This prevents asking for PIN on every private key operation.
}
int
-pkcs11_find_object (struct ck_function_list ** _module,
- ck_session_handle_t * _pks,
+pkcs11_find_object (struct pkcs11_session_info* sinfo,
ck_object_handle_t * _obj,
struct p11_kit_uri *info, unsigned int flags)
{
int ret;
- struct ck_function_list *module;
- ck_session_handle_t pks;
ck_object_handle_t obj;
struct ck_attribute *attrs;
unsigned long attr_count;
unsigned long count;
ck_rv_t rv;
- ret = pkcs11_open_session (&module, &pks, info, flags & SESSION_LOGIN);
+ ret = pkcs11_open_session (sinfo, info, flags & SESSION_LOGIN);
if (ret < 0)
{
gnutls_assert ();
}
attrs = p11_kit_uri_get_attributes (info, &attr_count);
- rv = pkcs11_find_objects_init (module, pks, attrs, attr_count);
+ rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, attrs, attr_count);
if (rv != CKR_OK)
{
gnutls_assert ();
goto fail;
}
- if (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1)
+ if (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
{
*_obj = obj;
- *_pks = pks;
- *_module = module;
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
return 0;
}
ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
fail:
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (sinfo);
return ret;
}
}
int
-pkcs11_open_session (struct ck_function_list ** _module, ck_session_handle_t * _pks,
- struct p11_kit_uri *info, unsigned int flags)
+pkcs11_open_session (struct pkcs11_session_info *sinfo, struct p11_kit_uri *info,
+ unsigned int flags)
{
ck_rv_t rv;
int ret;
return pkcs11_rv_to_err (rv);
}
+ /* ok found */
+ sinfo->pks = pks;
+ sinfo->module = module;
+ sinfo->init = 1;
+ memcpy(&sinfo->tinfo, &tinfo.tinfo, sizeof(sinfo->tinfo));
+
if (flags & SESSION_LOGIN)
{
- ret = pkcs11_login (module, pks, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
+ ret = pkcs11_login (sinfo, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
if (ret < 0)
{
gnutls_assert ();
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (sinfo);
return ret;
}
}
- /* ok found */
- *_pks = pks;
- *_module = module;
return 0;
}
unsigned int found = 0, x, z;
int ret;
ck_session_handle_t pks = 0;
+ struct pkcs11_session_info sinfo;
struct ck_function_list *module = NULL;
for (x = 0; x < active_providers; x++)
{
continue;
}
+
+ sinfo.module = module;
+ sinfo.pks = pks;
if (flags & SESSION_LOGIN)
{
- ret = pkcs11_login (module, pks, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
+ ret = pkcs11_login (&sinfo, &tinfo, info, (flags & SESSION_SO) ? 1 : 0);
if (ret < 0)
{
gnutls_assert ();
}
}
- ret = find_func (module, pks, &tinfo, &providers[x].info, input);
+ ret = find_func (&sinfo, &tinfo, &providers[x].info, input);
if (ret == 0)
{
}
else
{
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (&sinfo);
pks = 0;
}
}
if (found == 0)
{
if (module)
- ret = find_func (module, pks, NULL, NULL, input);
+ {
+ sinfo.module = module;
+ sinfo.pks = pks;
+ ret = find_func (&sinfo, NULL, NULL, input);
+ }
else
ret = gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
}
if (pks != 0 && module != NULL)
{
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (&sinfo);
}
return ret;
}
static int
-find_obj_url (struct ck_function_list *module, ck_session_handle_t pks,
+find_obj_url (struct pkcs11_session_info *sinfo,
struct token_info *info, struct ck_info *lib_info, void *input)
{
struct url_find_data_st *find_data = input;
a_vals++;
}
- rv = pkcs11_find_objects_init (module, pks, a, a_vals);
+ rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals);
if (rv != CKR_OK)
{
gnutls_assert ();
goto cleanup;
}
- while (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1)
+ while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
{
a[0].type = CKA_VALUE;
a[1].value = label_tmp;
a[1].value_len = sizeof (label_tmp);
- if (pkcs11_get_attribute_value (module, pks, obj, a, 2) == CKR_OK)
