From the https://github.com/OpenSC/OpenSC/issues/2199 discussion, the root cause has been identified, a one liner fix has been proposed (although there are some concerns that this is a quick and dirty solution but fixing it properly will be risky).
I attach the proposed solution that I locally tested successfully by rebuilding the package with the patch applied.
NB: upstream finds that the bug is critical and will probably issue a 0.21.1 version but as many pk11 or vpn user may be already affected (at least several just in my company), in the mean time you can build with the one line revert attached and drop when 0.21.1 comes out.
-- eric
--- src/pkcs11/misc.c~ 2020-11-24 10:12:21.000000000 +0100 +++ src/pkcs11/misc.c 2021-01-11 17:06:03.394426226 +0100 @@ -103,7 +103,7 @@ case SC_ERROR_WRONG_CARD: case SC_ERROR_NO_CARD_SUPPORT: /* CKR_TOKEN_NOT_RECOGNIZED is handled in sc_to_cryptoki_error() */ - return CKR_FUNCTION_NOT_SUPPORTED; + return CKR_TOKEN_NOT_RECOGNIZED; case SC_ERROR_WRONG_LENGTH: return CKR_DATA_LEN_RANGE; case SC_ERROR_INVALID_PIN_LENGTH:
