Merge pull request #40 from denisenkom/pin-bug-fix

Fixed bug #39, better solution would be to handle #45
This commit is contained in:
Alessio Di Mauro
2015-12-03 08:58:00 -08:00
+16 -1
View File
@@ -12,9 +12,24 @@ static CK_RV COMMON_token_login(ykpiv_state *state, CK_USER_TYPE user, CK_UTF8CH
int tries = 0; // TODO: this is effectively disregarded, should we add a better value in ykpiv_verify? int tries = 0; // TODO: this is effectively disregarded, should we add a better value in ykpiv_verify?
unsigned char key[24]; unsigned char key[24];
size_t key_len = sizeof(key); size_t key_len = sizeof(key);
unsigned char *term_pin;
ykpiv_rc res;
if (user == CKU_USER) { if (user == CKU_USER) {
if (ykpiv_verify(state, (char *)pin, &tries) != YKPIV_OK) { // add null termination for the pin
term_pin = malloc(pin_len + 1);
if (term_pin == NULL) {
return CKR_HOST_MEMORY;
}
memcpy(term_pin, pin, pin_len);
term_pin[pin_len] = 0;
res = ykpiv_verify(state, (char *)term_pin, &tries);
OPENSSL_cleanse(term_pin, pin_len);
free(term_pin);
if (res != YKPIV_OK) {
DBG("Failed to login"); DBG("Failed to login");
return CKR_PIN_INCORRECT; return CKR_PIN_INCORRECT;
} }