Ludovic Rousseau wrote:
Hello,

My PKCS#15 card has some DF protected by a PIN. So when
__sc_pkcs15_search_objects() try to read them the card sends a
SC_ERROR_SECURITY_STATUS_NOT_SATISFIED.

The problem is that this happens in the C_Initialize() so very early
in the process and the PIN has no chance to be submitted at this step.

What would be the cleanest way to solve this?

I have a patch but it may have severe side effects.
--- libopensc/pkcs15.c  (révision 3011)
+++ libopensc/pkcs15.c  (copie de travail)
@@ -799,7 +803,11 @@ __sc_pkcs15_search_objects(sc_pkcs15_car
       /* Enumerate the DF's, so p15card->obj_list is
        * populated. */
       r = sc_pkcs15_parse_df(p15card, df);
-       SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed");
+       /* The DF is here but we can't read it yet */
+       if (r != SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
+           SC_TEST_RET(p15card->card->ctx, r, "DF parsing failed")
+       else
+ sc_do_log(p15card->card->ctx, SC_LOG_TYPE_ERROR, __FILE__, __LINE__,
 __FUNCTION__, "%s: %s\n", "DF parsing failed", sc_strerror(r)); \
       df->enumerated = 1;
   }

hmm, shouldn't it be:

        if (r == SC_ERROR_SECURITY_STATUS_NOT_SATISFIED)
                sc_do_log(..., SC_LOG_TYPE_DEBUG, ...);
        else if (r < 0) {
                sc_do_log(..., SC_LOG_TYPE_ERROR, ...):
        else {
                /* r == SC_SUCCESS */
                df->enumerated = 1;
        }

as df->enumerated should afaik only be set if the DF has
been parsed (otherwise it won't be parsed later).

Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to