pkcs11: simplify trusted module loading state

That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)
to determine whether to initialize trusted modules only or
proceed with general initialization.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

2 files changed, 15 insertions, 13 deletions

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index d36935b84c..e1aa64f191 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -3255,11 +3255,7 @@ gnutls_pkcs11_obj_list_import_url4(gnutls_pkcs11_obj_t ** p_list,
 	int ret;
 	struct find_obj_data_st priv;
 
-	if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) {
-		PKCS11_CHECK_INIT_TRUSTED;
-	} else {
-		PKCS11_CHECK_INIT;
-	}
+	PKCS11_CHECK_INIT_FLAGS(flags);
 
 	memset(&priv, 0, sizeof(priv));
 
@@ -4000,7 +3996,7 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
 	size_t id_size;
 	struct p11_kit_uri *info = NULL;
 
-	PKCS11_CHECK_INIT;
+	PKCS11_CHECK_INIT_FLAGS(flags);
 
 	memset(&priv, 0, sizeof(priv));
 
@@ -4092,7 +4088,7 @@ int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *d
 	struct find_cert_st priv;
 	struct p11_kit_uri *info = NULL;
 
-	PKCS11_CHECK_INIT;
+	PKCS11_CHECK_INIT_FLAGS(flags);
 
 	memset(&priv, 0, sizeof(priv));
 
@@ -4179,7 +4175,7 @@ int gnutls_pkcs11_get_raw_issuer_by_subject_key_id (const char *url,
 	struct find_cert_st priv;
 	struct p11_kit_uri *info = NULL;
 
-	PKCS11_CHECK_INIT;
+	PKCS11_CHECK_INIT_FLAGS(flags);
 
 	memset(&priv, 0, sizeof(priv));
 
@@ -4273,7 +4269,7 @@ unsigned gnutls_pkcs11_crt_is_known(const char *url, gnutls_x509_crt_t cert,
 	size_t serial_size;
 	struct p11_kit_uri *info = NULL;
 
-	PKCS11_CHECK_INIT_RET(0);
+	PKCS11_CHECK_INIT_FLAGS_RET(flags, 0);
 
 	memset(&priv, 0, sizeof(priv));
 
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 9ce7294b9d..3ba9c55013 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -109,16 +109,22 @@ int _gnutls_pkcs11_check_init(init_level_t req_level, void *priv, pkcs11_reinit_
 	if (ret < 0) \
 		return gnutls_assert_val(ret)
 
-#define PKCS11_CHECK_INIT_TRUSTED \
-	ret = _gnutls_pkcs11_check_init(PROV_INIT_TRUSTED, NULL, NULL); \
+#define PKCS11_CHECK_INIT_RET(x) \
+	ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \
+	if (ret < 0) \
+		return gnutls_assert_val(x)
+
+#define PKCS11_CHECK_INIT_FLAGS(f) \
+	ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \
 	if (ret < 0) \
 		return gnutls_assert_val(ret)
 
-#define PKCS11_CHECK_INIT_RET(x) \
-	ret = _gnutls_pkcs11_check_init(PROV_INIT_ALL, NULL, NULL); \
+#define PKCS11_CHECK_INIT_FLAGS_RET(f, x) \
+	ret = _gnutls_pkcs11_check_init((f & GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE)?PROV_INIT_TRUSTED:PROV_INIT_ALL, NULL, NULL); \
 	if (ret < 0) \
 		return gnutls_assert_val(x)
 
+
 /* thus function is called for every token in the traverse_tokens
  * function. Once everything is traversed it is called with NULL tinfo.
  * It should return 0 if found what it was looking for.