[pkg-opensc-commit] [opensc] 07/23: card-piv: Fix Thunderbird and SC_PIN_CMD_GET_INFO
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 23 18:23:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit 4ea2828246549b39df885ac992800772df322c50
Author: Frank Morgner <frankmorgner at gmail.com>
Date: Wed Jun 21 10:43:52 2017 +0200
card-piv: Fix Thunderbird and SC_PIN_CMD_GET_INFO
Fixes https://github.com/OpenSC/OpenSC/issues/1071
Closes https://github.com/OpenSC/OpenSC/pull/1072
---
src/libopensc/card-piv.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index 7df1f2e..6f492fc 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -3274,6 +3274,17 @@ piv_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries_left)
data->pin1.tries_left = priv->tries_left;
if (tries_left)
*tries_left = priv->tries_left;
+ if (priv->logged_in == SC_PIN_STATE_LOGGED_IN) {
+ /* Avoid status requests when the user is logged in to handle NIST
+ * 800-73-4 Part 2:
+ * The PKI cryptographic function (see Table 4b) is protected with
+ * a “PIN Always” or “OCC Always” access rule. In other words, the
+ * PIN or OCC data must be submitted and verified every time
+ * immediately before a digital signature key operation. This
+ * ensures cardholder participation every time the private key is
+ * used for digital signature generation */
+ LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
+ }
}
priv->pin_cmd_verify = 1; /* tell piv_check_sw its a verify to save sw1, sw2 */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list