From 29f8f52bf8161c238c26389ab178caa98801234e Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Wed, 1 Apr 2020 20:31:21 +0200
Subject: [PATCH] scd:p15: Cache the PIN.

* scd/app-p15.c (struct prkdf_object_s): Add flag pin_verified.
(verify_pin): Make use of it.
--

Theee is still a problem with the APDUs we send: Switching between
signing and decryption does work but not in the other way.

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 scd/app-p15.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scd/app-p15.c b/scd/app-p15.c
index ed1ba7a69..d95545ad3 100644
--- a/scd/app-p15.c
+++ b/scd/app-p15.c
@@ -180,6 +180,10 @@ struct prkdf_object_s
   unsigned int key_reference_valid:1;
   unsigned int have_off:1;
 
+  /* Flag indicating that the corresponding PIN has already been
+   * verified. */
+  unsigned int pin_verified:1;
+
   /* The key's usage flags. */
   keyusage_flags_t usageflags;
 
@@ -3154,6 +3158,9 @@ verify_pin (app_t app,
   const char *s;
   int i;
 
+  if (prkdf->pin_verified)
+    return 0;  /* Already done.  */
+
   if (prkdf->usageflags.non_repudiation
       && app->app_local->card_type == CARD_TYPE_BELPIC)
     err = pincb (pincb_arg, "PIN (qualified signature!)", &pinvalue);
@@ -3301,6 +3308,7 @@ verify_pin (app_t app,
     }
   if (opt.verbose)
     log_info ("p15: PIN verification succeeded\n");
+  prkdf->pin_verified = 1;
 
   return 0;
 }