If the PKCS#11 token can itself authenticate the user, we let it do it and ask
nothing. First because many applications that might link to the openssl library would never-ever implement it and anyway it is the task of the pkcs11 module to take care of the authentication however the module/token feels feasible. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2201 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
3a118fb33f
commit
1febdee2b2
|
@ -330,7 +330,8 @@ EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
|
|||
break;
|
||||
if (pin == NULL) {
|
||||
pin = (char *) calloc(12, sizeof(char));
|
||||
get_pin(ui_method, pin, 12);
|
||||
if (!tok->secureLogin)
|
||||
get_pin(ui_method, pin, 12);
|
||||
}
|
||||
if (PKCS11_login(slot, 0, pin)) {
|
||||
if(pin != NULL) {
|
||||
|
|
|
@ -337,6 +337,7 @@ int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
|
|||
token->model = PKCS11_DUP(info.model);
|
||||
token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
|
||||
token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
|
||||
token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
|
||||
token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
|
||||
token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
|
||||
token->_private = tpriv;
|
||||
|
|
|
@ -116,6 +116,7 @@ typedef struct PKCS11_token_st {
|
|||
char *model;
|
||||
unsigned char initialized;
|
||||
unsigned char loginRequired;
|
||||
unsigned char secureLogin;
|
||||
unsigned char userPinSet;
|
||||
unsigned char readOnly;
|
||||
void *_private;
|
||||
|
|
Loading…
Reference in New Issue