summaryrefslogtreecommitdiff
path: root/lib/pkcs11.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2017-06-17 14:22:02 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2017-06-17 15:30:19 +0200
commit59063788cd62ed6e1684c77785dae762e789753a (patch)
tree327d9312c3cc135fe99228d4d626f4b27a84e91f /lib/pkcs11.c
parent8b99e806f85cde270bb2402649cf0f628f33f198 (diff)
downloadgnutls-59063788cd62ed6e1684c77785dae762e789753a.tar.gz
pkcs11: cleanups in pkcs11_login()tmp-safenet-updates-v2
Use pkcs11_rv_to_err() to return the right error code map after PKCS#11 calls; separate checks for already log in status for SO and user login. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/pkcs11.c')
-rw-r--r--lib/pkcs11.c33
1 files changed, 21 insertions, 12 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index b22d8e8e5b..4d7eb69f91 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2596,7 +2596,7 @@ pkcs11_login(struct pkcs11_session_info *sinfo,
gnutls_assert();
_gnutls_debug_log
("p11: Protected login failed.\n");
- ret = GNUTLS_E_PKCS11_ERROR;
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
}
@@ -2611,26 +2611,35 @@ pkcs11_login(struct pkcs11_session_info *sinfo,
/* Check whether the session is already logged in, and if so, just skip */
rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks,
&session_info);
- if (rv == CKR_OK &&
- (session_info.state == CKS_RO_USER_FUNCTIONS
- || session_info.state == CKS_RW_USER_FUNCTIONS)) {
- ret = 0;
- _gnutls_debug_log
- ("p11: Already logged in\n");
- goto cleanup;
+ if (rv == CKR_OK) {
+ if (flags & SESSION_SO) {
+ if (session_info.state == CKS_RW_SO_FUNCTIONS) {
+ ret = 0;
+ _gnutls_debug_log
+ ("p11: Already logged in as SO\n");
+ goto cleanup;
+ }
+ } else if (session_info.state == CKS_RO_USER_FUNCTIONS
+ || session_info.state == CKS_RW_USER_FUNCTIONS) {
+ ret = 0;
+ _gnutls_debug_log
+ ("p11: Already logged in as user\n");
+ goto cleanup;
+ }
}
}
/* If login has been attempted once already, check the token
* status again, the flags might change. */
if (attempt) {
- if (pkcs11_get_token_info
- (sinfo->module, sinfo->sid,
- &tinfo) != CKR_OK) {
+ rv = pkcs11_get_token_info(sinfo->module, sinfo->sid,
+ &tinfo);
+ if (rv != CKR_OK) {
gnutls_assert();
_gnutls_debug_log
("p11: GetTokenInfo failed\n");
- ret = GNUTLS_E_PKCS11_ERROR;
+
+ ret = pkcs11_rv_to_err(rv);
goto cleanup;
}
}