From: Nikos Mavrogiannopoulos Date: Fri, 7 Nov 2014 06:54:41 +0000 (+0100) Subject: pkcs11: perform reauth at the appropriate state X-Git-Tag: gnutls_3_4_0~664 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a9176d2c8febd60a964895df5062419f4d95e6d;p=thirdparty%2Fgnutls.git pkcs11: perform reauth at the appropriate state --- diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 496f814a4c..f06121d848 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -254,17 +254,6 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, PKCS11_CHECK_INIT_PRIVKEY(key); - if (key->reauth) { - ret = - pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0, 1); - if (ret < 0) { - gnutls_assert(); - _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); - /* let's try the operation anyway */ - } - } - sinfo = &key->sinfo; mech.mechanism = pk_to_mech(key->pk_algorithm); @@ -280,6 +269,17 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key, goto cleanup; } + if (key->reauth) { + ret = + pkcs11_login(&key->sinfo, &key->pin, + key->uinfo, 0, 1); + if (ret < 0) { + gnutls_assert(); + _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); + /* let's try the operation anyway */ + } + } + /* Work out how long the signature must be: */ rv = pkcs11_sign(sinfo->module, sinfo->pks, hash->data, hash->size, NULL, &siglen); @@ -495,17 +495,6 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, if (key->pk_algorithm != GNUTLS_PK_RSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if (key->reauth) { - ret = - pkcs11_login(&key->sinfo, &key->pin, - key->uinfo, 0, 1); - if (ret < 0) { - gnutls_assert(); - _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); - /* let's try the operation anyway */ - } - } - mech.mechanism = CKM_RSA_PKCS; mech.parameter = NULL; mech.parameter_len = 0; @@ -519,6 +508,17 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key, goto cleanup; } + if (key->reauth) { + ret = + pkcs11_login(&key->sinfo, &key->pin, + key->uinfo, 0, 1); + if (ret < 0) { + gnutls_assert(); + _gnutls_debug_log("PKCS #11 login failed, trying operation anyway\n"); + /* let's try the operation anyway */ + } + } + /* Work out how long the plaintext must be: */ rv = pkcs11_decrypt(key->sinfo.module, key->sinfo.pks, ciphertext->data, ciphertext->size, NULL, &siglen);