diff options
| author | Simon Josefsson <simon@josefsson.org> | 2010-10-14 15:02:12 +0200 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2010-10-14 15:02:12 +0200 |
| commit | 03636f4440ae918d6f710935a00806469f65f1c6 (patch) | |
| tree | 1969ad6201816d1eb1421d93ef6900ec3b647788 /lib/pkcs11_write.c | |
| parent | 59425cbec511cdc314f2a22ee95b299f8fa06fc8 (diff) | |
| download | gnutls-03636f4440ae918d6f710935a00806469f65f1c6.tar.gz | |
Indent (using GNU indent 2.2.11).
Diffstat (limited to 'lib/pkcs11_write.c')
| -rw-r--r-- | lib/pkcs11_write.c | 893 |
1 files changed, 464 insertions, 429 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index fac39de9c2..15fd10c599 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -41,118 +41,126 @@ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_copy_x509_crt(const char *token_url, - gnutls_x509_crt_t crt, const char *label, - unsigned int flags) +int +gnutls_pkcs11_copy_x509_crt (const char *token_url, + gnutls_x509_crt_t crt, const char *label, + unsigned int flags) { - int ret; - pakchois_session_t *pks; - struct pkcs11_url_info info; - ck_rv_t rv; - size_t der_size, id_size; - opaque *der = NULL; - opaque id[20]; - struct ck_attribute a[8]; - ck_object_class_t class = CKO_CERTIFICATE; - ck_certificate_type_t type = CKC_X_509; - ck_object_handle_t obj; - unsigned int tval = 1; - int a_val; - - ret = pkcs11_url_to_info(token_url, &info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - pkcs11_open_session(&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = gnutls_x509_crt_export(crt, - GNUTLS_X509_FMT_DER, NULL, &der_size); - if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { - gnutls_assert(); - goto cleanup; - } - - der = gnutls_malloc(der_size); - if (der == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - ret = gnutls_x509_crt_export(crt, - GNUTLS_X509_FMT_DER, der, &der_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - id_size = sizeof(id); - ret = gnutls_x509_crt_get_key_id(crt, 0, id, &id_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - /* FIXME: copy key usage flags */ - - a[0].type = CKA_CLASS; - a[0].value = &class; - a[0].value_len = sizeof(class); - a[1].type = CKA_ID; - a[1].value = id; - a[1].value_len = id_size; - a[2].type = CKA_VALUE; - a[2].value = der; - a[2].value_len = der_size; - a[3].type = CKA_TOKEN; - a[3].value = &tval; - a[3].value_len = sizeof(tval); - a[4].type = CKA_CERTIFICATE_TYPE; - a[4].value = &type; - a[4].value_len = sizeof(type); - - a_val = 5; - - if (label) { - a[a_val].type = CKA_LABEL; - a[a_val].value = (void *) label; - a[a_val].value_len = strlen(label); - a_val++; - } - - if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) { - a[a_val].type = CKA_TRUSTED; - a[a_val].value = &tval; - a[a_val].value_len = sizeof(tval); - a_val++; - } - - rv = pakchois_create_object(pks, a, a_val, &obj); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv)); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - /* generated! - */ - - ret = 0; - - cleanup: - gnutls_free(der); - pakchois_close_session(pks); - - return ret; + int ret; + pakchois_session_t *pks; + struct pkcs11_url_info info; + ck_rv_t rv; + size_t der_size, id_size; + opaque *der = NULL; + opaque id[20]; + struct ck_attribute a[8]; + ck_object_class_t class = CKO_CERTIFICATE; + ck_certificate_type_t type = CKC_X_509; + ck_object_handle_t obj; + unsigned int tval = 1; + int a_val; + + ret = pkcs11_url_to_info (token_url, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + pkcs11_open_session (&pks, &info, + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, NULL, &der_size); + if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER) + { + gnutls_assert (); + goto cleanup; + } + + der = gnutls_malloc (der_size); + if (der == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, der, &der_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + id_size = sizeof (id); + ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + /* FIXME: copy key usage flags */ + + a[0].type = CKA_CLASS; + a[0].value = &class; + a[0].value_len = sizeof (class); + a[1].type = CKA_ID; + a[1].value = id; + a[1].value_len = id_size; + a[2].type = CKA_VALUE; + a[2].value = der; + a[2].value_len = der_size; + a[3].type = CKA_TOKEN; + a[3].value = &tval; + a[3].value_len = sizeof (tval); + a[4].type = CKA_CERTIFICATE_TYPE; + a[4].value = &type; + a[4].value_len = sizeof (type); + + a_val = 5; + + if (label) + { + a[a_val].type = CKA_LABEL; + a[a_val].value = (void *) label; + a[a_val].value_len = strlen (label); + a_val++; + } + + if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED) + { + a[a_val].type = CKA_TRUSTED; + a[a_val].value = &tval; + a[a_val].value_len = sizeof (tval); + a_val++; + } + + rv = pakchois_create_object (pks, a, a_val, &obj); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + /* generated! + */ + + ret = 0; + +cleanup: + gnutls_free (der); + pakchois_close_session (pks); + + return ret; } @@ -171,330 +179,354 @@ int gnutls_pkcs11_copy_x509_crt(const char *token_url, * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_copy_x509_privkey(const char *token_url, - gnutls_x509_privkey_t key, - const char *label, - unsigned int key_usage, - unsigned int flags) +int +gnutls_pkcs11_copy_x509_privkey (const char *token_url, + gnutls_x509_privkey_t key, + const char *label, + unsigned int key_usage, unsigned int flags) { - int ret; - pakchois_session_t *pks; - struct pkcs11_url_info info; - ck_rv_t rv; - size_t id_size; - opaque id[20]; - struct ck_attribute a[16]; - ck_object_class_t class = CKO_PRIVATE_KEY; - ck_object_handle_t obj; - ck_key_type_t type; - unsigned int tval = 1; - int a_val; - gnutls_pk_algorithm_t pk; - gnutls_datum_t p, q, g, y, x; - gnutls_datum_t m, e, d, u, exp1, exp2; - - - ret = pkcs11_url_to_info(token_url, &info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - id_size = sizeof(id); - ret = gnutls_x509_privkey_get_key_id(key, 0, id, &id_size); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } + int ret; + pakchois_session_t *pks; + struct pkcs11_url_info info; + ck_rv_t rv; + size_t id_size; + opaque id[20]; + struct ck_attribute a[16]; + ck_object_class_t class = CKO_PRIVATE_KEY; + ck_object_handle_t obj; + ck_key_type_t type; + unsigned int tval = 1; + int a_val; + gnutls_pk_algorithm_t pk; + gnutls_datum_t p, q, g, y, x; + gnutls_datum_t m, e, d, u, exp1, exp2; + + + ret = pkcs11_url_to_info (token_url, &info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + id_size = sizeof (id); + ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + ret = + pkcs11_open_session (&pks, &info, + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + /* FIXME: copy key usage flags */ + a_val = 0; + a[a_val].type = CKA_CLASS; + a[a_val].value = &class; + a[a_val].value_len = sizeof (class); + a_val++; + + a[a_val].type = CKA_ID; + a[a_val].value = id; + a[a_val].value_len = id_size; + a_val++; + + a[a_val].type = CKA_KEY_TYPE; + a[a_val].value = &type; + a[a_val].value_len = sizeof (type); + a_val++; + + if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) + tval = 1; + else + tval = 0; + + a[a_val].type = CKA_SENSITIVE; + a[a_val].value = &tval; + a[a_val].value_len = sizeof (tval); + a_val++; + + pk = gnutls_x509_privkey_get_pk_algorithm (key); + switch (pk) + { + case GNUTLS_PK_RSA: + { ret = - pkcs11_open_session(&pks, &info, - SESSION_WRITE | pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } + gnutls_x509_privkey_export_rsa_raw2 (key, &m, + &e, &d, &p, + &q, &u, &exp1, &exp2); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + type = CKK_RSA; + + a[a_val].type = CKA_MODULUS; + a[a_val].value = m.data; + a[a_val].value_len = m.size; + a_val++; - /* FIXME: copy key usage flags */ - a_val = 0; - a[a_val].type = CKA_CLASS; - a[a_val].value = &class; - a[a_val].value_len = sizeof(class); + a[a_val].type = CKA_PUBLIC_EXPONENT; + a[a_val].value = e.data; + a[a_val].value_len = e.size; a_val++; - - a[a_val].type = CKA_ID; - a[a_val].value = id; - a[a_val].value_len = id_size; + + a[a_val].type = CKA_PRIVATE_EXPONENT; + a[a_val].value = d.data; + a[a_val].value_len = d.size; a_val++; - - a[a_val].type = CKA_KEY_TYPE; - a[a_val].value = &type; - a[a_val].value_len = sizeof(type); + + a[a_val].type = CKA_PRIME_1; + a[a_val].value = p.data; + a[a_val].value_len = p.size; a_val++; - - if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE) - tval = 1; - else - tval = 0; - - a[a_val].type = CKA_SENSITIVE; - a[a_val].value = &tval; - a[a_val].value_len = sizeof(tval); + + a[a_val].type = CKA_PRIME_2; + a[a_val].value = q.data; + a[a_val].value_len = q.size; a_val++; - pk = gnutls_x509_privkey_get_pk_algorithm(key); - switch (pk) { - case GNUTLS_PK_RSA:{ - - ret = - gnutls_x509_privkey_export_rsa_raw2(key, &m, - &e, &d, &p, - &q, &u, - &exp1, - &exp2); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - type = CKK_RSA; - - a[a_val].type = CKA_MODULUS; - a[a_val].value = m.data; - a[a_val].value_len = m.size; - a_val++; - - a[a_val].type = CKA_PUBLIC_EXPONENT; - a[a_val].value = e.data; - a[a_val].value_len = e.size; - a_val++; - - a[a_val].type = CKA_PRIVATE_EXPONENT; - a[a_val].value = d.data; - a[a_val].value_len = d.size; - a_val++; - - a[a_val].type = CKA_PRIME_1; - a[a_val].value = p.data; - a[a_val].value_len = p.size; - a_val++; - - a[a_val].type = CKA_PRIME_2; - a[a_val].value = q.data; - a[a_val].value_len = q.size; - a_val++; - - a[a_val].type = CKA_COEFFICIENT; - a[a_val].value = u.data; - a[a_val].value_len = u.size; - a_val++; - - a[a_val].type = CKA_EXPONENT_1; - a[a_val].value = exp1.data; - a[a_val].value_len = exp1.size; - a_val++; - - a[a_val].type = CKA_EXPONENT_2; - a[a_val].value = exp2.data; - a[a_val].value_len = exp2.size; - a_val++; - - break; - } - case GNUTLS_PK_DSA:{ - ret = - gnutls_x509_privkey_export_dsa_raw(key, &p, &q, - &g, &y, &x); - if (ret < 0) { - gnutls_assert(); - goto cleanup; - } - - type = CKK_DSA; - - a[a_val].type = CKA_PRIME; - a[a_val].value = p.data; - a[a_val].value_len = p.size; - a_val++; - - a[a_val].type = CKA_SUBPRIME; - a[a_val].value = q.data; - a[a_val].value_len = q.size; - a_val++; - - a[a_val].type = CKA_BASE; - a[a_val].value = g.data; - a[a_val].value_len = g.size; - a_val++; - - a[a_val].type = CKA_VALUE; - a[a_val].value = x.data; - a[a_val].value_len = x.size; - a_val++; - - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } + a[a_val].type = CKA_COEFFICIENT; + a[a_val].value = u.data; + a[a_val].value_len = u.size; + a_val++; - rv = pakchois_create_object(pks, a, a_val, &obj); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pkcs11: %s\n", pakchois_error(rv)); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } + a[a_val].type = CKA_EXPONENT_1; + a[a_val].value = exp1.data; + a[a_val].value_len = exp1.size; + a_val++; - /* generated! - */ - - switch (pk) { - case GNUTLS_PK_RSA:{ - gnutls_free(m.data); - gnutls_free(e.data); - gnutls_free(d.data); - gnutls_free(p.data); - gnutls_free(q.data); - gnutls_free(u.data); - gnutls_free(exp1.data); - gnutls_free(exp2.data); - break; - } - case GNUTLS_PK_DSA:{ - gnutls_free(p.data); - gnutls_free(q.data); - gnutls_free(g.data); - gnutls_free(y.data); - gnutls_free(x.data); - break; - } - default: - gnutls_assert(); - ret = GNUTLS_E_INVALID_REQUEST; - goto cleanup; - } + a[a_val].type = CKA_EXPONENT_2; + a[a_val].value = exp2.data; + a[a_val].value_len = exp2.size; + a_val++; - ret = 0; + break; + } + case GNUTLS_PK_DSA: + { + ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; + } + + type = CKK_DSA; + + a[a_val].type = CKA_PRIME; + a[a_val].value = p.data; + a[a_val].value_len = p.size; + a_val++; - cleanup: - pakchois_close_session(pks); + a[a_val].type = CKA_SUBPRIME; + a[a_val].value = q.data; + a[a_val].value_len = q.size; + a_val++; - return ret; + a[a_val].type = CKA_BASE; + a[a_val].value = g.data; + a[a_val].value_len = g.size; + a_val++; + + a[a_val].type = CKA_VALUE; + a[a_val].value = x.data; + a[a_val].value_len = x.size; + a_val++; + + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } + + rv = pakchois_create_object (pks, a, a_val, &obj); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv)); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + /* generated! + */ + + switch (pk) + { + case GNUTLS_PK_RSA: + { + gnutls_free (m.data); + gnutls_free (e.data); + gnutls_free (d.data); + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (u.data); + gnutls_free (exp1.data); + gnutls_free (exp2.data); + break; + } + case GNUTLS_PK_DSA: + { + gnutls_free (p.data); + gnutls_free (q.data); + gnutls_free (g.data); + gnutls_free (y.data); + gnutls_free (x.data); + break; + } + default: + gnutls_assert (); + ret = GNUTLS_E_INVALID_REQUEST; + goto cleanup; + } + + ret = 0; + +cleanup: + pakchois_close_session (pks); + + return ret; } -struct delete_data_st { - struct pkcs11_url_info info; - unsigned int deleted; /* how many */ +struct delete_data_st +{ + struct pkcs11_url_info info; + unsigned int deleted; /* how many */ }; -static int delete_obj_url(pakchois_session_t * pks, - struct token_info *info, - struct ck_info * lib_info, - void *input) +static int +delete_obj_url (pakchois_session_t * pks, + struct token_info *info, + struct ck_info *lib_info, void *input) { - struct delete_data_st *find_data = input; - struct ck_attribute a[4]; - ck_object_class_t class; - ck_certificate_type_t type = -1; - ck_rv_t rv; - ck_object_handle_t obj; - unsigned long count, a_vals; - int found = 0, ret; - - - if (info == NULL) { /* we don't support multiple calls */ - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + struct delete_data_st *find_data = input; + struct ck_attribute a[4]; + ck_object_class_t class; + ck_certificate_type_t type = -1; + ck_rv_t rv; + ck_object_handle_t obj; + unsigned long count, a_vals; + int found = 0, ret; + + + if (info == NULL) + { /* we don't support multiple calls */ + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + /* do not bother reading the token if basic fields do not match + */ + if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) < + 0) + { + gnutls_assert (); + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + class = CKO_CERTIFICATE; /* default */ + + if (find_data->info.type[0] != 0) + { + class = pkcs11_strtype_to_class (find_data->info.type); + if (class == CKO_CERTIFICATE) + type = CKC_X_509; + + if (class == -1) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - - /* do not bother reading the token if basic fields do not match - */ - if (pkcs11_token_matches_info(&find_data->info, &info->tinfo, lib_info) < 0) { - gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + + a_vals = 0; + + /* Find objects with given class and type */ + if (find_data->info.certid_raw_size > 0) + { + a[a_vals].type = CKA_ID; + a[a_vals].value = find_data->info.certid_raw; + a[a_vals].value_len = find_data->info.certid_raw_size; + a_vals++; + } + + if (class != -1) + { + a[a_vals].type = CKA_CLASS; + a[a_vals].value = &class; + a[a_vals].value_len = sizeof class; + a_vals++; + } + + if (type != -1) + { + a[a_vals].type = CKA_CERTIFICATE_TYPE; + a[a_vals].value = &type; + a[a_vals].value_len = sizeof type; + a_vals++; + } + + if (find_data->info.label[0] != 0) + { + a[a_vals].type = CKA_LABEL; + a[a_vals].value = find_data->info.label; + a[a_vals].value_len = strlen (find_data->info.label); + a_vals++; + } + + rv = pakchois_find_objects_init (pks, a, a_vals); + if (rv != CKR_OK) + { + gnutls_assert (); + _gnutls_debug_log ("pk11: FindObjectsInit failed.