Find key objects properly. Don't error when a certificate doesn't have a key object backing it.

2 files changed, 18 insertions, 2 deletions

diff --git a/ckcapi-key.c b/ckcapi-key.c
index 88e769e..d36a4c9 100644
--- a/ckcapi-key.c
+++ b/ckcapi-key.c
@@ -898,12 +898,18 @@ find_certificate_key(CkCapiSession* session, CK_OBJECT_CLASS cls,
 	KeyObjectData kdata;
 	CkCapiObject* obj;
 	DWORD prov_length;
-	CK_RV ret;
+	DWORD error;
+	CK_RV ret = CKR_OK;
 
 	/* Look up the key provider info and identifier */
 	if(!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &prov_length) ||
 	   !CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, NULL, &key_identifier.cbData))
-		return ckcapi_winerr_to_ckr(GetLastError());
+	{
+		error = GetLastError();
+		if(error == CRYPT_E_NOT_FOUND)
+			return CKR_OK;
+		return ckcapi_winerr_to_ckr(error);
+	}
 
 	/* We own the info memory */
 	prov_info = malloc(prov_length);
@@ -949,6 +955,10 @@ find_certificate_key(CkCapiSession* session, CK_OBJECT_CLASS cls,
 			}
 		}
 	}
+	else
+	{
+		ret = ckcapi_winerr_to_ckr(GetLastError());
+	}
 
 	if(key_identifier.pbData)
 		free(key_identifier.pbData);
diff --git a/ckcapi-session.c b/ckcapi-session.c
index 6142760..1fdb07e 100644
--- a/ckcapi-session.c
+++ b/ckcapi-session.c
@@ -22,6 +22,7 @@
 #include "ckcapi.h"
 #include "ckcapi-builtin.h"
 #include "ckcapi-cert.h"
+#include "ckcapi-key.h"
 #include "ckcapi-object.h"
 #include "ckcapi-rsa.h"
 #include "ckcapi-session.h"
@@ -614,6 +615,11 @@ gather_objects(CkCapiSession* sess, CK_ATTRIBUTE_PTR match,
 	if(ret != CKR_OK)
 		return ret;
 
+	/* Search through key objects */
+	ret = ckcapi_key_find(sess, ocls, match, count, arr);
+	if(ret != CKR_OK)
+		return ret;
+
 	return ret;
 }