diff options
| author | Rob Austein <sra@hactrn.net> | 2017-05-30 18:54:41 -0400 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2017-05-30 18:54:41 -0400 |
| commit | f3a7d2993b46e981208ac68996db609a31d80163 (patch) | |
| tree | e32e9fbbfcc1017d8755fc8aeab67dc288cd5e0e /rpc_pkey.c | |
| parent | ade02ebabf88481bc763ea6a9b2f97e87f0a6210 (diff) | |
| parent | 358b3803cdedad607cf649221d0b7e3ce66b45f2 (diff) | |
Merge branch 'logout' into ks9
The internal keystore API has changed enough since where the "logout"
branch forked that a plain merge would have no prayer of compiling,
must less running. So this merge goes well beyond manual conflict
resolution: it salvages the useful code from the "logout" branch, with
additional code as needed to reimplement the functionality. Sorry.
Diffstat (limited to 'rpc_pkey.c')
| -rw-r--r-- | rpc_pkey.c | 26 |
1 files changed, 26 insertions, 0 deletions
@@ -129,6 +129,32 @@ static inline hal_pkey_slot_t *find_handle(const hal_pkey_handle_t handle) } /* + * Clean up key state associated with a client when logging out. + */ + +hal_error_t hal_pkey_logout(const hal_client_handle_t client) +{ + if (client.handle == HAL_HANDLE_NONE) + return HAL_OK; + + hal_error_t err; + + if ((err = hal_ks_logout(hal_ks_volatile, client)) != HAL_OK || + (err = hal_ks_logout(hal_ks_token, client)) != HAL_OK) + return err; + + hal_critical_section_start(); + + for (int i = 0; i < sizeof(pkey_slot)/sizeof(*pkey_slot); i++) + if (pkey_slot[i].pkey.handle == client.handle) + memset(&pkey_slot[i], 0, sizeof(pkey_slot[i])); + + hal_critical_section_end(); + + return HAL_OK; +} + +/* * Access rules are a bit complicated, mostly due to PKCS #11. * * The simple, obvious rule would be that one must be logged in as |