diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-15 23:43:30 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-03 19:41:29 +0200 |
| commit | bd73a4d78c7255069ac34ba9ed47654af1230c1a (patch) | |
| tree | 0d268073d198ffc49d557bc92d1d52bf6bba036d | |
| parent | b3ed74e56063d6a501b32e22d19e42106c771a4c (diff) | |
| download | gnutls-bd73a4d78c7255069ac34ba9ed47654af1230c1a.tar.gz | |
Corrections to properly handle token removal and insert.
| -rw-r--r-- | lib/gnutls_x509.c | 2 | ||||
| -rw-r--r-- | lib/libgnutls.map | 1 | ||||
| -rw-r--r-- | lib/pkcs11.c | 8 | ||||
| -rw-r--r-- | lib/pkcs11_int.h | 2 | ||||
| -rw-r--r-- | lib/pkcs11_privkey.c | 15 | ||||
| -rw-r--r-- | src/common.c | 16 |
6 files changed, 38 insertions, 6 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 4e43ed1930..58cc86ecf2 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -515,7 +515,6 @@ static int read_key_url (gnutls_certificate_credentials_t res, const char* url) /* allocate space for the pkey list */ -fprintf(stderr, "%s:%d\n", __func__, __LINE__); ret = gnutls_pkcs11_privkey_init(&key1); if (ret < 0) { @@ -571,7 +570,6 @@ int ret; gnutls_x509_crt_t crt; gnutls_cert * ccert; -fprintf(stderr, "%s:%d\n", __func__, __LINE__); ccert = gnutls_malloc(sizeof(*ccert)); if (ccert == NULL) { diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 0cd6336b4b..45fd4e148f 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -609,6 +609,7 @@ GNUTLS_2_11 gnutls_pkcs11_init; gnutls_pkcs11_deinit; gnutls_pkcs11_set_pin_function; + gnutls_pkcs11_set_token_function; gnutls_pkcs11_add_provider; gnutls_pkcs11_crt_init; gnutls_pkcs11_crt_import_url; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index e9127a0e8e..bb2ba8da0f 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -68,6 +68,14 @@ static void* pin_data; gnutls_pkcs11_token_callback_t token_func; void* token_data; +/* Fake scan */ +void pkcs11_rescan_slots(void) +{ +unsigned long slots; + + pakchois_get_slot_list(providers[active_providers-1].module, 0, NULL, &slots); +} + int gnutls_pkcs11_add_provider (const char * name, const char * params) { diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index 5f475c0573..3ca93e1e79 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -45,5 +45,7 @@ int pkcs11_login(pakchois_session_t *pks, struct token_info *info); extern gnutls_pkcs11_token_callback_t token_func; extern void* token_data; +void pkcs11_rescan_slots(void); + #endif diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 039bcf1015..1854a3d2c3 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -60,7 +60,6 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key) { if (key->pks) { -fprintf(stderr, "xxx: close session %p at %d\n", key->pks, __LINE__); pakchois_close_session(key->pks); } gnutls_free(key); @@ -84,9 +83,16 @@ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey, int retries = 0; find_data.privkey = key; retry: - +/* the rescan_slots() here is a dummy but if not + * called my card fails to work when removed and inserted. + * May have to do with the pkcs11 library I use. + */ #define RETRY_CHECK(rv, label) { \ - if (token_func && rv == CKR_SESSION_HANDLE_INVALID) { \ + if (token_func && (rv == CKR_SESSION_HANDLE_INVALID||rv==CKR_DEVICE_REMOVED)) { \ + pkcs11_rescan_slots(); \ + pakchois_close_session(key->pks); \ + pkcs11_rescan_slots(); \ + key->pks = NULL; \ ret = token_func(token_data, label, retries++); \ if (ret == 0) { \ _pkcs11_traverse_tokens(find_privkey_url, &find_data, 1); \ @@ -166,7 +172,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, RETRY_BLOCK_START(key); - if (key->privkey == CK_INVALID_HANDLE) { + if (key->privkey == CK_INVALID_HANDLE || key->pks == NULL) { gnutls_assert(); return GNUTLS_E_PKCS11_ERROR; } @@ -201,6 +207,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, signature->data, &siglen); if (rv != CKR_OK) { gnutls_free(signature->data); + RETRY_CHECK(rv, key->info.label); gnutls_assert(); return GNUTLS_E_PK_SIGN_FAILED; } diff --git a/src/common.c b/src/common.c index 04d1356ff7..3a7ded6929 100644 --- a/src/common.c +++ b/src/common.c @@ -886,9 +886,25 @@ int len; return 0; } +static int token_callback(void* user, const char* label, const unsigned retry) +{ +char buf[32]; +char *p; + + if (retry > 0) { + fprintf(stderr, "Could not find token %s\n", label); + return -1; + } + printf("Please insert token '%s' in slot and press enter\n", label); + p = fgets(buf, sizeof(buf), stdin); + + return 0; +} + void pkcs11_common(void) { gnutls_pkcs11_set_pin_function (pin_callback, NULL); + gnutls_pkcs11_set_token_function(token_callback, NULL); } |