diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-11-06 21:30:31 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-11-07 08:59:16 +0100 |
| commit | ce4395838f3d06c3aa198c0ce607304f4d67a17f (patch) | |
| tree | cd9e0a24f324a9ed4d24063ab8ffa4cec5e059e8 | |
| parent | 63098b64b46138796e26d0f4f1f55183c74f6a6c (diff) | |
| download | gnutls-ce4395838f3d06c3aa198c0ce607304f4d67a17f.tar.gz | |
pkcs11: force login on tokens that require it
| -rw-r--r-- | lib/pkcs11.c | 12 | ||||
| -rw-r--r-- | lib/pkcs11_int.h | 3 | ||||
| -rw-r--r-- | lib/pkcs11_privkey.c | 4 |
3 files changed, 11 insertions, 8 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 630928af60..dfe78c4fa8 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1073,7 +1073,7 @@ pkcs11_open_session(struct pkcs11_session_info *sinfo, if (flags & SESSION_LOGIN) { ret = pkcs11_login(sinfo, pin_info, info, - (flags & SESSION_SO) ? 1 : 0); + (flags & SESSION_SO) ? 1 : 0, 0); if (ret < 0) { gnutls_assert(); pkcs11_close_session(sinfo); @@ -1155,7 +1155,8 @@ _pkcs11_traverse_tokens(find_func_t find_func, void *input, if (flags & SESSION_LOGIN) { ret = pkcs11_login(&sinfo, pin_info, - info, (flags & SESSION_SO) ? 1 : 0); + info, (flags & SESSION_SO) ? 1 : 0, + 0); if (ret < 0) { gnutls_assert(); return ret; @@ -2182,7 +2183,8 @@ int pkcs11_login(struct pkcs11_session_info *sinfo, struct pin_info_st *pin_info, struct p11_kit_uri *info, - int so) + unsigned so, + unsigned force) { struct ck_session_info session_info; int attempt = 0, ret; @@ -2224,8 +2226,8 @@ pkcs11_login(struct pkcs11_session_info *sinfo, /* Check whether the session is already logged in, and if so, just skip */ rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info); - if (rv == CKR_OK - && (session_info.state == CKS_RO_USER_FUNCTIONS + if (rv == CKR_OK && force == 0 && + (session_info.state == CKS_RO_USER_FUNCTIONS || session_info.state == CKS_RW_USER_FUNCTIONS)) { ret = 0; goto cleanup; diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index b697f0cb10..6c8541d574 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -102,7 +102,8 @@ int pkcs11_get_info(struct p11_kit_uri *info, size_t * output_size); int pkcs11_login(struct pkcs11_session_info *sinfo, struct pin_info_st *pin_info, - struct p11_kit_uri *info, int so); + struct p11_kit_uri *info, unsigned so, + unsigned force); int pkcs11_call_token_func(struct p11_kit_uri *info, const unsigned retry); diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 588f7146e8..a5d71b9eaa 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -235,7 +235,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, if (key->reauth) { ret = pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0); + key->uinfo, 0, 1); if (ret < 0) { gnutls_assert(); _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); @@ -472,7 +472,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, if (key->reauth) { ret = pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0); + key->uinfo, 0, 1); if (ret < 0) { gnutls_assert(); _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); |