CBC128 (0x1033UL)
	#define CKM_BATON_COUNTER (0x1034UL)
	#define CKM_BATON_SHUFFLE (0x1035UL)
	#define CKM_BATON_WRAP (0x1036UL)
	#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL)
	#define CKM_EC_KEY_PAIR_GEN (0x1040UL)
	#define CKM_ECDSA (0x1041UL)
	#define CKM_ECDSA_SHA1 (0x1042UL)
	#define CKM_ECDH1_DERIVE (0x1050UL)
	#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL)
	#define CKM_ECMQV_DERIVE (0x1052UL)
	#define CKM_JUNIPER_KEY_GEN (0x1060UL)
	#define CKM_JUNIPER_ECB128 (0x1061UL)
	#define CKM_JUNIPER_CBC128 (0x1062UL)
	#define CKM_JUNIPER_COUNTER (0x1063UL)
	#define CKM_JUNIPER_SHUFFLE (0x1064UL)
	#define CKM_JUNIPER_WRAP (0x1065UL)
	#define CKM_FASTHASH (0x1070UL)
	#define CKM_AES_KEY_GEN (0x1080UL)
	#define CKM_AES_ECB (0x1081UL)
	#define CKM_AES_CBC (0x1082UL)
	#define CKM_AES_MAC (0x1083UL)
	#define CKM_AES_MAC_GENERAL (0x1084UL)
	#define CKM_AES_CBC_PAD (0x1085UL)
	#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL)
	#define CKM_GOSTR3410 (0x1201UL)
	#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL)
	#define CKM_GOSTR3411 (0x1210UL)
	#define CKM_DSA_PARAMETER_GEN (0x2000UL)
	#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL)
	#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL)
	#define CKM_VENDOR_DEFINED (1UL << 31)


	struct ck_mechanism
	{
	ck_mechanism_type_t mechanism;
	void *parameter;
	unsigned long parameter_len;
	};


	struct ck_mechanism_info
	{
	unsigned long min_key_size;
	unsigned long max_key_size;
	ck_flags_t flags;
	};

	#define CKF_HW (1UL << 0)
	#define CKF_ENCRYPT (1UL << 8)
	#define CKF_DECRYPT (1UL << 9)
	#define CKF_DIGEST (1UL << 10)
	#define CKF_SIGN (1UL << 11)
	#define CKF_SIGN_RECOVER (1UL << 12)
	#define CKF_VERIFY (1UL << 13)
	#define CKF_VERIFY_RECOVER (1UL << 14)
	#define CKF_GENERATE (1UL << 15)
	#define CKF_GENERATE_KEY_PAIR (1UL << 16)
	#define CKF_WRAP (1UL << 17)
	#define CKF_UNWRAP (1UL << 18)
	#define CKF_DERIVE (1UL << 19)
	#define CKF_EXTENSION (1UL << 31)


	/* Flags for C_WaitForSlotEvent. */
	#define CKF_DONT_BLOCK (1UL)


	typedef unsigned long ck_rv_t;


	typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
	ck_notification_t event, void *application);

	/* Forward reference. */
	struct ck_function_list;

	#define _CK_DECLARE_FUNCTION(name, args) \
	typedef ck_rv_t (*CK_ ## name) args; \
	ck_rv_t CK_SPEC name args

	_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
	_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
	_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
	_CK_DECLARE_FUNCTION (C_GetFunctionList,
	(struct ck_function_list **function_list));

	_CK_DECLARE_FUNCTION (C_GetSlotList,
	(unsigned char token_present, ck_slot_id_t *slot_list,
	unsigned long *count));
	_CK_DECLARE_FUNCTION (C_GetSlotInfo,
	(ck_slot_id_t slot_id, struct ck_slot_info *info));
	_CK_DECLARE_FUNCTION (C_GetTokenInfo,
	(ck_slot_id_t slot_id, struct ck_token_info *info));
	_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
	(ck_flags_t flags, ck_slot_id_t slot, void reserved));
	_CK_DECLARE_FUNCTION (C_GetMechanismList,
	(ck_slot_id_t slot_id,
	ck_mechanism_type_t *mechanism_list,
	unsigned long *count));
	_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
	(ck_slot_id_t slot_id, ck_mechanism_type_t type,
	struct ck_mechanism_info *info));
	_CK_DECLARE_FUNCTION (C_InitToken,
	(ck_slot_id_t slot_id, unsigned char *pin,
	unsigned long pin_len, unsigned char *label));
	_CK_DECLARE_FUNCTION (C_InitPIN,
	(ck_session_handle_t session, unsigned char *pin,
	unsigned long pin_len));
	_CK_DECLARE_FUNCTION (C_SetPIN,
	(ck_session_handle_t session, unsigned char *old_pin,
	unsigned long old_len, unsigned char *new_pin,
	unsigned long new_len));

	_CK_DECLARE_FUNCTION (C_OpenSession,
	(ck_slot_id_t slot_id, ck_flags_t flags,
	void *application, ck_notify_t notify,
	ck_session_handle_t *session));
	_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
	_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
	_CK_DECLARE_FUNCTION (C_GetSessionInfo,
	(ck_session_handle_t session,
	struct ck_session_info *info));
	_CK_DECLARE_FUNCTION (C_GetOperationState,
	(ck_session_handle_t session,
	unsigned char *operation_state,
	unsigned long *operation_state_len));
	_CK_DECLARE_FUNCTION (C_SetOperationState,
	(ck_session_handle_t session,
	unsigned char *operation_state,
	unsigned long operation_state_len,
	ck_object_handle_t encryption_key,
	ck_object_handle_t authentiation_key));
	_CK_DECLARE_FUNCTION (C_Login,
	(ck_session_handle_t session, ck_user_type_t user_type,
	unsigned char *pin, unsigned long pin_len));
	_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));

	_CK_DECLARE_FUNCTION (C_CreateObject,
	(ck_session_handle_t session,
	struct ck_attribute *templ,
	unsigned long count, ck_object_handle_t *object));
	_CK_DECLARE_FUNCTION (C_CopyObject,
	(ck_session_handle_t session, ck_object_handle_t object,
	struct ck_attribute *templ, unsigned long count,
	ck_object_handle_t *new_object));
	_CK_DECLARE_FUNCTION (C_DestroyObject,
	(ck_session_handle_t session,
	ck_object_handle_t object));
	_CK_DECLARE_FUNCTION (C_GetObjectSize,
	(ck_session_handle_t session,
	ck_object_handle_t object,
	unsigned long *size));
	_CK_DECLARE_FUNCTION (C_GetAttributeValue,
	(ck_session_handle_t session,
	ck_object_handle_t object,
	struct ck_attribute *templ,
	unsigned long count));
	_CK_DECLARE_FUNCTION (C_SetAttributeValue,
	(ck_session_handle_t session,
	ck_object_handle_t object,
	struct ck_attribute *templ,
	unsigned long count));
	_CK_DECLARE_FUNCTION (C_FindObjectsInit,
	(ck_session_handle_t session,
	struct ck_attribute *templ,
	unsigned long count));
	_CK_DECLARE_FUNCTION (C_FindObjects,
	(ck_session_handle_t session,
	ck_object_handle_t *object,
	unsigned long max_object_count,
	unsigned long *object_count));
	_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
	(ck_session_handle_t session));

	_CK_DECLARE_FUNCTION (C_EncryptInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_Encrypt,
	(ck_session_handle_t session,
	unsigned char *data, unsigned long data_len,
	unsigned char *encrypted_data,
	unsigned long *encrypted_data_len));
	_CK_DECLARE_FUNCTION (C_EncryptUpdate,
	(ck_session_handle_t session,
	unsigned char *part, unsigned long part_len,
	unsigned char *encrypted_part,
	unsigned long *encrypted_part_len));
	_CK_DECLARE_FUNCTION (C_EncryptFinal,
	(ck_session_handle_t session,
	unsigned char *last_encrypted_part,
	unsigned long *last_encrypted_part_len));

	_CK_DECLARE_FUNCTION (C_DecryptInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_Decrypt,
	(ck_session_handle_t session,
	unsigned char *encrypted_data,
	unsigned long encrypted_data_len,
	unsigned char data, unsigned long data_len));
	_CK_DECLARE_FUNCTION (C_DecryptUpdate,
	(ck_session_handle_t session,
	unsigned char *encrypted_part,
	unsigned long encrypted_part_len,
	unsigned char part, unsigned long part_len));
	_CK_DECLARE_FUNCTION (C_DecryptFinal,
	(ck_session_handle_t session,
	unsigned char *last_part,
	unsigned long *last_part_len));

	_CK_DECLARE_FUNCTION (C_DigestInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism));
	_CK_DECLARE_FUNCTION (C_Digest,
	(ck_session_handle_t session,
	unsigned char *data, unsigned long data_len,
	unsigned char *digest,
	unsigned long *digest_len));
	_CK_DECLARE_FUNCTION (C_DigestUpdate,
	(ck_session_handle_t session,
	unsigned char *part, unsigned long part_len));
	_CK_DECLARE_FUNCTION (C_DigestKey,
	(ck_session_handle_t session, ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_DigestFinal,
	(ck_session_handle_t session,
	unsigned char *digest,
	unsigned long *digest_len));

	_CK_DECLARE_FUNCTION (C_SignInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_Sign,
	(ck_session_handle_t session,
	unsigned char *data, unsigned long data_len,
	unsigned char *signature,
	unsigned long *signature_len));
	_CK_DECLARE_FUNCTION (C_SignUpdate,
	(ck_session_handle_t session,
	unsigned char *part, unsigned long part_len));
	_CK_DECLARE_FUNCTION (C_SignFinal,
	(ck_session_handle_t session,
	unsigned char *signature,
	unsigned long *signature_len));
	_CK_DECLARE_FUNCTION (C_SignRecoverInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_SignRecover,
	(ck_session_handle_t session,
	unsigned char *data, unsigned long data_len,
	unsigned char *signature,
	unsigned long *signature_len));

	_CK_DECLARE_FUNCTION (C_VerifyInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_Verify,
	(ck_session_handle_t session,
	unsigned char *data, unsigned long data_len,
	unsigned char *signature,
	unsigned long signature_len));
	_CK_DECLARE_FUNCTION (C_VerifyUpdate,
	(ck_session_handle_t session,
	unsigned char *part, unsigned long part_len));
	_CK_DECLARE_FUNCTION (C_VerifyFinal,
	(ck_session_handle_t session,
	unsigned char *signature,
	unsigned long signature_len));
	_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t key));
	_CK_DECLARE_FUNCTION (C_VerifyRecover,
	(ck_session_handle_t session,
	unsigned char *signature,
	unsigned long signature_len,
	unsigned char *data,
	unsigned long *data_len));

	_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
	(ck_session_handle_t session,
	unsigned char *part, unsigned long part_len,
	unsigned char *encrypted_part,
	unsigned long *encrypted_part_len));
	_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
	(ck_session_handle_t session,
	unsigned char *encrypted_part,
	unsigned long encrypted_part_len,
	unsigned char *part,
	unsigned long *part_len));
	_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
	(ck_session_handle_t session,
	unsigned char *part, unsigned long part_len,
	unsigned char *encrypted_part,
	unsigned long *encrypted_part_len));
	_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
	(ck_session_handle_t session,
	unsigned char *encrypted_part,
	unsigned long encrypted_part_len,
	unsigned char *part,
	unsigned long *part_len));

	_CK_DECLARE_FUNCTION (C_GenerateKey,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	struct ck_attribute *templ,
	unsigned long count,
	ck_object_handle_t *key));
	_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	struct ck_attribute *public_key_template,
	unsigned long public_key_attribute_count,
	struct ck_attribute *private_key_template,
	unsigned long private_key_attribute_count,
	ck_object_handle_t *public_key,
	ck_object_handle_t *private_key));
	_CK_DECLARE_FUNCTION (C_WrapKey,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t wrapping_key,
	ck_object_handle_t key,
	unsigned char *wrapped_key,
	unsigned long *wrapped_key_len));
	_CK_DECLARE_FUNCTION (C_UnwrapKey,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t unwrapping_key,
	unsigned char *wrapped_key,
	unsigned long wrapped_key_len,
	struct ck_attribute *templ,
	unsigned long attribute_count,
	ck_object_handle_t *key));
	_CK_DECLARE_FUNCTION (C_DeriveKey,
	(ck_session_handle_t session,
	struct ck_mechanism *mechanism,
	ck_object_handle_t base_key,
	struct ck_attribute *templ,
	unsigned long attribute_count,
	ck_object_handle_t *key));

	_CK_DECLARE_FUNCTION (C_SeedRandom,
	(ck_session_handle_t session, unsigned char *seed,
	unsigned long seed_len));
	_CK_DECLARE_FUNCTION (C_GenerateRandom,
	(ck_session_handle_t session,
	unsigned char *random_data,
	unsigned long random_len));

	_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
	_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));


	struct ck_function_list
	{
	struct ck_version version;
	CK_C_Initialize C_Initialize;
	CK_C_Finalize C_Finalize;
	CK_C_GetInfo C_GetInfo;
	CK_C_GetFunctionList C_GetFunctionList;
	CK_C_GetSlotList C_GetSlotList;
	CK_C_GetSlotInfo C_GetSlotInfo;
	CK_C_GetTokenInfo C_GetTokenInfo;
	CK_C_GetMechanismList C_GetMechanismList;
	CK_C_GetMechanismInfo C_GetMechanismInfo;
	CK_C_InitToken C_InitToken;
	CK_C_InitPIN C_InitPIN;
	CK_C_SetPIN C_SetPIN;
	CK_C_OpenSession C_OpenSession;
	CK_C_CloseSession C_CloseSession;
	CK_C_CloseAllSessions C_CloseAllSessions;
	CK_C_GetSessionInfo C_GetSessionInfo;
	CK_C_GetOperationState C_GetOperationState;
	CK_C_SetOperationState C_SetOperationState;
	CK_C_Login C_Login;
	CK_C_Logout C_Logout;
	CK_C_CreateObject C_CreateObject;
	CK_C_CopyObject C_CopyObject;
	CK_C_DestroyObject C_DestroyObject;
	CK_C_GetObjectSize C_GetObjectSize;
	CK_C_GetAttributeValue C_GetAttributeValue;
	CK_C_SetAttributeValue C_SetAttributeValue;
	CK_C_FindObjectsInit C_FindObjectsInit;
	CK_C_FindObjects C_FindObjects;
	CK_C_FindObjectsFinal C_FindObjectsFinal;
	CK_C_EncryptInit C_EncryptInit;
	CK_C_Encrypt C_Encrypt;
	CK_C_EncryptUpdate C_EncryptUpdate;
	CK_C_EncryptFinal C_EncryptFinal;
	CK_C_DecryptInit C_DecryptInit;
	CK_C_Decrypt C_Decrypt;
	CK_C_DecryptUpdate C_DecryptUpdate;
	CK_C_DecryptFinal C_DecryptFinal;
	CK_C_DigestInit C_DigestInit;
	CK_C_Digest C_Digest;
	CK_C_DigestUpdate C_DigestUpdate;
	CK_C_DigestKey C_DigestKey;
	CK_C_DigestFinal C_DigestFinal;
	CK_C_SignInit C_SignInit;
	CK_C_Sign C_Sign;
	CK_C_SignUpdate C_SignUpdate;
	CK_C_SignFinal C_SignFinal;
	CK_C_SignRecoverInit C_SignRecoverInit;
	CK_C_SignRecover C_SignRecover;
	CK_C_VerifyInit C_VerifyInit;
	CK_C_Verify C_Verify;
	CK_C_VerifyUpdate C_VerifyUpdate;
	CK_C_VerifyFinal C_VerifyFinal;
	CK_C_VerifyRecoverInit C_VerifyRecoverInit;
	CK_C_VerifyRecover C_VerifyRecover;
	CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
	CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
	CK_C_SignEncryptUpdate C_SignEncryptUpdate;
	CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
	CK_C_GenerateKey C_GenerateKey;
	CK_C_GenerateKeyPair C_GenerateKeyPair;
	CK_C_WrapKey C_WrapKey;
	CK_C_UnwrapKey C_UnwrapKey;
	CK_C_DeriveKey C_DeriveKey;
	CK_C_SeedRandom C_SeedRandom;
	CK_C_GenerateRandom C_GenerateRandom;
	CK_C_GetFunctionStatus C_GetFunctionStatus;
	CK_C_CancelFunction C_CancelFunction;
	CK_C_WaitForSlotEvent C_WaitForSlotEvent;
	};


	typedef ck_rv_t (ck_createmutex_t) (void *mutex);
	typedef ck_rv_t (ck_destroymutex_t) (void mutex);
	typedef ck_rv_t (ck_lockmutex_t) (void mutex);
	typedef ck_rv_t (ck_unlockmutex_t) (void mutex);


	struct ck_c_initialize_args
	{
	ck_createmutex_t create_mutex;
	ck_destroymutex_t destroy_mutex;
	ck_lockmutex_t lock_mutex;
	ck_unlockmutex_t unlock_mutex;
	ck_flags_t flags;
	void *reserved;
	};


	#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0)
	#define CKF_OS_LOCKING_OK (1UL << 1)

