[Bug 2638] Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 11 13:48:06 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2638

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2890
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2890
[PATCH] Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private
objects


>@@ -316,6 +359,7 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
> 			return (-1);
> 		}
> 		si->logged_in = 1;
>+		login_performed = 1;

...

>+	} else if (!login_performed &&
>+	    pkcs11_always_authenticate(k11->provider, si, obj) < 0) {
>+		error("Failed to re-authenticate to access ALWAYS_AUTHENTICATE object");

Can't we reuse si->logged_in here and skip the extra variable?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list