If the PKCS#11 token can itself authenticate the user, we let it do it and ask

nothing. First because many applications that might link to the openssl library would never-ever implement it and anyway it is the task of the pkcs11 module to take care of the authentication however the module/token feels feasible. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2201 c6295689-39f2-0310-b995-f0e70906c6a9
2005-02-25 21:17:11 +00:00 · 2005-02-25 21:17:11 +00:00 · 1febdee2b2
parent 3a118fb33f
commit 1febdee2b2
3 changed files with 4 additions and 1 deletions
--- a/src/sslengines/engine_pkcs11.c
+++ b/src/sslengines/engine_pkcs11.c
@ -330,7 +330,8 @@ EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id,
 			break;
 		if (pin == NULL) {
 			pin = (char *) calloc(12, sizeof(char));
-			get_pin(ui_method, pin, 12);
+			if (!tok->secureLogin)
+				get_pin(ui_method, pin, 12);
 		}
 		if (PKCS11_login(slot, 0, pin)) {
 			if(pin != NULL) {
--- a/src/sslengines/p11_slot.c
+++ b/src/sslengines/p11_slot.c
@ -337,6 +337,7 @@ int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot)
 	token->model = PKCS11_DUP(info.model);
 	token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0;
 	token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0;
+	token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0;
 	token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0;
 	token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0;
 	token->_private = tpriv;
--- a/src/sslengines/pkcs11-internal.h
+++ b/src/sslengines/pkcs11-internal.h
@ -116,6 +116,7 @@ typedef struct PKCS11_token_st {
 	char *model;
 	unsigned char initialized;
 	unsigned char loginRequired;
+	unsigned char secureLogin;
 	unsigned char userPinSet;
 	unsigned char readOnly;
 	void *_private;