Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revised: Inform pkcs15 and card drivers of PKCS#11 C_Login(CKU_CONTEX…
…T_SPECIFIC)" Framework-pkcs15.c will now set pin_info->auth_method to SC_AC_CONTEXT_SPECIFIC iso7816.c iso7816_build_pin_apdu treats this the same as SC_AC_CHV card-piv.c piv_pin_cmd sets priv->xcontext_specific=1 and calls sc_lock before the verify command. If the verify fails sc_unlock is called. Later after the next card command returns, if priv->context_specific==1 piv_check_sw will call sc_unlock as the application may not have requested the crypto but some other command. Some additional calls to sc_lock and sc_unlock have been added to make sure PIV internal command sequences including the crypto command ('87') and any get responses are always protected by a lock. This guarantees the card is locked for verify and the next command which should be the crypto operation. The PIV card also inforces this restriction on the card. This is based on suggestions in: :https://github.com//pull/1256#issuecomment-361975751 On branch piv-aid-discovery Changes to be committed: modified: src/libopensc/card-piv.c modified: src/libopensc/iso7816.c modified: src/libopensc/types.h modified: src/pkcs11/framework-pkcs15.c
- Loading branch information
Should not we have here
sc_unlock(card);
also?