	#define CKR_OK (0UL)
	#define CKR_CANCEL (1UL)
	#define CKR_HOST_MEMORY (2UL)
	#define CKR_SLOT_ID_INVALID (3UL)
	#define CKR_GENERAL_ERROR (5UL)
	#define CKR_FUNCTION_FAILED (6UL)
	#define CKR_ARGUMENTS_BAD (7UL)
	#define CKR_NO_EVENT (8UL)
	#define CKR_NEED_TO_CREATE_THREADS (9UL)
	#define CKR_CANT_LOCK (0xaUL)
	#define CKR_ATTRIBUTE_READ_ONLY (0x10UL)
	#define CKR_ATTRIBUTE_SENSITIVE (0x11UL)
	#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL)
	#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL)
	#define CKR_DATA_INVALID (0x20UL)
	#define CKR_DATA_LEN_RANGE (0x21UL)
	#define CKR_DEVICE_ERROR (0x30UL)
	#define CKR_DEVICE_MEMORY (0x31UL)
	#define CKR_DEVICE_REMOVED (0x32UL)
	#define CKR_ENCRYPTED_DATA_INVALID (0x40UL)
	#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL)
	#define CKR_FUNCTION_CANCELED (0x50UL)
	#define CKR_FUNCTION_NOT_PARALLEL (0x51UL)
	#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL)
	#define CKR_KEY_HANDLE_INVALID (0x60UL)
	#define CKR_KEY_SIZE_RANGE (0x62UL)
	#define CKR_KEY_TYPE_INCONSISTENT (0x63UL)
	#define CKR_KEY_NOT_NEEDED (0x64UL)
	#define CKR_KEY_CHANGED (0x65UL)
	#define CKR_KEY_NEEDED (0x66UL)
	#define CKR_KEY_INDIGESTIBLE (0x67UL)
	#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL)
	#define CKR_KEY_NOT_WRAPPABLE (0x69UL)
	#define CKR_KEY_UNEXTRACTABLE (0x6aUL)
	#define CKR_MECHANISM_INVALID (0x70UL)
	#define CKR_MECHANISM_PARAM_INVALID (0x71UL)
	#define CKR_OBJECT_HANDLE_INVALID (0x82UL)
	#define CKR_OPERATION_ACTIVE (0x90UL)
	#define CKR_OPERATION_NOT_INITIALIZED (0x91UL)
	#define CKR_PIN_INCORRECT (0xa0UL)
	#define CKR_PIN_INVALID (0xa1UL)
	#define CKR_PIN_LEN_RANGE (0xa2UL)
	#define CKR_PIN_EXPIRED (0xa3UL)
	#define CKR_PIN_LOCKED (0xa4UL)
	#define CKR_SESSION_CLOSED (0xb0UL)
	#define CKR_SESSION_COUNT (0xb1UL)
	#define CKR_SESSION_HANDLE_INVALID (0xb3UL)
	#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL)
	#define CKR_SESSION_READ_ONLY (0xb5UL)
	#define CKR_SESSION_EXISTS (0xb6UL)
	#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL)
	#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL)
	#define CKR_SIGNATURE_INVALID (0xc0UL)
	#define CKR_SIGNATURE_LEN_RANGE (0xc1UL)
	#define CKR_TEMPLATE_INCOMPLETE (0xd0UL)
	#define CKR_TEMPLATE_INCONSISTENT (0xd1UL)
	#define CKR_TOKEN_NOT_PRESENT (0xe0UL)
	#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL)
	#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL)
	#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL)
	#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL)
	#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL)
	#define CKR_USER_ALREADY_LOGGED_IN (0x100UL)
	#define CKR_USER_NOT_LOGGED_IN (0x101UL)
	#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL)
	#define CKR_USER_TYPE_INVALID (0x103UL)
	#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL)
	#define CKR_USER_TOO_MANY_TYPES (0x105UL)
	#define CKR_WRAPPED_KEY_INVALID (0x110UL)
	#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL)
	#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL)
	#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL)
	#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL)
	#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL)
	#define CKR_RANDOM_NO_RNG (0x121UL)
	#define CKR_DOMAIN_PARAMS_INVALID (0x130UL)
	#define CKR_BUFFER_TOO_SMALL (0x150UL)
	#define CKR_SAVED_STATE_INVALID (0x160UL)
	#define CKR_INFORMATION_SENSITIVE (0x170UL)
	#define CKR_STATE_UNSAVEABLE (0x180UL)
	#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL)
	#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL)
	#define CKR_MUTEX_BAD (0x1a0UL)
	#define CKR_MUTEX_NOT_LOCKED (0x1a1UL)
	#define CKR_FUNCTION_REJECTED (0x200UL)
	#define CKR_VENDOR_DEFINED (1UL << 31)



	/* Compatibility layer. */

	#ifdef CRYPTOKI_COMPAT

	#undef CK_DEFINE_FUNCTION
	#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name

	/* For NULL. */
	#include <stddef.h>

	typedef unsigned char CK_BYTE;
	typedef unsigned char CK_CHAR;
	typedef unsigned char CK_UTF8CHAR;
	typedef unsigned char CK_BBOOL;
	typedef unsigned long int CK_ULONG;
	typedef long int CK_LONG;
	typedef CK_BYTE *CK_BYTE_PTR;
	typedef CK_CHAR *CK_CHAR_PTR;
	typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
	typedef CK_ULONG *CK_ULONG_PTR;
	typedef void *CK_VOID_PTR;
	typedef void **CK_VOID_PTR_PTR;
	#define CK_FALSE 0
	#define CK_TRUE 1
	#ifndef CK_DISABLE_TRUE_FALSE
	#ifndef FALSE
	#define FALSE 0
	#endif
	#ifndef TRUE
	#define TRUE 1
	#endif
	#endif

	typedef struct ck_version CK_VERSION;
	typedef struct ck_version *CK_VERSION_PTR;

	typedef struct ck_info CK_INFO;
	typedef struct ck_info *CK_INFO_PTR;

	typedef ck_slot_id_t *CK_SLOT_ID_PTR;

	typedef struct ck_slot_info CK_SLOT_INFO;
	typedef struct ck_slot_info *CK_SLOT_INFO_PTR;

	typedef struct ck_token_info CK_TOKEN_INFO;
	typedef struct ck_token_info *CK_TOKEN_INFO_PTR;

	typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;

	typedef struct ck_session_info CK_SESSION_INFO;
	typedef struct ck_session_info *CK_SESSION_INFO_PTR;

	typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;

	typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;

	typedef struct ck_attribute CK_ATTRIBUTE;
	typedef struct ck_attribute *CK_ATTRIBUTE_PTR;

	typedef struct ck_date CK_DATE;
	typedef struct ck_date *CK_DATE_PTR;

	typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;

	typedef struct ck_mechanism CK_MECHANISM;
	typedef struct ck_mechanism *CK_MECHANISM_PTR;

	typedef struct ck_mechanism_info CK_MECHANISM_INFO;
	typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;

	typedef struct ck_function_list CK_FUNCTION_LIST;
	typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
	typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;

	typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
	typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;

	#define NULL_PTR NULL

	/* Delete the helper macros defined at the top of the file. */
	#undef ck_flags_t
	#undef ck_version

	#undef ck_info
	#undef cryptoki_version
	#undef manufacturer_id
	#undef library_description
	#undef library_version

	#undef ck_notification_t
	#undef ck_slot_id_t

	#undef ck_slot_info
	#undef slot_description
	#undef hardware_version
	#undef firmware_version

	#undef ck_token_info
	#undef serial_number
	#undef max_session_count
	#undef session_count
	#undef max_rw_session_count
	#undef rw_session_count
	#undef max_pin_len
	#undef min_pin_len
	#undef total_public_memory
	#undef free_public_memory
	#undef total_private_memory
	#undef free_private_memory
	#undef utc_time

	#undef ck_session_handle_t
	#undef ck_user_type_t
	#undef ck_state_t

	#undef ck_session_info
	#undef slot_id
	#undef device_error

	#undef ck_object_handle_t
	#undef ck_object_class_t
	#undef ck_hw_feature_type_t
	#undef ck_key_type_t
	#undef ck_certificate_type_t
	#undef ck_attribute_type_t

	#undef ck_attribute
	#undef value
	#undef value_len

	#undef ck_date

	#undef ck_mechanism_type_t

	#undef ck_mechanism
	#undef parameter
	#undef parameter_len

	#undef ck_mechanism_info
	#undef min_key_size
	#undef max_key_size

	#undef ck_rv_t
	#undef ck_notify_t

	#undef ck_function_list

	#undef ck_createmutex_t
	#undef ck_destroymutex_t
	#undef ck_lockmutex_t
	#undef ck_unlockmutex_t

	#undef ck_c_initialize_args
	#undef create_mutex
	#undef destroy_mutex
	#undef lock_mutex
	#undef unlock_mutex
	#undef reserved

	#endif /* CRYPTOKI_COMPAT */


	/* System dependencies. */
	#if defined(_WIN32) \|\| defined(CRYPTOKI_FORCE_WIN32)
	#pragma pack(pop, cryptoki)
	#endif

	#if defined(__cplusplus)
	}
	#endif

	#endif /* PKCS11_H */
	diff --git a/src/scute.def b/src/scute.def
	index a74a027..8521035 100644
	--- a/src/scute.def
	+++ b/src/scute.def
	@@ -1,101 +1,91 @@
	; scute.def - List of symbols to export.
	; Copyright (C) 2005, 2006 g10 Code GmbH
	;
	; This file is part of Scute.
	;
	; Scute is free software; you can redistribute it and/or modify it
	-; under the terms of the GNU General Public License as published by
	-; the Free Software Foundation; either version 2 of the License, or
	-; (at your option) any later version.
	+; under the terms of the GNU Lesser General Public License as
	+; published by the Free Software Foundation; either version 2.1 of
	+; the License, or (at your option) any later version.
	;
	; Scute is distributed in the hope that it will be useful, but
	; WITHOUT ANY WARRANTY; without even the implied warranty of
	; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-; General Public License for more details.
	+; Lesser General Public License for more details.
	;
	-; You should have received a copy of the GNU General Public License
	-; along with Scute; if not, write to the Free Software Foundation,
	-; Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-;
	-; In addition, as a special exception, g10 Code GmbH gives permission
	-; to link this library: with the Mozilla Fondations's code for
	-; Mozilla (or with modified versions of it that use the same license
	-; as the "Mozilla" code), and distribute the linked executables. You
	-; must obey the GNU General Public License in all respects for all of
	-; the code used other than "Mozilla". If you modify this file, you
	-; may extend this exception to your version of the file, but you are
	-; not obligated to do so. If you do not wish to do so, delete this
	-; exception statement from your version.
	+; You should have received a copy of the GNU Lesser General Public
	+; License along with this program; if not, see <https://gnu.org/licenses/>.
	+; SPDX-License-Identifier: LGPL-2.1-or-later

	LIBRARY scute.dll

	EXPORTS
	C_CancelFunction @1
	C_CloseAllSessions @2
	C_CloseSession @3
	C_CopyObject @4
	C_CreateObject @5
	C_Decrypt @6
	C_DecryptDigestUpdate @7
	C_DecryptFinal @8
	C_DecryptInit @9
	C_DecryptUpdate @10
	C_DecryptVerifyUpdate @11
	C_DeriveKey @12
	C_DestroyObject @13
	C_Digest @14
	C_DigestEncryptUpdate @15
	C_DigestFinal @16
	C_DigestInit @17
	C_DigestKey @18
	C_DigestUpdate @19
	C_Encrypt @20
	C_EncryptFinal @21
	C_EncryptInit @22
	C_EncryptUpdate @23
	C_Finalize @24
	C_FindObjects @25
	C_FindObjectsFinal @26
	C_FindObjectsInit @27
	C_GenerateKey @28
	C_GenerateKeyPair @29
	C_GenerateRandom @30
	C_GetAttributeValue @31
	C_GetFunctionList @32
	C_GetFunctionStatus @33
	C_GetInfo @34
	C_GetMechanismInfo @35
	C_GetMechanismList @36
	C_GetObjectSize @37
	C_GetOperationState @38
	C_GetSessionInfo @39
	C_GetSlotInfo @40
	C_GetSlotList @41
	C_GetTokenInfo @42
	C_InitPIN @43
	C_InitToken @44
	C_Initialize @45
	C_Login @46
	C_Logout @47
	C_OpenSession @48
	C_SeedRandom @49
	C_SetAttributeValue @50
	C_SetOperationState @51
	C_SetPIN @52
	C_Sign @53
	C_SignEncryptUpdate @54
	C_SignFinal @55
	C_SignInit @56
	C_SignRecover @57
	C_SignRecoverInit @58
	C_SignUpdate @59
	C_UnwrapKey @60
	C_Verify @61
	C_VerifyFinal @62
	C_VerifyInit @63
	C_VerifyRecover @64
	C_VerifyRecoverInit @65
	C_VerifyUpdate @66
	C_WaitForSlotEvent @67
	C_WrapKey @68
	; END
	diff --git a/src/sexp-parse.h b/src/sexp-parse.h
	index f2edafa..3be8b04 100644
	--- a/src/sexp-parse.h
	+++ b/src/sexp-parse.h
	@@ -1,137 +1,134 @@
	/* sexp-parse.h - S-expression helper functions
	* Copyright (C) 2002, 2003, 2007 Free Software Foundation, Inc.
	+ * Copyright (C) 2002, 2003, 2007 Werner Koch
	*
	- * This file is free software; you can redistribute it and/or modify
	- * it under the terms of either
	+ * This file is part of Scute.
	*
	- * - the GNU Lesser General Public License as published by the Free
	- * Software Foundation; either version 3 of the License, or (at
	- * your option) any later version.
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	*
	- * or
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	*
	- * - the GNU General Public License as published by the Free
	- * Software Foundation; either version 2 of the License, or (at
	- * your option) any later version.
	- *
	- * or both in parallel, as here.
	- *
	- * This file is distributed in the hope that it will be useful,
	- * but WITHOUT ANY WARRANTY; without even the implied warranty of
	- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	- * GNU General Public License for more details.
	- *
	- * You should have received a copy of the GNU General Public License
	- * along with this program; if not, see <http://www.gnu.org/licenses/>.
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	*/

	+/* Note that this file has been taken from GnuPG and re-licensed to
	+ * the LGPL. See the commit log for details. */
	+
	#ifndef SEXP_PARSE_H
	#define SEXP_PARSE_H

	#include <gpg-error.h>


	/* Return the length of the next S-Exp part and update the pointer to
	the first data byte. 0 is returned on error */
	static inline size_t
	snext (unsigned char const **buf)
	{
	const unsigned char *s;
	int n;

	s = *buf;
	for (n=0; s && s != ':' && (s >= '0' && s <= '9'); s++)
	n = n10 + (s - '0');
	if (!n \|\| *s != ':')
	return 0; /* we don't allow empty lengths */
	*buf = s+1;
	return n;
	}

	/* Skip over the S-Expression BUF points to and update BUF to point to
	the chacter right behind. DEPTH gives the initial number of open
	lists and may be passed as a positive number to skip over the
	remainder of an S-Expression if the current position is somewhere
	in an S-Expression. The function may return an error code if it
	encounters an impossible condition. */
	static inline gpg_error_t
	sskip (unsigned char const *buf, int depth)
	{
	const unsigned char s = buf;
	size_t n;
	int d = *depth;

	while (d > 0)
	{
	if (*s == '(')
	{
	d++;
	s++;
	}
	else if (*s == ')')
	{
	d--;
	s++;
	}
	else
	{
	if (!d)
	return gpg_error (GPG_ERR_INV_SEXP);
	n = snext (&s);
	if (!n)
	return gpg_error (GPG_ERR_INV_SEXP);
	s += n;
	}
	}
	*buf = s;
	*depth = d;
	return 0;
	}


	/* Check whether the string at the address BUF points to matches
	the token. Return true on match and update BUF to point behind the
	token. Return false and do not update the buffer if it does not
	match. */
	static inline int
	smatch (unsigned char const *buf, size_t buflen, const char token)
	{
	size_t toklen = strlen (token);

	if (buflen != toklen \|\| memcmp (*buf, token, toklen))
	return 0;
	*buf += toklen;
	return 1;
	}

	/* Format VALUE for use as the length indicatior of an S-expression.
	The caller needs to provide a buffer HELP_BUFFER wth a length of
	HELP_BUFLEN. The return value is a pointer into HELP_BUFFER with
	the formatted length string. The colon and a trailing nul are
	appended. HELP_BUFLEN must be at least 3 - a more useful value is
	15. If LENGTH is not NULL, the LENGTH of the resulting string
	(excluding the terminating nul) is stored at that address. */
	static inline char *
	smklen (char help_buffer, size_t help_buflen, size_t value, size_t length)
	{
	char *p = help_buffer + help_buflen;

	if (help_buflen >= 3)
	{
	*--p = 0;
	*--p = ':';
	do
	{
	*--p = '0' + (value % 10);
	value /= 10;
	}
	while (value && p > help_buffer);
	}

	if (length)
	*length = (help_buffer + help_buflen) - p;
	return p;
	}


	#endif /SEXP_PARSE_H/
	diff --git a/src/slots.c b/src/slots.c
	index 70d4ea2..c97bbb8 100644
	--- a/src/slots.c
	+++ b/src/slots.c
	@@ -1,1100 +1,1091 @@
	/* slots.c - Slot management.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <assert.h>
	#include <stdbool.h>
	#include <string.h>
	#include <stdlib.h>

	#include "cryptoki.h"
	#include "table.h"
	#include "error-mapping.h"
	#include "slots.h"
	#include "agent.h"
	#include "support.h"
	#include "gpgsm.h"

	#include "debug.h"


	/* A session is just a slot identifier with a per-slot session
	identifier. */
	/* Must be power of two. */
	#define SLOT_MAX (1 << 15)
	#define SESSION_SLOT_MASK (SLOT_MAX - 1)
	#define SESSION_SLOT_SHIFT 16
	#define SESSION_MAX (1 << SESSION_SLOT_SHIFT)
	#define SESSION_ID_MASK (SESSION_MAX - 1)

	/* Get slot ID from session. */
	#define SESSION_SLOT(session) \
	((session >> SESSION_SLOT_SHIFT) & SESSION_SLOT_MASK)

	/* Get session ID from session. */
	#define SESSION_ID(session) (session & SESSION_ID_MASK)

	/* Because the slot is already 1-based, we can make the session 0-based. */
	#define SESSION_BUILD_ID(slot, session) \
	(((slot & SESSION_SLOT_MASK) << SESSION_SLOT_SHIFT) \
	\| (session & SESSION_ID_MASK))


