[pkg-opensc-commit] [opensc] 233/295: Added a check to sc_pkcs15_verify_pin to find out if the access condition is already open on card. This check is performed only if this function is called with empty data. This change fixes a problem with pinpad readers, when PIN cache is disabled and prevents unnecessary PIN queries.

Eric Dorland eric at moszumanska.debian.org
Sat Jun 24 21:11:35 UTC 2017 

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository opensc.

commit e6f7373ef066cfab6e3162e8b5f692683db23864
Author: Hannu Honkanen <hannu.honkanen at aventra.fi>
Date:   Fri Apr 7 10:22:11 2017 +0300

    Added a check to sc_pkcs15_verify_pin to find out if the access condition is already open on card. This check is performed only if this function is called with empty data. This change fixes a problem with pinpad readers, when PIN cache is disabled and prevents unnecessary PIN queries.
---
 src/libopensc/pkcs15-pin.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c
index 8114d06..17c7304 100644
--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@@ -293,15 +293,31 @@ sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pi
 		const unsigned char *pincode, size_t pinlen)
 {
 	struct sc_context *ctx = p15card->card->ctx;
+	struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
 	int r;
 
 	LOG_FUNC_CALLED(ctx);
 
-	r = _validate_pin(p15card, (struct sc_pkcs15_auth_info *)pin_obj->data, pinlen);
+	/*
+	 * if pin cache is disabled, we can get here with no PIN data.
+	 * in this case, to avoid error or unnecessary pin prompting on pinpad,
+	 * check if the PIN has been already verified and the access condition
+	 * is still open on card.
+	 */
+	if (pinlen == 0) {
+	    r = sc_pkcs15_get_pin_info(p15card, pin_obj);
+
+	    if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
+		LOG_FUNC_RETURN(ctx, r);
+	}
+
+	r = _validate_pin(p15card, auth_info, pinlen);
+
 	if (r)
 		LOG_FUNC_RETURN(ctx, r);
 
 	r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen);
+
 	if (r == SC_SUCCESS)
 		sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git

More information about the pkg-opensc-commit mailing list