]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
pkcs11: perform reauth at the appropriate state
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 7 Nov 2014 06:54:41 +0000 (07:54 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Fri, 7 Nov 2014 06:54:41 +0000 (07:54 +0100)
lib/pkcs11_privkey.c

index 496f814a4c42d15d275c710090d2536241ddec67..f06121d8480ac316f684210f5dfecb94f5f256e7 100644 (file)
@@ -254,17 +254,6 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
 
        PKCS11_CHECK_INIT_PRIVKEY(key);
 
-       if (key->reauth) {
-               ret =
-                   pkcs11_login(&key->sinfo, &key->pin,
-                                key->uinfo, 0, 1);
-               if (ret < 0) {
-                       gnutls_assert();
-                       _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
-                       /* let's try the operation anyway */
-               }
-       }
-
        sinfo = &key->sinfo;
 
        mech.mechanism = pk_to_mech(key->pk_algorithm);
@@ -280,6 +269,17 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
                goto cleanup;
        }
 
+       if (key->reauth) {
+               ret =
+                   pkcs11_login(&key->sinfo, &key->pin,
+                                key->uinfo, 0, 1);
+               if (ret < 0) {
+                       gnutls_assert();
+                       _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
+                       /* let's try the operation anyway */
+               }
+       }
+
        /* Work out how long the signature must be: */
        rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size,
                         NULL, &siglen);
@@ -495,17 +495,6 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
        if (key->pk_algorithm != GNUTLS_PK_RSA)
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
-       if (key->reauth) {
-               ret =
-                   pkcs11_login(&key->sinfo, &key->pin,
-                                key->uinfo, 0, 1);
-               if (ret < 0) {
-                       gnutls_assert();
-                       _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
-                       /* let's try the operation anyway */
-               }
-       }
-
        mech.mechanism = CKM_RSA_PKCS;
        mech.parameter = NULL;
        mech.parameter_len = 0;
@@ -519,6 +508,17 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
                goto cleanup;
        }
 
+       if (key->reauth) {
+               ret =
+                   pkcs11_login(&key->sinfo, &key->pin,
+                                key->uinfo, 0, 1);
+               if (ret < 0) {
+                       gnutls_assert();
+                       _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n");
+                       /* let's try the operation anyway */
+               }
+       }
+
        /* Work out how long the plaintext must be: */
        rv = pkcs11_decrypt(key->sinfo.module, key->sinfo.pks, ciphertext->data,
                            ciphertext->size, NULL, &siglen);