pkcs15init: 'protect-certificates' profile option not used
Profile option 'protect-certifcates' was activated by default for all the cards, was mentioned and commented out only in 'flex' profile, and finaly is not working 'by design' of pkcs15-lib.c So, no need to keep this option, untill the valid arguments to restore it back. Anyway, the access to certificates is controlled by the file's ACLs defined in profile. ;in profile use the 'define' macros to define the pin encoding type; git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4050 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
viktor.tarasov
parent
128e066176
commit
ef919e94d4
|
|
@ -6,16 +6,6 @@ cardinfo {
|
|||
pin-encoding = ascii-numeric;
|
||||
pin-pad-char = 0x00;
|
||||
pin-domains = yes;
|
||||
|
||||
# This profile does not PIN-protect certificates
|
||||
# stored on the card. If you enable this, you MUST
|
||||
# adjust the sizes of the pin-domain and key-dir DFs
|
||||
# accordingly.
|
||||
#
|
||||
# Update: everything seems to work fine without this
|
||||
# option, so it is commented out
|
||||
#
|
||||
# protect-certificates = no;
|
||||
}
|
||||
|
||||
# Define reasonable limits for PINs and PUK
|
||||
|
|
|
|||
|
|
@ -1496,22 +1496,6 @@ sc_pkcs15init_store_certificate(struct sc_pkcs15_card *p15card,
|
|||
r = select_id(p15card, SC_PKCS15_TYPE_CERT, &args->id);
|
||||
SC_TEST_RET(ctx, r, "Select certificate ID error");
|
||||
|
||||
if (profile->protect_certificates) {
|
||||
/* If there is a private key corresponding to the ID given
|
||||
* by the user, make sure $PIN references the pin protecting
|
||||
* this key
|
||||
*/
|
||||
r = -1;
|
||||
if (args->id.len != 0
|
||||
&& sc_pkcs15_find_prkey_by_id(p15card, &args->id, &object) == 0) {
|
||||
r = set_user_pin_from_authid(p15card, profile, &object->auth_id);
|
||||
SC_TEST_RET(ctx, r, "Failed to assign user pin reference "
|
||||
"(copied from private key auth_id)");
|
||||
}
|
||||
if (r == -1) /* User pin ref not yet set */
|
||||
set_user_pin_from_authid(p15card, profile, NULL);
|
||||
}
|
||||
|
||||
object = sc_pkcs15init_new_object(SC_PKCS15_TYPE_CERT_X509, label, NULL, NULL);
|
||||
if (object == NULL)
|
||||
SC_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Failed to allocate certificate object");
|
||||
|
|
|
|||
|
|
@ -147,11 +147,11 @@ static struct map pkcs15DfNames[] = {
|
|||
{ NULL, 0 }
|
||||
};
|
||||
static struct map pinTypeNames[] = {
|
||||
{ "BCD", 0 },
|
||||
{ "ascii-numeric", 1 },
|
||||
{ "utf8", 2 },
|
||||
{ "half-nibble-bcd", 3 },
|
||||
{ "iso9564-1", 4 },
|
||||
{ "BCD", SC_PKCS15_PIN_TYPE_BCD },
|
||||
{ "ascii-numeric", SC_PKCS15_PIN_TYPE_ASCII_NUMERIC },
|
||||
{ "utf8", SC_PKCS15_PIN_TYPE_UTF8 },
|
||||
{ "half-nibble-bcd", SC_PKCS15_PIN_TYPE_HALFNIBBLE_BCD },
|
||||
{ "iso9564-1", SC_PKCS15_PIN_TYPE_ISO9564_1 },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
static struct map pinIdNames[] = {
|
||||
|
|
@ -274,7 +274,6 @@ sc_profile_new(void)
|
|||
return NULL;
|
||||
pro->p15_spec = p15card = sc_pkcs15_card_new();
|
||||
|
||||
pro->protect_certificates = 1;
|
||||
pro->pkcs15.do_last_update = 1;
|
||||
|
||||
if (p15card) {
|
||||
|
|
@ -293,7 +292,7 @@ sc_profile_new(void)
|
|||
/* Assume card does RSA natively, but no DSA */
|
||||
pro->rsa_access_flags = DEF_PRKEY_RSA_ACCESS;
|
||||
pro->dsa_access_flags = DEF_PRKEY_DSA_ACCESS;
|
||||
pro->pin_encoding = 0x01;
|
||||
pro->pin_encoding = SC_PKCS15_PIN_TYPE_ASCII_NUMERIC;
|
||||
pro->pin_minlen = 4;
|
||||
pro->pin_maxlen = 8;
|
||||
pro->id_style = SC_PKCS15INIT_ID_STYLE_NATIVE;
|
||||
|
|
@ -788,12 +787,6 @@ do_pin_domains(struct state *cur, int argc, char **argv)
|
|||
return get_bool(cur, argv[0], &cur->profile->pin_domains);
|
||||
}
|
||||
|
||||
static int
|
||||
do_protect_certificates(struct state *cur, int argc, char **argv)
|
||||
{
|
||||
return get_bool(cur, argv[0], &cur->profile->protect_certificates);
|
||||
}
|
||||
|
||||
static int
|
||||
do_card_label(struct state *cur, int argc, char **argv)
|
||||
{
|
||||
|
|
@ -1590,7 +1583,6 @@ static struct command ci_commands[] = {
|
|||
{ "pin-encoding", 1, 1, do_default_pin_type },
|
||||
{ "pin-pad-char", 1, 1, do_pin_pad_char },
|
||||
{ "pin-domains", 1, 1, do_pin_domains },
|
||||
{ "protect-certificates", 1, 1, do_protect_certificates },
|
||||
{ "label", 1, 1, do_card_label },
|
||||
{ "manufacturer", 1, 1, do_card_manufacturer},
|
||||
|
||||
|
|
|
|||
|
|
@ -104,7 +104,6 @@ struct sc_profile {
|
|||
unsigned int puk_attempts;
|
||||
unsigned int rsa_access_flags;
|
||||
unsigned int dsa_access_flags;
|
||||
unsigned int protect_certificates;
|
||||
|
||||
struct {
|
||||
unsigned int direct_certificates;
|
||||
|
|
|
|||
Loading…
Reference in New Issue