+ if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 2) == CKR_OK)
{
gnutls_datum_t id;
gnutls_datum_t data = { a[0].value, a[0].value_len };
if (class == CKO_PUBLIC_KEY)
{
ret =
- pkcs11_obj_import_pubkey (module, pks, obj,
+ pkcs11_obj_import_pubkey (sinfo->module, sinfo->pks, obj,
find_data->crt,
&id, &label,
&info->tinfo, lib_info);
cleanup:
gnutls_free (cert_data);
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
return ret;
}
};
static int
-find_token_num (struct ck_function_list *module,
- ck_session_handle_t pks,
+find_token_num (struct pkcs11_session_info* sinfo,
struct token_info *tinfo,
struct ck_info *lib_info, void *input)
{
}
int
-pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks,
+pkcs11_login (struct pkcs11_session_info * sinfo,
const struct token_info *tokinfo, struct p11_kit_uri *info, int so)
{
struct ck_session_info session_info;
* required. */
if (tokinfo->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
{
- rv = (module)->C_Login (pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0);
+ rv = (sinfo->module)->C_Login (sinfo->pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0);
if (rv == CKR_OK || rv == CKR_USER_ALREADY_LOGGED_IN)
{
return 0;
memcpy (&tinfo, &tokinfo->tinfo, sizeof(tinfo));
/* Check whether the session is already logged in, and if so, just skip */
- rv = (module)->C_GetSessionInfo (pks, &session_info);
+ rv = (sinfo->module)->C_GetSessionInfo (sinfo->pks, &session_info);
if (rv == CKR_OK && (session_info.state == CKS_RO_USER_FUNCTIONS ||
session_info.state == CKS_RW_USER_FUNCTIONS))
{
goto cleanup;
}
- rv = (module)->C_Login (pks, user_type,
+ rv = (sinfo->module)->C_Login (sinfo->pks, user_type,
(unsigned char *)p11_kit_pin_get_value (pin, NULL),
p11_kit_pin_get_length (pin));
static int
-find_privkeys (struct ck_function_list *module, ck_session_handle_t pks,
+find_privkeys (struct pkcs11_session_info* sinfo,
struct token_info *info, struct pkey_list *list)
{
struct ck_attribute a[3];
a[0].value = &class;
a[0].value_len = sizeof class;
- rv = pkcs11_find_objects_init (module, pks, a, 1);
+ rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, 1);
if (rv != CKR_OK)
{
gnutls_assert ();
}
list->key_ids_size = 0;
- while (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1)
+ while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
{
list->key_ids_size++;
}
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
if (list->key_ids_size == 0)
{
a[0].value = &class;
a[0].value_len = sizeof class;
- rv = pkcs11_find_objects_init (module, pks, a, 1);
+ rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, 1);
if (rv != CKR_OK)
{
gnutls_assert ();
}
current = 0;
- while (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1)
+ while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
{
a[0].type = CKA_ID;
_gnutls_buffer_init (&list->key_ids[current]);
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
+ if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
{
_gnutls_buffer_append_data (&list->key_ids[current],
a[0].value, a[0].value_len);
break;
}
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
list->key_ids_size = current - 1;
static int
-find_objs (struct ck_function_list * module, ck_session_handle_t pks,
+find_objs (struct pkcs11_session_info* sinfo,
struct token_info *info, struct ck_info *lib_info, void *input)
{
struct crt_find_data_st *find_data = input;
if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
{
- ret = find_privkeys (module, pks, info, &plist);
+ ret = find_privkeys (sinfo, info, &plist);
if (ret < 0)
{
gnutls_assert ();
tot_values++;
}
- rv = pkcs11_find_objects_init (module, pks, a, tot_values);
+ rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, tot_values);
if (rv != CKR_OK)
{
gnutls_assert ();
return pkcs11_rv_to_err (rv);
}
