From 90b61682bd591534f9e33dfa4549bb72efdc4af3 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 29 Jan 2023 14:10:13 +0000 Subject: [PATCH 1/2] Don't reset tested YubiKeys in `key::filter_connected` This method only connects to YubiKeys in order to confirm it can do so (i.e. as a side-effect). We therefore want to explicitly disconnect without resetting the YubiKeys, to avoid clearing PIN caches. --- src/key.rs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/key.rs b/src/key.rs index 925dbc9..4e41149 100644 --- a/src/key.rs +++ b/src/key.rs @@ -48,7 +48,13 @@ pub(crate) fn filter_connected(reader: &Reader) -> bool { ); false } - _ => true, + Err(_) => true, + Ok(yubikey) => { + // We only connected as a side-effect of confirming that we can connect, so + // avoid resetting the YubiKey. + disconnect_without_reset(yubikey); + true + } } } From 55bfa5dafbcc43d284d7f0df7d820cfef0f4e05a Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 29 Jan 2023 14:11:24 +0000 Subject: [PATCH 2/2] Avoid resetting YubiKeys that don't match the desired serial If multiple YubiKeys were connected, and the one we needed for plugin encryption or decryption was not first in the list of readers, any YubiKeys before it were being reset upon drop. We now explicitly disconnect without resetting, since we only access these YubiKeys as a side-effect of finding the one we need. --- src/key.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/key.rs b/src/key.rs index 4e41149..573cfb3 100644 --- a/src/key.rs +++ b/src/key.rs @@ -186,6 +186,9 @@ fn open_by_serial(serial: Serial) -> Result { if serial == yubikey.serial() { return Ok(yubikey); + } else { + // We didn't want this YubiKey; don't reset it. + disconnect_without_reset(yubikey); } }