Current master incorrectly prompts for extra/unnecessary/non-existent PINs

[mouse07410]

Mac OS X 10.11.6, Xcode-8.0. Current master of OpenSC and of libp11.

$ openssl dgst -engine pkcs11 -keyform engine -sha256 -sign "pkcs11:object=SIGN%20key;object-type=private" -out /tmp/derive.16700.text.sig /tmp/derive.16700.text
engine "pkcs11" set.
PKCS#11 token PIN: 
PKCS#11 key PIN: 
Signature is stored in /tmp/derive.16700.text.sig

There are no separate PINs. It always prompted me for one PIN, now it asks for two (which happen to be one and the same). It appears (based on how it now accesses key derivation key) that this double-prompt is a confusion based on CKA_ALWAYS_AUTHENTICATE, and on a misconception of how many PINs this token has: it authenticates with a PIN once to the "token" (why? what is this supposed to mean?) and then it asks for another PIN to authenticate to the "signing key" itself. It is very ugly the way this code works now. Having to enter (the same) PIN twice in order to get one signature?

Is it a config parameter that I can set to get rid of this, or does the code have to be changed?

[mtrojnar]

This is a duplicate of #101.