- while (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1)
+ while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
{
gnutls_datum_t label, id, value;
a[0].value = label_tmp;
a[0].value_len = sizeof label_tmp;
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
+ if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
{
label.data = a[0].value;
label.size = a[0].value_len;
a[0].value = certid_tmp;
a[0].value_len = sizeof certid_tmp;
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
+ if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
{
id.data = a[0].value;
id.size = a[0].value_len;
a[0].type = CKA_VALUE;
a[0].value = cert_data;
a[0].value_len = MAX_CERT_SIZE;
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
+ if (pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1) == CKR_OK)
{
value.data = a[0].value;
value.size = a[0].value_len;
a[0].value = &class;
a[0].value_len = sizeof class;
- pkcs11_get_attribute_value (module, pks, obj, a, 1);
+ pkcs11_get_attribute_value (sinfo->module, sinfo->pks, obj, a, 1);
}
if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
if (class == CKO_PUBLIC_KEY)
{
ret =
- pkcs11_obj_import_pubkey (module, pks, obj,
+ pkcs11_obj_import_pubkey (sinfo->module, sinfo->pks, obj,
find_data->p_list
[find_data->current],
&id, &label,
}
gnutls_free (cert_data);
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
fail:
gnutls_free (cert_data);
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
if (plist.key_ids != NULL)
{
for (i = 0; i < plist.key_ids_size; i++)
}
static int
-find_flags (struct ck_function_list * module, ck_session_handle_t pks,
+find_flags (struct pkcs11_session_info* sinfo,
struct token_info *info, struct ck_info *lib_info, void *input)
{
struct flags_find_data_st *find_data = input;
}
ck_rv_t
-pkcs11_find_objects_final (struct ck_function_list *module,
- ck_session_handle_t sess)
+pkcs11_find_objects_final (struct pkcs11_session_info* sinfo)
{
- return (module)->C_FindObjectsFinal (sess);
+ return (sinfo->module)->C_FindObjectsFinal (sinfo->pks);
}
ck_rv_t
-pkcs11_close_session (struct ck_function_list *module,
- ck_session_handle_t sess)
+pkcs11_close_session (struct pkcs11_session_info * sinfo)
{
- return (module)->C_CloseSession (sess);
+ sinfo->init = 0;
+ return (sinfo->module)->C_CloseSession (sinfo->pks);
}
ck_rv_t
#include <p11-kit/uri.h>
typedef unsigned char ck_bool_t;
+struct pkcs11_session_info {
+ struct ck_function_list * module;
+ struct ck_token_info tinfo;
+ ck_session_handle_t pks;
+ unsigned int init;
+};
+
struct token_info
{
struct ck_token_info tinfo;
* function. Once everything is traversed it is called with NULL tinfo.
* It should return 0 if found what it was looking for.
*/
-typedef int (*find_func_t) (struct ck_function_list *module,
- ck_session_handle_t pks,
+typedef int (*find_func_t) (struct pkcs11_session_info*,
struct token_info * tinfo, struct ck_info *,
void *input);
int pkcs11_get_info (struct p11_kit_uri *info,
gnutls_pkcs11_obj_info_t itype, void *output,
size_t * output_size);
-int pkcs11_login (struct ck_function_list * module, ck_session_handle_t pks,
- const struct token_info *tinfo, struct p11_kit_uri *info, int admin);
+int pkcs11_login (struct pkcs11_session_info * sinfo,
+ const struct token_info *tokinfo, struct p11_kit_uri *info, int so);
int pkcs11_call_token_func (struct p11_kit_uri *info, const unsigned retry);
#define SESSION_WRITE (1<<0)
#define SESSION_LOGIN (1<<1)
#define SESSION_SO (1<<2) /* security officer session */
-int pkcs11_open_session (struct ck_function_list **_module, ck_session_handle_t * _pks,
+int pkcs11_open_session (struct pkcs11_session_info* sinfo,
struct p11_kit_uri *info, unsigned int flags);
int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
struct p11_kit_uri *info, unsigned int flags);
struct ck_info *lib_info);
/* flags are SESSION_* */
