[pkg-opensc-commit] [pkcs11-helper] 56/60: Certificate session cleanups

Eric Dorland eric at moszumanska.debian.org
Fri Jan 6 23:39:46 UTC 2017


This is an automated email from the git hooks/post-receive script.

eric pushed a commit to tag pkcs11-helper-1.02
in repository pkcs11-helper.

commit 4cf8e1e387093266c1cfbf8c1541ca09ce6f0d6a
Author: alonbl <alonbl at 485eb718-1723-0410-b8a9-88cf21a28c35>
Date:   Sun Dec 24 20:47:04 2006 +0000

    Certificate session cleanups
---
 lib/_pkcs11h-certificate.h |  20 ++++++
 lib/_pkcs11h-core.h        |  25 --------
 lib/pkcs11h-certificate.c  | 148 +++++++++++++++++++++------------------------
 3 files changed, 90 insertions(+), 103 deletions(-)

diff --git a/lib/_pkcs11h-certificate.h b/lib/_pkcs11h-certificate.h
index c472217..e01bcee 100644
--- a/lib/_pkcs11h-certificate.h
+++ b/lib/_pkcs11h-certificate.h
@@ -59,6 +59,26 @@
 #include "_pkcs11h-core.h"
 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
 
+struct pkcs11h_certificate_s {
+
+	pkcs11h_certificate_id_t id;
+	int pin_cache_period;
+
+	unsigned mask_private_mode;
+
+	_pkcs11h_session_t session;
+	CK_OBJECT_HANDLE key_handle;
+
+	PKCS11H_BOOL operation_active;
+
+#if defined(ENABLE_PKCS11H_THREADING)
+	_pkcs11h_mutex_t mutex;
+#endif
+
+	unsigned mask_prompt;
+	void * user_data;
+};
+
 PKCS11H_BOOL
 _pkcs11h_certificate_isBetterCertificate (
 	IN const unsigned char * const current,
diff --git a/lib/_pkcs11h-core.h b/lib/_pkcs11h-core.h
index 051614a..ab6ef68 100644
--- a/lib/_pkcs11h-core.h
+++ b/lib/_pkcs11h-core.h
@@ -159,31 +159,6 @@ struct _pkcs11h_session_s {
 #endif
 };
 
-#if defined (ENABLE_PKCS11H_CERTIFICATE)
-
-struct pkcs11h_certificate_s {
-
-	pkcs11h_certificate_id_t id;
-	int pin_cache_period;
-	PKCS11H_BOOL pin_cache_populated_to_session;
-
-	unsigned mask_private_mode;
-
-	_pkcs11h_session_t session;
-	CK_OBJECT_HANDLE key_handle;
-
-	PKCS11H_BOOL operation_active;
-
-#if defined(ENABLE_PKCS11H_THREADING)
-	_pkcs11h_mutex_t mutex;
-#endif
-
-	unsigned mask_prompt;
-	void * user_data;
-};
-
-#endif				/* ENABLE_PKCS11H_CERTIFICATE */
-
 struct _pkcs11h_data_s {
 	PKCS11H_BOOL initialized;
 	int pin_cache_period;
diff --git a/lib/pkcs11h-certificate.c b/lib/pkcs11h-certificate.c
index 1800eec..7364693 100644
--- a/lib/pkcs11h-certificate.c
+++ b/lib/pkcs11h-certificate.c
@@ -346,6 +346,10 @@ __pkcs11h_certificate_loadCertificate (
 		goto cleanup;
 	}
 
+	if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id)) != CKR_OK) {
+		goto cleanup;
+	}
+
 	rv = CKR_OK;
 
 cleanup:
@@ -615,11 +619,6 @@ _pkcs11h_certificate_validateSession (
 		(void *)certificate
 	);
 
-	if (certificate->session == NULL) {
-		rv = CKR_SESSION_HANDLE_INVALID;
-		goto cleanup;
-	}
-
 	if ((rv = _pkcs11h_session_validate (certificate->session)) != CKR_OK) {
 		goto cleanup;
 	}
@@ -670,17 +669,6 @@ _pkcs11h_certificate_resetSession (
 		session_mutex_locked ? 1 : 0
 	);
 
