diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-05-15 23:43:30 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-06-03 19:41:29 +0200 |
commit | bd73a4d78c7255069ac34ba9ed47654af1230c1a (patch) | |
tree | 0d268073d198ffc49d557bc92d1d52bf6bba036d /lib/pkcs11_privkey.c | |
parent | b3ed74e56063d6a501b32e22d19e42106c771a4c (diff) | |
download | gnutls-bd73a4d78c7255069ac34ba9ed47654af1230c1a.tar.gz |
Corrections to properly handle token removal and insert.
Diffstat (limited to 'lib/pkcs11_privkey.c')
-rw-r--r-- | lib/pkcs11_privkey.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 039bcf1015..1854a3d2c3 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -60,7 +60,6 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key) void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key) { if (key->pks) { -fprintf(stderr, "xxx: close session %p at %d\n", key->pks, __LINE__); pakchois_close_session(key->pks); } gnutls_free(key); @@ -84,9 +83,16 @@ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t pkey, int retries = 0; find_data.privkey = key; retry: - +/* the rescan_slots() here is a dummy but if not + * called my card fails to work when removed and inserted. + * May have to do with the pkcs11 library I use. + */ #define RETRY_CHECK(rv, label) { \ - if (token_func && rv == CKR_SESSION_HANDLE_INVALID) { \ + if (token_func && (rv == CKR_SESSION_HANDLE_INVALID||rv==CKR_DEVICE_REMOVED)) { \ + pkcs11_rescan_slots(); \ + pakchois_close_session(key->pks); \ + pkcs11_rescan_slots(); \ + key->pks = NULL; \ ret = token_func(token_data, label, retries++); \ if (ret == 0) { \ _pkcs11_traverse_tokens(find_privkey_url, &find_data, 1); \ @@ -166,7 +172,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, RETRY_BLOCK_START(key); - if (key->privkey == CK_INVALID_HANDLE) { + if (key->privkey == CK_INVALID_HANDLE || key->pks == NULL) { gnutls_assert(); return GNUTLS_E_PKCS11_ERROR; } @@ -201,6 +207,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, signature->data, &siglen); if (rv != CKR_OK) { gnutls_free(signature->data); + RETRY_CHECK(rv, key->info.label); gnutls_assert(); return GNUTLS_E_PK_SIGN_FAILED; } |