-int pkcs11_find_object (struct ck_function_list ** _module,
- ck_session_handle_t * _pks,
- ck_object_handle_t * _obj,
- struct p11_kit_uri *info, unsigned int flags);
+int pkcs11_find_object (struct pkcs11_session_info* sinfo,
+ ck_object_handle_t * _obj,
+ struct p11_kit_uri *info, unsigned int flags);
unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
unsigned long *object_count);
ck_rv_t
-pkcs11_find_objects_final (struct ck_function_list *module,
- ck_session_handle_t sess);
+pkcs11_find_objects_final (struct pkcs11_session_info*);
ck_rv_t
-pkcs11_close_session (struct ck_function_list *module,
- ck_session_handle_t sess);
+pkcs11_close_session (struct pkcs11_session_info *);
ck_rv_t
pkcs11_get_attribute_value(struct ck_function_list *module,
struct p11_kit_uri *info;
gnutls_pkcs11_pin_callback_t pin_func;
void *pin_data;
+
+ struct pkcs11_session_info sinfo;
+ ck_object_handle_t obj; /* the key in the session */
};
/**
gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
{
p11_kit_uri_free (key->info);
+ if (key->sinfo.init != 0)
+ pkcs11_close_session (&key->sinfo);
gnutls_free (key);
}
}
-#define FIND_OBJECT(module, pks, obj, key) \
+#define FIND_OBJECT(sinfo, obj, key) \
do { \
int retries = 0; \
int rret; \
- ret = pkcs11_find_object (&module, &pks, &obj, key->info, \
- SESSION_LOGIN); \
+ ret = pkcs11_find_object (sinfo, &obj, key->info, \
+ SESSION_LOGIN); \
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { \
if (token_func) \
{ \
int ret;
struct ck_mechanism mech;
unsigned long siglen;
- struct ck_function_list *module;
- ck_session_handle_t pks;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
ck_object_handle_t obj;
- FIND_OBJECT (module, pks, obj, key);
+ if (key->sinfo.init != 0)
+ {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ }
+ else
+ {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT (sinfo, obj, key);
+ }
mech.mechanism = pk_to_mech(key->pk_algorithm);
mech.parameter = NULL;
/* Initialize signing operation; using the private key discovered
* earlier. */
- rv = pkcs11_sign_init (module, pks, &mech, obj);
+ rv = pkcs11_sign_init (sinfo->module, sinfo->pks, &mech, obj);
if (rv != CKR_OK)
{
gnutls_assert ();
}
/* Work out how long the signature must be: */
- rv = pkcs11_sign (module, pks, hash->data, hash->size, NULL, &siglen);
+ rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, NULL, &siglen);
if (rv != CKR_OK)
{
gnutls_assert ();
signature->data = gnutls_malloc (siglen);
signature->size = siglen;
- rv = pkcs11_sign (module, pks, hash->data, hash->size, signature->data, &siglen);
+ rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size, signature->data, &siglen);
if (rv != CKR_OK)
{
gnutls_free (signature->data);
ret = 0;
cleanup:
- pkcs11_close_session (module, pks);
+ if (sinfo != &key->sinfo)
+ pkcs11_close_session (sinfo);
return ret;
}
const char *url, unsigned int flags)
{
int ret;
- struct ck_function_list *module;
struct ck_attribute *attr;
- ck_session_handle_t pks;
ck_object_handle_t obj;
struct ck_attribute a[4];
ck_key_type_t key_type;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
ret = pkcs11_url_to_info (url, &pkey->info);
if (ret < 0)
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
- FIND_OBJECT (module, pks, obj, pkey);
+ FIND_OBJECT (&sinfo, obj, pkey);
+
a[0].type = CKA_KEY_TYPE;
a[0].value = &key_type;
a[0].value_len = sizeof (key_type);
- if (pkcs11_get_attribute_value (module, pks, obj, a, 1) == CKR_OK)
+ if (pkcs11_get_attribute_value (sinfo.module, sinfo.pks, obj, a, 1) == CKR_OK)
{
pkey->pk_algorithm = mech_to_pk(key_type);
if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
}
ret = 0;
+
+ if (pkey->sinfo.init)
+ pkcs11_close_session (&pkey->sinfo);
+
+ if (sinfo.tinfo.max_session_count != 1)
+ {
+ /* We do not keep the session open in tokens that can
+ * only support a single session.
