giomba/opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11: Propagate ignore_user_consent

Browse Source 
If user consent is ignored through configuration, do not present
ALWAYS_AUTHENTICATE=TRUE attribute in PKCS#11

Fixes #2039
This commit is contained in:
Jakub Jelen 2020-05-27 14:47:01 +02:00 committed by Frank Morgner
parent 7a29e6c047
commit 97ec23a2d9
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/pkcs11/framework-pkcs15.c
View File

@ -3773,9 +3773,13 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = (prkey->prv_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) != 0;
break;
case CKA_ALWAYS_AUTHENTICATE:
case CKA_ALWAYS_AUTHENTICATE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = prkey->prv_p15obj->user_consent >= 1 ? CK_TRUE : CK_FALSE;
if (fw_data->p15_card->opts.pin_cache_ignore_user_consent) {
*(CK_BBOOL*)attr->pValue = CK_FALSE;
} else {
*(CK_BBOOL*)attr->pValue = prkey->prv_p15obj->user_consent >= 1 ? CK_TRUE : CK_FALSE;
}
break;
case CKA_PRIVATE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));