	/* We use one-based IDs. */
	#define OBJECT_ID_TO_IDX(id) (id - 1)
	#define OBJECT_IDX_TO_ID(idx) (idx + 1)

	struct object
	{
	CK_ATTRIBUTE_PTR attributes;
	CK_ULONG attributes_count;
	};


	/* A mechanism. */
	struct mechanism
	{
	CK_MECHANISM_TYPE type;
	CK_MECHANISM_INFO info;
	};

	/* We use one-based IDs. */
	#define MECHANISM_ID_TO_IDX(id) (id - 1)
	#define MECHANISM_IDX_TO_ID(idx) (idx + 1)


	/* The session state. */
	struct session
	{
	/* True iff read-write session. */
	bool rw;

	/* The list of objects for the current search. */
	object_iterator_t *search_result;

	/* The length of the list of objects for the current search. */
	int search_result_len;

	/* The signing key. */
	CK_OBJECT_HANDLE signing_key;
	};

	/* The slot status. */
	typedef enum
	{
	SLOT_STATUS_USED = 0,
	SLOT_STATUS_DEAD = 1
	} slot_status_t;

	struct slot
	{
	/* The slot status. Starts out as 0 (pristine). */
	slot_status_t status;

	/* The slot login status. Starts out as 0 (public). */
	slot_login_t login;

	/* True iff a token is present. */
	bool token_present;

	/* The supported mechanisms. */
	scute_table_t mechanisms;

	/* The sessions. */
	scute_table_t sessions;

	/* The objects on the token. */
	scute_table_t objects;

	/* The info about the current token. */
	struct agent_card_info_s info;
	};


	/* The slot table. */
	static scute_table_t slots;


	/* Deallocator for mechanisms. */
	static void
	mechanism_dealloc (void *data)
	{
	free (data);
	}


	/* Allocator for mechanisms. The hook must be a pointer to a CK_FLAGS
	that should be a combination of CKF_SIGN and/or CKF_DECRYPT. */
	static gpg_error_t
	mechanism_alloc (void *data_r, void hook)
	{
	struct mechanism *mechanism;
	CK_FLAGS *flags = hook;

	mechanism = calloc (1, sizeof (*mechanism));
	if (mechanism == NULL)
	return gpg_error_from_syserror ();

	/* Set some default values. */
	mechanism->type = CKM_RSA_PKCS;
	mechanism->info.ulMinKeySize = 1024;
	mechanism->info.ulMaxKeySize = 4096;
	mechanism->info.flags = CKF_HW \| (*flags);

	*data_r = mechanism;

	return 0;
	}


	static void
	object_dealloc (void *data)
	{
	struct object *obj = data;

	while (0 < obj->attributes_count--)
	free (obj->attributes[obj->attributes_count].pValue);
	free (obj->attributes);
	free (obj);
	}


	/* Allocator for objects. The hook is currently unused. */
	static gpg_error_t
	object_alloc (void *data_r, void hook)
	{
	struct object *object;

	(void) hook;

	object = calloc (1, sizeof (*object));
	if (object == NULL)
	return gpg_error_from_syserror ();

	*data_r = object;

	return 0;
	}


	static void
	session_dealloc (void *data)
	{
	struct session *session = data;

	if (session->search_result)
	free (session->search_result);
	free (session);
	}


	/* Allocator for sessions. The hook is currently unused. */
	static gpg_error_t
	session_alloc (void *data_r, void hook)
	{
	struct session *session;

	(void) hook;

	session = calloc (1, sizeof (*session));
	if (session == NULL)
	return gpg_error_from_syserror ();

	*data_r = session;

	return 0;
	}


	/* Deallocator for slots. */
	static void
	slot_dealloc (void *data)
	{
	struct slot *slot = data;

	scute_table_destroy (slot->sessions);
	scute_table_destroy (slot->mechanisms);
	scute_table_destroy (slot->objects);

	free (slot);
	}


	/* Allocator for slots. The hook does not indicate anything at this
	point. */
	static gpg_error_t
	slot_alloc (void *data_r, void hook)
	{
	gpg_error_t err;
	struct slot *slot;
	int idx;
	CK_FLAGS flags;

	(void) hook;

	slot = calloc (1, sizeof (*slot));
	if (slot == NULL)
	return gpg_error_from_syserror ();

	err = scute_table_create (&slot->mechanisms, mechanism_alloc,
	mechanism_dealloc);
	if (err)
	goto slot_alloc_out;

	/* Register the signing mechanism. */
	flags = CKF_SIGN;
	err = scute_table_alloc (slot->mechanisms, &idx, NULL, &flags);
	if (err)
	goto slot_alloc_out;

	err = scute_table_create (&slot->sessions, session_alloc, session_dealloc);
	if (err)
	goto slot_alloc_out;

	err = scute_table_create (&slot->objects, object_alloc, object_dealloc);
	if (err)
	goto slot_alloc_out;

	slot->status = SLOT_STATUS_USED;
	slot->token_present = false;
	slot->login = SLOT_LOGIN_PUBLIC;

	*data_r = slot;

	slot_alloc_out:
	if (err)
	slot_dealloc (slot);

	return err;
	}


	/* Initialize the slot list. */
	CK_RV
	scute_slots_initialize (void)
	{
	gpg_error_t err;
	int slot_idx;

	err = scute_table_create (&slots, slot_alloc, slot_dealloc);
	if (err)
	return err;

	/* Allocate a new slot for authentication. */
	err = scute_table_alloc (slots, &slot_idx, NULL, NULL);
	if (err)
	scute_slots_finalize ();

	/* FIXME: Allocate a new slot for signing and decryption of
	email. */

	return scute_gpg_err_to_ck (err);
	}


	void
	scute_slots_finalize (void)
	{
	if (slots == NULL)
	return;

	/* This recursively releases all slots and any objects associated
	with them. */
	scute_table_destroy (slots);

	slots = NULL;
	}


	/* Reset the slot SLOT after the token has been removed. */
	static void
	slot_reset (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);
	int oid;

	/* This also resets the login state. */
	slot_close_all_sessions (id);

	oid = scute_table_first (slot->objects);
	while (!scute_table_last (slot->objects, oid))
	scute_table_dealloc (slot->objects, &oid);
	assert (scute_table_used (slot->objects) == 0);

	scute_agent_release_card_info (&slot->info);
	slot->token_present = false;
	}


	static gpg_error_t
	add_object (void *hook, CK_ATTRIBUTE_PTR attrp,
	CK_ULONG attr_countp)
	{
	gpg_error_t err;
	struct slot *slot = hook;
	struct object *object;
	unsigned int oidx;
	void *objp;

	err = scute_table_alloc (slot->objects, &oidx, &objp, NULL);
	if (err)
	return err;

	object = objp;
	object->attributes = attrp;
	object->attributes_count = attr_countp;

	return 0;
	}


	/* Initialize the slot after a token has been inserted. SLOT->info
	must already be valid. */
	static gpg_error_t
	slot_init (slot_iterator_t id)
	{
	gpg_error_t err = 0;
	struct slot *slot = scute_table_data (slots, id);
	key_info_t ki;

	for (ki = slot->info.kinfo; ki; ki = ki->next)
	{
	err = scute_gpgsm_get_cert (ki->grip, ki->keyref, add_object, slot);
	if (err)
	goto leave;
	}

	/* FIXME: Perform the rest of the initialization of the
	token. */
	slot->token_present = true;

	leave:
	if (err)
	slot_reset (id);

	return err;
	}


	/* Update the slot SLOT. */
	CK_RV
	slots_update_slot (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);
	gpg_error_t err;

	if (slot->token_present)
	{
	err = scute_agent_check_status ();
	if (gpg_err_code (err) == GPG_ERR_CARD_REMOVED)
	slot_reset (id);
	else if (err)
	return scute_gpg_err_to_ck (err);
	else
	return 0;
	}

	/* At this point, the card was or is removed, and we need to reopen
	the session, if possible. */
	err = scute_agent_learn (&slot->info);

	/* First check if this is really a PIV or an OpenPGP card. FIXME:
	* Should probably report the error in a better way and use a
	* generic way to identify cards without resorting to special-casing
	* PIV cards. */
	if (!err && slot->info.is_piv)
	; /* Okay, this is a PIV card. */
	else if (!err && (!slot->info.serialno
	\|\| strncmp (slot->info.serialno, "D27600012401", 12)
	\|\| strlen (slot->info.serialno) != 32))
	{
	DEBUG (DBG_INFO, "token not an OpenPGP card: %s", slot->info.serialno);
	err = gpg_error (GPG_ERR_CARD_NOT_PRESENT);
	scute_agent_release_card_info (&slot->info);
	}

	/* We also ignore card errors, because unusable cards should not
	affect slots, and firefox is quite unhappy about returning errors
	here. */
	if (gpg_err_code (err) == GPG_ERR_CARD_REMOVED
	\|\| gpg_err_code (err) == GPG_ERR_CARD_NOT_PRESENT
	\|\| gpg_err_code (err) == GPG_ERR_CARD
	\|\| gpg_err_code (err) == GPG_ERR_ENODEV)
	/* Nothing to do. */
	err = 0;
	else if (err == 0)
	err = slot_init (id);

	return scute_sys_to_ck (err);
	}


	/* Update the slot list by finding new devices. Please note that
	Mozilla NSS currently assumes that the slot list never shrinks (see
	TODO file for a discussion). This is the only function allowed to
	manipulate the slot list. */
	CK_RV
	slots_update (void)
	{
	slot_iterator_t id = scute_table_first (slots);

	while (!scute_table_last (slots, id))
	{
	CK_RV err;

	err = slots_update_slot (id);
	if (err)
	return err;

	id = scute_table_next (slots, id);
	}

	return CKR_OK;
	}


	/* Begin iterating over the list of slots. */
	CK_RV
	slots_iterate_first (slot_iterator_t *slot)
	{
	*slot = scute_table_first (slots);

	return CKR_OK;
	}


	/* Continue iterating over the list of slots. */
	CK_RV
	slots_iterate_next (slot_iterator_t *slot)
	{
	slot = scute_table_next (slots, slot);

	return CKR_OK;
	}


	/* Return true iff the previous slot was the last one. */
	bool
	slots_iterate_last (slot_iterator_t *slot)
	{
	return scute_table_last (slots, *slot);
	}


	/* Acquire the slot for the slot ID ID. */
	CK_RV
	slots_lookup (CK_SLOT_ID id, slot_iterator_t *id_r)
	{
	struct slot *slot = scute_table_data (slots, id);

	if (slot == NULL)
	return CKR_SLOT_ID_INVALID;

	*id_r = id;

	return CKR_OK;
	}



	/* Return true iff a token is present in slot SLOT. */
	bool
	slot_token_present (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);

	return slot->token_present;
	}


	/* Return the token label. We use the dispserialno here too because
	* Firefox prints that value in the prompt ("Stored at:"). */
	const char *
	slot_token_label (slot_iterator_t id)
	{
	return slot_token_serial (id);
	}


	/* Get the manufacturer of the token. */
	const char *
	slot_token_manufacturer (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);
	unsigned int uval;

	if (slot->info.is_piv)
	{
	if (slot->info.cardtype && !strcmp (slot->info.cardtype, "yubikey"))
	return "Yubikey";
	return "Unknown";
	}

	/* slots_update() makes sure this is valid. */
	uval = xtoi_2 (slot->info.serialno + 16) * 256
	+ xtoi_2 (slot->info.serialno + 18);

	/* Note: Make sure that there is no colon or linefeed in the string. */
	switch (uval)
	{
	case 0x0001:
	return "PPC Card Systems";

	case 0x0002:
	return "Prism";

	case 0x0003:
	return "OpenFortress";

	case 0x0004:
	return "Wewid AB";

	case 0x0005:
	return "ZeitControl";

	case 0x002A:
	return "Magrathea";

	case 0x0000:
	case 0xffff:
	return "test card";

	default: return (uval & 0xff00) == 0xff00? "unmanaged S/N range":"unknown";
	}

	/* Not reached. */
	}


	/* Get the application used on the token. */
	const char *
	slot_token_application (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);

	if (!slot)
	return "[ooops]";

	/* slots_update() makes sure this is correct. */

	if (slot->info.is_piv)
	return "PIV";
	else
	return "OpenPGP";
	}


	/* Get the serial number of the token. */
	const char *
	slot_token_serial (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);

	/* slots_update() makes sure this is valid. */
	return slot->info.dispserialno? slot->info.dispserialno : slot->info.serialno;
	}


	/* Get the manufacturer of the token. */
	void
	slot_token_version (slot_iterator_t id, CK_BYTE hw_major, CK_BYTE hw_minor,
	CK_BYTE fw_major, CK_BYTE fw_minor)
	{
	struct slot *slot = scute_table_data (slots, id);

	/* slots_update() makes sure serialno is valid. */
	if (slot->info.is_piv)
	{
	*hw_major = 0;
	*hw_minor = 0;
	*fw_major = 0;
	*fw_minor = 0;
	}
	else
	{
	*hw_major = xtoi_2 (slot->info.serialno + 12);
	*hw_minor = xtoi_2 (slot->info.serialno + 14);
	*fw_major = 0;
	*fw_minor = 0;
	}
	}


	/* Get the maximum and minimum pin length. */
	void
	slot_token_maxpinlen (slot_iterator_t id, CK_ULONG max, CK_ULONG min)
	{
	struct slot *slot = scute_table_data (slots, id);

	/* In version 2 of the OpenPGP card, the second counter is for the
	reset operation, so we only take the first counter. */
	*max = slot->info.chvmaxlen[0];

	/* FIXME: This is true at least for the user pin (CHV1 and CHV2). */
	*min = 6;
	}


	/* Get the maximum and the actual pin count. */
	void
	slot_token_pincount (slot_iterator_t id, int max, int len)
	{
	struct slot *slot = scute_table_data (slots, id);

	*max = 3;
	/* In version 2 of the OpenPGP card, the second counter is for the
	reset operation, so we only take the first counter. */
	*len = slot->info.chvretry[0];
	}


	/* Return the ID of slot SLOT. */
	CK_SLOT_ID
	slot_get_id (slot_iterator_t slot)
	{
	return slot;
	}

	/* Return true if the token supports the GET CHALLENGE operation. */
	bool
	slot_token_has_rng (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);

	return slot->info.rng_available;
	}


	/* Mechanism management. */

	/* Begin iterating over the list of mechanisms. */
	CK_RV
	mechanisms_iterate_first (slot_iterator_t id,
	mechanism_iterator_t *mechanism)
	{
	struct slot *slot = scute_table_data (slots, id);

	*mechanism = scute_table_first (slot->mechanisms);

	return CKR_OK;
	}


	/* Continue iterating over the list of mechanisms. */
	CK_RV
	mechanisms_iterate_next (slot_iterator_t id, mechanism_iterator_t *mechanism)
	{
	struct slot *slot = scute_table_data (slots, id);

	mechanism = scute_table_next (slot->mechanisms, mechanism);

	return CKR_OK;
	}


	/* Return true iff the previous slot was the last one. */
	bool
	mechanisms_iterate_last (slot_iterator_t id, mechanism_iterator_t *mechanism)
	{
	struct slot *slot = scute_table_data (slots, id);

	return scute_table_last (slot->mechanisms, *mechanism);
	}


	/* Acquire the mechanism TYPE for the slot id ID. */
	CK_RV
	mechanisms_lookup (slot_iterator_t id, mechanism_iterator_t *mid_r,
	CK_MECHANISM_TYPE type)
	{
	struct slot *slot = scute_table_data (slots, id);
	int mid = scute_table_first (slot->mechanisms);

	while (!scute_table_last (slot->mechanisms, mid))
	{
	struct mechanism *mechanism = scute_table_data (slot->mechanisms, mid);

	if (mechanism->type == type)
	{
	*mid_r = mid;
	return CKR_OK;
	}

	mid = scute_table_next (slot->mechanisms, mid);
	}

	return CKR_MECHANISM_INVALID;
	}


	/* Return the type of mechanism MID in slot ID. */
	CK_MECHANISM_TYPE
	mechanism_get_type (slot_iterator_t id, mechanism_iterator_t mid)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct mechanism *mechanism = scute_table_data (slot->mechanisms, mid);

	return mechanism->type;
	}


	/* Return the info of mechanism MID. */
	CK_MECHANISM_INFO_PTR
	mechanism_get_info (slot_iterator_t id, mechanism_iterator_t mid)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct mechanism *mechanism = scute_table_data (slot->mechanisms, mid);

	return &mechanism->info;
	}


	/* Session management. */

	/* Create a new session. */
	CK_RV
	slot_create_session (slot_iterator_t id, session_iterator_t *session,
	bool rw)
	{
	int err;
	struct slot *slot = scute_table_data (slots, id);
	unsigned int tsid;
	void *rawp;
	struct session *session_p;

	assert (slot);

	if (scute_table_used (slot->sessions) == SESSION_MAX)
	return CKR_SESSION_COUNT;

	if (slot->login == SLOT_LOGIN_SO && !rw)
	return CKR_SESSION_READ_WRITE_SO_EXISTS;

	err = scute_table_alloc (slot->sessions, &tsid, &rawp, NULL);
	if (err)
	return scute_sys_to_ck (err);

	session_p = rawp;
	session_p->rw = rw;
	session_p->search_result = NULL;
	session_p->search_result_len = 0;
	session_p->signing_key = CK_INVALID_HANDLE;

	*session = SESSION_BUILD_ID (id, tsid);

	return CKR_OK;
	}

	/* Look up session. */
	CK_RV
	slots_lookup_session (CK_SESSION_HANDLE sid, slot_iterator_t *id,
	session_iterator_t *session_id)
	{
	CK_RV err;
	unsigned int idx = SESSION_SLOT (sid);
	unsigned session_idx = SESSION_ID (sid);
	struct slot *slot;

