Added a check to sc_pkcs15_verify_pin to find out if the access condition is already open on card. This check is performed only if this function is called with empty data. This change fixes a problem with pinpad readers, when PIN cache is disabled and prevents unnecessary PIN queries.

2017-04-07 10:22:11 +03:00 · 2017-04-07 10:22:11 +03:00 · e6f7373ef0
parent c496af17d4
commit e6f7373ef0
1 changed files with 17 additions and 1 deletions
--- a/src/libopensc/pkcs15-pin.c
+++ b/src/libopensc/pkcs15-pin.c
@ -293,15 +293,31 @@ sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pi
 		const unsigned char *pincode, size_t pinlen)
 {
 	struct sc_context *ctx = p15card->card->ctx;
+	struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
 	int r;

 	LOG_FUNC_CALLED(ctx);

-	r = _validate_pin(p15card, (struct sc_pkcs15_auth_info *)pin_obj->data, pinlen);
+	/*
+	 * if pin cache is disabled, we can get here with no PIN data.
+	 * in this case, to avoid error or unnecessary pin prompting on pinpad,
+	 * check if the PIN has been already verified and the access condition
+	 * is still open on card.
+	 */
+	if (pinlen == 0) {
+	    r = sc_pkcs15_get_pin_info(p15card, pin_obj);
+
+	    if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
+		LOG_FUNC_RETURN(ctx, r);
+	}
+
+	r = _validate_pin(p15card, auth_info, pinlen);
+
 	if (r)
 		LOG_FUNC_RETURN(ctx, r);

 	r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen);
+
 	if (r == SC_SUCCESS)
 		sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);