From ed59cb178359dbb736b82416e86ee26e1eb9647d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 9 Jun 2020 08:45:29 +0200
Subject: [PATCH] Do not lose PIN when more slots match PKCS#11 URI (#1843372)

---
 openssh-8.0p1-pkcs11-uri.patch | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/openssh-8.0p1-pkcs11-uri.patch b/openssh-8.0p1-pkcs11-uri.patch
index 7c00b13..50fd29a 100644
--- a/openssh-8.0p1-pkcs11-uri.patch
+++ b/openssh-8.0p1-pkcs11-uri.patch
@@ -2722,6 +2722,9 @@ index a302c79c..879fe917 100644
 +	}
 +
 +	provider_uri = pkcs11_uri_get(uri);
++	if (pin == NULL && uri->pin != NULL) {
++		pin = uri->pin;
++	}
 +	nkeys = 0;
 +	for (i = 0; i < p->module->nslots; i++) {
 +		token = &p->module->slotinfo[i].token;
@@ -2757,9 +2760,6 @@ index a302c79c..879fe917 100644
 +		    provider_uri, (unsigned long)i,
  		    token->label, token->manufacturerID, token->model,
  		    token->serialNumber, token->flags);
-+		if (pin == NULL && uri->pin != NULL) {
-+			pin = uri->pin;
-+		}
  		/*
 -		 * open session, login with pin and retrieve public
 -		 * keys (if keyp is provided)
@@ -2805,8 +2805,8 @@ index a302c79c..879fe917 100644
 +			pkcs11_fetch_certs(p, i, keyp, labelsp, &nkeys, uri);
 +			uri->object = label;
  		}
-+		pin = NULL; /* Will be cleaned up with URI */
  	}
++	pin = NULL; /* Will be cleaned up with URI */
  
  	/* now owned by caller */
  	*providerp = p;