Skip to content

Commit

Permalink
Engine allowed to use private keys without a PIN
Browse files Browse the repository at this point in the history 
Access control policies should be enforced by PKCS#11 modules,
and not by our engine or libp11.

Fixes #242
  • Loading branch information
@mtrojnar
mtrojnar committed Sep 12, 2018
1 parent c2512ee commit 6c2263b
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 4 deletions.
1 change: 1 addition & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
NEWS for Libp11 -- History of user visible changes

New in 0.4.10; unreleased
* Engine allowed to use private keys without a PIN (Michał Trojnara)

New in 0.4.9; 2018-09-03; Michał Trojnara
* Fixed EVP_PKEY ENGINE reference count with the EC EVP_PKEY_METHOD
Expand Down
4 changes: 0 additions & 4 deletions src/eng_back.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -750,10 +750,6 @@ static EVP_PKEY *ctx_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
* with some other (which ones?) PKCS#11 libraries */
if (!tok->initialized)
ctx_log(ctx, 0, "Found uninitialized token\n");
if (isPrivate && !tok->userPinSet && !tok->readOnly) {
ctx_log(ctx, 0, "Found slot without user PIN\n");
goto error;
}

ctx_log(ctx, 1, "Found slot: %s\n", slot->description);
ctx_log(ctx, 1, "Found token: %s\n", slot->token->label);
Expand Down

0 comments on commit 6c2263b

Please sign in to comment.