[Opensc-commits] [OpenSC/OpenSC] 764c61: pkcs15-crypt - Handle keys with user_consent - Fix...

[GitHub <no...@gi...>]

  Branch: refs/heads/master
  Home:   https://github.com/OpenSC/OpenSC
  Commit: 764c61446ece6423eb73c8a885f6d20c7d17a593
      https://github.com/OpenSC/OpenSC/commit/764c61446ece6423eb73c8a885f6d20c7d17a593
  Author: Doug Engert <dee...@gm...>
  Date:   2018-11-20 (Tue, 20 Nov 2018)

  Changed paths:
    M src/tools/pkcs15-crypt.c

  Log Message:
  -----------
  pkcs15-crypt - Handle keys with user_consent - Fixes #1292

This fixes problem as stated in:
https://github.com/OpenSC/OpenSC/issues/1292#issuecomment-431879472

pkcs15-crypt.c will treat keys with user_consent like PKCS#11 would.
SC_AC_CONTEXT_SPECIFIC is set when doing a verify so a card driver can
take action if needed.

card-piv.c is currently the only driver doing so.
It uses this to hold the card lock so both the VERIFY and following crypto
operations are in the same transaction. The card enforces this restriction.
Without this additional APDUs may be sent before every transaction to test
that the expected applet is selected.

Unlike the circumvention of using ignore_user_consent=true and pin caching
this modification allows a pin pad reader to be used for keys requiring user_consent.

 On branch pkcs15-context-specific
 Changes to be committed:
	modified:   pkcs15-crypt.c



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.