Added a check to sc_pkcs15_verify_pin to find out if the access condition is already open on card. This check is performed only if this function is called with empty data. This change fixes a problem with pinpad readers, when PIN cache is disabled and prevents unnecessary PIN queries.
This commit is contained in:
parent
c496af17d4
commit
e6f7373ef0
|
@ -293,15 +293,31 @@ sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pi
|
||||||
const unsigned char *pincode, size_t pinlen)
|
const unsigned char *pincode, size_t pinlen)
|
||||||
{
|
{
|
||||||
struct sc_context *ctx = p15card->card->ctx;
|
struct sc_context *ctx = p15card->card->ctx;
|
||||||
|
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
LOG_FUNC_CALLED(ctx);
|
LOG_FUNC_CALLED(ctx);
|
||||||
|
|
||||||
r = _validate_pin(p15card, (struct sc_pkcs15_auth_info *)pin_obj->data, pinlen);
|
/*
|
||||||
|
* if pin cache is disabled, we can get here with no PIN data.
|
||||||
|
* in this case, to avoid error or unnecessary pin prompting on pinpad,
|
||||||
|
* check if the PIN has been already verified and the access condition
|
||||||
|
* is still open on card.
|
||||||
|
*/
|
||||||
|
if (pinlen == 0) {
|
||||||
|
r = sc_pkcs15_get_pin_info(p15card, pin_obj);
|
||||||
|
|
||||||
|
if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
|
||||||
|
LOG_FUNC_RETURN(ctx, r);
|
||||||
|
}
|
||||||
|
|
||||||
|
r = _validate_pin(p15card, auth_info, pinlen);
|
||||||
|
|
||||||
if (r)
|
if (r)
|
||||||
LOG_FUNC_RETURN(ctx, r);
|
LOG_FUNC_RETURN(ctx, r);
|
||||||
|
|
||||||
r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen);
|
r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen);
|
||||||
|
|
||||||
if (r == SC_SUCCESS)
|
if (r == SC_SUCCESS)
|
||||||
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue