Added a check to sc_pkcs15_verify_pin to find out if the access condition is already open on card. This check is performed only if this function is called with empty data. This change fixes a problem with pinpad readers, when PIN cache is disabled and prevents unnecessary PIN queries.
This commit is contained in:
parent
c496af17d4
commit
e6f7373ef0
|
@ -293,15 +293,31 @@ sc_pkcs15_verify_pin(struct sc_pkcs15_card *p15card, struct sc_pkcs15_object *pi
|
|||
const unsigned char *pincode, size_t pinlen)
|
||||
{
|
||||
struct sc_context *ctx = p15card->card->ctx;
|
||||
struct sc_pkcs15_auth_info *auth_info = (struct sc_pkcs15_auth_info *)pin_obj->data;
|
||||
int r;
|
||||
|
||||
LOG_FUNC_CALLED(ctx);
|
||||
|
||||
r = _validate_pin(p15card, (struct sc_pkcs15_auth_info *)pin_obj->data, pinlen);
|
||||
/*
|
||||
* if pin cache is disabled, we can get here with no PIN data.
|
||||
* in this case, to avoid error or unnecessary pin prompting on pinpad,
|
||||
* check if the PIN has been already verified and the access condition
|
||||
* is still open on card.
|
||||
*/
|
||||
if (pinlen == 0) {
|
||||
r = sc_pkcs15_get_pin_info(p15card, pin_obj);
|
||||
|
||||
if (r == SC_SUCCESS && auth_info->logged_in == SC_PIN_STATE_LOGGED_IN)
|
||||
LOG_FUNC_RETURN(ctx, r);
|
||||
}
|
||||
|
||||
r = _validate_pin(p15card, auth_info, pinlen);
|
||||
|
||||
if (r)
|
||||
LOG_FUNC_RETURN(ctx, r);
|
||||
|
||||
r = _sc_pkcs15_verify_pin(p15card, pin_obj, pincode, pinlen);
|
||||
|
||||
if (r == SC_SUCCESS)
|
||||
sc_pkcs15_pincache_add(p15card, pin_obj, pincode, pinlen);
|
||||
|
||||
|
|
Loading…
Reference in New Issue