diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 10:56:44 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-03 11:11:44 +0200 |
| commit | 9b8f8f79f6c583b0787183da805c6eddf621751e (patch) | |
| tree | f6321aeb8f1ee8a17507b31216114230a90ba689 /lib/pkcs11.c | |
| parent | 01b07a23067c5c0b6d610fea5f29ab17d19cbdde (diff) | |
| download | gnutls-9b8f8f79f6c583b0787183da805c6eddf621751e.tar.gz | |
pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already running
While some modules implicitly terminated the previous run, this is not
something that PKCS#11 modules are expected to typically do.
Diffstat (limited to 'lib/pkcs11.c')
| -rw-r--r-- | lib/pkcs11.c | 72 |
1 files changed, 37 insertions, 35 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index c9a8c8b82a..98258b541c 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3481,6 +3481,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, unsigned tries, i, finalized; ck_bool_t trusted = 1; time_t now; + gnutls_datum_t label = {NULL,0}, id = {NULL,0}; if (tinfo == NULL) { gnutls_assert(); @@ -3601,41 +3602,11 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, if (rv == CKR_OK && pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 2) == CKR_OK) { - gnutls_datum_t label = - { a[0].value, a[0].value_len }; - gnutls_datum_t id = - { a[1].value, a[1].value_len }; + label.data = a[0].value; + label.size = a[0].value_len; + id.data = a[1].value; + id.size = a[1].value_len; - ret = check_found_cert(priv, &data, now); - if (ret < 0) { - _gnutls_free_datum(&data); - continue; - } - - if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) { - gnutls_datum_t spki; - rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_PUBLIC_KEY_INFO, &spki); - if (rv == CKR_OK) { - ret = pkcs11_override_cert_exts(sinfo, &spki, &data); - gnutls_free(spki.data); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - } - } - - if (priv->need_import != 0) { - ret = - pkcs11_obj_import(class, priv->obj, - &data, &id, &label, - tinfo, - lib_info); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - } found = 1; @@ -3649,8 +3620,39 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, pkcs11_find_objects_final(sinfo); finalized = 1; - if (found != 0) + if (found != 0) { + ret = check_found_cert(priv, &data, now); + if (ret < 0) { + _gnutls_free_datum(&data); + continue; + } + + if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) { + gnutls_datum_t spki; + rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, obj, CKA_PUBLIC_KEY_INFO, &spki); + if (rv == CKR_OK) { + ret = pkcs11_override_cert_exts(sinfo, &spki, &data); + gnutls_free(spki.data); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } + } + + if (priv->need_import != 0) { + ret = + pkcs11_obj_import(class, priv->obj, + &data, &id, &label, + tinfo, + lib_info); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } break; + } } if (found == 0) { |