+ */
+ memcpy(&pkey->sinfo, &sinfo, sizeof(pkey->sinfo));
+ pkey->obj = obj;
+ return ret;
+ }
cleanup:
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (&sinfo);
return ret;
}
int ret;
struct ck_mechanism mech;
unsigned long siglen;
- struct ck_function_list *module;
- ck_session_handle_t pks;
ck_object_handle_t obj;
+ struct pkcs11_session_info _sinfo;
+ struct pkcs11_session_info *sinfo;
- FIND_OBJECT (module, pks, obj, key);
+ if (key->sinfo.init != 0)
+ {
+ sinfo = &key->sinfo;
+ obj = key->obj;
+ }
+ else
+ {
+ sinfo = &_sinfo;
+ memset(sinfo, 0, sizeof(*sinfo));
+ FIND_OBJECT (sinfo, obj, key);
+ }
if (key->pk_algorithm != GNUTLS_PK_RSA)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
/* Initialize signing operation; using the private key discovered
* earlier. */
- rv = pkcs11_decrypt_init (module, pks, &mech, obj);
+ rv = pkcs11_decrypt_init (sinfo->module, sinfo->pks, &mech, obj);
if (rv != CKR_OK)
{
gnutls_assert ();
}
/* Work out how long the plaintext must be: */
- rv = pkcs11_decrypt (module, pks, ciphertext->data, ciphertext->size,
+ rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
NULL, &siglen);
if (rv != CKR_OK)
{
plaintext->data = gnutls_malloc (siglen);
plaintext->size = siglen;
- rv = pkcs11_decrypt (module, pks, ciphertext->data, ciphertext->size,
+ rv = pkcs11_decrypt (sinfo->module, sinfo->pks, ciphertext->data, ciphertext->size,
plaintext->data, &siglen);
if (rv != CKR_OK)
{
ret = 0;
cleanup:
- pkcs11_close_session (module, pks);
+ if (key->sinfo.init == 0)
+ pkcs11_close_session (sinfo);
return ret;
}
int ret;
const ck_bool_t tval = 1;
const ck_bool_t fval = 0;
- struct ck_function_list *module;
- ck_session_handle_t pks = 0;
+ struct pkcs11_session_info sinfo;
struct p11_kit_uri *info = NULL;
ck_rv_t rv;
struct ck_attribute a[10], p[10];
int a_val, p_val;
struct ck_mechanism mech;
+ memset(&sinfo, 0, sizeof(sinfo));
+
ret = pkcs11_url_to_info (url, &info);
if (ret < 0)
{
}
ret =
- pkcs11_open_session (&module, &pks, info,
+ pkcs11_open_session (&sinfo, info,
SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
p11_kit_uri_free (info);
p_val++;
}
- rv = pkcs11_generate_key_pair( module, pks, &mech, a, a_val, p, p_val, &pub, &priv);
+ rv = pkcs11_generate_key_pair( sinfo.module, sinfo.pks, &mech, a, a_val, p, p_val, &pub, &priv);
if (rv != CKR_OK)
{
gnutls_assert ();
cleanup:
- if (pks != 0)
- pkcs11_close_session (module, pks);
+ if (sinfo.pks != 0)
+ pkcs11_close_session (&sinfo);
return ret;
}
/* GNUTLS_PKCS11_OBJ_FLAG_* */ )
{
int ret;
- struct ck_function_list *module;
- ck_session_handle_t pks;
struct p11_kit_uri *info = NULL;
ck_rv_t rv;
struct ck_attribute a[12];
ck_bool_t tval = 1;
int a_val;
uint8_t id[16];
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
ret = pkcs11_url_to_info (token_url, &info);
if (ret < 0)
}
ret =
- pkcs11_open_session (&module, &pks, info,
+ pkcs11_open_session (&sinfo, info,
SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
p11_kit_uri_free (info);
a[a_val].value_len = sizeof (tval);
a_val++;
- rv = pkcs11_create_object (module, pks, a, a_val, &obj);
+ rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
if (rv != CKR_OK)
{
gnutls_assert ();
ret = 0;
cleanup:
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (&sinfo);
return ret;
unsigned int flags)
{
int ret;
- struct ck_function_list *module;
- ck_session_handle_t pks;
struct p11_kit_uri *info = NULL;
ck_rv_t rv;
size_t der_size, id_size;
ck_object_handle_t obj;
