PATCH: userconsent, pkcs11 and pin cache

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

PATCH: userconsent, pkcs11 and pin cache

Martin Paljak
Attached patch makes sure that pins that protect a slot where exists
at least one object with userconsent value > 0 will never be cached in
the pkcs11 module. Works for me.

Comments ?

--
Martin Paljak
[hidden email]
http://martin.paljak.pri.ee/
+372.5156495 - phone

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel

userconsent-pin-cache.patch (6K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: PATCH: userconsent, pkcs11 and pin cache

Martin Paljak
Does no comments mean 'look OK?' ?

We don't count pin entries currently and i don't feel like it would
ever be useful in real life (most cases i know about deal with
userconsent == 1 anyway). I'm not sure if all scenarios are OK with
this simple approach, but it seems to work for me. GUI issues are
another problem.

m.

On 8/12/05, Martin Paljak <[hidden email]> wrote:

> Attached patch makes sure that pins that protect a slot where exists
> at least one object with userconsent value > 0 will never be cached in
> the pkcs11 module. Works for me.
>
> Comments ?
>
> --
> Martin Paljak
> [hidden email]
> http://martin.paljak.pri.ee/
> +372.5156495 - phone
>
>
>


--
Martin Paljak
[hidden email]
http://martin.paljak.pri.ee/
+372.5156495 - phone
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PATCH: userconsent, pkcs11 and pin cache

Nils Larsch
In reply to this post by Martin Paljak
Martin Paljak wrote:
> Attached patch makes sure that pins that protect a slot where exists
> at least one object with userconsent value > 0 will never be cached in
> the pkcs11 module. Works for me.
>
> Comments ?

no objections. btw: what's the reason for the changes in
_get_conf_block ? These changes aren't used in your patch.

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PATCH: userconsent, pkcs11 and pin cache

Martin Paljak
Hmm, i guess I've mis-merged another patch. This should be visible in
the pcsc pinpad patch, but it seems to be missing. I also swapped some
other similar code blocks to this _get_conf_block code but that's yet
another separate patch...

m.

On 8/20/05, Nils Larsch <[hidden email]> wrote:

> Martin Paljak wrote:
> > Attached patch makes sure that pins that protect a slot where exists
> > at least one object with userconsent value > 0 will never be cached in
> > the pkcs11 module. Works for me.
> >
> > Comments ?
>
> no objections. btw: what's the reason for the changes in
> _get_conf_block ? These changes aren't used in your patch.
>
> Nils
>


--
Martin Paljak
[hidden email]
http://martin.paljak.pri.ee/
+372.5156495 - phone
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: PATCH: userconsent, pkcs11 and pin cache

Nils Larsch
Martin Paljak wrote:
> Hmm, i guess I've mis-merged another patch. This should be visible in
> the pcsc pinpad patch, but it seems to be missing.

and it doesn't seem to be used there (actually _get_conf_block
isn't used anywhere at the moment)

> I also swapped some
> other similar code blocks to this _get_conf_block code but that's yet
> another separate patch...

What's the reason behind this patch ? Currently _get_conf_block returns
the first non-NULL scconf_block it finds in one of the blocks. With
this patch, and if the priority parameter set to 0, it returns the
result of scconf_find_blocks in the last available scconf_block (which
could be NULL).

Nils
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel