Skip to content

Commit

Permalink
pkcs11: Propagate ignore_user_consent
Browse files Browse the repository at this point in the history 
If user consent is ignored through configuration, do not present
ALWAYS_AUTHENTICATE=TRUE attribute in PKCS#11

Fixes #2039
  • Loading branch information
@Jakuje
Jakuje committed May 28, 2020
1 parent b02da83 commit fd5cbb0
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/pkcs11/framework-pkcs15.c
View file
Expand Up @@ -3728,9 +3728,13 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = (prkey->prv_info->access_flags & SC_PKCS15_PRKEY_ACCESS_LOCAL) != 0;
break;
case CKA_ALWAYS_AUTHENTICATE:
case CKA_ALWAYS_AUTHENTICATE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
*(CK_BBOOL*)attr->pValue = prkey->prv_p15obj->user_consent >= 1 ? CK_TRUE : CK_FALSE;
if (fw_data->p15_card->opts.pin_cache_ignore_user_consent) {
*(CK_BBOOL*)attr->pValue = CK_FALSE;
} else {
*(CK_BBOOL*)attr->pValue = prkey->prv_p15obj->user_consent >= 1 ? CK_TRUE : CK_FALSE;
}
break;
case CKA_PRIVATE:
check_attribute_buffer(attr, sizeof(CK_BBOOL));
Expand Down

0 comments on commit fd5cbb0

Please sign in to comment.