pkcs11: Do not advertize VERIFY flag on the EC derive mechanisms
Amends 285db1ef
This commit is contained in:
parent
176b20f339
commit
da247384e7
|
@ -5748,7 +5748,7 @@ static CK_RV register_ec_mechanisms(struct sc_pkcs11_card *p11card, int flags,
|
||||||
/* ADD ECDH mechanisms */
|
/* ADD ECDH mechanisms */
|
||||||
/* The PIV uses curves where CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE produce the same results */
|
/* The PIV uses curves where CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE produce the same results */
|
||||||
if(flags & SC_ALGORITHM_ECDH_CDH_RAW) {
|
if(flags & SC_ALGORITHM_ECDH_CDH_RAW) {
|
||||||
mech_info.flags &= ~CKF_SIGN;
|
mech_info.flags &= ~(CKF_SIGN | CKF_VERIFY);
|
||||||
mech_info.flags |= CKF_DERIVE;
|
mech_info.flags |= CKF_DERIVE;
|
||||||
|
|
||||||
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDH1_COFACTOR_DERIVE, &mech_info, CKK_EC, NULL, NULL);
|
mt = sc_pkcs11_new_fw_mechanism(CKM_ECDH1_COFACTOR_DERIVE, &mech_info, CKK_EC, NULL, NULL);
|
||||||
|
|
Loading…
Reference in New Issue