[pkg-opensc-commit] [opensc] 288/295: Revert "pkcs11-tool: always authenticate when pinpad is in use"
Eric Dorland
eric at moszumanska.debian.org
Sat Jun 24 21:11:41 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository opensc.
commit e894bd175bd3ca7a081a862abb21ac863a46930f
Author: Frank Morgner <frankmorgner at gmail.com>
Date: Tue Jun 13 11:21:32 2017 +0200
Revert "pkcs11-tool: always authenticate when pinpad is in use"
This reverts commit 423375c6f85853d359d502a28e676a09e33a0ac1.
Fixes https://github.com/OpenSC/OpenSC/issues/1063
---
src/tools/pkcs11-tool.c | 39 ++++++++-------------------------------
1 file changed, 8 insertions(+), 31 deletions(-)
diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c
index 5311db4..2b4876f 100644
--- a/src/tools/pkcs11-tool.c
+++ b/src/tools/pkcs11-tool.c
@@ -369,7 +369,6 @@ static void show_token(CK_SLOT_ID);
static void list_mechs(CK_SLOT_ID);
static void list_objects(CK_SESSION_HANDLE, CK_OBJECT_CLASS);
static int login(CK_SESSION_HANDLE, int);
-static void authenticate_if_required(CK_SESSION_HANDLE, CK_OBJECT_HANDLE);
static void init_token(CK_SLOT_ID);
static void init_pin(CK_SLOT_ID, CK_SESSION_HANDLE);
static int change_pin(CK_SLOT_ID, CK_SESSION_HANDLE);
@@ -3007,32 +3006,6 @@ VARATTR_METHOD(GOSTR3410_PARAMS, unsigned char);
VARATTR_METHOD(EC_POINT, unsigned char);
VARATTR_METHOD(EC_PARAMS, unsigned char);
-static void authenticate_if_required(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE privKeyObject){
- CK_SESSION_INFO sessionInfo;
- CK_TOKEN_INFO info;
- CK_RV rv;
-
- rv = p11->C_GetSessionInfo(session, &sessionInfo);
- if (rv != CKR_OK)
- p11_fatal("C_OpenSession", rv);
-
- switch(sessionInfo.state){
- case CKS_RW_USER_FUNCTIONS:
- //logged in, not need to continue.
- return;
- case CKS_RW_PUBLIC_SESSION:
- break;
- default:
- util_fatal("unexpected state");
- }
-
- get_token_info(opt_slot, &info);
- if (!(info.flags & CKF_PROTECTED_AUTHENTICATION_PATH) && !getALWAYS_AUTHENTICATE(session, privKeyObject))
- return;
-
- login(session,CKU_CONTEXT_SPECIFIC);
-}
-
static void list_objects(CK_SESSION_HANDLE sess, CK_OBJECT_CLASS object_class)
{
CK_OBJECT_HANDLE object;
@@ -4173,7 +4146,8 @@ static int sign_verify_openssl(CK_SESSION_HANDLE session,
if (rv != CKR_OK)
p11_fatal("C_SignInit", rv);
- authenticate_if_required(session, privKeyObject);
+ if (getALWAYS_AUTHENTICATE(session, privKeyObject))
+ login(session,CKU_CONTEXT_SPECIFIC);
printf(" %s: ", p11_mechanism_to_name(ck_mech->mechanism));
sigLen1 = sizeof(sig1);
@@ -4374,7 +4348,8 @@ static int test_signature(CK_SESSION_HANDLE sess)
rv = p11->C_SignInit(sess, &ck_mech, privKeyObject);
if (rv != CKR_OK)
p11_fatal("C_SignInit", rv);
- authenticate_if_required(sess, privKeyObject);
+ if (getALWAYS_AUTHENTICATE(sess, privKeyObject))
+ login(sess,CKU_CONTEXT_SPECIFIC);
sigLen2 = sizeof(sig2);
rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2);
@@ -4412,7 +4387,8 @@ static int test_signature(CK_SESSION_HANDLE sess)
printf(" ERR: C_Sign() didn't return CKR_OK for a NULL output buf, but %s (0x%0x)\n",
CKR2Str(rv), (int) rv);
}
- authenticate_if_required(sess, privKeyObject);
+ if (getALWAYS_AUTHENTICATE(sess, privKeyObject))
+ login(sess,CKU_CONTEXT_SPECIFIC);
rv = p11->C_Sign(sess, data, dataLen, sig2, &sigLen2);
if (rv == CKR_OPERATION_NOT_INITIALIZED) {
@@ -4549,7 +4525,8 @@ static int sign_verify(CK_SESSION_HANDLE session,
}
printf(" %s: ", p11_mechanism_to_name(*mech_type));
- authenticate_if_required(session, priv_key);
+ if (getALWAYS_AUTHENTICATE(session, priv_key))
+ login(session,CKU_CONTEXT_SPECIFIC);
signat_len = sizeof(signat);
rv = p11->C_Sign(session, datas[j], data_lens[j], signat, &signat_len);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/opensc.git
More information about the pkg-opensc-commit
mailing list