pkcs11 C_Login improvements

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hello.
I'am using openssh with custom pkcs11 library and I have reach a little
issue in result code handling. C_Login function from pkcs11 specification
can return CKR_USER_ALREADY_LOGGED_IN code which is not an error, but
openssh expects only CKA_OK. There is an patch to fix this.

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index c49cbf4..1b236a6 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -263,8 +263,9 @@ pkcs11_rsa_private_encrypt(int flen, const u_char
*from, u_char *to, RSA *rsa,
                pin = read_passphrase(prompt, RP_ALLOW_EOF);
                if (pin == NULL)
                        return (-1);    /* bail out */
-               if ((rv = f->C_Login(si->session, CKU_USER,
-                   (u_char *)pin, strlen(pin))) != CKR_OK) {
+               rv = f->C_Login(si->session, CKU_USER,
+                   (u_char *)pin, strlen(pin));
+               if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
                        free(pin);
                        error("C_Login failed: %lu", rv);
                        return (-1);
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux