Hello Martin,
I would like to commit the attached patch. Any objections?
On Thu, 2011-02-03 at 14:36 +0200, Martin Paljak wrote:
> Hello,
>
> On Thu, Jan 27, 2011 at 20:08, Andre Zepezauer
> <andre.zepeza...@student.uni-halle.de> wrote:
> > Hello Martin,
> >
> > some comments on r5124:
> >
> > 1. The values of pin_info->reference and prkey_info->key_reference
> > shouldn't be compared because:
> >
> > * pin_info->reference is used as P2 parameter in VERIFY command
> > * prkey_info->key_reference is used in MSE SET tag 0x84
>
> OK, I see your point.
> Looking at your patch: could it be extracted into a small lookup
> function like the current one that is used? such a small lookup
> function with a small doxygen doc would look really nice.
>
> I see it has been working up to because of a coincidence...
Index: src/libopensc/pkcs15-pin.c
===================================================================
--- src/libopensc/pkcs15-pin.c (revision 5215)
+++ src/libopensc/pkcs15-pin.c (working copy)
@@ -499,12 +499,21 @@
return;
}
- /* If the PIN protects a private key with user consent, don't cache it */
- if (sc_pkcs15_find_prkey_by_reference(p15card, NULL, pin_info->reference, &obj) == SC_SUCCESS) {
- if (obj->user_consent) {
- sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "Not caching a PIN protecting a key with user consent");
- return;
+ /* If the PIN protects an object with user consent, don't cache it */
+ obj = p15card->obj_list;
+ while (obj != NULL) {
+ /* Compare 'sc_pkcs15_object.auth_id' with 'sc_pkcs15_pin_info.auth_id'.
+ * In accordance with PKCS#15 "6.1.8 CommonObjectAttributes" and
+ * "6.1.16 CommonAuthenticationObjectAttributes" with the exception that
+ * "CommonObjectAttributes.accessControlRules" are not taken into account. */
+ if (sc_pkcs15_compare_id(&obj->auth_id, &pin_info->auth_id)) {
+ /* Caching is refused, if the protected object requires user consent */
+ if (obj->user_consent > 0) {
+ sc_debug(ctx, SC_LOG_DEBUG_NORMAL, "caching refused (user consent)");
+ return;
+ }
}
+ obj = obj->next;
}
r = sc_pkcs15_allocate_object_content(pin_obj, pin, pinlen);
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