\n"); + ret = pkcs11_rv_to_err (rv); + goto cleanup; + } + + while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1) + { + rv = pakchois_destroy_object (pks, obj); + if (rv != CKR_OK) + { + _gnutls_debug_log + ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv)); } - - class = CKO_CERTIFICATE; /* default */ - - if (find_data->info.type[0] != 0) { - class = pkcs11_strtype_to_class(find_data->info.type); - if (class == CKO_CERTIFICATE) - type = CKC_X_509; - - if (class == -1) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } + else + { + find_data->deleted++; } - a_vals = 0; + found = 1; + } - /* Find objects with given class and type */ - if (find_data->info.certid_raw_size > 0) { - a[a_vals].type = CKA_ID; - a[a_vals].value = find_data->info.certid_raw; - a[a_vals].value_len = find_data->info.certid_raw_size; - a_vals++; - } - - if (class != -1) { - a[a_vals].type = CKA_CLASS; - a[a_vals].value = &class; - a[a_vals].value_len = sizeof class; - a_vals++; - } + if (found == 0) + { + gnutls_assert (); + ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + } + else + { + ret = 0; + } - if (type != -1) { - a[a_vals].type = CKA_CERTIFICATE_TYPE; - a[a_vals].value = &type; - a[a_vals].value_len = sizeof type; - a_vals++; - } +cleanup: + pakchois_find_objects_final (pks); - if (find_data->info.label[0] != 0) { - a[a_vals].type = CKA_LABEL; - a[a_vals].value = find_data->info.label; - a[a_vals].value_len = strlen(find_data->info.label); - a_vals++; - } - - rv = pakchois_find_objects_init(pks, a, a_vals); - if (rv != CKR_OK) { - gnutls_assert(); - _gnutls_debug_log("pk11: FindObjectsInit failed.\n"); - ret = pkcs11_rv_to_err(rv); - goto cleanup; - } - - while (pakchois_find_objects(pks, &obj, 1, &count) == CKR_OK - && count == 1) { - rv = pakchois_destroy_object(pks, obj); - if (rv != CKR_OK) { - _gnutls_debug_log - ("pkcs11: Cannot destroy object: %s\n", - pakchois_error(rv)); - } else { - find_data->deleted++; - } - - found = 1; - } - - if (found == 0) { - gnutls_assert(); - ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - } else { - ret = 0; - } - - cleanup: - pakchois_find_objects_final(pks); - - return ret; + return ret; } @@ -508,27 +540,30 @@ static int delete_obj_url(pakchois_session_t * pks, * Returns: On success, the number of objects deleted is returned, otherwise a * negative error value. **/ -int gnutls_pkcs11_delete_url(const char *object_url, unsigned int flags) +int +gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags) { - int ret; - struct delete_data_st find_data; - - memset(&find_data, 0, sizeof(find_data)); - - ret = pkcs11_url_to_info(object_url, &find_data.info); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - ret = - _pkcs11_traverse_tokens(delete_obj_url, &find_data, - SESSION_WRITE|pkcs11_obj_flags_to_int(flags)); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return find_data.deleted; + int ret; + struct delete_data_st find_data; + + memset (&find_data, 0, sizeof (find_data)); + + ret = pkcs11_url_to_info (object_url, &find_data.info); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + ret = + _pkcs11_traverse_tokens (delete_obj_url, &find_data, + SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + + return find_data.deleted; } |