	/* Verify the slot. */
	err = slots_lookup (SESSION_SLOT (sid), id);
	if (err)
	return err;

	*session_id = session_idx;

	/* Verify the session. */
	slot = scute_table_data (slots, idx);
	if (!scute_table_data (slot->sessions, session_idx))
	return CKR_SESSION_HANDLE_INVALID;

	return 0;
	}

	/* Close the session. */
	CK_RV
	slot_close_session (slot_iterator_t id, session_iterator_t sid)
	{
	struct slot *slot = scute_table_data (slots, id);

	scute_table_dealloc (slot->sessions, &sid);

	/* At last session closed, return to public sessions. */
	if (!scute_table_used (slot->sessions))
	slot->login = SLOT_LOGIN_PUBLIC;

	return CKR_OK;
	}


	/* Close all sessions. */
	CK_RV
	slot_close_all_sessions (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);
	int sid = scute_table_first (slot->sessions);

	while (!scute_table_last (slot->sessions, sid))
	{
	slot_close_session (id, sid);

	sid = scute_table_next (slot->sessions, sid);
	}
	assert (scute_table_used (slot->sessions) == 0);

	return CKR_OK;
	}



	/* Get the RW flag from the session SID in slot ID. */
	bool
	session_get_rw (slot_iterator_t id, session_iterator_t sid)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct session *session = scute_table_data (slot->sessions, sid);

	return session->rw;
	}


	/* Get the login state from the slot ID. */
	slot_login_t
	slot_get_status (slot_iterator_t id)
	{
	struct slot *slot = scute_table_data (slots, id);

	return slot->status;
	}


	/* Object management. */

	/* Begin iterating over the list of objects. */
	CK_RV
	objects_iterate_first (slot_iterator_t id, object_iterator_t *object)
	{
	struct slot *slot = scute_table_data (slots, id);

	*object = scute_table_first (slot->objects);

	return CKR_OK;
	}


	/* Continue iterating over the list of objects. */
	CK_RV
	objects_iterate_next (slot_iterator_t id, object_iterator_t *object)
	{
	struct slot *slot = scute_table_data (slots, id);

	object = scute_table_next (slot->objects, object);

	return CKR_OK;
	}


	/* Return true iff the previous slot was the last one. */
	bool
	objects_iterate_last (slot_iterator_t id, object_iterator_t *object)
	{
	struct slot *slot = scute_table_data (slots, id);

	return scute_table_last (slot->objects, *object);
	}


	/* Return the max. number of objects in the slot. May overcount
	somewhat. */
	CK_RV
	slot_get_object_count (slot_iterator_t id, int *nr)
	{
	struct slot *slot = scute_table_data (slots, id);

	*nr = scute_table_used (slot->objects);

	return CKR_OK;
	}

	/* Get the object information for object OBJECT_ID in slot ID. */
	CK_RV
	slot_get_object (slot_iterator_t id, object_iterator_t oid,
	CK_ATTRIBUTE_PTR obj, CK_ULONG obj_count)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct object *object = scute_table_data (slot->objects, oid);

	if (!object)
	return CKR_OBJECT_HANDLE_INVALID;

	*obj = object->attributes;
	*obj_count = object->attributes_count;

	return 0;
	}


	/* Set the result of a search for session SID in slot ID to
	SEARCH_RESULT and SEARCH_RESULT_LEN. */
	CK_RV
	session_set_search_result (slot_iterator_t id, session_iterator_t sid,
	object_iterator_t *search_result,
	int search_result_len)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct session *session = scute_table_data (slot->sessions, sid);

	if (session->search_result && session->search_result != search_result)
	free (session->search_result);

	session->search_result = search_result;
	session->search_result_len = search_result_len;

	return 0;
	}


	/* Get the stored search result for the session SID in slot ID. */
	CK_RV
	session_get_search_result (slot_iterator_t id, session_iterator_t sid,
	object_iterator_t **search_result,
	int *search_result_len)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct session *session = scute_table_data (slot->sessions, sid);

	assert (search_result);
	assert (search_result_len);

	*search_result = session->search_result;
	*search_result_len = session->search_result_len;

	return 0;
	}


	/* Set the signing key for session SID in slot ID to KEY. */
	CK_RV
	session_set_signing_key (slot_iterator_t id, session_iterator_t sid,
	object_iterator_t key)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct session *session = scute_table_data (slot->sessions, sid);
	CK_RV err;
	CK_ATTRIBUTE_PTR attr;
	CK_ULONG attr_count;
	CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;

	err = slot_get_object (id, key, &attr, &attr_count);
	if (err)
	return err;

	/* FIXME: What kind of strange loop is this? */
	while (attr_count-- > 0)
	if (attr->type == CKA_CLASS)
	break;

	if (attr_count == (CK_ULONG) -1)
	return CKR_KEY_HANDLE_INVALID;

	if (attr->ulValueLen != sizeof (key_class)
	\|\| memcmp (attr->pValue, &key_class, sizeof (key_class)))
	return CKR_KEY_HANDLE_INVALID;

	/* It's the private RSA key object. */
	session->signing_key = key;

	return 0;
	}


	/* FIXME: The description is wrong:
	Set the signing key for session SID in slot ID to KEY. */
	CK_RV
	session_sign (slot_iterator_t id, session_iterator_t sid,
	CK_BYTE_PTR pData, CK_ULONG ulDataLen,
	CK_BYTE_PTR pSignature, CK_ULONG_PTR pulSignatureLen)
	{
	struct slot *slot = scute_table_data (slots, id);
	struct session *session = scute_table_data (slot->sessions, sid);
	gpg_error_t err;
	CK_ATTRIBUTE_PTR attr;
	CK_ULONG attr_count;
	CK_OBJECT_CLASS key_class = CKO_PRIVATE_KEY;
	unsigned int sig_len;
	CK_BYTE key_id[100];
	int i;
	const char *keyref;

	if (!pSignature)
	return CKR_ARGUMENTS_BAD;

	if (!session->signing_key)
	return CKR_OPERATION_NOT_INITIALIZED;

	err = slot_get_object (id, session->signing_key, &attr, &attr_count);
	if (err)
	return err;
	if (attr_count == (CK_ULONG) -1)
	return CKR_KEY_HANDLE_INVALID;
	if (attr->ulValueLen != sizeof (key_class)
	\|\| memcmp (attr->pValue, &key_class, sizeof (key_class)))
	return CKR_KEY_HANDLE_INVALID;

	/* Find the CKA_ID */
	for (i = 0; i < attr_count; i++)
	if (attr[i].type == CKA_ID)
	break;
	if (i == attr_count)
	return CKR_GENERAL_ERROR;

	if (attr[i].ulValueLen >= sizeof key_id - 1)
	return CKR_GENERAL_ERROR;
	strncpy (key_id, attr[i].pValue, attr[i].ulValueLen);
	key_id[attr[i].ulValueLen] = 0;
	DEBUG (DBG_INFO, "Found CKA_ID '%s'", key_id);
	for (keyref=key_id; keyref && keyref != ' '; keyref++)
	;
	if (*keyref)
	keyref++; /* Point to the grip. */
	DEBUG (DBG_INFO, "Using keyref '%s'", keyref);

	sig_len = *pulSignatureLen;
	err = scute_agent_sign (keyref, pData, ulDataLen, pSignature, &sig_len);

	/* Take care of error codes which are not mapped by default. */
	if (gpg_err_code (err) == GPG_ERR_INV_LENGTH)
	return CKR_BUFFER_TOO_SMALL;
	else if (gpg_err_code (err) == GPG_ERR_INV_ARG)
	return CKR_ARGUMENTS_BAD;
	else
	return scute_gpg_err_to_ck (err);
	}
	diff --git a/src/table.c b/src/table.c
	index a1d4869..1101590 100644
	--- a/src/table.c
	+++ b/src/table.c
	@@ -1,319 +1,310 @@
	/* table.c - Indexed table implementation.
	- Copyright (C) 2006, 2007 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2007 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#if HAVE_CONFIG_H
	#include <config.h>
	#endif

	#include <stdlib.h>
	#include <assert.h>

	#include <gpg-error.h>

	#include "table.h"

	/* Indices are 1 based externally, but 0 based internally. */
	#define INDEX_COPY_IN(idx) ((idx) - 1)
	#define INDEX_COPY_OUT(idx) ((idx) + 1)

	/* End of table marker. */
	#define INDEX_EOT (-1)


	/* This is an indexed list implementation. It only supports storing
	and retrieving pointers. One would like to support arbitrary data
	types inline, but this is not possible in a portable manner,
	because of aliasing and alignment restrictions.

	Note that this implementation is only fast if the lists are very
	short. */

	struct scute_table
	{
	/* The user data pointers. */
	void **data;

	/* The size of DATA. */
	int size;

	/* The number of used entries in DATA. */
	int used;

	/* The index of the lowest entry that is unused. */
	int first_free;

	/* The index after the highest entry that is used. */
	int last_used;

	/* The allocator and deallocator callback. */
	scute_table_alloc_cb_t alloc;
	scute_table_dealloc_cb_t dealloc;
	};


	/* Some support functions for iteration. */

	/* Return the first element in TABLE. */
	static int
	index_first (scute_table_t table)
	{
	int index = 0;

	while (index < table->last_used && table->data[index] == NULL)
	index++;

	if (index == table->last_used)
	return INDEX_EOT;

	return index;
	}


	/* Return the element following INDEX, or the end-of-list marker if
	INDEX is the last element on the list. */
	static int
	index_next (scute_table_t table, int index)
	{
	index++;

	while (index < table->last_used && table->data[index] == NULL)
	index++;

	if (index >= table->last_used)
	index = INDEX_EOT;

	return index;
	}


	/* TABLE interface implementation. */

	/* Create a new table and return it in TABLE_R. */
	gpg_error_t
	scute_table_create (scute_table_t *table_r,
	scute_table_alloc_cb_t alloc,
	scute_table_dealloc_cb_t dealloc)
	{
	scute_table_t table;

	table = malloc (sizeof (*table));
	if (!table)
	return gpg_error_from_syserror ();

	table->data = NULL;
	table->size = 0;
	table->used = 0;
	table->first_free = 0;
	table->last_used = 0;
	table->alloc = alloc;
	table->dealloc = dealloc;

	*table_r = table;
	return 0;
	}


	/* Destroy the indexed list TABLE. The user has to make sure that the
	existing entries are not needed anymore before calling this
	function. */
	void
	scute_table_destroy (scute_table_t table)
	{
	int idx = 0;

	if (table == NULL)
	return;

	for (idx = 0; idx < table->last_used; idx++)
	if (table->data[idx] != NULL)
	(*table->dealloc) (table->data[idx]);

	if (table->data)
	free (table->data);
	free (table);
	}


	/* The initial table size. */
	#define TABLE_START_SIZE 4

	/* Allocate a new table entry with a free index. Returns the index
	pointing to the new list entry in INDEX_R. This calls the
	allocator on the new entry before returning. Also returns the
	table entry in DATA_R if this is not NULL. /
	gpg_error_t
	scute_table_alloc (scute_table_t table, int index_r, void *data_r,
	void *hook)
	{
	gpg_error_t err;
	int idx;
	void *data;

	if (table->used == table->size)
	{
	unsigned int size_new = table->size ? 2 * table->size : TABLE_START_SIZE;
	void *data_new;

	data_new = realloc (table->data, size_new * sizeof (*(table->data)));
	if (!data_new)
	return gpg_error_from_syserror ();

	table->first_free = table->size;
	table->data = data_new;
	table->size = size_new;
	}

	/* We may needlessly have increased the table size if this fails,
	but that is not a problem. */
	err = (*table->alloc) (&data, hook);
	if (err)
	return err;

	for (idx = table->first_free; idx < table->last_used; idx++)
	if (table->data[idx] == NULL)
	break;

	/* The following setting for FIRST_FREE is safe, because if this was
	the last table entry, then the table is full and we will grow the
	table the next time we are called (if no elements are removed in
	the meantime. */
	table->first_free = idx + 1;

	if (idx == table->last_used)
	table->last_used++;

	table->data[idx] = data;
	table->used++;

	*index_r = INDEX_COPY_OUT (idx);
	if (data_r != NULL)
	*data_r = data;

	return 0;
	}


	/* Deallocate the list entry index. Afterwards, INDEX points to the
	following entry. This calls the deallocator on the entry before
	returning. */
	void
	scute_table_dealloc (scute_table_t table, int *index)
	{
	int idx = INDEX_COPY_IN (*index);
	void *data = NULL;

	if (idx == INDEX_EOT)
	return;

	assert (idx >= 0 && idx < table->last_used);
	assert (table->data[idx] != NULL);

	data = table->data[idx];
	table->data[idx] = NULL;

	table->used--;

	if (idx < table->first_free)
	table->first_free = idx;

	/* Update TABLE->last_used if necessary. */
	if (idx + 1 == table->last_used)
	while (table->last_used > 0)
	{
	if (table->data[table->last_used - 1] != NULL)
	break;
	table->last_used--;
	}

	*index = INDEX_COPY_OUT (index_next (table, idx));

	(*table->dealloc) (data);
	}


	/* Return the iterator for the beginning of the list TABLE. */
	int
	scute_table_first (scute_table_t table)
	{
	if (table->used)
	{
	if (table->data[0] != NULL)
	return INDEX_COPY_OUT (0);
	else
	return INDEX_COPY_OUT (index_first (table));
	}

	return 0;
	}


	/* Return the index following INDEX. If INDEX is the last element in
	the list, return 0. */
	int
	scute_table_next (scute_table_t table, int index)
	{
	int idx = INDEX_COPY_IN (index);

	if (idx == INDEX_EOT)
	return 0;

	idx = index_next (table, idx);
	return INDEX_COPY_OUT (idx);
	}


	/* Return true iff INDEX is the end-of-list marker. */
	bool
	scute_table_last (scute_table_t table, int index)
	{
	(void) table;
	return INDEX_COPY_IN (index) == INDEX_EOT;
	}


	/* Return the user data associated with INDEX. Return NULL if INDEX
	is not valid. */
	void *
	scute_table_data (scute_table_t table, int index)
	{
	int idx = INDEX_COPY_IN (index);

	if (idx >= 0 && idx < table->last_used)
	return table->data[idx];

	return NULL;
	}


	/* Return the number of entries in the table TABLE. */
	int
	scute_table_used (scute_table_t table)
	{
	return table->used;
	}
	diff --git a/src/table.h b/src/table.h
	index c75c7f7..e31db2f 100644
	--- a/src/table.h
	+++ b/src/table.h
	@@ -1,90 +1,81 @@
	/* table.h - Iterative table interface.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#ifndef TABLE_H
	#define TABLE_H 1

	#include <stdbool.h>

	#include <gpg-error.h>


	/* The indexed list type. */
	struct scute_table;
	typedef struct scute_table *scute_table_t;


	/* TABLE interface. */

	/* A table entry allocator function callback. Should return the new
	table entry in DATA_R. */
	typedef gpg_error_t (scute_table_alloc_cb_t) (void data_r, void hook);

	/* A table entry deallocator function callback. */
	typedef void (scute_table_dealloc_cb_t) (void data);

	/* Allocate a new table and return it in TABLE_R. */
	gpg_error_t scute_table_create (scute_table_t *table_r,
	scute_table_alloc_cb_t alloc,
	scute_table_dealloc_cb_t dealloc);

	/* Destroy the indexed list TABLE. This also calls the deallocator on
	all entries. */
	void scute_table_destroy (scute_table_t table);

	/* Allocate a new table entry with a free index. Returns the index
	pointing to the new list entry in INDEX_R. This calls the
	allocator on the new entry before returning. Also returns the
	table entry in DATA_R if this is not NULL. /
	gpg_error_t scute_table_alloc (scute_table_t table, int *index_r,
	void *data_r, void hook);

	/* Deallocate the list entry index. Afterwards, INDEX points to the
	following entry. This calls the deallocator on the entry before
	returning. */
	void scute_table_dealloc (scute_table_t table, int *index);

	/* Return the index for the beginning of the list TABLE. */
	int scute_table_first (scute_table_t table);

	/* Return the index following INDEX. If INDEX is the last element in
	the list, return 0. */
	int scute_table_next (scute_table_t table, int index);

	/* Return true iff INDEX is the end-of-list marker. */
	bool scute_table_last (scute_table_t table, int index);

	/* Return the user data associated with INDEX. Return NULL if INDEX is
	the end-of-list marker. */
	void *scute_table_data (scute_table_t table, int index);

	/* Return the number of entries in the table TABLE. */
	int scute_table_used (scute_table_t table);

	#endif /* !TABLE_H */
	diff --git a/src/versioninfo.rc.in b/src/versioninfo.rc.in
	index 6968473..4be84a9 100644
	--- a/src/versioninfo.rc.in
	+++ b/src/versioninfo.rc.in
	@@ -1,52 +1,52 @@
	/* versioninfo.rc.in - for scute
	- * Copyright (C) 2005 g10 Code GmbH
	- *
	+ * Copyright (C) 2005 g10 Code GmbH
	+ *
	* This file is free software; as a special exception the author gives
	* unlimited permission to copy and/or distribute it, with or without
	* modifications, as long as this notice is preserved.
	*
	* This program is distributed in the hope that it will be useful, but
	* WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
	* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	+ * SPDX-License-Identifier: FSFULLR
	*/
	-
	+
	/* This file is processed by configure to create versioninfo.rc */

	#line __LINE__ "versioninfo.rc.in"

