Frank Morgner

I've found some more corner cases. please try https://github.com/OpenSC/OpenSC/pull/2257

The eMRTD application is meant only for governmental use, and not typically used by private individuals. In some states, it is even forbidden by law for individuals to read it....

sounds strange. did you try to get a debug log (see https://github.com/frankmorgner/OpenSCToken/#configuring-opensctoken)?

In pkcs15init core there is this special treatment: https://github.com/OpenSC/OpenSC/blob/18dc38a6182338491c1eb4bf4d1eabbe8ebbd5ee/src/pkcs15init/pkcs15-lib.c#L3789-L3794 It looks like you've found a corner case that also needs special treatment. Please make a PR if possible

What's the status of this topic, is there anything to do?

support for secure memory was added with https://github.com/openssl/openssl/commit/74924dcb3802640d7e2ae2e80ca6515d0a53de7a , i.e. it was added in 1.1.0 and not present in 1.0.2

I've tested with IAS/ECC and SM (despite https://github.com/OpenSC/OpenSC/pull/2522 it looks good)

nevermind, I just saw that check which disabled gost on openssl >= 3.0

Sigh, It looks like CTK is not clever enough to manage concurrent access within a single process. Yes, we're locking the reader with the designated method [beginSessionWithReply](https://developer.apple.com/documentation/cryptotokenkit/tksmartcard/1390168-beginsessionwithreply?language=objc), but in your...

I've implemented a fix here https://github.com/OpenSC/OpenSC/pull/1985, but I currently don't have time to create binaries nor test it.