-	if (certificate->session == NULL) {
-		if (
-			(rv = _pkcs11h_session_getSessionByTokenId (
-				certificate->id->token_id,
-				&certificate->session
-			)) != CKR_OK
-		) {
-			goto cleanup;
-		}
-	}
-
 #if defined(ENABLE_PKCS11H_THREADING)
 	if (!session_mutex_locked) {
 		if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
@@ -690,30 +678,6 @@ _pkcs11h_certificate_resetSession (
 	}
 #endif
 
-	if (!certificate->pin_cache_populated_to_session) {
-		certificate->pin_cache_populated_to_session = TRUE;
-
-		if (certificate->pin_cache_period != PKCS11H_PIN_CACHE_INFINITE) {
-			if (certificate->session->pin_cache_period != PKCS11H_PIN_CACHE_INFINITE) {
-				if (certificate->session->pin_cache_period > certificate->pin_cache_period) {
-					certificate->session->pin_expire_time = (
-						certificate->session->pin_expire_time -
-						(time_t)certificate->session->pin_cache_period +
-						(time_t)certificate->pin_cache_period
-					);
-					certificate->session->pin_cache_period = certificate->pin_cache_period;
-				}
-			}
-			else {
-				certificate->session->pin_expire_time = (
-					_g_pkcs11h_sys_engine.time () +
-					(time_t)certificate->pin_cache_period
-				);
-				certificate->session->pin_cache_period = certificate->pin_cache_period;
-			}
-		}	
-	}
-
 	/*
 	 * First, if session seems to be valid
 	 * and key handle is invalid (hard-set),
@@ -774,10 +738,6 @@ _pkcs11h_certificate_resetSession (
 		}
 	}
 
-	if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id)) != CKR_OK) {
-		goto cleanup;
-	}
-
 	if (!public_only && certificate->key_handle == _PKCS11H_INVALID_OBJECT_HANDLE) {
 		if (
 			(rv = _pkcs11h_session_getObjectById (
@@ -1224,6 +1184,10 @@ pkcs11h_certificate_setCertificateIdCertificateBlob (
 		goto cleanup;
 	}
 
+	if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate_id)) != CKR_OK) {
+		goto cleanup;
+	}
+
 	rv = CKR_OK;
 
 cleanup:
@@ -1254,9 +1218,12 @@ pkcs11h_certificate_freeCertificate (
 	if (certificate != NULL) {
 		if (certificate->session != NULL) {
 			_pkcs11h_session_release (certificate->session);
+			certificate->session = NULL;
+		}
+		if (certificate->id != NULL) {
+			pkcs11h_certificate_freeCertificateId (certificate->id);
+			certificate->id = NULL;
 		}
-		pkcs11h_certificate_freeCertificateId (certificate->id);
-		certificate->id = NULL;
 
 #if defined(ENABLE_PKCS11H_THREADING)
 		_pkcs11h_threading_mutexFree (&certificate->mutex);
@@ -1284,17 +1251,6 @@ pkcs11h_certificate_lockSession (
 	_PKCS11H_ASSERT (_g_pkcs11h_data->initialized);
 	_PKCS11H_ASSERT (certificate!=NULL);
 
-	if (certificate->session == NULL) {
-		if (
-			(rv = _pkcs11h_session_getSessionByTokenId (
-				certificate->id->token_id,
-				&certificate->session
-			)) != CKR_OK
-		) {
-			goto cleanup;
-		}
-	}
-
 	if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
 		goto cleanup;
 	}
@@ -1821,6 +1777,10 @@ pkcs11h_certificate_create (
 	IN const int pin_cache_period,
 	OUT pkcs11h_certificate_t * const p_certificate
 ) {
+#if defined(ENABLE_PKCS11H_THREADING)
+	PKCS11H_BOOL have_mutex = FALSE;
+	PKCS11H_BOOL mutex_locked = FALSE;
+#endif
 	pkcs11h_certificate_t certificate = NULL;
 	CK_RV rv = CKR_FUNCTION_FAILED;
 
@@ -1854,21 +1814,73 @@ pkcs11h_certificate_create (
 	if ((rv = _pkcs11h_threading_mutexInit (&certificate->mutex)) != CKR_OK) {
 		goto cleanup;
 	}
+	have_mutex = TRUE;
 #endif
 
 	if ((rv = pkcs11h_certificate_duplicateCertificateId (&certificate->id, certificate_id)) != CKR_OK) {
 		goto cleanup;
 	}
 