int a_val;
gnutls_datum_t subject = { NULL, 0 };
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
ret = pkcs11_url_to_info (token_url, &info);
if (ret < 0)
}
ret =
- pkcs11_open_session (&module, &pks, info,
+ pkcs11_open_session (&sinfo, info,
SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
p11_kit_uri_free (info);
}
}
- rv = pkcs11_create_object (module, pks, a, a_val, &obj);
+ rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
if (rv != CKR_OK)
{
gnutls_assert ();
cleanup:
gnutls_free (der);
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (&sinfo);
_gnutls_free_datum(&subject);
return ret;
unsigned int key_usage, unsigned int flags)
{
int ret;
- struct ck_function_list *module;
- ck_session_handle_t pks = 0;
struct p11_kit_uri *info = NULL;
ck_rv_t rv;
size_t id_size;
gnutls_pk_algorithm_t pk;
gnutls_datum_t p, q, g, y, x;
gnutls_datum_t m, e, d, u, exp1, exp2;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
memset(&p, 0, sizeof(p));
memset(&q, 0, sizeof(q));
}
ret =
- pkcs11_open_session (&module, &pks, info,
+ pkcs11_open_session (&sinfo, info,
SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
p11_kit_uri_free (info);
goto cleanup;
}
- rv = pkcs11_create_object (module, pks, a, a_val, &obj);
+ rv = pkcs11_create_object (sinfo.module, sinfo.pks, a, a_val, &obj);
if (rv != CKR_OK)
{
gnutls_assert ();
break;
}
- if (pks != 0)
- pkcs11_close_session (module, pks);
+ if (sinfo.pks != 0)
+ pkcs11_close_session (&sinfo);
return ret;
};
static int
-delete_obj_url (struct ck_function_list *module,
- ck_session_handle_t pks,
+delete_obj_url (struct pkcs11_session_info * sinfo,
struct token_info *info,
struct ck_info *lib_info, void *input)
{
unsigned long count, a_vals;
int found = 0, ret;
-
if (info == NULL)
{ /* we don't support multiple calls */
gnutls_assert ();
a_vals++;
}
- rv = pkcs11_find_objects_init (module, pks, a, a_vals);
+ rv = pkcs11_find_objects_init (sinfo->module, sinfo->pks, a, a_vals);
if (rv != CKR_OK)
{
gnutls_assert ();
goto cleanup;
}
- while (pkcs11_find_objects (module, pks, &obj, 1, &count) == CKR_OK && count == 1)
+ while (pkcs11_find_objects (sinfo->module, sinfo->pks, &obj, 1, &count) == CKR_OK && count == 1)
{
- rv = pkcs11_destroy_object (module, pks, obj);
+ rv = pkcs11_destroy_object (sinfo->module, sinfo->pks, obj);
if (rv != CKR_OK)
{
_gnutls_debug_log
}
cleanup:
- pkcs11_find_objects_final (module, pks);
+ pkcs11_find_objects_final (sinfo);
return ret;
}
const char *newpin, unsigned int flags)
{
int ret;
- struct ck_function_list *module;
- ck_session_handle_t pks;
struct p11_kit_uri *info = NULL;
ck_rv_t rv;
unsigned int ses_flags;
+ struct pkcs11_session_info sinfo;
+
+ memset(&sinfo, 0, sizeof(sinfo));
ret = pkcs11_url_to_info (token_url, &info);
if (ret < 0)
else
ses_flags = SESSION_WRITE | SESSION_LOGIN;
- ret = pkcs11_open_session (&module, &pks, info, ses_flags);
+ ret = pkcs11_open_session (&sinfo, info, ses_flags);
p11_kit_uri_free (info);
if (ret < 0)
if (oldpin == NULL)
{
- rv = pkcs11_init_pin (module, pks, (uint8_t *) newpin, strlen (newpin));
+ rv = pkcs11_init_pin (sinfo.module, sinfo.pks, (uint8_t *) newpin, strlen (newpin));
if (rv != CKR_OK)
{
gnutls_assert ();
}
else
{
- rv = pkcs11_set_pin (module, pks,
+ rv = pkcs11_set_pin (sinfo.module, sinfo.pks,
oldpin, strlen (oldpin),
newpin, strlen (newpin));
if (rv != CKR_OK)
ret = 0;
finish:
- pkcs11_close_session (module, pks);
+ pkcs11_close_session (&sinfo);
return ret;
}