diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-06-09 14:10:44 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-06-09 14:10:44 +0200 |
commit | 0e0c9260ff9c862f47598e9ee6bccbc024d280b4 (patch) | |
tree | aa6a5f46f57fb3a7c9cae74d32bf21920b61b1a7 /lib/pkcs11_write.c | |
parent | 8ac3afecd4a2a3a1db66417a8dc6fdd541ff8232 (diff) | |
download | gnutls-0e0c9260ff9c862f47598e9ee6bccbc024d280b4.tar.gz |
In tokens that allow multiple sessions make the private key session persistent.
This prevents asking for PIN on every private key operation.
Diffstat (limited to 'lib/pkcs11_write.c')
-rw-r--r-- | lib/pkcs11_write.c | 49 |
1 files changed, 25 insertions, 24 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index aa474a6694..ca72c8fe78 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -50,8 +50,6 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, unsigned int flags) { int ret; - struct ck_function_list *module; - ck_session_handle_t pks; struct p11_kit_uri *info = NULL; ck_rv_t rv; size_t der_size, id_size; @@ -63,6 +61,9 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, ck_object_handle_t obj; int a_val; gnutls_datum_t subject = { NULL, 0 }; + struct pkcs11_session_info sinfo; + + memset(&sinfo, 0, sizeof(sinfo)); ret = pkcs11_url_to_info (token_url, &info); if (ret < 0) @@ -72,7 +73,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, } ret = - pkcs11_open_session (&module, &pks, info, + pkcs11_open_session (&sinfo, info, SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); p11_kit_uri_free (info); @@ -182,7 +183,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, } } - rv = pkcs11_create_object (module, pks, a, a_val, &obj); + rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj); if (rv != CKR_OK) { gnutls_assert (); @@ -198,7 +199,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, cleanup: gnutls_free (der); - pkcs11_close_session (module, pks); + pkcs11_close_session (&sinfo); _gnutls_free_datum(&subject); return ret; @@ -228,8 +229,6 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, unsigned int key_usage, unsigned int flags) { int ret; - struct ck_function_list *module; - ck_session_handle_t pks = 0; struct p11_kit_uri *info = NULL; ck_rv_t rv; size_t id_size; @@ -242,6 +241,9 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_pk_algorithm_t pk; gnutls_datum_t p, q, g, y, x; gnutls_datum_t m, e, d, u, exp1, exp2; + struct pkcs11_session_info sinfo; + + memset(&sinfo, 0, sizeof(sinfo)); memset(&p, 0, sizeof(p)); memset(&q, 0, sizeof(q)); @@ -272,7 +274,7 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, } ret = - pkcs11_open_session (&module, &pks, info, + pkcs11_open_session (&sinfo, info, SESSION_WRITE | pkcs11_obj_flags_to_int (flags)); p11_kit_uri_free (info); @@ -474,7 +476,7 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url, goto cleanup; } - rv = pkcs11_create_object (module, pks, a, a_val, &obj); + rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj); if (rv != CKR_OK) { gnutls_assert (); @@ -521,8 +523,8 @@ cleanup: break; } - if (pks != 0) - pkcs11_close_session (module, pks); + if (sinfo.pks != 0) + pkcs11_close_session (&sinfo); return ret; @@ -535,8 +537,7 @@ struct delete_data_st }; static int -delete_obj_url (struct ck_function_list *module, - ck_session_handle_t pks, +delete_obj_url (struct pkcs11_session_info * sinfo, struct token_info *info, struct ck_info *lib_info, void *input) { @@ -550,7 +551,6 @@ delete_obj_url (struct ck_function_list *module, unsigned long count, a_vals; int found = 0, ret; - if (info == NULL) { /* we don't support multiple calls */ gnutls_assert (); @@ -606,7 +606,7 @@ delete_obj_url (struct ck_function_list *module, a_vals++; } - rv = pkcs11_find_objects_init (module, pks, a, a_vals); + rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals); if (rv != CKR_OK) { gnutls_assert (); @@ -615,9 +615,9 @@ delete_obj_url (struct ck_function_list *module, goto cleanup; } - while (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1) + while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1) { - rv = pkcs11_destroy_object (module, pks, obj); + rv = pkcs11_destroy_object (sinfo->module, sinfo->pks, obj); if (rv != CKR_OK) { _gnutls_debug_log @@ -642,7 +642,7 @@ delete_obj_url (struct ck_function_list *module, } cleanup: - pkcs11_find_objects_final (module, pks); + pkcs11_find_objects_final (sinfo); return ret; } @@ -770,11 +770,12 @@ gnutls_pkcs11_token_set_pin (const char *token_url, const char *newpin, unsigned int flags) { int ret; - struct ck_function_list *module; - ck_session_handle_t pks; struct p11_kit_uri *info = NULL; ck_rv_t rv; unsigned int ses_flags; + struct pkcs11_session_info sinfo; + + memset(&sinfo, 0, sizeof(sinfo)); ret = pkcs11_url_to_info (token_url, &info); if (ret < 0) @@ -789,7 +790,7 @@ gnutls_pkcs11_token_set_pin (const char *token_url, else ses_flags = SESSION_WRITE | SESSION_LOGIN; - ret = pkcs11_open_session (&module, &pks, info, ses_flags); + ret = pkcs11_open_session (&sinfo, info, ses_flags); p11_kit_uri_free (info); if (ret < 0) @@ -800,7 +801,7 @@ gnutls_pkcs11_token_set_pin (const char *token_url, if (oldpin == NULL) { - rv = pkcs11_init_pin (module, pks, (uint8_t *) newpin, strlen (newpin)); + rv = pkcs11_init_pin (sinfo.module, sinfo.pks, (uint8_t *) newpin, strlen (newpin)); if (rv != CKR_OK) { gnutls_assert (); @@ -811,7 +812,7 @@ gnutls_pkcs11_token_set_pin (const char *token_url, } else { - rv = pkcs11_set_pin (module, pks, + rv = pkcs11_set_pin (sinfo.module, sinfo.pks, oldpin, strlen (oldpin), newpin, strlen (newpin)); if (rv != CKR_OK) @@ -826,7 +827,7 @@ gnutls_pkcs11_token_set_pin (const char *token_url, ret = 0; finish: - pkcs11_close_session (module, pks); + pkcs11_close_session (&sinfo); return ret; } |