From e6f7373ef066cfab6e3162e8b5f692683db23864 Mon Sep 17 00:00:00 2001 From: Hannu Honkanen Date: Fri, 7 Apr 2017 10:22:11 +0300 Subject: [PATCH] Added a check to sc_pkcs15_verify_pin to find out if the access condition is already open on card. This check is performed only if this function is called with empty data. This change fixes a problem with pinpad readers, when PIN cache is disabled and prevents unnecessary PIN queries. --- src/libopensc/pkcs15-pin.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/libopensc/pkcs15-pin.c b/src/libopensc/pkcs15-pin.c index 8114d060..17c73041 100644 --- a/src/libopensc/pkcs15-pin.c +++ b/src/libopensc/pkcs15-pin.c @@ -293,15 +293,31 @@ sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pi const unsigned char *pincode, size_t pinlen) { struct sc_context *ctx = p15card->card->ctx; + struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data; int r; LOG_FUNC_CALLED(ctx); - r = _validate_pin(p15card, (struct sc_pkcs15_auth_info *)pin_obj->data, pinlen); + /* + * if pin cache is disabled, we can get here with no PIN data. + * in this case, to avoid error or unnecessary pin prompting on pinpad, + * check if the PIN has been already verified and the access condition + * is still open on card. + */ + if (pinlen == 0) { + r = sc_pkcs15_get_pin_info(p15card, pin_obj); + + if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN) + LOG_FUNC_RETURN(ctx, r); + } + + r = _validate_pin(p15card, auth_info, pinlen); + if (r) LOG_FUNC_RETURN(ctx, r); r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen); + if (r == SC_SUCCESS) sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);