security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

scd:p15: For CardOS make use of ISO7816_VERIFY_NOT_NEEDED.

Browse Source 
* scd/app-p15.c (verify_pin): Take care of verify status.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2021-03-30 11:43:45 +02:00
parent de4d3c99aa
commit 651c07a730
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
scd/app-p15.c
View File

@ -257,7 +257,8 @@ struct prkdf_object_s
unsigned int have_off:1;
/* Flag indicating that the corresponding PIN has already been
* verified. */
* verified. Note that for cards which are able to return the
* verification stus, this flag is not used. */
unsigned int pin_verified:1;
/* PKCS#15 info whether this is an EC key. Default is RSA. Note
@ -4709,6 +4710,7 @@ verify_pin (app_t app,
const char *s;
int remaining;
int pin_reference;
int verified = 0;
int i;
if (!aodf)
@ -4720,24 +4722,28 @@ verify_pin (app_t app,
{
/* We know that this card supports a verify status check. Note
* that in contrast to PIV cards ISO7816_VERIFY_NOT_NEEDED is
* not supported. */
* not supported. Noet that we don't use the pin_verified cache
* status because that is not as reliable than to ask the card
* about its state. */
if (prkdf) /* Clear the cache which we don't use. */
prkdf->pin_verified = 0;
remaining = iso7816_verify_status (app_get_slot (app), pin_reference);
if (remaining < 0)
remaining = -1; /* We don't care about the concrete error. */
if (remaining < 3)
if (remaining == ISO7816_VERIFY_NOT_NEEDED)
{
if (remaining >= 0)
log_info ("p15: PIN has %d attempts left\n", remaining);
/* On error or if less than 3 better ask. */
if (prkdf)
prkdf->pin_verified = 0;
verified = 1;
remaining = -1;
}
else if (remaining < 0)
remaining = -1; /* We don't care about the concrete error. */
else if (remaining < 3)
log_info ("p15: PIN has %d attempts left\n", remaining);
}
else
remaining = -1; /* Unknown. */
/* Check whether we already verified it. */
if (prkdf && prkdf->pin_verified)
if (prkdf && (prkdf->pin_verified || verified))
return 0; /* Already done. */
if (prkdf