From 4ea2828246549b39df885ac992800772df322c50 Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Wed, 21 Jun 2017 10:43:52 +0200
Subject: [PATCH] card-piv: Fix Thunderbird and SC_PIN_CMD_GET_INFO

Fixes https://github.com/OpenSC/OpenSC/issues/1071
Closes https://github.com/OpenSC/OpenSC/pull/1072
---
 src/libopensc/card-piv.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/libopensc/card-piv.c b/src/libopensc/card-piv.c
index 7df1f2e0..6f492fcc 100644
--- a/src/libopensc/card-piv.c
+++ b/src/libopensc/card-piv.c
@@ -3274,6 +3274,17 @@ piv_pin_cmd(sc_card_t *card, struct sc_pin_cmd_data *data, int *tries_left)
 		data->pin1.tries_left = priv->tries_left;
 		if (tries_left)
 			*tries_left = priv->tries_left;
+		if (priv->logged_in == SC_PIN_STATE_LOGGED_IN) {
+			/* Avoid status requests when the user is logged in to handle NIST
+			 * 800-73-4 Part 2:
+			 * The PKI cryptographic function (see Table 4b) is protected with
+			 * a “PIN Always” or “OCC Always” access rule. In other words, the
+			 * PIN or OCC data must be submitted and verified every time
+			 * immediately before a digital signature key operation.  This
+			 * ensures cardholder participation every time the private key is
+			 * used for digital signature generation */
+			LOG_FUNC_RETURN(card->ctx, SC_SUCCESS);
+		}
 	}
 
 	priv->pin_cmd_verify = 1; /* tell piv_check_sw its a verify to save sw1, sw2 */