Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.0/patches/2197208/?format=api
{ "id": 2197208, "url": "http://patchwork.ozlabs.org/api/1.0/patches/2197208/?format=api", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/1.0/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260217115333.503359-2-Wojciech.Dubowik@mt.com>", "date": "2026-02-17T11:53:27", "name": "[v6,1/6] tools: mkeficapsule: Add support for pkcs11", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "97d0676113624c28317268750ede553444480ef0", "submitter": { "id": 90988, "url": "http://patchwork.ozlabs.org/api/1.0/people/90988/?format=api", "name": "Wojciech Dubowik", "email": "Wojciech.Dubowik@mt.com" }, "delegate": { "id": 3184, "url": "http://patchwork.ozlabs.org/api/1.0/users/3184/?format=api", "username": "sjg", "first_name": "Simon", "last_name": "Glass", "email": "sjg@chromium.org" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260217115333.503359-2-Wojciech.Dubowik@mt.com/mbox/", "series": [ { "id": 492416, "url": "http://patchwork.ozlabs.org/api/1.0/series/492416/?format=api", "date": "2026-02-17T11:53:26", "name": "UEFI Capsule - PKCS11 Support", "version": 6, "mbox": "http://patchwork.ozlabs.org/series/492416/mbox/" } ], "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2197208/checks/", "tags": {}, "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.a=rsa-sha256\n header.s=selector2 header.b=HmM0nk9t;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.b=\"HmM0nk9t\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=fail smtp.mailfrom=Wojciech.Dubowik@mt.com", "dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=mt.com;" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fFdMm707dz1xpl\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 17 Feb 2026 22:53:56 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 6655283D8A;\n\tTue, 17 Feb 2026 12:53:44 +0100 (CET)", "by phobos.denx.de (Postfix, from userid 109)\n id A6B0983AA9; Tue, 17 Feb 2026 12:53:42 +0100 (CET)", "from AM0PR83CU005.outbound.protection.outlook.com\n (mail-westeuropeazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c201::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id A33B483C32\n for <u-boot@lists.denx.de>; Tue, 17 Feb 2026 12:53:40 +0100 (CET)", "from DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13)\n by DBBPR03MB6761.eurprd03.prod.outlook.com (2603:10a6:10:1f4::8) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.16; Tue, 17 Feb\n 2026 11:53:37 +0000", "from DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc]) by DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc%6]) with mapi id 15.20.9611.012; Tue, 17 Feb 2026\n 11:53:37 +0000" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=WJzuTgWHsy50pp3oipS8VED7aAsljCRcpFAYfSS2voXxPWnRz7YrW3gDIcgpTl8bAwD9VwiCbeARi78VmVYBTA4291/QvZRlO56pRIT/mMFibSd7kMGb3xVVKqbwHkDLfevpPgEYbspufYfP3yQVrOP+nI31+pzWWr1EnzRyB9dn/A45amkiveWOMgRoQkUBfo2pP8iRUXYrMWFGLiJl+PeIOO9xrpzNG7O55uDDKRfMTl56ug2bXBhqhlJERx9fLXqVyJnR3YT40TVX18DSZIX/6rB/DbykPnziYXLjbEKidRjev3k1SUidrGZhiXMkdWFN5MRM0MmkXd7gtH+QOg==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=jBwweOlCpZeftZbJuccgdi/1Nkjf80tmWb05ojhdlNM=;\n