PKCS11_CHECK_INIT_PRIVKEY(key);
- if (key->reauth) {
- ret =
- pkcs11_login(&key->sinfo, &key->pin,
- key->uinfo, 0, 1);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
- /* let's try the operation anyway */
- }
- }
-
sinfo = &key->sinfo;
mech.mechanism = pk_to_mech(key->pk_algorithm);
goto cleanup;
}
+ if (key->reauth) {
+ ret =
+ pkcs11_login(&key->sinfo, &key->pin,
+ key->uinfo, 0, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
+ /* let's try the operation anyway */
+ }
+ }
+
/* Work out how long the signature must be: */
rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size,
NULL, &siglen);
if (key->pk_algorithm != GNUTLS_PK_RSA)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- if (key->reauth) {
- ret =
- pkcs11_login(&key->sinfo, &key->pin,
- key->uinfo, 0, 1);
- if (ret < 0) {
- gnutls_assert();
- _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
- /* let's try the operation anyway */
- }
- }
-
mech.mechanism = CKM_RSA_PKCS;
mech.parameter = NULL;
mech.parameter_len = 0;
goto cleanup;
}
+ if (key->reauth) {
+ ret =
+ pkcs11_login(&key->sinfo, &key->pin,
+ key->uinfo, 0, 1);
+ if (ret < 0) {
+ gnutls_assert();
+ _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
+ /* let's try the operation anyway */
+ }
+ }
+
/* Work out how long the plaintext must be: */
rv = pkcs11_decrypt(key->sinfo.module, key->sinfo.pks, ciphertext->data,
ciphertext->size, NULL, &siglen);