From 0466b2eea9a955523a5a1666eb6795f5812a3481 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 22 Feb 2017 14:41:32 +0100 Subject: Use p11_kit_uri_get_pin_value() if available in p11-kit This allows parsing the pin-value attribute of the PKCS#11 URI. Signed-off-by: Nikos Mavrogiannopoulos --- configure.ac | 3 +++ lib/pkcs11.c | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/configure.ac b/configure.ac index 0840042776..c9c9fdc968 100644 --- a/configure.ac +++ b/configure.ac @@ -447,6 +447,9 @@ if test "$with_p11_kit" != "no"; then if ! $PKG_CONFIG --atleast-version=0.22.0 p11-kit-1; then with_buggy_p11_kit=yes fi + if $PKG_CONFIG --atleast-version=0.23.1 p11-kit-1; then + AC_DEFINE([P11_KIT_HAS_PIN_VALUE], 1, [p11-kit supports p11_kit_uri_get_pin_value()]) + fi else with_p11_kit=no AC_MSG_WARN([[ diff --git a/lib/pkcs11.c b/lib/pkcs11.c index f5cf99d658..26d88e51a8 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2367,6 +2367,25 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info, *pin = NULL; +#ifdef P11_KIT_HAS_PIN_VALUE + /* First check for pin-value field */ + pinfile = p11_kit_uri_get_pin_value(info); + if (pinfile != NULL) { + _gnutls_debug_log("p11: Using pin-value to retrieve PIN\n"); + *pin = p11_kit_pin_new_for_string(pinfile); + if (*pin != NULL) + ret = 0; + } else { /* try pin-source */ + /* Check if a pinfile is specified, and use that if possible */ + pinfile = p11_kit_uri_get_pin_source(info); + if (pinfile != NULL) { + _gnutls_debug_log("p11: Using pin-source to retrieve PIN\n"); + ret = + retrieve_pin_from_source(pinfile, token_info, attempts, + user_type, pin); + } + } +#else /* Check if a pinfile is specified, and use that if possible */ pinfile = p11_kit_uri_get_pinfile(info); if (pinfile != NULL) { @@ -2375,6 +2394,7 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info, retrieve_pin_from_source(pinfile, token_info, attempts, user_type, pin); } +#endif /* The global gnutls pin callback */ if (ret < 0) -- cgit v1.2.1