Problem Description

0.24.0-rc1 asks for for PIN all the time regardless if the user is logged in or not. According to PKCS#11 PIN must only be provided to the token after C_Login.

I am using a PIN pad reader so I recognizes all logins.

Version 0.23.0 is working as expected. master branch and 0.24.0-rc1 has this problem.

Proposed Resolution

If this new behavior is wanted for some application it must be enabled by the configuration.
Default must be to have it working according to PKCS#11 (as in version 0.23.0).

Steps to reproduce

Just run any application that has "private" objects and you will have to provide PIN all the time.

Logs

Logs from a test that show what is happening. The name of the file tells opensc log level (_llevel) and version of opensc (_version.log).
Here are the files that have been produced

• pksc11_l3_0.24.0-rc1.log
• opensc_l3_0.24.0-rc1.log
• pksc11_l8_0.24.0-rc1.log
• opensc_l8_0.24.0-rc1.log
• pksc11_l8_0.23.0.log
• opensc_l8_0.23.0.log

PIN is provided at these lines in pksc11_llevel_0.24.0-rc1.log (yes it was the same lines for both levels):
60 89 234 308 383 693 905 1237 1836 2319 2392 2423

In pkcs11_l8_0.23.0.log PIN is just provided 2 times each time after C_Login: 60 1237

In the opensc logs you can see when PIN was provided (all lines with "sc_pin_cmd"). It was done 32 times for 0.24.0-rc1. So some pkcs#11 functions generates several PIN authentications.

C_Login was just called 2 times so it should just have been 2 PIN authentications.

When not using PIN pad everything is working as expected if PIN caching is enabled. PIN is only provided by the application 2 times by using C_Login:

• pksc11_nopad_0.24.0-rc1.log
• opensc_nopad_0.24.0-rc1.log

But if PIN caching is not enabled CKR_GENERAL_ERROR is returned:

• pksc11_nopad_noPinCache_0.24.0-rc1.log
• opensc_nopad_noPinCache_0.24.0-rc1.log