	#include <afxres.h>


	VS_VERSION_INFO VERSIONINFO
	FILEVERSION @LIBSCUTE_LT_CURRENT@,@LIBSCUTE_LT_AGE@,@LIBSCUTE_LT_REVISION@,@BUILD_REVISION_DEC@
	PRODUCTVERSION @BUILD_FILEVERSION@
	FILEFLAGSMASK 0x3fL
	#ifdef _DEBUG
	FILEFLAGS 0x21L
	#else
	FILEFLAGS 0x20L
	#endif
	FILEOS 0x40004L
	FILETYPE 0x1L
	FILESUBTYPE 0x0L
	BEGIN
	BLOCK "StringFileInfo"
	BEGIN
	BLOCK "040904b0"
	BEGIN
	- VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License version 2 or later with a special exception for Mozilla based software.\0"
	+ VALUE "Comments", "Provided under the terms of the GNU Lesser General Public License version 2.1.\0"
	VALUE "CompanyName", "g10 Code GmbH\0"
	VALUE "FileDescription", "SCUTE - The GnuPG PKCS#11 interface\0"
	VALUE "FileVersion", "@LIBSCUTE_LT_CURRENT@.@LIBSCUTE_LT_AGE@.@LIBSCUTE_LT_REVISION@.@BUILD_REVISION@\0"
	VALUE "InternalName", "scute\0"
	VALUE "LegalCopyright", "Copyright ｩ 2005, 2008, 2009 g10 Code GmbH\0"
	VALUE "LegalTrademarks", "\0"
	VALUE "OriginalFilename", "scute.dll\0"
	VALUE "PrivateBuild", "\0"
	VALUE "ProductName", "SCUTE\0"
	VALUE "ProductVersion", "@VERSION@\0"
	VALUE "SpecialBuild", "@BUILD_TIMESTAMP@\0"
	END
	END
	END
	-
	diff --git a/tests/Makefile.am b/tests/Makefile.am
	index 311303d..c438dd1 100644
	--- a/tests/Makefile.am
	+++ b/tests/Makefile.am
	@@ -1,48 +1,38 @@
	# Makefile.am - Makefile in tests/ for scute.
	# Copyright (C) 2006 g10 Code GmbH
	-#
	+#
	# This file is part of Scute.
	#
	# Scute is free software; you can redistribute it and/or modify it
	-# under the terms of the GNU General Public License as published by
	-# the Free Software Foundation; either version 2 of the License, or
	-# (at your option) any later version.
	+# under the terms of the GNU Lesser General Public License as
	+# published by the Free Software Foundation; either version 2.1 of
	+# the License, or (at your option) any later version.
	#
	# Scute is distributed in the hope that it will be useful, but
	# WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	-# General Public License for more details.
	-#
	-# You should have received a copy of the GNU General Public License
	-# along with Scute; if not, write to the Free Software Foundation,
	-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	+# Lesser General Public License for more details.
	#
	-# In addition, as a special exception, g10 Code GmbH gives permission
	-# to link this library: with the Mozilla Foundation's code for
	-# Mozilla (or with modified versions of it that use the same license
	-# as the "Mozilla" code), and distribute the linked executables. You
	-# must obey the GNU General Public License in all respects for all of
	-# the code used other than "Mozilla". If you modify this file, you
	-# may extend this exception to your version of the file, but you are
	-# not obligated to do so. If you do not wish to do so, delete this
	-# exception statement from your version.
	+# You should have received a copy of the GNU Lesser General Public
	+# License along with this program; if not, see <https://gnu.org/licenses/>.
	+# SPDX-License-Identifier: LGPL-2.1-or-later

	## Process this file with automake to produce Makefile.in

	noinst_HEADERS = t-support.h
	TESTS = t-link t-getfunctionlist t-initialize t-getinfo t-getslotlist \
	t-getslotinfo t-gettokeninfo t-getmechanismlist t-getmechanisminfo \
	t-opensession t-closeallsessions t-getsessioninfo \
	t-findobjects t-getattribute t-auth t-generaterandom

	noinst_PROGRAMS = $(TESTS)

	EXTRA_DIST = clean-socketdir

	TESTS_ENVIRONMENT = GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C

	AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
	LDADD = ../src/scute.la

	clean-local:
	$(TESTS_ENVIRONMENT) $(srcdir)/clean-socketdir
	diff --git a/tests/t-auth.c b/tests/t-auth.c
	index ba69ccd..3ac60ad 100644
	--- a/tests/t-auth.c
	+++ b/tests/t-auth.c
	@@ -1,160 +1,151 @@
	/* t-auth.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"

	CK_RV
	dump_one (unsigned char *data, int size)
	{
	bool some;
	int i;

	some = false;
	for (i = 0; i < size; i++)
	{
	if (some == false)
	{
	printf (" ");
	some = true;
	}
	printf ("%02x", data[i]);
	if (((i + 1) % 32) == 0)
	{
	printf ("\n");
	some = false;
	}
	}
	if (some)
	printf ("\n");

	return 0;
	}


	CK_RV
	sign_with_object (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
	{
	CK_RV err;
	CK_MECHANISM mechanism = { CKM_RSA_PKCS, NULL_PTR, 0 };
	CK_BYTE data[36] = "01234567890123456789012345678901234";
	CK_BYTE sig[256];
	CK_ULONG sig_len = sizeof (sig);

	err = C_SignInit (session, &mechanism, object);
	if (err)
	return err;

	err = C_Sign (session, data, sizeof (data), sig, &sig_len);
	if (err)
	return err;

	printf (" Sign Result: Length %lu\n", sig_len);
	err = dump_one (sig, sig_len);
	if (err)
	return err;

	return 0;
	}


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_SESSION_HANDLE session;
	CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
	CK_ATTRIBUTE attr[] = { { CKA_CLASS, &obj_class, sizeof (obj_class) } };
	CK_OBJECT_HANDLE object;
	CK_ULONG count;

	printf ("%2i. Slot ID %lu\n", i, slots[i]);
	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&session);
	fail_if_err (err);

	printf (" Session ID: %lu\n", session);

	err = C_FindObjectsInit (session, attr, DIM (attr));
	fail_if_err (err);

	do
	{
	err = C_FindObjects (session, &object, 1, &count);
	fail_if_err (err);

	if (count)
	{
	printf (" Object Handle: %lu\n", object);

	err = sign_with_object (session, object);
	fail_if_err (err);
	}
	}
	while (count);

	err = C_FindObjectsFinal (session);
	fail_if_err (err);

	err = C_CloseSession (session);
	fail_if_err (err);
	}

	return 0;
	}
	diff --git a/tests/t-closeallsessions.c b/tests/t-closeallsessions.c
	index 69d8b53..f118590 100644
	--- a/tests/t-closeallsessions.c
	+++ b/tests/t-closeallsessions.c
	@@ -1,94 +1,85 @@
	/* t-closeallsessions.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_SESSION_HANDLE_PTR sessions;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	sessions = malloc (sizeof (CK_SESSION_HANDLE) * slots_count * 2);
	if (!sessions)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	printf ("%2i. Slot ID %lu\n", i, slots[i]);
	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&sessions[2 * i]);
	fail_if_err (err);

	printf (" Session ID 1: %lu\n", sessions[2 * i]);

	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&sessions[2 * i + 1]);
	fail_if_err (err);

	printf (" Session ID 2: %lu\n", sessions[2 * i + 1]);
	}

	for (i = 0; i < slots_count; i++)
	{
	err = C_CloseAllSessions (slots[i]);
	fail_if_err (err);
	}

	return 0;
	}
	diff --git a/tests/t-findobjects.c b/tests/t-findobjects.c
	index fc0cd24..f0e02b5 100644
	--- a/tests/t-findobjects.c
	+++ b/tests/t-findobjects.c
	@@ -1,119 +1,110 @@
	/* t-findobjects.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_SESSION_HANDLE session;
	CK_OBJECT_HANDLE object;
	CK_ULONG count;
	CK_BBOOL cert_token = CK_TRUE;
	CK_OBJECT_CLASS cert_class = CKO_CERTIFICATE;
	CK_ATTRIBUTE attr[]
	= { { CKA_TOKEN, &cert_token, sizeof (cert_token) },
	{ CKA_CLASS, &cert_class, sizeof (cert_class) } };
	-
	+
	printf ("%2i. Slot ID %lu\n", i, slots[i]);
	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&session);
	fail_if_err (err);
	-
	+
	printf (" Session ID: %lu\n", session);

	err = C_FindObjectsInit (session, NULL, 0);
	fail_if_err (err);

	do
	{
	err = C_FindObjects (session, &object, 1, &count);
	fail_if_err (err);

	if (count)
	printf (" Object Handle: %lu\n", object);
	}
	while (count);

	printf (" Template Search: Token, Class\n");
	err = C_FindObjectsInit (session, attr, DIM (attr));
	fail_if_err (err);

	do
	{
	err = C_FindObjects (session, &object, 1, &count);
	fail_if_err (err);

	if (count)
	printf (" Object Handle: %lu\n", object);
	}
	while (count);

	err = C_FindObjectsFinal (session);
	fail_if_err (err);

	err = C_CloseSession (session);
	fail_if_err (err);
	}

	return 0;
	}
	diff --git a/tests/t-generaterandom.c b/tests/t-generaterandom.c
	index 675138d..425cc7e 100644
	--- a/tests/t-generaterandom.c
	+++ b/tests/t-generaterandom.c
	@@ -1,105 +1,96 @@
	/* t-generaterandom.c - Regression test.
	- Copyright (C) 2016 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2016 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_TOKEN_INFO info;

	printf ("%2i. Slot ID %lu\n", i, slots[i]);

	err = C_GetTokenInfo (slots[i], &info);
	fail_if_err (err);

	if ((info.flags & CKF_RNG) > 0)
	{
	CK_SESSION_HANDLE session;
	unsigned char buffer[16];
	unsigned int j;

	printf(" RNG available\n");

	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&session);
	fail_if_err (err);

	printf (" Session ID: %lu\n", session);

	err = C_GenerateRandom (session, buffer, sizeof(buffer));
	fail_if_err (err);

	printf (" Random bytes: 0x");
	for (j = 0; j < sizeof(buffer); j++)
	printf ("%02x", buffer[j]);
	printf ("\n");

	err = C_CloseSession (session);
	fail_if_err (err);
	}
	else
	printf (" No RNG available on token\n");
	}

	return 0;
	}
	diff --git a/tests/t-getattribute.c b/tests/t-getattribute.c
	index 982aaae..a451460 100644
	--- a/tests/t-getattribute.c
	+++ b/tests/t-getattribute.c
	@@ -1,627 +1,618 @@
	/* t-getattribute.c - Regression test.
	- Copyright (C) 2006, 2007 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2007 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>
	#include <string.h>
	#include <ctype.h>

	#include "t-support.h"

	/* If printable characters should be output "as-is". */
	bool printable;

	CK_RV
	dump_one (CK_ATTRIBUTE_PTR attr, unsigned char *data, unsigned int max_size)
	{
	unsigned int i;
	int col;

	if (attr->ulValueLen > max_size)
	return CKR_GENERAL_ERROR;

	col = 0;
	for (i = 0; i < attr->ulValueLen; i++)
	{
	if (col == 0)
	printf (" ");

	if (printable)
	{
	if (isprint (data[i]))
	{
	printf ("%c", data[i]);
	col++;
	}
	else
	{
	printf ("\\x%02x", data[i]);
	col += 4;
	}
	}
	else
	{
	printf ("%02x", data[i]);
	col += 2;
	}

	if (col >= 64)
	{
	printf ("\n");
	col = 0;
	}
	}
	if (col)
	printf ("\n");

	return 0;
	}


	CK_RV
	dump_one_string (CK_ATTRIBUTE_PTR attr,
	unsigned char *data, unsigned int max_size)
	{
	unsigned int i;
	int blanks = 0;

	if (attr->ulValueLen > max_size)
	{
	putc ('\n', stdout);
	return CKR_GENERAL_ERROR;
	}
	for (i = 0; i < attr->ulValueLen; i++)
	{
	if (data[i] == ' ')
	{
	blanks++;
	continue;
	}
	for (; blanks; blanks--)
	putc (' ', stdout);
	putc (data[i], stdout);
	}
	putc ('\n', stdout);

	return 0;
	}


	CK_RV
	dump_object (CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
	{
	CK_RV err;
	CK_OBJECT_CLASS obj_class;
	CK_ATTRIBUTE attr_class = { CKA_CLASS, &obj_class, sizeof (obj_class) };

	err = C_GetAttributeValue (session, object, &attr_class, 1);
	if (err)
	return err;

	printf (" Object Class: %lu = ", obj_class);
	switch (obj_class)
	{
	#define MAX_CERT_LEN 4096
	case CKO_CERTIFICATE:
	{
	CK_CERTIFICATE_TYPE cert_type;
	CK_BBOOL cert_token;
	CK_BBOOL cert_private;
	CK_BBOOL cert_modifiable;
	CK_BYTE cert_label[MAX_CERT_LEN];
	CK_BBOOL cert_trusted;
	CK_ULONG cert_cc;
	CK_BYTE cert_check[3];
	CK_DATE cert_sdate;
	CK_DATE cert_edate;
	CK_BYTE cert_subject[MAX_CERT_LEN];
	CK_BYTE cert_id[MAX_CERT_LEN];
	CK_BYTE cert_issuer[MAX_CERT_LEN];
	CK_BYTE cert_serial[MAX_CERT_LEN];
	CK_BYTE cert_value[MAX_CERT_LEN];
	CK_ULONG cert_jm;

	/* Note that the order is encoded below in the various length
	checks. */
	CK_ATTRIBUTE cert_attr[]
	= { { CKA_CERTIFICATE_TYPE, &cert_type, sizeof (cert_type) },
	{ CKA_TOKEN, &cert_token, sizeof (cert_token) },
	{ CKA_PRIVATE, &cert_private, sizeof (cert_private) },
	{ CKA_MODIFIABLE, &cert_modifiable, sizeof (cert_modifiable) },
	{ CKA_LABEL, &cert_label, sizeof (cert_label) },
	{ CKA_TRUSTED, &cert_trusted, sizeof (cert_trusted) },
	{ CKA_CERTIFICATE_CATEGORY, &cert_cc, sizeof (cert_cc) },
	{ CKA_CHECK_VALUE, &cert_check, sizeof (cert_check) },
	{ CKA_START_DATE, &cert_sdate, sizeof (cert_sdate) },
	{ CKA_END_DATE, &cert_edate, sizeof (cert_edate) },
	{ CKA_SUBJECT, &cert_subject, sizeof (cert_subject) },
	{ CKA_ID, &cert_id, sizeof (cert_id) },
	{ CKA_ISSUER, &cert_issuer, sizeof (cert_issuer) },
	{ CKA_SERIAL_NUMBER, &cert_serial, sizeof (cert_serial) },
	{ CKA_VALUE, cert_value, sizeof (cert_value) },
	{ CKA_URL, NULL, 0 },
	{ CKA_HASH_OF_SUBJECT_PUBLIC_KEY, NULL, 0 },
	{ CKA_HASH_OF_ISSUER_PUBLIC_KEY, NULL, 0 },
	{ CKA_JAVA_MIDP_SECURITY_DOMAIN, &cert_jm, sizeof (cert_jm) } };

	printf ("CKO_CERTIFICATE\n");

	err = C_GetAttributeValue (session, object,
	cert_attr, DIM (cert_attr));
	if (err)
	return err;

	fail_if_err ((cert_attr[0].ulValueLen != sizeof (cert_type)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Type: %lu = ", cert_type);
	switch (cert_type)
	{
	case CKC_X_509:
	printf ("CKC_X_509");
	break;

	case CKC_WTLS:
	printf ("CKC_WTLS");
	break;

	case CKC_X_509_ATTR_CERT:
	printf ("CKC_X_509_ATTR_CERT");
	break;

	default:
	printf ("(unknown");
	break;
	}
	printf ("\n");

	fail_if_err ((cert_attr[1].ulValueLen != sizeof (cert_token)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Token: %s\n",
	cert_token ? "true" : "false");

	fail_if_err ((cert_attr[2].ulValueLen != sizeof (cert_private)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Private: %s\n",
	cert_private ? "true" : "false");

	fail_if_err ((cert_attr[3].ulValueLen != sizeof (cert_modifiable)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Modifiable: %s\n",
	cert_modifiable ? "true" : "false");

	printf (" Certificate Label: ");
	err = dump_one_string (&cert_attr[4], cert_label, sizeof (cert_label));
	fail_if_err (err);

	fail_if_err ((cert_attr[5].ulValueLen != sizeof (cert_trusted)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Trusted: %s\n",
	cert_trusted ? "true" : "false");

	fail_if_err ((cert_attr[6].ulValueLen != sizeof (cert_cc)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Category: %lu = ", cert_cc);
	switch (cert_cc)
	{
	case 0:
	printf ("unspecified");
	break;

	case 1:
	printf ("token user");
	break;

	case 2:
	printf ("authority");
	break;

	case 3:
	printf ("other entity");
	break;

	default:
	printf ("(unknown)");
	break;
	}
	printf ("\n");

	fail_if_err ((cert_attr[7].ulValueLen != sizeof (cert_check)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Check Value: %02x%02x%02x\n",
	cert_check[0], cert_check[1], cert_check[2]);

	if (cert_attr[8].ulValueLen && cert_attr[9].ulValueLen)
	{
	fail_if_err ((cert_attr[8].ulValueLen != sizeof (cert_sdate)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Start Date: %.4s/%.2s/%.2s\n",
	cert_sdate.year, cert_sdate.month, cert_sdate.day);

	fail_if_err ((cert_attr[9].ulValueLen != sizeof (cert_edate)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate End Date: %.4s/%.2s/%.2s\n",
	cert_edate.year, cert_edate.month, cert_edate.day);
	}

	printf (" Certificate Subject: Length %lu\n",
	cert_attr[10].ulValueLen);
	err = dump_one (&cert_attr[10], cert_subject, sizeof (cert_subject));
	fail_if_err (err);

	printf (" Certificate ID: ");
	err = dump_one_string (&cert_attr[11], cert_id, sizeof (cert_id));
	fail_if_err (err);

	printf (" Certificate Issuer: Length %lu\n",
	cert_attr[12].ulValueLen);
	err = dump_one (&cert_attr[12], cert_issuer, sizeof (cert_issuer));
	fail_if_err (err);

	printf (" Certificate Serial Number: Length %lu\n",
	cert_attr[13].ulValueLen);
	err = dump_one (&cert_attr[13], cert_serial, sizeof (cert_serial));
	fail_if_err (err);

	printf (" Certificate Value: Length %lu\n",
	cert_attr[14].ulValueLen);
	err = dump_one (&cert_attr[14], cert_value, sizeof (cert_value));
	fail_if_err (err);

	fail_if_err ((cert_attr[15].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);
	fail_if_err ((cert_attr[16].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);
	fail_if_err ((cert_attr[17].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);

	fail_if_err ((cert_attr[18].ulValueLen != sizeof (cert_jm)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Certificate Java MIDP Security Domain: %lu = ", cert_jm);
	switch (cert_jm)
	{
	case 0:
	printf ("unspecified");
	break;

	case 1:
	printf ("manufacturer");
	break;

	case 2:
	printf ("operator");
	break;

	case 3:
	printf ("third party");
	break;

	default:
	printf ("(unknown)");
	break;
	}
	printf ("\n");
	}
	break;

	case CKO_PRIVATE_KEY:
	{
	CK_KEY_TYPE key_type;
	CK_BBOOL key_token;
	CK_BBOOL key_private;
	CK_BBOOL key_modifiable;
	CK_BYTE key_label[MAX_CERT_LEN];
	CK_BYTE key_id[MAX_CERT_LEN];
	CK_DATE key_sdate;
	CK_DATE key_edate;
	CK_BBOOL key_derive;
	CK_BBOOL key_local;
	CK_MECHANISM_TYPE key_gen;
	CK_MECHANISM_TYPE key_mechanisms[1]; /* FIXME, hard-coded constant. */
	CK_BYTE key_subject[MAX_CERT_LEN];
	CK_BBOOL key_sensitive;
	CK_BBOOL key_decrypt;
	CK_BBOOL key_sign;
	CK_BBOOL key_sign_recover;
	CK_BBOOL key_unwrap;
	CK_BBOOL key_extractable;
	CK_BBOOL key_always_sensitive;
	CK_BBOOL key_never_extractable;
	CK_BBOOL key_wrap_with_trusted;
	CK_BBOOL key_always_authenticate;
	CK_BYTE key_modulus[MAX_CERT_LEN];
	CK_BYTE key_public_exp[MAX_CERT_LEN];

