[pkg-opensc-commit] [libp11] 02/27: Check for the CKA_ALWAYS_AUTHENTICATE attribute

Mon Aug 7 19:48:07 UTC 2017

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 6ef8aed5cebb184c82026051cd2a0fb750000eae
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Fri Apr 28 20:05:51 2017 +0200

    Check for the CKA_ALWAYS_AUTHENTICATE attribute
    
    Check for the CKA_ALWAYS_AUTHENTICATE attribute
    on CKU_CONTEXT_SPECIFIC PINs instead of relying
    on the CKR_USER_NOT_LOGGED_IN error.
    
    Addresses OpenSC/OpenSC#1039 for libp11.
---
 src/p11_ec.c  | 2 +-
 src/p11_rsa.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/p11_ec.c b/src/p11_ec.c
index 2d9c28a..20aa7b9 100644
--- a/src/p11_ec.c
+++ b/src/p11_ec.c
@@ -325,7 +325,7 @@ static int pkcs11_ecdsa_sign(const unsigned char *msg, unsigned int msg_len,
 	CRYPTO_THREAD_write_lock(PRIVCTX(ctx)->rwlock);
 	rv = CRYPTOKI_call(ctx,
 		C_SignInit(spriv->session, &mechanism, kpriv->object));
-	if (rv == CKR_USER_NOT_LOGGED_IN)
+	if (kpriv->always_authenticate == CK_TRUE || rv == CKR_USER_NOT_LOGGED_IN)
 		rv = pkcs11_authenticate(key);
 	if (!rv)
 		rv = CRYPTOKI_call(ctx,
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index a53805d..368512f 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -99,7 +99,7 @@ int pkcs11_private_encrypt(int flen,
 	/* Try signing first, as applications are more likely to use it */
 	rv = CRYPTOKI_call(ctx,
 		C_SignInit(spriv->session, &mechanism, kpriv->object));
-	if (rv == CKR_USER_NOT_LOGGED_IN)
+	if (kpriv->always_authenticate == CK_TRUE || rv == CKR_USER_NOT_LOGGED_IN)
 		rv = pkcs11_authenticate(key);
 	if (!rv)
 		rv = CRYPTOKI_call(ctx,
@@ -108,7 +108,7 @@ int pkcs11_private_encrypt(int flen,
 		/* OpenSSL may use it for encryption rather than signing */
 		rv = CRYPTOKI_call(ctx,
 			C_EncryptInit(spriv->session, &mechanism, kpriv->object));
-		if (rv == CKR_USER_NOT_LOGGED_IN)
+		if (kpriv->always_authenticate == CK_TRUE || rv == CKR_USER_NOT_LOGGED_IN)
 			rv = pkcs11_authenticate(key);
 		if (!rv)
 			rv = CRYPTOKI_call(ctx,
@@ -142,7 +142,7 @@ int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *t
 	CRYPTO_THREAD_write_lock(PRIVCTX(ctx)->rwlock);
 	rv = CRYPTOKI_call(ctx,
 		C_DecryptInit(spriv->session, &mechanism, kpriv->object));
-	if (rv == CKR_USER_NOT_LOGGED_IN)
+	if (kpriv->always_authenticate == CK_TRUE || rv == CKR_USER_NOT_LOGGED_IN)
 		rv = pkcs11_authenticate(key);
 	if (!rv)
 		rv = CRYPTOKI_call(ctx,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git

