@@ -6973,8 +6973,8 @@ int WP11_Slot_IsLoggedIn(WP11_Slot* slot)
69736973
69746974void WP11_Slot_Logout (WP11_Slot * slot )
69756975{
6976- int state ;
69776976#ifndef WOLFPKCS11_NO_STORE
6977+ int state ;
69786978 int ret = 0 ;
69796979#endif
69806980
@@ -6988,15 +6988,9 @@ void WP11_Slot_Logout(WP11_Slot* slot)
69886988 ret = wp11_Object_Encode (object , 1 );
69896989 object = object -> next ;
69906990 }
6991- }
6992- #else
6993- state = slot -> token .loginState ;
6994- #endif
6995- /* Zero token key only on user logout — SO logout must preserve it
6996- * for subsequent object encryption (e.g., empty-PIN flow). */
6997- if (state == WP11_APP_STATE_RO_USER || state == WP11_APP_STATE_RW_USER ) {
69986991 wc_ForceZero (slot -> token .key , sizeof (slot -> token .key ));
69996992 }
6993+ #endif
70006994 slot -> token .loginState = WP11_APP_STATE_RW_PUBLIC ;
70016995
70026996 WP11_Lock_UnlockRW (& slot -> lock );
@@ -9196,14 +9190,16 @@ int WP11_Object_Find(WP11_Session* session, CK_OBJECT_HANDLE objHandle,
91969190 * module without calling C_Login. */
91979191 if ((obj -> opFlag & WP11_FLAG_PRIVATE ) == WP11_FLAG_PRIVATE ) {
91989192 int loginState ;
9193+ int hasEmptyPin ;
91999194 WP11_Lock_LockRO (& session -> slot -> lock );
92009195 loginState = session -> slot -> token .loginState ;
9201- if (!WP11_Slot_Has_Empty_Pin (session -> slot ) &&
9196+ WP11_Lock_UnlockRO (& session -> slot -> lock );
9197+ hasEmptyPin = WP11_Slot_Has_Empty_Pin (session -> slot );
9198+ if (!hasEmptyPin &&
92029199 (loginState == WP11_APP_STATE_RW_PUBLIC ||
92039200 loginState == WP11_APP_STATE_RO_PUBLIC )) {
92049201 ret = BAD_FUNC_ARG ;
92059202 }
9206- WP11_Lock_UnlockRO (& session -> slot -> lock );
92079203 }
92089204#endif
92099205 if (ret == 0 )
0 commit comments