From 1febdee2b2a97e749617eb9b1777f6d8f8f30656 Mon Sep 17 00:00:00 2001 From: pisi Date: Fri, 25 Feb 2005 21:17:11 +0000 Subject: [PATCH] If the PKCS#11 token can itself authenticate the user, we let it do it and ask nothing. First because many applications that might link to the openssl library would never-ever implement it and anyway it is the task of the pkcs11 module to take care of the authentication however the module/token feels feasible. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@2201 c6295689-39f2-0310-b995-f0e70906c6a9 --- src/sslengines/engine_pkcs11.c | 3 ++- src/sslengines/p11_slot.c | 1 + src/sslengines/pkcs11-internal.h | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/sslengines/engine_pkcs11.c b/src/sslengines/engine_pkcs11.c index 63082e21..20f4a12d 100644 --- a/src/sslengines/engine_pkcs11.c +++ b/src/sslengines/engine_pkcs11.c @@ -330,7 +330,8 @@ EVP_PKEY *pkcs11_load_key(ENGINE * e, const char *s_slot_key_id, break; if (pin == NULL) { pin = (char *) calloc(12, sizeof(char)); - get_pin(ui_method, pin, 12); + if (!tok->secureLogin) + get_pin(ui_method, pin, 12); } if (PKCS11_login(slot, 0, pin)) { if(pin != NULL) { diff --git a/src/sslengines/p11_slot.c b/src/sslengines/p11_slot.c index ac4be947..d22ec67d 100644 --- a/src/sslengines/p11_slot.c +++ b/src/sslengines/p11_slot.c @@ -337,6 +337,7 @@ int pkcs11_check_token(PKCS11_CTX * ctx, PKCS11_SLOT * slot) token->model = PKCS11_DUP(info.model); token->initialized = (info.flags & CKF_TOKEN_INITIALIZED) ? 1 : 0; token->loginRequired = (info.flags & CKF_LOGIN_REQUIRED) ? 1 : 0; + token->secureLogin = (info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ? 1 : 0; token->userPinSet = (info.flags & CKF_USER_PIN_INITIALIZED) ? 1 : 0; token->readOnly = (info.flags & CKF_WRITE_PROTECTED) ? 1 : 0; token->_private = tpriv; diff --git a/src/sslengines/pkcs11-internal.h b/src/sslengines/pkcs11-internal.h index 032f397b..7f1becc6 100644 --- a/src/sslengines/pkcs11-internal.h +++ b/src/sslengines/pkcs11-internal.h @@ -116,6 +116,7 @@ typedef struct PKCS11_token_st { char *model; unsigned char initialized; unsigned char loginRequired; + unsigned char secureLogin; unsigned char userPinSet; unsigned char readOnly; void *_private;