giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

core: Fix PIN caching for PIN codes protecting user consent keys, broken in r4048 

Such PIN codes were erroneously cached in memory, even though not used with revalidation..
User consent relates to private keys, not PIN codes.

git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@5124 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
martin 2011-01-27 14:25:35 +00:00
parent 9afbc55883
commit 03be594243
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/libopensc/pkcs15-pin.c
View File

@ -488,19 +488,23 @@ void sc_pkcs15_pincache_add(struct sc_pkcs15_card *p15card, struct sc_pkcs15_obj
const u8 *pin, size_t pinlen)
{
struct sc_context *ctx = p15card->card->ctx;
struct sc_pkcs15_pin_info *pin_info = (struct sc_pkcs15_pin_info *)pin_obj->data;
struct sc_pkcs15_object *obj = NULL;
int r;
SC_FUNC_CALLED(ctx, SC_LOG_DEBUG_NORMAL);
if (!p15card->opts.use_pin_cache) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "No PIN cache allowed");
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "PIN caching not enabled");
return;
}
/* Is it a user consent protecting PIN ? */
if (pin_obj->user_consent) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN requiring user consent");
return;
/* If the PIN protects a private key with user consent, don't cache it */
if (sc_pkcs15_find_prkey_by_reference(p15card, NULL, pin_info->reference, &obj) == SC_SUCCESS) {
if (obj->user_consent) {
sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN protecting a key with user consent");
return;
}
}
r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);