giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert "pkcs11-tool: always authenticate when pinpad is in use" 

This reverts commit 423375c6f8.

Fixes https://github.com/OpenSC/OpenSC/issues/1063
This commit is contained in:
Frank Morgner 2017-06-13 11:21:32 +02:00
parent 00a710b939
commit e894bd175b
1 changed files with 8 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/tools/pkcs11-tool.c
View File

@ -369,7 +369,6 @@ static void show_token(CK_SLOT_ID);
static void list_mechs(CK_SLOT_ID);
static void list_objects(CK_SESSION_HANDLE, CK_OBJECT_CLASS);
static int login(CK_SESSION_HANDLE, int);
static void authenticate_if_required(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
static void init_token(CK_SLOT_ID);
static void init_pin(CK_SLOT_ID, CK_SESSION_HANDLE);
static int change_pin(CK_SLOT_ID, CK_SESSION_HANDLE);
@ -3007,32 +3006,6 @@ VARATTR_METHOD(GOSTR3410_PARAMS, unsigned char);
VARATTR_METHOD(EC_POINT, unsigned char);
VARATTR_METHOD(EC_PARAMS, unsigned char);
static void authenticate_if_required(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject){
CK_SESSION_INFO sessionInfo;
CK_TOKEN_INFO info;
CK_RV rv;
rv = p11->C_GetSessionInfo(session, &sessionInfo);
if (rv != CKR_OK)
p11_fatal("C_OpenSession", rv);
switch(sessionInfo.state){
case CKS_RW_USER_FUNCTIONS:
//logged in, not need to continue.
return;
case CKS_RW_PUBLIC_SESSION:
break;
default:
util_fatal("unexpected state");
}
get_token_info(opt_slot, &info);
if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) && !getALWAYS_AUTHENTICATE(session, privKeyObject))
return;
login(session,CKU_CONTEXT_SPECIFIC);
}
static void list_objects(CK_SESSION_HANDLE sess, CK_OBJECT_CLASS object_class)
{
CK_OBJECT_HANDLE object;
@ -4173,7 +4146,8 @@ static int sign_verify_openssl(CK_SESSION_HANDLE session,
if (rv != CKR_OK)
p11_fatal("C_SignInit", rv);
authenticate_if_required(session, privKeyObject);
if (getALWAYS_AUTHENTICATE(session, privKeyObject))
login(session,CKU_CONTEXT_SPECIFIC);
printf(" %s: ", p11_mechanism_to_name(ck_mech->mechanism));
sigLen1 = sizeof(sig1);
@ -4374,7 +4348,8 @@ static int test_signature(CK_SESSION_HANDLE sess)
rv = p11->C_SignInit(sess, &ck_mech, privKeyObject);
if (rv != CKR_OK)
p11_fatal("C_SignInit", rv);
authenticate_if_required(sess, privKeyObject);
if (getALWAYS_AUTHENTICATE(sess, privKeyObject))
login(sess,CKU_CONTEXT_SPECIFIC);
sigLen2 = sizeof(sig2);
rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2);
@ -4412,7 +4387,8 @@ static int test_signature(CK_SESSION_HANDLE sess)
printf(" ERR: C_Sign() didn't return CKR_OK for a NULL output buf, but %s (0x%0x)\n",
CKR2Str(rv), (int) rv);
}
authenticate_if_required(sess, privKeyObject);
if (getALWAYS_AUTHENTICATE(sess, privKeyObject))
login(sess,CKU_CONTEXT_SPECIFIC);
rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2);
if (rv == CKR_OPERATION_NOT_INITIALIZED) {
@ -4549,7 +4525,8 @@ static int sign_verify(CK_SESSION_HANDLE session,
}
printf(" %s: ", p11_mechanism_to_name(*mech_type));
authenticate_if_required(session, priv_key);
if (getALWAYS_AUTHENTICATE(session, priv_key))
login(session,CKU_CONTEXT_SPECIFIC);
signat_len = sizeof(signat);
rv = p11->C_Sign(session, datas[j], data_lens[j], signat, &signat_len);