-
Notifications
You must be signed in to change notification settings - Fork 729
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not require a R/W session for --login, ... #2579
Conversation
I would be for creating a new switch |
This allows to perform commands like `--login --pin XXX --list-objects` or `--sign ...` on a read-only token (which otherwise could return an `CKR_TOKEN_WRITE_PROTECTED` error when calling `C_OpenSession()`). Fixes OpenSC#2182.
8f08d5a
to
8cfa53a
Compare
@Jakuje Both done. |
@Jakuje Now ... also change to
|
8cfa53a
to
3f75830
Compare
The |
@popovec Okay, then consequently also |
WRAP: Wrapped key is returned to user. No writing to card occurs during the "wrap" operation.
|
3f75830
to
5ce8dc0
Compare
This looks like it breaks the tests in https://github.com/OpenSC/OpenSC/runs/7646167936?check_suite_focus=true If I read the output right, its the |
Interesting, only |
Hmm, ... cannot reproduce the failing test, ... ran
|
... can we somehow get the |
... one suspicion I have, is that we use Maybe related: I get in my local run "The command rsautl was deprecated in version 3.0. Use 'pkeyutl' instead" warnings (although the test passes). |
@Jakuje Could you maybe trigger a build on master to get a "baseline"? |
We have build from yesterday on master which worked just ok, which makes me thinking that it has to be something else: https://github.com/OpenSC/OpenSC/runs/7649380818?check_suite_focus=true Actually, there are logs uploaded to github as artifacts in https://github.com/OpenSC/OpenSC/actions/runs/2784469746 but the naming is not great (and the upload is skipped because of the build failed, which makes it useless). I just pushed a change to your branch which shold upload the logs. |
Hmm. Now it works so it was probably just some intermittent issue, maybe bad openssl build ... |
Oh. Many thanks @Jakuje ! |
@popovec Ready to merge? |
Thank you for your contribution! |
Thanks for the review and for merging! |
This allows to perform commands like
--login --pin XXX --list-objects
or--sign ...
on a read-only token (which otherwise could return anCKR_TOKEN_WRITE_PROTECTED
error when callingC_OpenSession()
).Fixes #2182.
Open questions
NEED_SESSION_RO
? Yes:--verify
--encrypt
and--decrypt
--wrap
--session-rw
flag as discussed in pkcs11-tool '--login' option always tries to create a read/write session #2182 (comment)?Checklist