	/* Note that the order is encoded below in the various length
	checks. */
	CK_ATTRIBUTE key_attr[]
	= { { CKA_KEY_TYPE, &key_type, sizeof (key_type) },
	{ CKA_TOKEN, &key_token, sizeof (key_token) },
	{ CKA_PRIVATE, &key_private, sizeof (key_private) },
	{ CKA_MODIFIABLE, &key_modifiable, sizeof (key_modifiable) },
	{ CKA_LABEL, &key_label, sizeof (key_label) },
	{ CKA_ID, &key_id, sizeof (key_id) },
	{ CKA_START_DATE, &key_sdate, sizeof (key_sdate) },
	{ CKA_END_DATE, &key_edate, sizeof (key_edate) },
	{ CKA_DERIVE, &key_derive, sizeof (key_derive) },
	{ CKA_LOCAL, &key_local, sizeof (key_local) },
	{ CKA_KEY_GEN_MECHANISM, &key_gen, sizeof (key_gen) },
	{ CKA_ALLOWED_MECHANISMS, &key_mechanisms,
	sizeof (key_mechanisms) },
	{ CKA_SUBJECT, &key_subject, sizeof (key_subject) },
	{ CKA_SENSITIVE, &key_sensitive, sizeof (key_sensitive) },
	{ CKA_DECRYPT, &key_decrypt, sizeof (key_decrypt) },
	{ CKA_SIGN, &key_sign, sizeof (key_sign) },
	{ CKA_SIGN_RECOVER, &key_sign_recover,
	sizeof (key_sign_recover) },
	{ CKA_UNWRAP, &key_unwrap, sizeof (key_unwrap) },
	{ CKA_EXTRACTABLE, &key_extractable, sizeof (key_extractable) },
	{ CKA_ALWAYS_SENSITIVE, &key_always_sensitive,
	sizeof (key_always_sensitive) },
	{ CKA_NEVER_EXTRACTABLE, &key_never_extractable,
	sizeof (key_never_extractable) },
	{ CKA_WRAP_WITH_TRUSTED, &key_wrap_with_trusted,
	sizeof (key_wrap_with_trusted) },
	{ CKA_UNWRAP_TEMPLATE, NULL, 0 },
	{ CKA_ALWAYS_AUTHENTICATE, &key_always_authenticate,
	sizeof (key_always_authenticate) },
	{ CKA_MODULUS, &key_modulus, sizeof (key_modulus) },
	{ CKA_PUBLIC_EXPONENT, &key_public_exp,
	sizeof (key_public_exp) } };

	printf ("CKO_PRIVATE_KEY\n");

	err = C_GetAttributeValue (session, object,
	key_attr, DIM (key_attr));
	if (err)
	return err;

	fail_if_err ((key_attr[0].ulValueLen != sizeof (key_type)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Type: %lu = ", key_type);
	switch (key_type)
	{
	case CKK_RSA:
	printf ("CKK_RSA");
	break;

	case CKK_DSA:
	printf ("CKK_DSA");
	break;

	default:
	printf ("(unknown");
	break;
	}
	printf ("\n");

	fail_if_err ((key_attr[1].ulValueLen != sizeof (key_token)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Token: %s\n",
	key_token ? "true" : "false");

	fail_if_err ((key_attr[2].ulValueLen != sizeof (key_private)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Private: %s\n",
	key_private ? "true" : "false");

	fail_if_err ((key_attr[3].ulValueLen != sizeof (key_modifiable)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Modifiable: %s\n",
	key_modifiable ? "true" : "false");

	printf (" Key Label: ");
	err = dump_one_string (&key_attr[4], key_label, sizeof (key_label));
	fail_if_err (err);

	printf (" Key ID: ");
	err = dump_one_string (&key_attr[5], key_id, sizeof (key_id));
	fail_if_err (err);

	if (key_attr[6].ulValueLen && key_attr[7].ulValueLen)
	{
	fail_if_err ((key_attr[6].ulValueLen != sizeof (key_sdate)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Start Date: %.4s/%.2s/%.2s\n",
	key_sdate.year, key_sdate.month, key_sdate.day);

	fail_if_err ((key_attr[7].ulValueLen != sizeof (key_edate)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key End Date: %.4s/%.2s/%.2s\n",
	key_edate.year, key_edate.month, key_edate.day);
	}

	fail_if_err ((key_attr[8].ulValueLen != sizeof (key_derive)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Derive: %s\n",
	key_derive ? "true" : "false");

	fail_if_err ((key_attr[9].ulValueLen != sizeof (key_local)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Local: %s\n",
	key_local ? "true" : "false");

	fail_if_err ((key_attr[10].ulValueLen != sizeof (key_gen)) ?
	CKR_GENERAL_ERROR : 0);
	/* FIXME: Print Mechanism. */
	printf (" Key Gen Mechanism: %lu\n", key_gen);

	/* FIXME: Print supported mechanisms. 11 */

	printf (" Key Subject: Length %lu\n",
	key_attr[12].ulValueLen);
	err = dump_one (&key_attr[12], key_subject, sizeof (key_subject));
	fail_if_err (err);

	fail_if_err ((key_attr[13].ulValueLen != sizeof (key_sensitive)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Sensitive: %s\n",
	key_sensitive ? "true" : "false");

	fail_if_err ((key_attr[14].ulValueLen != sizeof (key_decrypt)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Decrypt: %s\n",
	key_decrypt ? "true" : "false");

	fail_if_err ((key_attr[15].ulValueLen != sizeof (key_sign)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Sign: %s\n",
	key_sign ? "true" : "false");

	fail_if_err ((key_attr[16].ulValueLen != sizeof (key_sign_recover)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Sign Recover: %s\n",
	key_sign_recover ? "true" : "false");

	fail_if_err ((key_attr[17].ulValueLen != sizeof (key_unwrap)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Unwrap: %s\n",
	key_unwrap ? "true" : "false");

	fail_if_err ((key_attr[18].ulValueLen != sizeof (key_extractable)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Extractable: %s\n",
	key_extractable ? "true" : "false");

	fail_if_err ((key_attr[19].ulValueLen
	!= sizeof (key_always_sensitive)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Always Sensitive: %s\n",
	key_always_sensitive ? "true" : "false");

	fail_if_err ((key_attr[20].ulValueLen
	!= sizeof (key_never_extractable)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Never Extractable: %s\n",
	key_never_extractable ? "true" : "false");

	fail_if_err ((key_attr[21].ulValueLen
	!= sizeof (key_wrap_with_trusted)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Wrap With Trusted: %s\n",
	key_wrap_with_trusted ? "true" : "false");

	fail_if_err ((key_attr[22].ulValueLen != 0) ? CKR_GENERAL_ERROR : 0);

	fail_if_err ((key_attr[23].ulValueLen
	!= sizeof (key_always_authenticate)) ?
	CKR_GENERAL_ERROR : 0);
	printf (" Key Always Authenticate: %s\n",
	key_always_authenticate ? "true" : "false");

	printf (" Key Modulus: Length %lu\n",
	key_attr[24].ulValueLen);
	err = dump_one (&key_attr[24], key_modulus, sizeof (key_modulus));
	fail_if_err (err);

	printf (" Key Subject: Length %lu\n",
	key_attr[25].ulValueLen);
	err = dump_one (&key_attr[25], key_public_exp,
	sizeof (key_public_exp));
	fail_if_err (err);
	}
	break;

	default:
	printf ("(unknown)\n");
	}

	return 0;
	}


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	if (argc > 1 && !strcmp ("--printable", argv[1]))
	printable = true;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_SESSION_HANDLE session;
	CK_OBJECT_HANDLE object;
	CK_ULONG count;

	printf ("%2i. Slot ID %lu\n", i, slots[i]);
	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&session);
	fail_if_err (err);

	printf (" Session ID: %lu\n", session);

	err = C_FindObjectsInit (session, NULL, 0);
	fail_if_err (err);

	do
	{
	err = C_FindObjects (session, &object, 1, &count);
	fail_if_err (err);

	if (count)
	{
	printf (" Object Handle: %lu\n", object);

	err = dump_object (session, object);
	fail_if_err (err);
	}
	}
	while (count);

	err = C_FindObjectsFinal (session);
	fail_if_err (err);

	err = C_CloseSession (session);
	fail_if_err (err);
	}

	return 0;
	}
	diff --git a/tests/t-getfunctionlist.c b/tests/t-getfunctionlist.c
	index 702ed29..25a121a 100644
	--- a/tests/t-getfunctionlist.c
	+++ b/tests/t-getfunctionlist.c
	@@ -1,129 +1,120 @@
	/* t-getfunctionlist.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"

	bool mismatch = false;
	CK_FUNCTION_LIST_PTR fl;

	#define DO_ONE(fnc) printf (#fnc ": %p %c= %p \n", fnc, \
	fl->fnc == fnc ? '=' : (mismatch = true, '!'), fl->fnc)

	int
	main (int argc, char *argv[])
	{
	CK_RV err;

	(void) argc;
	(void) argv;

	/* This is the only function that can be called without
	initialization. */
	err = C_GetFunctionList (&fl);
	fail_if_err (err);

	/* Check for each function if the member in the function list is
	identical to the exported symbol. */
	DO_ONE (C_CancelFunction);
	DO_ONE (C_CloseAllSessions);
	DO_ONE (C_CloseSession);
	DO_ONE (C_CopyObject);
	DO_ONE (C_CreateObject);
	DO_ONE (C_Decrypt);
	DO_ONE (C_DecryptDigestUpdate);
	DO_ONE (C_DecryptFinal);
	DO_ONE (C_DecryptInit);
	DO_ONE (C_DecryptUpdate);
	DO_ONE (C_DecryptVerifyUpdate);
	DO_ONE (C_DeriveKey);
	DO_ONE (C_DestroyObject);
	DO_ONE (C_Digest);
	DO_ONE (C_DigestEncryptUpdate);
	DO_ONE (C_DigestFinal);
	DO_ONE (C_DigestInit);
	DO_ONE (C_DigestKey);
	DO_ONE (C_DigestUpdate);
	DO_ONE (C_Encrypt);
	DO_ONE (C_EncryptFinal);
	DO_ONE (C_EncryptInit);
	DO_ONE (C_EncryptUpdate);
	DO_ONE (C_Finalize);
	DO_ONE (C_FindObjects);
	DO_ONE (C_FindObjectsFinal);
	DO_ONE (C_FindObjectsInit);
	DO_ONE (C_GenerateKey);
	DO_ONE (C_GenerateKeyPair);
	DO_ONE (C_GenerateRandom);
	DO_ONE (C_GetAttributeValue);
	DO_ONE (C_GetFunctionList);
	DO_ONE (C_GetFunctionStatus);
	DO_ONE (C_GetInfo);
	DO_ONE (C_GetMechanismInfo);
	DO_ONE (C_GetMechanismList);
	DO_ONE (C_GetObjectSize);
	DO_ONE (C_GetOperationState);
	DO_ONE (C_GetSessionInfo);
	DO_ONE (C_GetSlotInfo);
	DO_ONE (C_GetSlotList);
	DO_ONE (C_GetTokenInfo);
	DO_ONE (C_InitPIN);
	DO_ONE (C_InitToken);
	DO_ONE (C_Initialize);
	DO_ONE (C_Login);
	DO_ONE (C_Logout);
	DO_ONE (C_OpenSession);
	DO_ONE (C_SeedRandom);
	DO_ONE (C_SetAttributeValue);
	DO_ONE (C_SetOperationState);
	DO_ONE (C_SetPIN);
	DO_ONE (C_Sign);
	DO_ONE (C_SignEncryptUpdate);
	DO_ONE (C_SignFinal);
	DO_ONE (C_SignInit);
	DO_ONE (C_SignRecover);
	DO_ONE (C_SignRecoverInit);
	DO_ONE (C_SignUpdate);
	DO_ONE (C_UnwrapKey);
	DO_ONE (C_Verify);
	DO_ONE (C_VerifyFinal);
	DO_ONE (C_VerifyInit);
	DO_ONE (C_VerifyRecover);
	DO_ONE (C_VerifyRecoverInit);
	DO_ONE (C_VerifyUpdate);
	DO_ONE (C_WaitForSlotEvent);
	DO_ONE (C_WrapKey);

	if (mismatch)
	fail ("Some members of the function list do not match symbol value");

	return 0;
	}
	diff --git a/tests/t-getinfo.c b/tests/t-getinfo.c
	index f246254..7e23158 100644
	--- a/tests/t-getinfo.c
	+++ b/tests/t-getinfo.c
	@@ -1,66 +1,57 @@
	/* t-getinfo.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"

	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_INFO info;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetInfo (&info);
	fail_if_err (err);

	printf ("Cryptoki version: %i.%i\n", info.cryptokiVersion.major,
	info.cryptokiVersion.minor);
	if (info.cryptokiVersion.major != 2)
	fail ("Cryptoki major version is not 2");
	if (info.cryptokiVersion.minor != 20)
	fail ("Cryptoki minor version is not 20");

	printf ("Manufacturer ID: %.32s\n", info.manufacturerID);
	printf ("Flags: %#lx\n", info.flags);
	if (info.flags != 0)
	fail ("Flags is not 0");

	printf ("Library description: %.32s\n", info.libraryDescription);
	printf ("Library version: %i.%i\n", info.libraryVersion.major,
	info.libraryVersion.minor);

	return 0;
	}
	diff --git a/tests/t-getmechanisminfo.c b/tests/t-getmechanisminfo.c
	index b384b56..efcf4e7 100644
	--- a/tests/t-getmechanisminfo.c
	+++ b/tests/t-getmechanisminfo.c
	@@ -1,136 +1,127 @@
	/* t-getmechanismlist.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_MECHANISM_TYPE_PTR mechanisms;
	CK_ULONG mechanisms_count;
	unsigned int j;

	printf ("%2i. Slot ID %lu\n", i, slots[i]);

	err = C_GetMechanismList (slots[i], NULL, &mechanisms_count);
	fail_if_err (err);

	printf (" Mechanisms: %lu\n", mechanisms_count);
	mechanisms = malloc (sizeof (CK_MECHANISM_TYPE) * mechanisms_count);
	if (!mechanisms)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetMechanismList (slots[i], mechanisms, &mechanisms_count);
	fail_if_err (err);

	for (j = 0; j < mechanisms_count; j++)
	{
	CK_MECHANISM_INFO info;

	printf (" %2i. %s\n", j, mechanism_type_str (mechanisms[j]));

	err = C_GetMechanismInfo (slots[i], mechanisms[j], &info);
	fail_if_err (err);

	printf (" Minimum key size: %lu\n", info.ulMinKeySize);
	printf (" Maximum key size: %lu\n", info.ulMaxKeySize);
	printf (" Flags: %#lx", info.flags);

	if (info.flags)
	{
	bool any = false;
	CK_FLAGS xflags = 0;

	printf (" == ");
	#define DO_FLAG(sym) \
	if (info.flags & sym) \
	{ \
	printf ("%s" #sym, any ? " \| " : ""); \
	any = true; \
	xflags \|= sym; \
	}
	DO_FLAG (CKF_HW);
	DO_FLAG (CKF_ENCRYPT);
	DO_FLAG (CKF_DECRYPT);
	DO_FLAG (CKF_DIGEST);
	DO_FLAG (CKF_SIGN);
	DO_FLAG (CKF_SIGN_RECOVER);
	DO_FLAG (CKF_VERIFY);
	DO_FLAG (CKF_VERIFY_RECOVER);
	DO_FLAG (CKF_GENERATE);
	DO_FLAG (CKF_GENERATE_KEY_PAIR);
	DO_FLAG (CKF_WRAP);
	DO_FLAG (CKF_UNWRAP);
	DO_FLAG (CKF_DERIVE);
	DO_FLAG (CKF_EXTENSION);