+	if (
+		(rv = _pkcs11h_session_getSessionByTokenId (
+			certificate->id->token_id,
+			&certificate->session
+		)) != CKR_OK
+	) {
+		goto cleanup;
+	}
+
+#if defined(ENABLE_PKCS11H_THREADING)
+	if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
+		goto cleanup;
+	}
+	mutex_locked = TRUE;
+#endif
+
+	if (certificate->pin_cache_period != PKCS11H_PIN_CACHE_INFINITE) {
+		if (certificate->session->pin_cache_period != PKCS11H_PIN_CACHE_INFINITE) {
+			if (certificate->session->pin_cache_period > certificate->pin_cache_period) {
+				certificate->session->pin_expire_time = (
+					certificate->session->pin_expire_time -
+					(time_t)certificate->session->pin_cache_period +
+					(time_t)certificate->pin_cache_period
+				);
+				certificate->session->pin_cache_period = certificate->pin_cache_period;
+			}
+		}
+	}
+
 	*p_certificate = certificate;
 	certificate = NULL;
 	rv = CKR_OK;
 
 cleanup:
 
+#if defined(ENABLE_PKCS11H_THREADING)
+	if (mutex_locked) {
+		if (certificate != NULL) {
+			_pkcs11h_threading_mutexRelease (&certificate->session->mutex);
+		}
+		else {
+			_pkcs11h_threading_mutexRelease (&(*p_certificate)->session->mutex);
+		}
+		mutex_locked = FALSE;
+	}
+#endif
+
 	if (certificate != NULL) {
+		if (certificate->session != NULL) {
+			_pkcs11h_session_release (certificate->session);
+			certificate->session = NULL;
+		}
+		if (certificate->id != NULL) {
+			pkcs11h_certificate_freeCertificateId (certificate->id);
+			certificate->id = NULL;
+		}
 #if defined(ENABLE_PKCS11H_THREADING)
-		_pkcs11h_threading_mutexFree (&certificate->mutex);
+		if (have_mutex) {
+			_pkcs11h_threading_mutexFree (&certificate->mutex);
+		}
 #endif
 		_pkcs11h_mem_free ((void *)&certificate);
 	}
@@ -2007,11 +2019,6 @@ pkcs11h_certificate_getCertificateBlob (
 		PKCS11H_BOOL login_retry = FALSE;
 
 		while (!op_succeed) {
-			if (certificate->session == NULL) {
-				rv = CKR_SESSION_HANDLE_INVALID;
-				goto retry;
-			}
-
 			if ((rv = __pkcs11h_certificate_loadCertificate (certificate)) != CKR_OK) {
 				goto retry;
 			}
@@ -2042,10 +2049,6 @@ pkcs11h_certificate_getCertificateBlob (
 		goto cleanup;
 	}
 
-	if ((rv = __pkcs11h_certificate_updateCertificateIdDescription (certificate->id)) != CKR_OK) {
-		goto cleanup;
-	}
-
 	*p_certificate_blob_size = certificate->id->certificate_blob_size;
 
 	if (certificate_blob != NULL) {
@@ -2113,11 +2116,6 @@ pkcs11h_certificate_ensureCertificateAccess (
 	if (!validCert) {
 		CK_OBJECT_HANDLE h = _PKCS11H_INVALID_OBJECT_HANDLE;
 
-		if (certificate->session == NULL) {
-			rv = CKR_SESSION_HANDLE_INVALID;
-			goto retry1;
-		}
-
 #if defined(ENABLE_PKCS11H_THREADING)
 		if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
 			goto retry1;
@@ -2224,12 +2222,6 @@ pkcs11h_certificate_ensureKeyAccess (
 #endif
 
 	if (!valid_key) {
-
-		if (certificate->session == NULL) {
-			rv = CKR_SESSION_HANDLE_INVALID;
-			goto retry1;
-		}
-
 #if defined(ENABLE_PKCS11H_THREADING)
 		if ((rv = _pkcs11h_threading_mutexLock (&certificate->session->mutex)) != CKR_OK) {
 			goto retry1;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/pkcs11-helper.git



More information about the pkg-opensc-commit mailing list