diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-04-16 18:41:00 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-04-16 18:42:58 +0200 |
| commit | 31cb70bdbc477c03fe217e5adaae89cd7cab6e18 (patch) | |
| tree | 46bb74c504099aeeb9f34be210e60c72380b71ae | |
| parent | 3693c0c474c85e363a3949aa8d70e9cee0de59bf (diff) | |
| download | gnutls-31cb70bdbc477c03fe217e5adaae89cd7cab6e18.tar.gz | |
If a callback fails try the other.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | lib/pkcs11.c | 19 |
2 files changed, 13 insertions, 9 deletions
@@ -6,7 +6,8 @@ See the end for copying conditions. Version 2.12.19 (unreleased) ** libgnutls: When decoding a PKCS #11 URL the pin-source field -is assumed to be a file that stores the pin. +is assumed to be a file that stores the pin. Based on patch +by David Smith. ** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release). diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 074186c519..59cf686320 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -1899,7 +1899,7 @@ retrieve_pin_for_callback (struct ck_token_info *token_info, int attempts, *pin = p11_kit_pin_new_for_string (pin_value); if (*pin == NULL) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); return 0; } @@ -1909,29 +1909,32 @@ retrieve_pin (struct p11_kit_uri *info, struct ck_token_info *token_info, int attempts, ck_user_type_t user_type, struct p11_kit_pin **pin) { const char *pinfile; + int ret = GNUTLS_E_PKCS11_PIN_ERROR; *pin = NULL; /* Check if a pinfile is specified, and use that if possible */ pinfile = p11_kit_uri_get_pinfile (info); - if (pinfile != NULL && attempts == 0) + if (pinfile != NULL) { _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n"); - return retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin); + ret = retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin); } /* The global gnutls pin callback */ - else if (pin_func) - return retrieve_pin_for_callback (token_info, attempts, user_type, pin); + if (pin_func && ret < 0) + ret = retrieve_pin_for_callback (token_info, attempts, user_type, pin); /* Otherwise, PIN entry is necessary for login, so fail if there's * no callback. */ - else + + if (ret < 0) { gnutls_assert (); - _gnutls_debug_log ("pk11: No pin callback but login required.\n"); - return GNUTLS_E_PKCS11_ERROR; + _gnutls_debug_log ("pk11: No suitable pin callback but login required.\n"); } + + return ret; } int |