diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-22 14:41:32 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-02-22 15:19:05 +0100 |
commit | 0466b2eea9a955523a5a1666eb6795f5812a3481 (patch) | |
tree | 513a39ae9ddf534f28faa4350f999530579598f2 | |
parent | 648b2e815a999bccb8230f3ae5fd90ba4a008cb5 (diff) | |
download | gnutls-0466b2eea9a955523a5a1666eb6795f5812a3481.tar.gz |
Use p11_kit_uri_get_pin_value() if available in p11-kit
This allows parsing the pin-value attribute of the PKCS#11 URI.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | configure.ac | 3 | ||||
-rw-r--r-- | lib/pkcs11.c | 20 |
2 files changed, 23 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 0840042776..c9c9fdc968 100644 --- a/configure.ac +++ b/configure.ac @@ -447,6 +447,9 @@ if test "$with_p11_kit" != "no"; then if ! $PKG_CONFIG --atleast-version=0.22.0 p11-kit-1; then with_buggy_p11_kit=yes fi + if $PKG_CONFIG --atleast-version=0.23.1 p11-kit-1; then + AC_DEFINE([P11_KIT_HAS_PIN_VALUE], 1, [p11-kit supports p11_kit_uri_get_pin_value()]) + fi else with_p11_kit=no AC_MSG_WARN([[ diff --git a/lib/pkcs11.c b/lib/pkcs11.c index f5cf99d658..26d88e51a8 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2367,6 +2367,25 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info, *pin = NULL; +#ifdef P11_KIT_HAS_PIN_VALUE + /* First check for pin-value field */ + pinfile = p11_kit_uri_get_pin_value(info); + if (pinfile != NULL) { + _gnutls_debug_log("p11: Using pin-value to retrieve PIN\n"); + *pin = p11_kit_pin_new_for_string(pinfile); + if (*pin != NULL) + ret = 0; + } else { /* try pin-source */ + /* Check if a pinfile is specified, and use that if possible */ + pinfile = p11_kit_uri_get_pin_source(info); + if (pinfile != NULL) { + _gnutls_debug_log("p11: Using pin-source to retrieve PIN\n"); + ret = + retrieve_pin_from_source(pinfile, token_info, attempts, + user_type, pin); + } + } +#else /* Check if a pinfile is specified, and use that if possible */ pinfile = p11_kit_uri_get_pinfile(info); if (pinfile != NULL) { @@ -2375,6 +2394,7 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info, retrieve_pin_from_source(pinfile, token_info, attempts, user_type, pin); } +#endif /* The global gnutls pin callback */ if (ret < 0) |