	xflags = info.flags & ~xflags;
	if (xflags)
	printf ("%s%#lx", any ? " \| " : "", xflags);
	}
	printf ("\n");
	}
	free (mechanisms);
	}

	return 0;
	}
	diff --git a/tests/t-getmechanismlist.c b/tests/t-getmechanismlist.c
	index e3455be..fbb8d31 100644
	--- a/tests/t-getmechanismlist.c
	+++ b/tests/t-getmechanismlist.c
	@@ -1,92 +1,83 @@
	/* t-getmechanismlist.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_MECHANISM_TYPE_PTR mechanisms;
	CK_ULONG mechanisms_count;
	unsigned int j;

	printf ("%2i. Slot ID %lu\n", i, slots[i]);

	err = C_GetMechanismList (slots[i], NULL, &mechanisms_count);
	fail_if_err (err);

	printf (" Mechanisms: %lu\n", mechanisms_count);
	mechanisms = malloc (sizeof (CK_MECHANISM_TYPE) * mechanisms_count);
	if (!mechanisms)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetMechanismList (slots[i], mechanisms, &mechanisms_count);
	fail_if_err (err);

	for (j = 0; j < mechanisms_count; j++)
	printf (" %2i. %s\n", j, mechanism_type_str (mechanisms[j]));

	free (mechanisms);
	}

	return 0;
	}
	diff --git a/tests/t-getsessioninfo.c b/tests/t-getsessioninfo.c
	index 92746e5..5c83ebe 100644
	--- a/tests/t-getsessioninfo.c
	+++ b/tests/t-getsessioninfo.c
	@@ -1,126 +1,117 @@
	/* t-getsessioninfo.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_SESSION_HANDLE_PTR sessions;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	sessions = malloc (sizeof (CK_SESSION_HANDLE) * slots_count);
	if (!sessions)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_SESSION_INFO info;

	printf ("%2i. Slot ID %lu\n", i, slots[i]);
	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&sessions[i]);
	fail_if_err (err);

	printf (" Session ID: %lu\n", sessions[i]);

	err = C_GetSessionInfo (sessions[i], &info);
	fail_if_err (err);

	printf (" Slot ID: %lu\n", info.slotID);
	printf (" State: %s\n", session_state_str (info.state));
	printf (" Flags: %#lx", info.flags);

	if (info.flags)
	{
	bool any = false;
	CK_FLAGS xflags = 0;

	printf (" == ");
	#define DO_FLAG(sym) \
	if (info.flags & sym) \
	{ \
	printf ("%s" #sym, any ? " \| " : ""); \
	any = true; \
	xflags \|= sym; \
	}
	DO_FLAG (CKF_RW_SESSION);
	DO_FLAG (CKF_SERIAL_SESSION);

	xflags = info.flags & ~xflags;
	if (xflags)
	printf ("%s%#lx", any ? " \| " : "", xflags);
	}
	printf ("\n");
	printf (" Device Error: %lu\n", info.ulDeviceError);

	fail_if_err (info.slotID != slots[i] ? CKR_GENERAL_ERROR : 0);
	fail_if_err (info.state != CKS_RO_PUBLIC_SESSION
	? CKR_GENERAL_ERROR : 0);
	fail_if_err (info.flags != CKF_SERIAL_SESSION ? CKR_GENERAL_ERROR : 0);
	fail_if_err (info.ulDeviceError ? CKR_GENERAL_ERROR : 0);
	}

	for (i = 0; i < slots_count; i++)
	{
	err = C_CloseSession (sessions[i]);
	fail_if_err (err);
	}

	return 0;
	}
	diff --git a/tests/t-getslotinfo.c b/tests/t-getslotinfo.c
	index f63ad9a..7633e82 100644
	--- a/tests/t-getslotinfo.c
	+++ b/tests/t-getslotinfo.c
	@@ -1,166 +1,157 @@
	/* t-getslotinfo.c - Regression test.
	- Copyright (C) 2006, 2008 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006, 2008 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <string.h>

	#define PGM "t-getslotinfo"
	#include "t-support.h"



	int
	main (int argc, char *argv[])
	{
	int last_argc = -1;
	CK_RV err;
	int loop = 0;
	int token = 0;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	if (argc)
	{ argc--; argv++; }
	while (argc && last_argc != argc )
	{
	last_argc = argc;
	if (!strcmp (*argv, "--"))
	{
	argc--; argv++;
	break;
	}
	else if (!strcmp (*argv, "--help"))
	{
	fputs ("usage: " PGM " [options]\n"
	"Options:\n"
	" --loop N Run N times with a 2 second delay.\n"
	" --token Only present tokens\n",
	stdout);
	exit (0);
	}
	else if (!strcmp (*argv, "--loop"))
	{
	argc--; argv++;
	if (argc)
	{
	loop = atoi (*argv);
	argc--; argv++;
	}
	}
	else if (!strcmp (*argv, "--token"))
	{
	argc--; argv++;
	token = 1;
	}
	else if (!strncmp (*argv, "--", 2))
	{
	fprintf (stderr, "unknown option '%s'\n", *argv);
	exit (1);
	}
	}

	init_cryptoki ();

	err = C_GetSlotList (token, NULL, &slots_count);
	fail_if_err (err);

	printf ("Number of slots%s: %lu\n", token ? " (with tokens)" : "",
	slots_count);
	if (!slots_count)
	return 0; /* Nothing to do. */

	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (token, slots, &slots_count);
	fail_if_err (err);

	again:
	for (i = 0; i < slots_count; i++)
	{
	CK_SLOT_INFO info;

	err = C_GetSlotInfo (slots[i], &info);
	fail_if_err (err);

	printf ("%2i. Slot ID %lu\n", i, slots[i]);

	printf (" %.64s\n", info.slotDescription);
	printf (" Manufacturer ID: %.32s\n", info.manufacturerID);
	printf (" Flags: %#lx", info.flags);
	if (info.flags)
	{
	int any = 0;
	CK_FLAGS xflags;

	xflags = info.flags & ~(CKF_TOKEN_PRESENT \| CKF_REMOVABLE_DEVICE
	\| CKF_HW_SLOT);
	printf (" == ");
	if (info.flags & CKF_TOKEN_PRESENT)
	{
	printf ("TOKEN_PRESENT");
	any = 1;
	}
	if (info.flags & CKF_REMOVABLE_DEVICE)
	{
	printf ("%sREMOVABLE_DEVICE", any ? " \| " : "");
	any = 1;
	}
	if (info.flags & CKF_HW_SLOT)
	{
	printf ("%sHW_SLOT", any ? " \| " : "");
	any = 1;
	}
	if (xflags)
	printf ("%s%#lx", any ? " \| " : "", xflags);
	}
	printf ("\n");

	printf (" Hardware version: %i.%i\n", info.hardwareVersion.major,
	info.hardwareVersion.minor);
	printf (" Firmware version: %i.%i\n", info.firmwareVersion.major,
	info.firmwareVersion.minor);
	}

	if (loop > 0)
	loop--;
	if (loop)
	{
	#ifdef WIN32
	_sleep (2);
	#else
	sleep (2); /* Why? */
	#endif
	goto again;
	}

	return 0;
	}
	diff --git a/tests/t-getslotlist.c b/tests/t-getslotlist.c
	index 1256b4c..3362b07 100644
	--- a/tests/t-getslotlist.c
	+++ b/tests/t-getslotlist.c
	@@ -1,98 +1,89 @@
	/* t-getslotlist.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <string.h>

	#define PGM "t-getslotlist"
	#include "t-support.h"

	int
	main (int argc, char *argv[])
	{
	int last_argc = -1;
	CK_RV err;
	int token = 0;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	if (argc)
	{ argc--; argv++; }
	while (argc && last_argc != argc )
	{
	last_argc = argc;
	if (!strcmp (*argv, "--"))
	{
	argc--; argv++;
	break;
	}
	else if (!strcmp (*argv, "--help"))
	{
	fputs ("usage: " PGM " [options]\n"
	"Options:\n"
	" --token Only present tokens\n",
	stdout);
	exit (0);
	}
	else if (!strcmp (*argv, "--token"))
	{
	argc--; argv++;
	token = 1;
	}
	else if (!strncmp (*argv, "--", 2))
	{
	fprintf (stderr, "unknown option '%s'\n", *argv);
	exit (1);
	}
	}


	init_cryptoki ();

	err = C_GetSlotList (token, NULL, &slots_count);
	fail_if_err (err);

	printf ("Number of slots%s: %lu\n", token ? " (with tokens)" : "",
	slots_count);
	if (!slots_count)
	return 0;

	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (token, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	printf ("%2i. Slot ID %lu\n", i, slots[i]);

	return 0;
	}
	diff --git a/tests/t-gettokeninfo.c b/tests/t-gettokeninfo.c
	index 444c190..02a4137 100644
	--- a/tests/t-gettokeninfo.c
	+++ b/tests/t-gettokeninfo.c
	@@ -1,146 +1,137 @@
	/* t-gettokeninfo.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"

	int
	main (int argc, char *argv[])
	{
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_ULONG slots_count;
	unsigned int i;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_GetSlotList (true, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);
	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (true, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	CK_TOKEN_INFO info;

	err = C_GetTokenInfo (slots[i], &info);
	fail_if_err (err);

	printf ("%2i. Slot ID %lu\n", i, slots[i]);

	printf (" Label: %.32s\n", info.label);
	printf (" Manufacturer ID: %.32s\n", info.manufacturerID);
	printf (" Model: %.16s\n", info.model);
	printf (" Serial number: %.16s\n", info.serialNumber);
	printf (" Flags: %#lx", info.flags);
	-
	+
	if (info.flags)
	{
	bool any = false;
	CK_FLAGS xflags;

	xflags = info.flags
	& ~(CKF_RNG \| CKF_WRITE_PROTECTED \| CKF_LOGIN_REQUIRED
	\| CKF_USER_PIN_INITIALIZED \| CKF_RESTORE_KEY_NOT_NEEDED
	\| CKF_CLOCK_ON_TOKEN \| CKF_PROTECTED_AUTHENTICATION_PATH
	\| CKF_DUAL_CRYPTO_OPERATIONS \| CKF_TOKEN_INITIALIZED
	\| CKF_SECONDARY_AUTHENTICATION \| CKF_USER_PIN_COUNT_LOW
	\| CKF_USER_PIN_FINAL_TRY \| CKF_USER_PIN_LOCKED
	\| CKF_USER_PIN_TO_BE_CHANGED \| CKF_SO_PIN_COUNT_LOW
	\| CKF_SO_PIN_FINAL_TRY \| CKF_SO_PIN_LOCKED
	\| CKF_SO_PIN_TO_BE_CHANGED);

	printf (" == ");
	#define DO_FLAG(sym) \
	if (info.flags & sym) \
	{ \
	printf ("%s" #sym, any ? " \| " : ""); \
	any = true; \
	}
	DO_FLAG (CKF_RNG);
	DO_FLAG (CKF_WRITE_PROTECTED);
	DO_FLAG (CKF_LOGIN_REQUIRED);
	DO_FLAG (CKF_USER_PIN_INITIALIZED);
	DO_FLAG (CKF_RESTORE_KEY_NOT_NEEDED);
	DO_FLAG (CKF_CLOCK_ON_TOKEN);
	DO_FLAG (CKF_PROTECTED_AUTHENTICATION_PATH);
	DO_FLAG (CKF_DUAL_CRYPTO_OPERATIONS);
	DO_FLAG (CKF_TOKEN_INITIALIZED);
	DO_FLAG (CKF_SECONDARY_AUTHENTICATION);
	DO_FLAG (CKF_USER_PIN_COUNT_LOW);
	DO_FLAG (CKF_USER_PIN_FINAL_TRY);
	DO_FLAG (CKF_USER_PIN_LOCKED);
	DO_FLAG (CKF_USER_PIN_TO_BE_CHANGED);
	DO_FLAG (CKF_SO_PIN_COUNT_LOW);
	DO_FLAG (CKF_SO_PIN_FINAL_TRY);
	DO_FLAG (CKF_SO_PIN_LOCKED);
	DO_FLAG (CKF_SO_PIN_TO_BE_CHANGED);

	if (xflags)
	printf ("%s%#lx", any ? " \| " : "", xflags);
	}
	printf ("\n");

	printf (" Max session count: %li\n", info.ulMaxSessionCount);
	printf (" Session count: %li\n", info.ulSessionCount);
	printf (" Max rw session count: %li\n", info.ulMaxRwSessionCount);
	printf (" Rw session count: %li\n", info.ulRwSessionCount);
	printf (" Max PIN length: %li\n", info.ulMaxPinLen);
	printf (" Min PIN length: %li\n", info.ulMinPinLen);
	printf (" Total public memory: %li\n", info.ulTotalPublicMemory);
	printf (" Free public memory: %li\n", info.ulFreePublicMemory);
	printf (" Total private memory: %li\n", info.ulTotalPrivateMemory);
	printf (" Free private memory: %li\n", info.ulFreePrivateMemory);
	printf (" Hardware version: %i.%i\n", info.hardwareVersion.major,
	info.hardwareVersion.minor);
	printf (" Firmware version: %i.%i\n", info.firmwareVersion.major,
	info.firmwareVersion.minor);

	printf (" UTC time: %.16s\n", info.utcTime);
	}

	return 0;
	}
	diff --git a/tests/t-initialize.c b/tests/t-initialize.c
	index a8a6c7b..0278f05 100644
	--- a/tests/t-initialize.c
	+++ b/tests/t-initialize.c
	@@ -1,49 +1,40 @@
	/* t-initialize.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <stdbool.h>

	#include "t-support.h"

	int
	main (int argc, char *argv[])
	{
	CK_RV err;

	(void) argc;
	(void) argv;

	init_cryptoki ();

	err = C_Finalize (NULL);
	fail_if_err (err);

	return 0;
	}
	diff --git a/tests/t-link.c b/tests/t-link.c
	index 4bac096..87a4c20 100644
	--- a/tests/t-link.c
	+++ b/tests/t-link.c
	@@ -1,114 +1,105 @@
	/* t-link.c - Simple linking regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>

	#include "t-support.h"

	#define DO_ONE(fnc) printf (#fnc ": %p\n", fnc)

	int
	main (int argc, char *argv[])
	{
	(void) argc;
	(void) argv;

	/* We don't do anything useful. We just print a list of function
	pointers to avoid elimination of dead code. */
	DO_ONE (C_CancelFunction);
	DO_ONE (C_CloseAllSessions);
	DO_ONE (C_CloseSession);
	DO_ONE (C_CopyObject);
	DO_ONE (C_CreateObject);
	DO_ONE (C_Decrypt);
	DO_ONE (C_DecryptDigestUpdate);
	DO_ONE (C_DecryptFinal);
	DO_ONE (C_DecryptInit);
	DO_ONE (C_DecryptUpdate);
	DO_ONE (C_DecryptVerifyUpdate);
	DO_ONE (C_DeriveKey);
	DO_ONE (C_DestroyObject);
	DO_ONE (C_Digest);
	DO_ONE (C_DigestEncryptUpdate);
	DO_ONE (C_DigestFinal);
	DO_ONE (C_DigestInit);
	DO_ONE (C_DigestKey);
	DO_ONE (C_DigestUpdate);
	DO_ONE (C_Encrypt);
	DO_ONE (C_EncryptFinal);
	DO_ONE (C_EncryptInit);
	DO_ONE (C_EncryptUpdate);
	DO_ONE (C_Finalize);
	DO_ONE (C_FindObjects);
	DO_ONE (C_FindObjectsFinal);
	DO_ONE (C_FindObjectsInit);
	DO_ONE (C_GenerateKey);
	DO_ONE (C_GenerateKeyPair);
	DO_ONE (C_GenerateRandom);
	DO_ONE (C_GetAttributeValue);
	DO_ONE (C_GetFunctionList);
	DO_ONE (C_GetFunctionStatus);
	DO_ONE (C_GetInfo);
	DO_ONE (C_GetMechanismInfo);
	DO_ONE (C_GetMechanismList);
	DO_ONE (C_GetObjectSize);
	DO_ONE (C_GetOperationState);
	DO_ONE (C_GetSessionInfo);
	DO_ONE (C_GetSlotInfo);
	DO_ONE (C_GetSlotList);
	DO_ONE (C_GetTokenInfo);
	DO_ONE (C_InitPIN);
	DO_ONE (C_InitToken);
	DO_ONE (C_Initialize);
	DO_ONE (C_Login);
	DO_ONE (C_Logout);
	DO_ONE (C_OpenSession);
	DO_ONE (C_SeedRandom);
	DO_ONE (C_SetAttributeValue);
	DO_ONE (C_SetOperationState);
	DO_ONE (C_SetPIN);
	DO_ONE (C_Sign);
	DO_ONE (C_SignEncryptUpdate);
	DO_ONE (C_SignFinal);
	DO_ONE (C_SignInit);
	DO_ONE (C_SignRecover);
	DO_ONE (C_SignRecoverInit);
	DO_ONE (C_SignUpdate);
	DO_ONE (C_UnwrapKey);
	DO_ONE (C_Verify);
	DO_ONE (C_VerifyFinal);
	DO_ONE (C_VerifyInit);
	DO_ONE (C_VerifyRecover);
	DO_ONE (C_VerifyRecoverInit);
	DO_ONE (C_VerifyUpdate);
	DO_ONE (C_WaitForSlotEvent);
	DO_ONE (C_WrapKey);

	return 0;
	}
	diff --git a/tests/t-opensession.c b/tests/t-opensession.c
	index 9258c8b..ac85669 100644
	--- a/tests/t-opensession.c
	+++ b/tests/t-opensession.c
	@@ -1,112 +1,103 @@
	/* t-opensession.c - Regression test.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <stdio.h>
	#include <string.h>

