diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-11-30 14:28:46 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-16 17:16:49 +0100 |
commit | c487eac05f4534abcc216afd31964ff188c23596 (patch) | |
tree | 5ce33ca66eaf7fc69c7fef111bf2337489147aa9 | |
parent | 1d5e21fe138170909455ea031ac5ce2e6f00a87a (diff) | |
download | gnutls-c487eac05f4534abcc216afd31964ff188c23596.tar.gz |
pkcs11: simplify trusted module loading state
That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)
to determine whether to initialize trusted modules only or
proceed with general initialization.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/pkcs11.c | 14 | ||||
-rw-r--r-- | lib/pkcs11_int.h | 14 |
2 files changed, 15 insertions, 13 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 53b0c66876..c8b2c71f27 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3184,11 +3184,7 @@ gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list, int ret; struct find_obj_data_st priv; - if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) { - PKCS11_CHECK_INIT_TRUSTED; - } else { - PKCS11_CHECK_INIT; - } + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -3825,7 +3821,7 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert, size_t id_size; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT; + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -3917,7 +3913,7 @@ int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *d struct find_cert_st priv; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT; + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -4004,7 +4000,7 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url, struct find_cert_st priv; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT; + PKCS11_CHECK_INIT_FLAGS(flags); memset(&priv, 0, sizeof(priv)); @@ -4098,7 +4094,7 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert, size_t serial_size; struct p11_kit_uri *info = NULL; - PKCS11_CHECK_INIT_RET(0); + PKCS11_CHECK_INIT_FLAGS_RET(flags, 0); memset(&priv, 0, sizeof(priv)); diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h index bf2e8a56fc..168bb78070 100644 --- a/lib/pkcs11_int.h +++ b/lib/pkcs11_int.h @@ -92,16 +92,22 @@ int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_ if (ret < 0) \ return gnutls_assert_val(ret) -#define PKCS11_CHECK_INIT_TRUSTED \ - ret = _gnutls_pkcs11_check_init(PROV_INIT_TRUSTED, NULL, NULL); \ +#define PKCS11_CHECK_INIT_RET(x) \ + ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \ + if (ret < 0) \ + return gnutls_assert_val(x) + +#define PKCS11_CHECK_INIT_FLAGS(f) \ + ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \ if (ret < 0) \ return gnutls_assert_val(ret) -#define PKCS11_CHECK_INIT_RET(x) \ - ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \ +#define PKCS11_CHECK_INIT_FLAGS_RET(f, x) \ + ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \ if (ret < 0) \ return gnutls_assert_val(x) + /* thus function is called for every token in the traverse_tokens * function. Once everything is traversed it is called with NULL tinfo. * It should return 0 if found what it was looking for. |