diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-30 14:28:46 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-12-03 20:32:15 +0100 |
commit | e461944297b25a38529c7f8ad6fbcd224025b493 (patch) | |
tree | a48d95f9e784146322ac0b1559876e58276e4f24 | |
parent | 54d5988c5c816e35292fcd3cb630c045dc305876 (diff) | |
download | gnutls-e461944297b25a38529c7f8ad6fbcd224025b493.tar.gz |
pkcs11: simplify trusted module loading state
That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)
to determine whether to initialize trusted modules only or
proceed with general initialization.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/pkcs11.c | 14 | ||||
-rw-r--r-- | lib/pkcs11_int.h | 14 |
2 files changed, 15 insertions, 13 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index d36935b84c..e1aa64f191 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3255,11 +3255,7 @@ gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list, int ret; struct find_obj_data_st priv; - if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) { - PKCS11_CHECK_INIT_TRUSTED; - } else { - PKCS11_CHECK_INIT; - } + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -4000,7 +3996,7 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, size_t id_size; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT; + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -4092,7 +4088,7 @@ int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *d struct find_cert_st priv; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT; + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -4179,7 +4175,7 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url, struct find_cert_st priv; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT; + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -4273,7 +4269,7 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert, size_t serial_size; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT_RET(0); + PKCS11_CHECK_INIT_FLAGS_RET(flags, 0); memset(&priv, 0, sizeof(priv)); diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 9ce7294b9d..3ba9c55013 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -109,16 +109,22 @@ int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_ if (ret < 0) \ return gnutls_assert_val(ret) -#define PKCS11_CHECK_INIT_TRUSTED \ - ret = _gnutls_pkcs11_check_init(PROV_INIT_TRUSTED, NULL, NULL); \ +#define PKCS11_CHECK_INIT_RET(x) \ + ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \ + if (ret < 0) \ + return gnutls_assert_val(x) + +#define PKCS11_CHECK_INIT_FLAGS(f) \ + ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \ if (ret < 0) \ return gnutls_assert_val(ret) -#define PKCS11_CHECK_INIT_RET(x) \ - ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \ +#define PKCS11_CHECK_INIT_FLAGS_RET(f, x) \ + ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \ if (ret < 0) \ return gnutls_assert_val(x) + /* thus function is called for every token in the traverse_tokens * function. Once everything is traversed it is called with NULL tinfo. * It should return 0 if found what it was looking for. |