[pkg-opensc-commit] [libp11] 05/51: Handle CKF_PROTECTED_AUTHENTICATION_PATH in pkcs11_authenticate()

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit f00b79acda4aa16ddaec4659361540e168d45259
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Thu Sep 29 22:24:33 2016 +0200

    Handle CKF_PROTECTED_AUTHENTICATION_PATH in pkcs11_authenticate()
---
 src/p11_key.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/p11_key.c b/src/p11_key.c
index 2b506ff..229dab4 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -337,7 +337,8 @@ EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key, int isPrivate)
 int pkcs11_authenticate(PKCS11_KEY *key)
 {
 	PKCS11_KEY_private *kpriv = PRIVKEY(key);
-	PKCS11_SLOT *slot = KEY2SLOT(key);
+	PKCS11_TOKEN *token = KEY2TOKEN(key);
+	PKCS11_SLOT *slot = TOKEN2SLOT(token);
 	PKCS11_SLOT_private *spriv = PRIVSLOT(slot);
 	PKCS11_CTX *ctx = SLOT2CTX(slot);
 	char pin[MAX_PIN_LENGTH];
@@ -347,6 +348,13 @@ int pkcs11_authenticate(PKCS11_KEY *key)
 	if (!kpriv->always_authenticate)
 		return 0;
 
+	/* Handle CKF_PROTECTED_AUTHENTICATION_PATH */
+	if (token->secureLogin) {
+		rv = CRYPTOKI_call(ctx,
+			C_Login(spriv->session, CKU_CONTEXT_SPECIFIC, NULL, 0));
+		return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
+	}
+
 	/* Call UI to ask for a PIN */
 	if (kpriv->ui_method == NULL)
 		return PKCS11_UI_FAILED;
@@ -370,9 +378,7 @@ int pkcs11_authenticate(PKCS11_KEY *key)
 		C_Login(spriv->session, CKU_CONTEXT_SPECIFIC,
 			(CK_UTF8CHAR *)pin, strlen(pin)));
 	OPENSSL_cleanse(pin, MAX_PIN_LENGTH);
-	if (rv == CKR_USER_ALREADY_LOGGED_IN) /* ignore */
-		rv = 0;
-	return rv;
+	return rv == CKR_USER_ALREADY_LOGGED_IN ? 0 : rv;
 }
 
 /*

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git