Use PIN from refresh URI when taking login session

bukka · bukka · commit db376715073b · 2025-03-10T16:46:07.000+01:00
Signed-off-by: Jakub Zelenka &lt;jakub.openssl@gmail.com&gt;
diff --git a/src/objects.c b/src/objects.c
@@ -301,7 +301,8 @@ static void destroy_key_cache(P11PROV_OBJ *obj, P11PROV_SESSION *session)
     if (session) {
         sess = p11prov_session_handle(session);
     } else {
-        ret = p11prov_take_login_session(obj->ctx, obj->slotid, &_session);
+        ret = p11prov_take_login_session(obj->ctx, obj->slotid,
+                                         obj->refresh_uri, &_session);
         if (ret != CKR_OK) {
             P11PROV_debug("Failed to get login session. Error %lx", ret);
             return;
@@ -369,7 +370,8 @@ static void cache_key(P11PROV_OBJ *obj)
         return;
     }
 
-    ret = p11prov_take_login_session(obj->ctx, obj->slotid, &session);
+    ret = p11prov_take_login_session(obj->ctx, obj->slotid, obj->refresh_uri,
+                                     &session);
     if (ret != CKR_OK || session == NULL) {
         P11PROV_debug("Failed to get login session. Error %lx", ret);
         return;
@@ -3601,7 +3603,7 @@ static CK_RV p11prov_store_rsa_public_key(P11PROV_OBJ *key)
         goto done;
     }
 
-    rv = p11prov_take_login_session(key->ctx, slot, &session);
+    rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);
     if (rv != CKR_OK) {
         goto done;
     }
@@ -3670,7 +3672,7 @@ static CK_RV p11prov_store_ec_public_key(P11PROV_OBJ *key)
         goto done;
     }
 
-    rv = p11prov_take_login_session(key->ctx, slot, &session);
+    rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);
     if (rv != CKR_OK) {
         goto done;
     }
@@ -3858,7 +3860,7 @@ static CK_RV p11prov_store_rsa_private_key(P11PROV_OBJ *key,
         goto done;
     }
 
-    rv = p11prov_take_login_session(key->ctx, slot, &session);
+    rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);
     if (rv != CKR_OK) {
         goto done;
     }
@@ -3954,7 +3956,7 @@ static CK_RV p11prov_store_ec_private_key(P11PROV_OBJ *key,
         goto done;
     }
 
-    rv = p11prov_take_login_session(key->ctx, slot, &session);
+    rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);
     if (rv != CKR_OK) {
         goto done;
     }
diff --git a/src/session.c b/src/session.c
@@ -1045,7 +1045,7 @@ CK_RV p11prov_get_session(P11PROV_CTX *provctx, CK_SLOT_ID *slotid,
 }
 
 CK_RV p11prov_take_login_session(P11PROV_CTX *provctx, CK_SLOT_ID slotid,
-                                 P11PROV_SESSION **_session)
+                                 P11PROV_URI *uri, P11PROV_SESSION **_session)
 {
     P11PROV_SLOTS_CTX *slots = NULL;
     P11PROV_SLOT *slot = NULL;
@@ -1071,7 +1071,7 @@ CK_RV p11prov_take_login_session(P11PROV_CTX *provctx, CK_SLOT_ID slotid,
         goto done;
     }
 
-    ret = slot_login(slot, NULL, NULL, NULL, false, _session);
+    ret = slot_login(slot, uri, NULL, NULL, false, _session);
 
 done:
     p11prov_return_slots(slots);
diff --git a/src/session.h b/src/session.h
@@ -18,7 +18,7 @@ CK_RV p11prov_get_session(P11PROV_CTX *provctx, CK_SLOT_ID *slotid,
                           OSSL_PASSPHRASE_CALLBACK *pw_cb, void *pw_cbarg,
                           bool reqlogin, bool rw, P11PROV_SESSION **session);
 CK_RV p11prov_take_login_session(P11PROV_CTX *provctx, CK_SLOT_ID slotid,
-                                 P11PROV_SESSION **_session);
+                                 P11PROV_URI *uri, P11PROV_SESSION **_session);
 void p11prov_return_session(P11PROV_SESSION *session);
 
