PKCS #11 PIN handling fixes.

Added gnutls_x509_crt_set_pin_function() and set the PIN
handling function in gnutls_privkey_import_pkcs11_url().

6 files changed, 35 insertions, 1 deletions

diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 92809b637e..816e941a7d 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -375,6 +375,9 @@ gnutls_privkey_import_pkcs11_url (gnutls_privkey_t key, const char *url)
       gnutls_assert ();
       return ret;
     }
+  
+  if (key->pin.cb)
+    gnutls_pkcs11_privkey_set_pin_function(pkey, key->pin.cb, key->pin.data);
 
   ret = gnutls_pkcs11_privkey_import_url (pkey, url, 0);
   if (ret < 0)
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index 5923aca72a..0ec4f218ca 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -181,6 +181,9 @@ extern "C"
   int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
                                             size_t * buf_size);
 
+  void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
+                                       gnutls_pin_callback_t fn, void *userdata);
+
   /**
    * gnutls_info_access_what_t:
    * @GNUTLS_IA_ACCESSMETHOD_OID: Get accessMethod OID.
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 2bfc2f60e0..19f63c3ce8 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -824,6 +824,7 @@ GNUTLS_3_1_0 {
 	gnutls_pkcs11_obj_set_pin_function;
 	gnutls_pkcs11_privkey_set_pin_function;
 	gnutls_certificate_set_pin_function;
+	gnutls_x509_crt_set_pin_function;
 } GNUTLS_3_0_0;
 
 GNUTLS_PRIVATE {
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index a5a9c92b2a..32f6a8ae1b 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2705,6 +2705,9 @@ gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt,
       gnutls_assert ();
       return ret;
     }
+  
+  if (crt->pin.cb)
+    gnutls_pkcs11_obj_set_pin_function (pcrt, crt->pin.cb, crt->pin.data);
 
   ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
   if (ret < 0)
@@ -2728,7 +2731,6 @@ cleanup:
   return ret;
 }
 
-
 /**
  * gnutls_x509_crt_import_pkcs11:
  * @crt: A certificate of type #gnutls_x509_crt_t
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index ab8bac0bce..1158b4bd68 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -3692,3 +3692,26 @@ gnutls_x509_crt_get_authority_info_access (gnutls_x509_crt_t crt,
 
   return ret;
 }
+
+/**
+ * gnutls_x509_crt_set_pin_function:
+ * @crt: The certificate structure
+ * @fn: the callback
+ * @userdata: data associated with the callback
+ *
+ * This function will set a callback function to be used when
+ * it is required to access a protected object. This function overrides 
+ * the global function set using gnutls_pkcs11_set_pin_function().
+ *
+ * Note that this callback is currently used only during the import
+ * of a PKCS #11 certificate with gnutls_x509_crt_import_pkcs11_url().
+ *
+ * Since: 3.1.0
+ *
+ **/
+void gnutls_x509_crt_set_pin_function (gnutls_x509_crt_t crt,
+                                       gnutls_pin_callback_t fn, void *userdata)
+{
+  crt->pin.cb = fn;
+  crt->pin.data = userdata;
+}
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 3cc18e4bb0..c83edb0fb1 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -58,6 +58,8 @@ typedef struct gnutls_x509_crt_int
 {
   ASN1_TYPE cert;
   int use_extensions;
+  
+  struct pin_info_st pin;
 } gnutls_x509_crt_int;
 
 typedef struct gnutls_x509_crq_int