Description of problem: p11tool is using a RO session when logging as SO and results in C_Login failure with SoftHSMv2 Version-Release number of selected component (if applicable): gnutls-utils-3.6.5-2.fc29.x86_64 softhsm-2.5.0-2.fc29.x86_64 How reproducible: Always Steps to Reproduce: 1. Use softhsm to create a blank token 2. p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --list-all --so-login 'pkcs11:token=mytoken' 3. Actual results: Error in crt_list_import (1): PKCS #11 error in session Expected results: Token objects are listed Additional info: The C_OpenSession flags used is: 0x4 11: C_OpenSession 2019-03-05 15:47:34.434 [in] slotID = 0x236b8902 [in] flags = 0x4 pApplication=(nil) Notify=(nil) [out] *phSession = 0x2 Returned: 0 CKR_OK The error is 13: C_Login 2019-03-05 15:47:36.108 [in] hSession = 0x2 [in] userType = CKU_SO [in] pPin[ulPinLen] 000055729bfbd9a0 / 5 00000000 73 6F 70 69 6E sopin Returned: 183 CKR_SESSION_READ_ONLY_EXISTS SoftHSMv2 states that SO C_Login must always piggyback on RW session and that this is incorrect behaviour. See discussion here: https://github.com/opendnssec/SoftHSMv2/issues/451 pkcs11-tool uses flags = 0x6 and this works.
Created attachment 1540863 [details] log of p11tool
Thank you for reporting this issue. I've opened an issue upstream to track it: https://gitlab.com/gnutls/gnutls/issues/721
Upstream fix: https://gitlab.com/gnutls/gnutls/merge_requests/953
gnutls-3.6.7-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8c1cf958f
gnutls-3.6.7-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-971ded6f90
gnutls-3.6.7-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-971ded6f90
gnutls-3.6.7-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8c1cf958f
gnutls-3.6.7-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
gnutls-3.6.7-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.