If we get a PKCS #11 session error, invalidate the cached session.

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 3 Jul 2014 13:36:11 +0000 (15:36 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 3 Jul 2014 13:36:11 +0000 (15:36 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 3 Jul 2014 13:36:11 +0000 (15:36 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 3 Jul 2014 13:36:11 +0000 (15:36 +0200)
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c

index 7f2c19da2f06304ee210a0f0b2dc4167736cc476..7ba4d287ae84201f574c53a466ced8ba1fe6ac1e 100644 (file)
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -39,6 +39,14 @@
         if (ret == 1) \
                 memset(&k->sinfo, 0, sizeof(k->sinfo))
  
+#define CHECK_SHANDLE(rv, key, sinfo) \
+               if (rv == CKR_SESSION_HANDLE_INVALID && sinfo == &key->sinfo) { \
+                       if (key->sinfo.init != 0) { \
+                               pkcs11_close_session(&key->sinfo); \
+                               memset(&key->sinfo, 0, sizeof(key->sinfo)); \
+                       } \
+               }
+
  struct gnutls_pkcs11_privkey_st {
         gnutls_pk_algorithm_t pk_algorithm;
         unsigned int flags;
@@ -247,6 +255,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
         rv = pkcs11_sign_init(sinfo->module, sinfo->pks, &mech, obj);
         if (rv != CKR_OK) {
                 gnutls_assert();
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = pkcs11_rv_to_err(rv);
                 goto cleanup;
         }
@@ -256,6 +265,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
                          NULL, &siglen);
         if (rv != CKR_OK) {
                 gnutls_assert();
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = pkcs11_rv_to_err(rv);
                 goto cleanup;
         }
@@ -267,6 +277,7 @@ _gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t key,
                          tmp.data, &siglen);
         if (rv != CKR_OK) {
                 gnutls_assert();
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = pkcs11_rv_to_err(rv);
                 goto cleanup;
         }
@@ -347,6 +358,7 @@ int gnutls_pkcs11_privkey_status(gnutls_pkcs11_privkey_t key)
  
         rv = (sinfo->module)->C_GetSessionInfo(sinfo->pks, &session_info);
         if (rv != CKR_OK) {
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = 0;
                 goto cleanup;
         }
@@ -499,6 +511,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
         rv = pkcs11_decrypt_init(sinfo->module, sinfo->pks, &mech, obj);
         if (rv != CKR_OK) {
                 gnutls_assert();
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = pkcs11_rv_to_err(rv);
                 goto cleanup;
         }
@@ -508,6 +521,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
                             ciphertext->size, NULL, &siglen);
         if (rv != CKR_OK) {
                 gnutls_assert();
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = pkcs11_rv_to_err(rv);
                 goto cleanup;
         }
@@ -520,6 +534,7 @@ _gnutls_pkcs11_privkey_decrypt_data(gnutls_pkcs11_privkey_t key,
         if (rv != CKR_OK) {
                 gnutls_free(plaintext->data);
                 gnutls_assert();
+               CHECK_SHANDLE(rv, key, sinfo);
                 ret = pkcs11_rv_to_err(rv);
                 goto cleanup;
         }
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 3 Jul 2014 13:36:11 +0000 (15:36 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 3 Jul 2014 13:36:11 +0000 (15:36 +0200)