[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-34-g9872e88
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-34-g9872e88 |
|
Date: |
Sat, 15 May 2010 21:44:08 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=9872e884158b89c5c75c9cd12b7c1f27af7a75c1
The branch, new has been updated
via 9872e884158b89c5c75c9cd12b7c1f27af7a75c1 (commit)
from 168df8bf5f8a58d2f2e4ee4a9616007c2f7ef232 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 9872e884158b89c5c75c9cd12b7c1f27af7a75c1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sat May 15 23:43:30 2010 +0200
Corrections to properly handle token removal and insert.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_x509.c | 2 --
lib/libgnutls.map | 1 +
lib/pkcs11.c | 8 ++++++++
lib/pkcs11_int.h | 2 ++
lib/pkcs11_privkey.c | 15 +++++++++++----
src/common.c | 16 ++++++++++++++++
6 files changed, 38 insertions(+), 6 deletions(-)
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index e996821..6cb96da 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -515,7 +515,6 @@ static int read_key_url (gnutls_certificate_credentials_t
res, const char* url)
/* allocate space for the pkey list
*/
-fprintf(stderr, "%s:%d\n", __func__, __LINE__);
ret = gnutls_pkcs11_privkey_init(&key1);
if (ret < 0)
{
@@ -571,7 +570,6 @@ int ret;
gnutls_x509_crt_t crt;
gnutls_cert * ccert;
-fprintf(stderr, "%s:%d\n", __func__, __LINE__);
ccert = gnutls_malloc(sizeof(*ccert));
if (ccert == NULL)
{
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 2828477..4ca82a8 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -611,6 +611,7 @@ GNUTLS_2_11
gnutls_pkcs11_init;
gnutls_pkcs11_deinit;
gnutls_pkcs11_set_pin_function;
+ gnutls_pkcs11_set_token_function;
gnutls_pkcs11_add_provider;
gnutls_pkcs11_crt_init;
gnutls_pkcs11_crt_import_url;
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 94ec935..1b1d4f9 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -68,6 +68,14 @@ static void* pin_data;
gnutls_pkcs11_token_callback_t token_func;
void* token_data;
+/* Fake scan */
+void pkcs11_rescan_slots(void)
+{
+unsigned long slots;
+
+ pakchois_get_slot_list(providers[active_providers-1].module, 0, NULL,
&slots);
+}
+
int gnutls_pkcs11_add_provider (const char * name, const char * params)
{
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 5f475c0..3ca93e1 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -45,5 +45,7 @@ int pkcs11_login(pakchois_session_t *pks, struct token_info
*info);
extern gnutls_pkcs11_token_callback_t token_func;
extern void* token_data;
+void pkcs11_rescan_slots(void);
+
#endif
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 039bcf1..1854a3d 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -60,7 +60,6 @@ int gnutls_pkcs11_privkey_init(gnutls_pkcs11_privkey_t * key)
void gnutls_pkcs11_privkey_deinit(gnutls_pkcs11_privkey_t key)
{
if (key->pks) {
-fprintf(stderr, "xxx: close session %p at %d\n", key->pks, __LINE__);
pakchois_close_session(key->pks);
}
gnutls_free(key);
@@ -84,9 +83,16 @@ int gnutls_pkcs11_privkey_get_info(gnutls_pkcs11_privkey_t
pkey,
int retries = 0; find_data.privkey = key; retry:
-
+/* the rescan_slots() here is a dummy but if not
+ * called my card fails to work when removed and inserted.
+ * May have to do with the pkcs11 library I use.
+ */
#define RETRY_CHECK(rv, label) { \
- if (token_func && rv == CKR_SESSION_HANDLE_INVALID) { \
+ if (token_func && (rv ==
CKR_SESSION_HANDLE_INVALID||rv==CKR_DEVICE_REMOVED)) { \
+ pkcs11_rescan_slots(); \
+ pakchois_close_session(key->pks); \
+ pkcs11_rescan_slots(); \
+ key->pks = NULL; \
ret = token_func(token_data, label, retries++); \
if (ret == 0) { \
_pkcs11_traverse_tokens(find_privkey_url,
&find_data, 1); \
@@ -166,7 +172,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
RETRY_BLOCK_START(key);
- if (key->privkey == CK_INVALID_HANDLE) {
+ if (key->privkey == CK_INVALID_HANDLE || key->pks == NULL) {
gnutls_assert();
return GNUTLS_E_PKCS11_ERROR;
}
@@ -201,6 +207,7 @@ int gnutls_pkcs11_privkey_sign_hash(gnutls_pkcs11_privkey_t
key,
signature->data, &siglen);
if (rv != CKR_OK) {
gnutls_free(signature->data);
+ RETRY_CHECK(rv, key->info.label);
gnutls_assert();
return GNUTLS_E_PK_SIGN_FAILED;
}
diff --git a/src/common.c b/src/common.c
index 753d9a3..e931dc2 100644
--- a/src/common.c
+++ b/src/common.c
@@ -886,9 +886,25 @@ int len;
return 0;
}
+static int token_callback(void* user, const char* label, const unsigned retry)
+{
+char buf[32];
+char *p;
+
+ if (retry > 0) {
+ fprintf(stderr, "Could not find token %s\n", label);
+ return -1;
+ }
+ printf("Please insert token '%s' in slot and press enter\n", label);
+ p = fgets(buf, sizeof(buf), stdin);
+
+ return 0;
+}
+
void pkcs11_common(void)
{
gnutls_pkcs11_set_pin_function (pin_callback, NULL);
+ gnutls_pkcs11_set_token_function(token_callback, NULL);
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, new, updated. gnutls_2_9_10-34-g9872e88,
Nikos Mavrogiannopoulos <=