diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-23 22:40:26 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-06-23 22:43:36 +0200 |
commit | f11e5dfdcc9d1b0f19286c13cbc0977d9a793a9f (patch) | |
tree | 995eaad51ae2931a83c137c7bf294d660151b1a5 | |
parent | 629fea725e79aa983c858a1cb3150de044d9d27e (diff) | |
download | gnutls-f11e5dfdcc9d1b0f19286c13cbc0977d9a793a9f.tar.gz |
find_cert_cb: minor cleanups in find_cert_cb
-rw-r--r-- | lib/pkcs11.c | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 0505cf3c48..ce0563e796 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3598,30 +3598,37 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, break; } - a[0].type = CKA_LABEL; - a[0].value = label_tmp; - a[0].value_len = sizeof(label_tmp); - - a[1].type = CKA_ID; - a[1].value = id_tmp; - a[1].value_len = sizeof(id_tmp); - /* data will contain the certificate */ rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, ctx, CKA_VALUE, &data); + if (rv == CKR_OK) { + ret = check_found_cert(priv, &data, now); + if (ret < 0) { + _gnutls_free_datum(&data); + continue; + } - if (rv == CKR_OK && pkcs11_get_attribute_value - (sinfo->module, sinfo->pks, ctx, a, - 2) == CKR_OK) { - label.data = a[0].value; - label.size = a[0].value_len; - id.data = a[1].value; - id.size = a[1].value_len; - - found = 1; - break; - } else { - _gnutls_debug_log - ("p11: Skipped cert, missing attrs.\n"); + a[0].type = CKA_LABEL; + a[0].value = label_tmp; + a[0].value_len = sizeof(label_tmp); + + a[1].type = CKA_ID; + a[1].value = id_tmp; + a[1].value_len = sizeof(id_tmp); + + if (pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, + 2) == CKR_OK) { + label.data = a[0].value; + label.size = a[0].value_len; + id.data = a[1].value; + id.size = a[1].value_len; + + found = 1; + break; + } else { + _gnutls_free_datum(&data); + _gnutls_debug_log + ("p11: Skipped cert, missing attrs.\n"); + } } } @@ -3629,14 +3636,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, finalized = 1; if (found != 0) { - ret = check_found_cert(priv, &data, now); - if (ret < 0) { - _gnutls_free_datum(&data); - found = 0; - continue; - } - - if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) { + if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT && data.size > 0) { gnutls_datum_t spki; rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, ctx, CKA_PUBLIC_KEY_INFO, &spki); if (rv == CKR_OK) { |