[pkg-opensc-commit] [opensc] 56/295: sc-hsm: cache certificates

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit ff335fe87f5aea007fbbff2bfddfc0c74bbf2a70
Author: Frank Morgner <frankmorgner at gmail.com>
Date:   Tue Jun 21 13:22:10 2016 +0200

    sc-hsm: cache certificates
---
 src/libopensc/pkcs15-sc-hsm.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15-sc-hsm.c b/src/libopensc/pkcs15-sc-hsm.c
index aaf7d13..ad6516f 100644
--- a/src/libopensc/pkcs15-sc-hsm.c
+++ b/src/libopensc/pkcs15-sc-hsm.c
@@ -581,7 +581,8 @@ static int sc_pkcs15emu_sc_hsm_add_prkd(sc_pkcs15_card_t * p15card, u8 keyid) {
 	struct sc_pkcs15_object prkd;
 	sc_pkcs15_prkey_info_t *key_info;
 	u8 fid[2];
-	u8 efbin[512];
+	/* enough to hold a complete certificate */
+	u8 efbin[4096];
 	u8 *ptr;
 	size_t len;
 	int r;
@@ -647,6 +648,14 @@ static int sc_pkcs15emu_sc_hsm_add_prkd(sc_pkcs15_card_t * p15card, u8 keyid) {
 	cert_info.id = key_info->id;
 	sc_path_set(&cert_info.path, SC_PATH_TYPE_FILE_ID, fid, 2, 0, 0);
 	cert_info.path.count = -1;
+	if (p15card->opts.use_file_cache) {
+		/* look this up with our AID, which should already be cached from the
+		 * call to `read_file`. This may have the side effect that OpenSC's
+		 * caching layer re-selects our applet *if the cached file cannot be
+		 * found/used* and we may loose the authentication status. We assume
+		 * that caching works perfectly without this side effect. */
+		cert_info.path.aid = sc_hsm_aid;
+	}
 
 	strlcpy(cert_obj.label, prkd.label, sizeof(cert_obj.label));
 	r = sc_pkcs15emu_add_x509_cert(p15card, &cert_obj, &cert_info);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git