cleaned up the PIN calling in TPM

5 files changed, 26 insertions, 10 deletions

diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi
index dd0de07ec9..eead0001d5 100644
--- a/doc/cha-tokens.texi
+++ b/doc/cha-tokens.texi
@@ -406,7 +406,10 @@ tpmkey:file=/path/to/file
 @end verbatim
 
 When objects require a PIN to be accessed the same callbacks as with PKCS #11
-objects are expected (see @ref{Accessing objects that require a PIN}).
+objects are expected (see @ref{Accessing objects that require a PIN}). Note
+that the PIN function may be called multiple times to unlock the SRK and
+the specific key in use. The label in the key function will then be set to
+`SRK' when unlocking the SRK key, or to `TPM' when unlocking any other key.
 
 @node Key generation
 @subsection Key generation
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index cfcdf351d5..5b7d47e465 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -177,7 +177,7 @@ gnutls_transport_set_int2 (gnutls_session_t session,
  * 
  **/
 void
-gnutls_transport_set_ptr (gnutls_session_t session, int i)
+gnutls_transport_set_int (gnutls_session_t session, int i)
 {
   session->internals.transport_recv_ptr = (gnutls_transport_ptr_t)(long)i;
   session->internals.transport_send_ptr = (gnutls_transport_ptr_t)(long)i;
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index bb36b1bcaf..872e4fdca0 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1409,7 +1409,10 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
                                            const giovec_t * iov, int iovcnt);
 
   typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
-  
+
+/* This will be defined as macro.
+  void gnutls_transport_set_int (gnutls_session_t session, int r);
+ */
   void gnutls_transport_set_int2 (gnutls_session_t session, int r, int s);
   #define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
   
diff --git a/lib/tpm.c b/lib/tpm.c
index 7a06963e49..815457a433 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -194,23 +194,29 @@ int ret;
   if (uuid)
     {
       if (memcmp(uuid, &srk_uuid, sizeof(TSS_UUID)) == 0)
-        label = "SRK";
+        {
+          label = "SRK";
+
+          ret = encode_tpmkey_url(&url, uuid, storage);
+          if (ret < 0)
+            return gnutls_assert_val(ret);
+        }
       else
         {
+          label = "TPM";
+
           ret = encode_tpmkey_url(&url, uuid, storage);
           if (ret < 0)
             return gnutls_assert_val(ret);
-          
-          label = url;
         }
     }
   else
     label = "unknown";
 
   if (pin_info && pin_info->cb)
-    ret = pin_info->cb(pin_info->data, attempts, "TPM", label, flags, pin, pin_size);
+    ret = pin_info->cb(pin_info->data, attempts, url, label, flags, pin, pin_size);
   else if (_gnutls_pin_func)
-    ret = _gnutls_pin_func(_gnutls_pin_data, attempts, "TPM", label, flags, pin, pin_size);
+    ret = _gnutls_pin_func(_gnutls_pin_data, attempts, url, label, flags, pin, pin_size);
   else
     ret = gnutls_assert_val(GNUTLS_E_TPM_KEY_PASSWORD_ERROR); /* doesn't really matter */
 
diff --git a/src/common.c b/src/common.c
index 412e776dc8..6a6ede25cf 100644
--- a/src/common.c
+++ b/src/common.c
@@ -984,7 +984,7 @@ pin_callback (void *user, int attempt, const char *token_url,
     
   if (cache > 0 && cached_url != NULL)
     {
-      if (strcmp (cached_url, token_url) == 0)
+      if (token_url != NULL && strcmp (cached_url, token_url) == 0)
         {
           if (strlen(pin) >= sizeof(cached_pin))
             {
@@ -1016,7 +1016,11 @@ pin_callback (void *user, int attempt, const char *token_url,
   /* cache */
   strcpy (cached_pin, pin);
   free (cached_url);
-  cached_url = strdup (token_url);
+  if (token_url)
+    cached_url = strdup (token_url);
+  else
+    cached_url = NULL;
+
   cache = MAX_CACHE_TRIES;
 
   return 0;