diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-03-13 15:21:40 +0100 |
---|---|---|
committer | GitLab <gitlab@gitlab.com> | 2017-03-14 07:31:58 +0000 |
commit | 3b9b893f49ae91d617de95880af2a7ca2d54d57f (patch) | |
tree | 6604e442806b9421d97810c61c9c094905c9ba7b | |
parent | 8509d0ae6b953ba0eac03f19f0560d6dc05f21a8 (diff) | |
download | gnutls-3b9b893f49ae91d617de95880af2a7ca2d54d57f.tar.gz |
pkcs11: re-open privkey session handle on CKR_SESSION_HANDLE_INVALID
When initializing a private key operation, attempt to re-open the key
if CKR_SESSION_HANDLE_INVALID is received.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/pkcs11_privkey.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 9cfce7e322..196d212553 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -252,6 +252,14 @@ static int reopen_privkey_session(void * _privkey) return 0; } +#define REPEAT_ON_INVALID_HANDLE(expr) \ + if ((expr) == CKR_SESSION_HANDLE_INVALID) { \ + ret = reopen_privkey_session(key); \ + if (ret < 0) \ + return gnutls_assert_val(ret); \ + expr; \ + } + /*- * _gnutls_pkcs11_privkey_sign_hash: * @key: Holds the key @@ -291,7 +299,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, /* Initialize signing operation; using the private key discovered * earlier. */ - rv = pkcs11_sign_init(sinfo->module, sinfo->pks, &mech, key->ref); + REPEAT_ON_INVALID_HANDLE(rv = pkcs11_sign_init(sinfo->module, sinfo->pks, &mech, key->ref)); if (rv != CKR_OK) { gnutls_assert(); ret = pkcs11_rv_to_err(rv); @@ -392,7 +400,7 @@ unsigned gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key) PKCS11_CHECK_INIT_PRIVKEY(key); - rv = (key->sinfo.module)->C_GetSessionInfo(key->sinfo.pks, &session_info); + REPEAT_ON_INVALID_HANDLE(rv = (key->sinfo.module)->C_GetSessionInfo(key->sinfo.pks, &session_info)); if (rv != CKR_OK) { ret = 0; goto cleanup; @@ -554,7 +562,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, /* Initialize signing operation; using the private key discovered * earlier. */ - rv = pkcs11_decrypt_init(key->sinfo.module, key->sinfo.pks, &mech, key->ref); + REPEAT_ON_INVALID_HANDLE(rv = pkcs11_decrypt_init(key->sinfo.module, key->sinfo.pks, &mech, key->ref)); if (rv != CKR_OK) { gnutls_assert(); ret = pkcs11_rv_to_err(rv); |