diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-03 15:36:11 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-03 15:36:11 +0200 |
commit | 41e86afda67856917f2ac8da9019f461fb0676fd (patch) | |
tree | bf7bf13d24a9f2d6a3d1aa6c85ef8246b7af8ac7 /lib | |
parent | 08250f43f3fd4e3d8f01d097f861d815b2e8c805 (diff) | |
download | gnutls-41e86afda67856917f2ac8da9019f461fb0676fd.tar.gz |
If we get a PKCS #11 session error, invalidate the cached session.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pkcs11_privkey.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 7f2c19da2f..7ba4d287ae 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -39,6 +39,14 @@ if (ret == 1) \ memset(&k->sinfo, 0, sizeof(k->sinfo)) +#define CHECK_SHANDLE(rv, key, sinfo) \ + if (rv == CKR_SESSION_HANDLE_INVALID && sinfo == &key->sinfo) { \ + if (key->sinfo.init != 0) { \ + pkcs11_close_session(&key->sinfo); \ + memset(&key->sinfo, 0, sizeof(key->sinfo)); \ + } \ + } + struct gnutls_pkcs11_privkey_st { gnutls_pk_algorithm_t pk_algorithm; unsigned int flags; @@ -247,6 +255,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, rv = pkcs11_sign_init(sinfo->module, sinfo->pks, &mech, obj); if (rv != CKR_OK) { gnutls_assert(); + CHECK_SHANDLE(rv, key, sinfo); ret = pkcs11_rv_to_err(rv); goto cleanup; } @@ -256,6 +265,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, NULL, &siglen); if (rv != CKR_OK) { gnutls_assert(); + CHECK_SHANDLE(rv, key, sinfo); ret = pkcs11_rv_to_err(rv); goto cleanup; } @@ -267,6 +277,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, tmp.data, &siglen); if (rv != CKR_OK) { gnutls_assert(); + CHECK_SHANDLE(rv, key, sinfo); ret = pkcs11_rv_to_err(rv); goto cleanup; } @@ -347,6 +358,7 @@ int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key) rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info); if (rv != CKR_OK) { + CHECK_SHANDLE(rv, key, sinfo); ret = 0; goto cleanup; } @@ -499,6 +511,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, rv = pkcs11_decrypt_init(sinfo->module, sinfo->pks, &mech, obj); if (rv != CKR_OK) { gnutls_assert(); + CHECK_SHANDLE(rv, key, sinfo); ret = pkcs11_rv_to_err(rv); goto cleanup; } @@ -508,6 +521,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, ciphertext->size, NULL, &siglen); if (rv != CKR_OK) { gnutls_assert(); + CHECK_SHANDLE(rv, key, sinfo); ret = pkcs11_rv_to_err(rv); goto cleanup; } @@ -520,6 +534,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, if (rv != CKR_OK) { gnutls_free(plaintext->data); gnutls_assert(); + CHECK_SHANDLE(rv, key, sinfo); ret = pkcs11_rv_to_err(rv); goto cleanup; } |