[pkg-opensc-commit] [engine-pkcs11] 119/152: When loading a certificate login if a PIN is provided

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository engine-pkcs11.

commit 091b78ccbb254013b2da15eac51a548b7a215645
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Fri Jul 17 10:55:21 2015 +0200

    When loading a certificate login if a PIN is provided
---
 src/engine_pkcs11.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/engine_pkcs11.c b/src/engine_pkcs11.c
index 1ee4f30..dd3d76e 100644
--- a/src/engine_pkcs11.c
+++ b/src/engine_pkcs11.c
@@ -663,6 +663,21 @@ static X509 *pkcs11_load_cert(ENGINE * e, const char *s_slot_cert_id)
 		fprintf(stderr, "Found token: %s\n", slot->token->label);
 	}
 
+	/* In several tokens certificates are marked as private. We use the pin-value */
+	if (tok->loginRequired && pin) {
+		/* Now login in with the (possibly NULL) pin */
+		if (PKCS11_login(slot, 0, pin)) {
+			/* Login failed, so free the PIN if present */
+			if (pin != NULL) {
+				OPENSSL_cleanse(pin, pin_length);
+				free(pin);
+				pin = NULL;
+				pin_length = 0;
+			}
+			fail("Login failed\n");
+		}
+	}
+
 	if (PKCS11_enumerate_certs(tok, &certs, &cert_count)) {
 		fprintf(stderr, "unable to enumerate certificates\n");
 		PKCS11_release_all_slots(ctx, slot_list, slot_count);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/engine-pkcs11.git