From: Nikos Mavrogiannopoulos Date: Thu, 23 Jun 2016 20:40:26 +0000 (+0200) Subject: find_cert_cb: minor cleanups in find_cert_cb X-Git-Tag: gnutls_3_5_2~31 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f11e5dfdcc9d1b0f19286c13cbc0977d9a793a9f;p=thirdparty%2Fgnutls.git find_cert_cb: minor cleanups in find_cert_cb --- diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 0505cf3c48..ce0563e796 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -3598,30 +3598,37 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, break; } - a[0].type = CKA_LABEL; - a[0].value = label_tmp; - a[0].value_len = sizeof(label_tmp); - - a[1].type = CKA_ID; - a[1].value = id_tmp; - a[1].value_len = sizeof(id_tmp); - /* data will contain the certificate */ rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, ctx, CKA_VALUE, &data); + if (rv == CKR_OK) { + ret = check_found_cert(priv, &data, now); + if (ret < 0) { + _gnutls_free_datum(&data); + continue; + } - if (rv == CKR_OK && pkcs11_get_attribute_value - (sinfo->module, sinfo->pks, ctx, a, - 2) == CKR_OK) { - label.data = a[0].value; - label.size = a[0].value_len; - id.data = a[1].value; - id.size = a[1].value_len; - - found = 1; - break; - } else { - _gnutls_debug_log - ("p11: Skipped cert, missing attrs.\n"); + a[0].type = CKA_LABEL; + a[0].value = label_tmp; + a[0].value_len = sizeof(label_tmp); + + a[1].type = CKA_ID; + a[1].value = id_tmp; + a[1].value_len = sizeof(id_tmp); + + if (pkcs11_get_attribute_value(sinfo->module, sinfo->pks, ctx, a, + 2) == CKR_OK) { + label.data = a[0].value; + label.size = a[0].value_len; + id.data = a[1].value; + id.size = a[1].value_len; + + found = 1; + break; + } else { + _gnutls_free_datum(&data); + _gnutls_debug_log + ("p11: Skipped cert, missing attrs.\n"); + } } } @@ -3629,14 +3636,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo, finalized = 1; if (found != 0) { - ret = check_found_cert(priv, &data, now); - if (ret < 0) { - _gnutls_free_datum(&data); - found = 0; - continue; - } - - if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT) { + if (priv->flags & GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT && data.size > 0) { gnutls_datum_t spki; rv = pkcs11_get_attribute_avalue(sinfo->module, sinfo->pks, ctx, CKA_PUBLIC_KEY_INFO, &spki); if (rv == CKR_OK) {