	#define PGM "t-opensession"
	#include "t-support.h"


	int
	main (int argc, char *argv[])
	{
	int last_argc = -1;
	CK_RV err;
	CK_SLOT_ID_PTR slots;
	CK_SESSION_HANDLE_PTR sessions;
	CK_ULONG slots_count;
	unsigned int i;

	if (argc)
	{ argc--; argv++; }
	while (argc && last_argc != argc )
	{
	last_argc = argc;
	if (!strcmp (*argv, "--"))
	{
	argc--; argv++;
	break;
	}
	else if (!strcmp (*argv, "--help"))
	{
	fputs ("usage: " PGM " [options]\n"
	"No Options\n",
	stdout);
	exit (0);
	}
	else if (!strncmp (*argv, "--", 2))
	{
	fprintf (stderr, "unknown option '%s'\n", *argv);
	exit (1);
	}
	}

	init_cryptoki ();

	err = C_GetSlotList (1, NULL, &slots_count);
	fail_if_err (err);

	if (slots_count == 0)
	{
	printf ("Skipping test because no token is present.\n");
	return 77;
	}

	printf ("Number of slots with tokens: %lu\n", slots_count);

	slots = malloc (sizeof (CK_SLOT_ID) * slots_count);
	if (!slots)
	fail_if_err (CKR_HOST_MEMORY);

	sessions = malloc (sizeof (CK_SESSION_HANDLE) * slots_count);
	if (!sessions)
	fail_if_err (CKR_HOST_MEMORY);

	err = C_GetSlotList (1, slots, &slots_count);
	fail_if_err (err);

	for (i = 0; i < slots_count; i++)
	{
	printf ("%2i. Slot ID %lu\n", i, slots[i]);
	err = C_OpenSession (slots[i], CKF_SERIAL_SESSION, NULL, NULL,
	&sessions[i]);
	fail_if_err (err);

	printf (" Session ID: %lu\n", sessions[i]);
	}

	for (i = 0; i < slots_count; i++)
	{
	err = C_CloseSession (sessions[i]);
	fail_if_err (err);
	}

	return 0;
	}
	diff --git a/tests/t-support.h b/tests/t-support.h
	index 7ae1da7..9657e4e 100644
	--- a/tests/t-support.h
	+++ b/tests/t-support.h
	@@ -1,281 +1,272 @@
	/* t-support.h - Helper routines for regression tests.
	- Copyright (C) 2006 g10 Code GmbH
	-
	- This file is part of Scute.
	-
	- Scute is free software; you can redistribute it and/or modify it
	- under the terms of the GNU General Public License as published by
	- the Free Software Foundation; either version 2 of the License, or
	- (at your option) any later version.
	-
	- Scute is distributed in the hope that it will be useful, but
	- WITHOUT ANY WARRANTY; without even the implied warranty of
	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	- General Public License for more details.
	-
	- You should have received a copy of the GNU General Public License
	- along with Scute; if not, write to the Free Software Foundation,
	- Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	-
	- In addition, as a special exception, g10 Code GmbH gives permission
	- to link this library: with the Mozilla Foundation's code for
	- Mozilla (or with modified versions of it that use the same license
	- as the "Mozilla" code), and distribute the linked executables. You
	- must obey the GNU General Public License in all respects for all of
	- the code used other than "Mozilla". If you modify this file, you
	- may extend this exception to your version of the file, but you are
	- not obligated to do so. If you do not wish to do so, delete this
	- exception statement from your version. */
	+ * Copyright (C) 2006 g10 Code GmbH
	+ *
	+ * This file is part of Scute.
	+ *
	+ * Scute is free software; you can redistribute it and/or modify it
	+ * under the terms of the GNU Lesser General Public License as
	+ * published by the Free Software Foundation; either version 2.1 of
	+ * the License, or (at your option) any later version.
	+ *
	+ * Scute is distributed in the hope that it will be useful, but
	+ * WITHOUT ANY WARRANTY; without even the implied warranty of
	+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	+ * Lesser General Public License for more details.
	+ *
	+ * You should have received a copy of the GNU Lesser General Public
	+ * License along with this program; if not, see <https://gnu.org/licenses/>.
	+ * SPDX-License-Identifier: LGPL-2.1-or-later
	+ */

	#include <unistd.h>
	#include <errno.h>
	#include <stdlib.h>
	#include <locale.h>

	#include <cryptoki.h>

	#define DIM(x) (sizeof (x) / sizeof (x[0]))


	/* Check for compiler features. */
	#if __GNUC__
	#define _GCC_VERSION (__GNUC__ * 10000 \
	+ __GNUC_MINOR__ * 100 \
	+ __GNUC_PATCHLEVEL__)

	#if _GCC_VERSION > 30100
	#define UNUSED __attribute__ ((__unused__))
	#endif
	#endif

	#ifndef UNUSED
	#define UNUSED
	#endif


	const char *msg[] =
	{
	"OK", "Cancel", "Host memory", "Slot ID invalid", "Flags invalid",
	"General error", "Function failed", "Arguments bad", "No event",
	"Need to create threads", "Can't lock", "0x0000000b", "0x0000000c",
	"0x0000000d", "0x0000000e", "0x0000000f", "Attribute read only",
	"Attribute sensitive", "Attribute type invalid", "Attribute value invalid",
	"0x00000014", "0x00000015", "0x00000016", "0x00000017", "0x00000018",
	"0x00000019", "0x0000001a", "0x0000001b", "0x0000001c", "0x0000001d",
	"0x0000001e", "0x0000001f", "Data invalid", "Data length range",
	"0x00000022", "0x00000023", "0x00000024", "0x00000025", "0x00000026",
	"0x00000027", "0x00000028", "0x00000029", "0x0000002a", "0x0000002b",
	"0x0000002c", "0x0000002d", "0x0000002e", "0x0000002f", "Device error",
	"Device memory", "Devire removed", "0x00000033", "0x00000034",
	"0x00000035", "0x00000036", "0x00000037", "0x00000038", "0x00000039",
	"0x0000003a", "0x0000003b", "0x0000003c", "0x0000003d", "0x0000003e",
	"0x0000003f", "Encrypted data invalid", "Encrypted data length range",
	"0x00000042", "0x00000043", "0x00000044", "0x00000045", "0x00000046",
	"0x00000047", "0x00000048", "0x00000049", "0x0000004a", "0x0000004b",
	"0x0000004c", "0x0000004d", "0x0000004e", "0x0000004f",
	"Function canceled", "Function not parallel",
	"0x00000052", "0x00000053", "Function not supported", "0x00000055",
	"0x00000056", "0x00000057", "0x00000058", "0x00000059", "0x0000005a",
	"0x0000005b", "0x0000005c", "0x0000005d", "0x0000005e", "0x0000005f",
	"Key handle invalid", "Key sensitive", "Key size range",
	"Key type inconsistent", "Key not needed", "Key changed", "Key needed",
	"Key indigestible", "Key function not permitted", "Key not wrappable",
	"Key unextractable", "0x0000006b", "0x0000006c", "0x0000006d",
	"0x0000006e", "0x0000006f", "Mechanism invalid",
	"Mechanism parameter invalid",
	"0x00000072", "0x00000073", "0x00000074", "0x00000075", "0x00000076",
	"0x00000077", "0x00000078", "0x00000079", "0x0000007a", "0x0000007b",
	"0x0000007c", "0x0000007d", "0x0000007e", "0x0000007f",
	"Object class inconsistent", "Object class invalid",
	"Object handle invalid",
	"0x00000083", "0x00000084", "0x00000085", "0x00000086",
	"0x00000087", "0x00000088", "0x00000089", "0x0000008a", "0x0000008b",
	"0x0000008c", "0x0000008d", "0x0000008e", "0x0000008f",
	"Operation active", "Operation not initialized",
	"0x00000092", "0x00000093", "0x00000094", "0x00000095", "0x00000096",
	"0x00000097", "0x00000098", "0x00000099", "0x0000009a", "0x0000009b",
	"0x0000009c", "0x0000009d", "0x0000009e", "0x0000009f",
	"PIN incorrect", "PIN invalid", "PIN length range", "PIN expired",
	"PIN locked", "0x000000a5", "0x000000a6", "0x000000a7", "0x000000a8",
	"0x000000a9", "0x000000aa", "0x000000ab", "0x000000ac", "0x000000ad",
	"0x000000ae", "0x000000af",
	"Session closed", "Session count", "0x000000b2", "Session handle invalid",
	"Session parallel not supported", "Session read only", "Session exists",
	"Session read only exists", "Session read write SO exists",
	"0x000000b9", "0x000000ba", "0x000000bb", "0x000000bc", "0x000000bd",
	"0x000000be", "0x000000bf",
	"Signature invalid", "Signature length range",
	"0x000000c2", "0x000000c3", "0x000000c4", "0x000000c5", "0x000000c6",
	"0x000000c7", "0x000000c8", "0x000000c9", "0x000000ca", "0x000000cb",
	"0x000000cc", "0x000000cd", "0x000000ce", "0x000000cf",
	"Template incomplete", "Template inconsistent",
	"0x000000d2", "0x000000d3", "0x000000d4", "0x000000d5", "0x000000d6",
	"0x000000d7", "0x000000d8", "0x000000d9", "0x000000da", "0x000000db",
	"0x000000dc", "0x000000dd", "0x000000de", "0x000000df",
	"Token not present", "Token not recognized", "Token write protected",
	"0x000000e3", "0x000000e4", "0x000000e5", "0x000000e6", "0x000000e7",
	"0x000000e8", "0x000000e9", "0x000000ea", "0x000000eb", "0x000000ec",
	"0x000000ed", "0x000000ee", "0x000000ef",
	"Unwrapping key handle invalid", "Unwrapping key size range",
	"Unwrapping key type inconsistent",
	"0x000000f3", "0x000000f4", "0x000000f5", "0x000000f6", "0x000000f7",
	"0x000000f8", "0x000000f9", "0x000000fa", "0x000000fb", "0x000000fc",
	"0x000000fd", "0x000000fe", "0x000000ff",
	"User already logged in", "User not logged in", "User PIN not initialized",
	"User type invalid", "Another user already logged in",
	"User too many types",
	"0x00000106", "0x00000107", "0x00000108", "0x00000109", "0x0000010a",
	"0x0000010b", "0x0000010c", "0x0000010d", "0x0000010e", "0x0000010f",
	"Wrapped key invalid", "0x00000110", "Wrapped key length range",
	"Wrapping key handle invalid", "Wrapping key size range",
	"Wrapping key type inconsistent",
	"0x00000116", "0x00000117", "0x00000118", "0x00000119", "0x0000011a",
	"0x0000011b", "0x0000011c", "0x0000011d", "0x0000011e", "0x0000011f",
	"Random seed not supported", "No random number generator",
	"0x00000122", "0x00000123", "0x00000124", "0x00000125", "0x00000126",
	"0x00000127", "0x00000128", "0x00000129", "0x0000012a", "0x0000012b",
	"0x0000012c", "0x0000012d", "0x0000012e", "0x0000012f",
	"Domain parameters invalid",
	"0x00000131", "0x00000132", "0x00000133", "0x00000134", "0x00000135",
	"0x00000136", "0x00000137", "0x00000138", "0x00000139", "0x0000013a",
	"0x0000013b", "0x0000013c", "0x0000013d", "0x0000013e", "0x0000013f",
	"0x00000140", "0x00000141", "0x00000142", "0x00000143", "0x00000144",
	"0x00000145", "0x00000146", "0x00000147", "0x00000148", "0x00000149",
	"0x0000014a", "0x0000014b", "0x0000014c", "0x0000014d", "0x0000014e",
	"0x0000014f",
	"Buffer too small",
	"0x00000151", "0x00000152", "0x00000153", "0x00000154", "0x00000155",
	"0x00000156", "0x00000157", "0x00000158", "0x00000159", "0x0000015a",
	"0x0000015b", "0x0000015c", "0x0000015d", "0x0000015e", "0x0000015f",
	"Saved state invalid",
	"0x00000161", "0x00000162", "0x00000163", "0x00000164", "0x00000165",
	"0x00000166", "0x00000167", "0x00000168", "0x00000169", "0x0000016a",
	"0x0000016b", "0x0000016c", "0x0000016d", "0x0000016e", "0x0000016f",
	"Information sensitive",
	"0x00000171", "0x00000172", "0x00000173", "0x00000174", "0x00000175",
	"0x00000176", "0x00000177", "0x00000178", "0x00000179", "0x0000017a",
	"0x0000017b", "0x0000017c", "0x0000017d", "0x0000017e", "0x0000017f",
	"State unsaveable",
	"0x00000181", "0x00000182", "0x00000183", "0x00000184", "0x00000185",
	"0x00000186", "0x00000187", "0x00000188", "0x00000189", "0x0000018a",
	"0x0000018b", "0x0000018c", "0x0000018d", "0x0000018e", "0x0000018f",
	"Cryptoki not initialized", "Cryptoki already initialized",
	"0x00000192", "0x00000193", "0x00000194", "0x00000195", "0x00000196",
	"0x00000197", "0x00000198", "0x00000199", "0x0000019a", "0x0000019b",
	"0x0000019c", "0x0000019d", "0x0000019e", "0x0000019f",
	"Mutex bad", "Mutex not locked",
	"0x000001a2", "0x000001a3", "0x000001a4", "0x000001a5", "0x000001a6",
	"0x000001a7", "0x000001a8", "0x000001a9", "0x000001aa", "0x000001ab",
	"0x000001ac", "0x000001ad", "0x000001ae", "0x000001af",
	"0x000001b0", "0x000001b1", "0x000001b2", "0x000001b3", "0x000001b4",
	"0x000001b5", "0x000001b6", "0x000001b7", "0x000001b8", "0x000001b9",
	"0x000001ba", "0x000001bb", "0x000001bc", "0x000001bd", "0x000001be",
	"0x000001bf",
	"0x000001c0", "0x000001c1", "0x000001c2", "0x000001c3", "0x000001c4",
	"0x000001c5", "0x000001c6", "0x000001c7", "0x000001c8", "0x000001c9",
	"0x000001ca", "0x000001cb", "0x000001cc", "0x000001cd", "0x000001ce",
	"0x000001cf",
	"0x000001d0", "0x000001d1", "0x000001d2", "0x000001d3", "0x000001d4",
	"0x000001d5", "0x000001d6", "0x000001d7", "0x000001d8", "0x000001d9",
	"0x000001da", "0x000001db", "0x000001dc", "0x000001dd", "0x000001de",
	"0x000001df",
	"0x000001e0", "0x000001e1", "0x000001e2", "0x000001e3", "0x000001e4",
	"0x000001e5", "0x000001e6", "0x000001e7", "0x000001e8", "0x000001e9",
	"0x000001ea", "0x000001eb", "0x000001ec", "0x000001ed", "0x000001ee",
	"0x000001ef",
	"0x000001f0", "0x000001f1", "0x000001f2", "0x000001f3", "0x000001f4",
	"0x000001f5", "0x000001f6", "0x000001f7", "0x000001f8", "0x000001f9",
	"0x000001fa", "0x000001fb", "0x000001fc", "0x000001fd", "0x000001fe",
	"0x000001ff",
	"Function rejected" };

	#define ERRMSG(nr) ((nr) == CKR_VENDOR_DEFINED ? "Vendor defined" : \
	((nr) > sizeof (msg) / sizeof (msg[0]) ? \
	"(unknown error code)" : msg[(nr)]))


	static const char *
	mechanism_type_str (CK_MECHANISM_TYPE mechanism_type) UNUSED;

	static const char *
	mechanism_type_str (CK_MECHANISM_TYPE mechanism_type)
	{
	switch (mechanism_type)
	{
	#define CKM_ONE(mechanism) \
	case mechanism: \
	return #mechanism;

	CKM_ONE (CKM_RSA_PKCS_KEY_PAIR_GEN);
	CKM_ONE (CKM_RSA_PKCS);

	default:
	return NULL;
	}
	}


	static const char *session_state_str (CK_STATE state) UNUSED;

	static const char *
	session_state_str (CK_STATE state)
	{
	switch (state)
	{
	#define CKS_ONE(state) \
	case state: \
	return #state;

	CKS_ONE (CKS_RO_PUBLIC_SESSION);
	CKS_ONE (CKS_RO_USER_FUNCTIONS);
	CKS_ONE (CKS_RW_PUBLIC_SESSION);
	CKS_ONE (CKS_RW_USER_FUNCTIONS);
	CKS_ONE (CKS_RW_SO_FUNCTIONS);

	default:
	return NULL;
	}
	}


	#define fail_if_err(err) \
	do \
	{ unsigned int _err = (err); \
	if (_err) \
	{ \
	fprintf (stderr, "%s:%d: %s\n", \
	__FILE__, __LINE__, ERRMSG(_err)); \
	exit (1); \
	} \
	} \
	while (0)

	#define fail(errmsg) \
	do \
	{ \
	if (err) \
	{ \
	fprintf (stderr, "%s:%d: %s\n", \
	__FILE__, __LINE__, errmsg); \
	exit (1); \
	} \
	} \
	while (0)

	#ifdef _WIN32
	#include <windows.h>
	#endif

	void
	init_cryptoki (void)
	{
	CK_RV err;

	#ifdef _WIN32
	WSADATA wsadat;
	WSAStartup (0x202, &wsadat);
	#endif

	err = C_Initialize (NULL);
	fail_if_err (err);
	}

File Metadata

Mime Type: text/x-diff
Expires: Thu, Nov 6, 3:19 PM (17 h, 58 m)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: 26/a6/8977c4d2ae2fe836b9ab440b130a

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions