From 31cb70bdbc477c03fe217e5adaae89cd7cab6e18 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Mon, 16 Apr 2012 18:41:00 +0200
Subject: If a callback fails try the other.

---
 NEWS         |  3 ++-
 lib/pkcs11.c | 19 +++++++++++--------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/NEWS b/NEWS
index 37f2015fee..59ec92eb2a 100644
--- a/NEWS
+++ b/NEWS
@@ -6,7 +6,8 @@ See the end for copying conditions.
 Version 2.12.19 (unreleased)
 
 ** libgnutls: When decoding a PKCS #11 URL the pin-source field
-is assumed to be a file that stores the pin.
+is assumed to be a file that stores the pin. Based on patch
+by David Smith.
 
 ** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
 
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 074186c519..59cf686320 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1899,7 +1899,7 @@ retrieve_pin_for_callback (struct ck_token_info *token_info, int attempts,
   *pin = p11_kit_pin_new_for_string (pin_value);
   
   if (*pin == NULL)
-    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+    return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
   return 0;
 }
@@ -1909,29 +1909,32 @@ retrieve_pin (struct p11_kit_uri *info, struct ck_token_info *token_info,
               int attempts, ck_user_type_t user_type, struct p11_kit_pin **pin)
 {
   const char *pinfile;
+  int ret = GNUTLS_E_PKCS11_PIN_ERROR;
 
   *pin = NULL;
 
   /* Check if a pinfile is specified, and use that if possible */
   pinfile = p11_kit_uri_get_pinfile (info);
-  if (pinfile != NULL && attempts == 0)
+  if (pinfile != NULL)
     {
       _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
-      return retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin);
+      ret = retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin);
     }
 
   /* The global gnutls pin callback */
-  else if (pin_func)
-    return retrieve_pin_for_callback (token_info, attempts, user_type, pin);
+  if (pin_func && ret < 0)
+    ret = retrieve_pin_for_callback (token_info, attempts, user_type, pin);
 
   /* Otherwise, PIN entry is necessary for login, so fail if there's
    * no callback. */
-  else
+  
+  if (ret < 0)
     {
       gnutls_assert ();
-      _gnutls_debug_log ("pk11: No pin callback but login required.\n");
-      return GNUTLS_E_PKCS11_ERROR;
+      _gnutls_debug_log ("pk11: No suitable pin callback but login required.\n");
     }
+    
+  return ret;
 }
 
 int
-- 
cgit v1.2.1