Public certs and pubkeys with an auth_id are treated as private (See #291)
Code to test for an auth_id for certs and pubkeys was removed. See: PKCS#15 section 4.1.3 Access methods This is conseritive change and all objects could be treaded the same.
This commit is contained in:
parent
8ed4db76c8
commit
fd22098e19
|
@ -1217,10 +1217,15 @@ _add_public_objects(struct sc_pkcs11_slot *slot, struct pkcs15_fw_data *fw_data,
|
|||
/* Ignore seen object */
|
||||
if (obj->base.flags & SC_PKCS11_OBJECT_SEEN)
|
||||
continue;
|
||||
/* Ignore 'private' object and the ones with 'auth_id' defined */
|
||||
/* Ignore 'private' object */
|
||||
if (obj->p15_object->flags & SC_PKCS15_CO_FLAG_PRIVATE)
|
||||
continue;
|
||||
if (obj->p15_object->auth_id.len)
|
||||
/* PKCS#15 4.1.3 is a little vague, but implies if not PRIVATE it is readable
|
||||
* even if there is an auth_id to allow writting for example.
|
||||
* See bug issue #291
|
||||
* treat pubkey and cert as readable.a
|
||||
*/
|
||||
if (obj->p15_object->auth_id.len && !(is_pubkey(obj) || is_cert(obj)))
|
||||
continue;
|
||||
|
||||
sc_log(context, "Add public object(%p,%s,%x)", obj, obj->p15_object->label, obj->p15_object->type);
|
||||
|
|
Loading…
Reference in New Issue