Avoid prompting for pin on pinpad without the implicit call to C_Login()

[Jakuje]

Problem Description

Initially brought up by @larssilven in #2916 (comment) the way how sc_pkcs15init_verify_secret() is implemented, it can result in prompts for PIN in totally unexpected places for a user, without any prompt by the application in case the pinpad is enabled:

OpenSC/src/pkcs15init/pkcs15-lib.c

Line 3961 in 8fc2c20

r = sc_pkcs15_verify_pin(p15card, pin_obj, use_pinpad || pinsize == 0 ? NULL : pinbuf, use_pinpad ? 0 : pinsize);

Proposed Resolution

Given for how long this code is in, I would propose to address this after 0.24.0 will be out

Steps to reproduce

• Have reader with pinpad, make sure the enable_pinpad = true is in opensc.conf
• Have a card which supports key pair generation through pkcs11
• Modify test program to not call C_Login before C_GenerateKeyPair()
• Run the test program

Current results: The opensc will prompt for the pin off-band on the pinpad reader

Expected results: The OpenSC should fail with CKR_USER_NOT_LOGGED_IN

I am wondering why the following code does not kick in though:

OpenSC/src/pkcs11/pkcs11-object.c

Line 1168 in 8fc2c20

if (!(session->flags & CKF_RW_SESSION)) {

Logs

See the above referenced comment for more logs.

[Jakuje]

Removed from 0.25.0 as it is not that urgent and will require some more testing after applying the changes anyway.