 CK_RV p11prov_context_specific_login(P11PROV_SESSION *session, P11PROV_URI *uri,

Original file line number	Diff line number	Diff line change
`@@ -301,7 +301,8 @@ static void destroy_key_cache(P11PROV_OBJ obj, P11PROV_SESSION session)`
`301`	`301`	`if (session) {`
`302`	`302`	`sess = p11prov_session_handle(session);`
`303`	`303`	`} else {`
`304`		`- ret = p11prov_take_login_session(obj->ctx, obj->slotid, &_session);`
	`304`	`+ ret = p11prov_take_login_session(obj->ctx, obj->slotid,`
	`305`	`+ obj->refresh_uri, &_session);`
`305`	`306`	`if (ret != CKR_OK) {`
`306`	`307`	`P11PROV_debug("Failed to get login session. Error %lx", ret);`
`307`	`308`	`return;`
`@@ -369,7 +370,8 @@ static void cache_key(P11PROV_OBJ *obj)`
`369`	`370`	`return;`
`370`	`371`	`}`
`371`	`372`
`372`		`- ret = p11prov_take_login_session(obj->ctx, obj->slotid, &session);`
	`373`	`+ ret = p11prov_take_login_session(obj->ctx, obj->slotid, obj->refresh_uri,`
	`374`	`+ &session);`
`373`	`375`	`if (ret != CKR_OK \|\| session == NULL) {`
`374`	`376`	`P11PROV_debug("Failed to get login session. Error %lx", ret);`
`375`	`377`	`return;`
`@@ -3601,7 +3603,7 @@ static CK_RV p11prov_store_rsa_public_key(P11PROV_OBJ *key)`
`3601`	`3603`	`goto done;`
`3602`	`3604`	`}`
`3603`	`3605`
`3604`		`- rv = p11prov_take_login_session(key->ctx, slot, &session);`
	`3606`	`+ rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);`
`3605`	`3607`	`if (rv != CKR_OK) {`
`3606`	`3608`	`goto done;`
`3607`	`3609`	`}`
`@@ -3670,7 +3672,7 @@ static CK_RV p11prov_store_ec_public_key(P11PROV_OBJ *key)`
`3670`	`3672`	`goto done;`
`3671`	`3673`	`}`
`3672`	`3674`
`3673`		`- rv = p11prov_take_login_session(key->ctx, slot, &session);`
	`3675`	`+ rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);`
`3674`	`3676`	`if (rv != CKR_OK) {`
`3675`	`3677`	`goto done;`
`3676`	`3678`	`}`
`@@ -3858,7 +3860,7 @@ static CK_RV p11prov_store_rsa_private_key(P11PROV_OBJ *key,`
`3858`	`3860`	`goto done;`
`3859`	`3861`	`}`
`3860`	`3862`
`3861`		`- rv = p11prov_take_login_session(key->ctx, slot, &session);`
	`3863`	`+ rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);`
`3862`	`3864`	`if (rv != CKR_OK) {`
`3863`	`3865`	`goto done;`
`3864`	`3866`	`}`
`@@ -3954,7 +3956,7 @@ static CK_RV p11prov_store_ec_private_key(P11PROV_OBJ *key,`
`3954`	`3956`	`goto done;`
`3955`	`3957`	`}`
`3956`	`3958`
`3957`		`- rv = p11prov_take_login_session(key->ctx, slot, &session);`
	`3959`	`+ rv = p11prov_take_login_session(key->ctx, slot, key->refresh_uri, &session);`
`3958`	`3960`	`if (rv != CKR_OK) {`
`3959`	`3961`	`goto done;`
`3960`	`3962`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1045,7 +1045,7 @@ CK_RV p11prov_get_session(P11PROV_CTX provctx, CK_SLOT_ID slotid,`
`1045`	`1045`	`}`
`1046`	`1046`
`1047`	`1047`	`CK_RV p11prov_take_login_session(P11PROV_CTX *provctx, CK_SLOT_ID slotid,`
`1048`		`- P11PROV_SESSION **_session)`
	`1048`	`+ P11PROV_URI uri, P11PROV_SESSION *_session)`
`1049`	`1049`	`{`
`1050`	`1050`	`P11PROV_SLOTS_CTX *slots = NULL;`
`1051`	`1051`	`P11PROV_SLOT *slot = NULL;`
`@@ -1071,7 +1071,7 @@ CK_RV p11prov_take_login_session(P11PROV_CTX *provctx, CK_SLOT_ID slotid,`
`1071`	`1071`	`goto done;`
`1072`	`1072`	`}`
`1073`	`1073`
`1074`		`- ret = slot_login(slot, NULL, NULL, NULL, false, _session);`
	`1074`	`+ ret = slot_login(slot, uri, NULL, NULL, false, _session);`
`1075`	`1075`
`1076`	`1076`	`done:`
`1077`	`1077`	`p11prov_return_slots(slots);`