Use p11_kit_uri_get_pin_value() if available in p11-kit

diff --git a/configure.ac b/configure.ac
index 202ad79f83812df3c19c1f5f96dfb389ddb1e583..441031aaf60ff277288fcce033c091d8d8eef527 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -478,6 +478,9 @@ if test "$with_p11_kit" != "no"; then
                else
                        GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1"
                fi
+               if $PKG_CONFIG --atleast-version=0.23.1 p11-kit; then
+                       AC_DEFINE([P11_KIT_HAS_PIN_VALUE], 1, [p11-kit supports p11_kit_uri_get_pin_value()])
+               fi
        else
                with_p11_kit=no
                AC_MSG_ERROR([[

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index c6431727a2ecb5148de7f11fdfe0616a7b4e8804..1c9f6dfea317aa098fe9de8a61bd57f9adf56c90 100644 (file)
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -2213,13 +2213,26 @@ retrieve_pin(struct pin_info_st *pin_info, struct p11_kit_uri *info,
        if (pin) {
                *pin = NULL;
 
-               /* Check if a pinfile is specified, and use that if possible */
-               pinfile = p11_kit_uri_get_pin_source(info);
+               /* First check for pin-value field */
+#ifdef P11_KIT_HAS_PIN_VALUE
+               pinfile = p11_kit_uri_get_pin_value(info);
+#else
+               pinfile = NULL;
+#endif
                if (pinfile != NULL) {
-                       _gnutls_debug_log("p11: Using pinfile to retrieve PIN\n");
-                       ret =
-                           retrieve_pin_from_source(pinfile, token_info, attempts,
-                                                    user_type, pin);
+                       _gnutls_debug_log("p11: Using pin-value to retrieve PIN\n");
+                       *pin = p11_kit_pin_new_for_string(pinfile);
+                       if (*pin != NULL)
+                               ret = 0;
+               } else { /* try pin-source */
+                       /* Check if a pinfile is specified, and use that if possible */
+                       pinfile = p11_kit_uri_get_pin_source(info);
+                       if (pinfile != NULL) {
+                               _gnutls_debug_log("p11: Using pin-source to retrieve PIN\n");
+                               ret =
+                                   retrieve_pin_from_source(pinfile, token_info, attempts,
+                                                            user_type, pin);
+                       }
                }
        }