b=lQ50SC5n3SdOaKvcGLau087w6CKXV1dYY7WAvJYky7KWEF0SS1SShCVmqb1fw1RVYzhkNq7dxevhHevjIUUZqgB4GP1q/dBBqnIOnPa6vldTQo3oOUUugjY5LjeSerdvd1MDa7o1skPEQDr5vPo/0I/wI20xkSezyzxT6AdNur0JygTBV3zTM7cAf4hdr7kZ4D8ZPhMzA10tfzDsU0ab8nuP62JIT2daY1zvf7sBHvrshuVs0XVT6wZ7JE5mSqcHGrqfp402uZnuNt48gtKKYEvjqlg5TqXm/4VggqXng4WHFLBp3VpaEufCrl9GnrCsIYGueAp+59BueD/hg/KFNw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass\n header.d=mt.com; arc=none", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=jBwweOlCpZeftZbJuccgdi/1Nkjf80tmWb05ojhdlNM=;\n b=HmM0nk9tWY7Fd2LTMbJKrtjph9dTiiySg2b6uBLywvQ9FvWP62Hw9qE8sUo+ivmMaHSOxQ+461f6EbcO9639veYbkflevS4b6WFgVw5TsoKOYz4YN/lP3Bc0wRIZBKfgCo3Puq18PfUSrsv6PtogeHC2Y2rzZzb41D6Qmo7mQF+BphA+pgjWShUr+rgffHReRrvKHbVRlH0iQPFN6G2TJGo5SQNrfAwBialpts2Dk8gfyv3dHiA48bvyCz644tyMAdK3As+7LrYQnEmfh11rz2pgVF+wQoa7wt/ePa9y11qenSjQkUufB4FWpwpQzxj7sFhsC00qDwP3Xg8bfF0v1w==", "From": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>", "To": "u-boot@lists.denx.de", "Cc": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>, ilias.apalodimas@linaro.org,\n trini@konsulko.com, simon.glass@canonical.com, quentin.schulz@cherry.de", "Subject": "[PATCH v6 1/6] tools: mkeficapsule: Add support for pkcs11", "Date": "Tue, 17 Feb 2026 12:53:27 +0100", "Message-ID": "<20260217115333.503359-2-Wojciech.Dubowik@mt.com>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260217115333.503359-1-Wojciech.Dubowik@mt.com>", "References": "<20260217115333.503359-1-Wojciech.Dubowik@mt.com>", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-ClientProxiedBy": "ZR0P278CA0116.CHEP278.PROD.OUTLOOK.COM\n (2603:10a6:910:20::13) To DB9PR03MB7180.eurprd03.prod.outlook.com\n (2603:10a6:10:22d::13)", "MIME-Version": "1.0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "DB9PR03MB7180:EE_|DBBPR03MB6761:EE_", "X-MS-Office365-Filtering-Correlation-Id": "6ad36f1b-795a-45ef-f67a-08de6e1b2f4b", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|366016|376014|52116014|1800799024|19092799006|7142099003|38350700014;", "X-Microsoft-Antispam-Message-Info": "\n dJBQTp0MotqMIM7N+e4AWw+2sIVhMtvY4pffEdTrdctFJMiqnuof0Y0qAYWs4v3vdYdsOCbYO9A4ap6eUUMK0Fp9DIqx3K+2eFa+hiz3sKodR0KD/+5LPmSDe/iPphT5k68jPmrBwUrcuRPCGkB9gAEjQQNSZsj7oyNyg5HiIolnILcgvrNKqfTG9ZZGz2Df7ORlQnjG/JKID94YdL2FEJ6MAwg/4AJCtKuMBVpfFcWhAFi7hbTPP73V50DPpys1kUob7clLgpfA/mwNnuj4EpE9kwJFLisIKSf6jSJzq0vhIX6PKFNcOAgnsP5sFQ3thv0l42o5RRYvVEJH76V4F5gy8lTUttp756Y8onpBysG9QWhheYdZ/S+GXI4u/a2h1o7AQ+x0SZgbWWwT/avCWmbf3TJBZ3Osm3GQck0V0MKaNTfH2l19O+PHEVvjx3sp7I7L/57SnMY+NQARiL0UoHr3FuyviEpERo2VtNi6Olo7vHemkYTjyeH53+V7NpjHYKlR2AuHfPxBRFVR72hGkKnlTIRE6xbYvmo4gZaFnmJVJM3qglFcsJCycmDkgf8eoomlTk37FpapK3EOC6aqVjX/GmKoVjHJYpeErie9h3qbDfqVtXx7GT/cS5Y/CrTkAgRT04w6v4FbebfFilcEvDqi8kjlql6FcdwaMMGSFClzzYVYIAT/fP98uzCDPul4jPz867aKRQJ36CiNXCgIXC5MOpBvFo13pQJhzI4XvIKJBLU/kif1AxxXGGgNNtOiJ0PdBy4eLtcHfCmlO4a1+2ZNw4VVEPjv1Ae4ZEBdmlavQe/EicTpaUvwD4sz0uw28PMVcIygNUFR0l79S8960DhwvhrvM7N76X41NyEvEP/gSE2BrnyzN4YkoeQwRPQomFOznO1YV5agNQDZl59qj0RgqViRsujvwK4w+6PV2vkMcIv9D5PwIocgrR3TcZSvEvLxfNYkKr+reagcz7owLd4Hv+xQrpj4Ecx6/9W17xi9d0n2a6grIC2BR1iJDoDwV/hfQgQ0WlzrTT62r8QNvxeRH4k5vHR4z6OP3U/uUkXjjE1JKShMNqgcxLyPjumnYnVdykU8nIAiJK+3Oen04hwQMZtztcqfIm/8cxdaRS56pn36MyglaOO6FlhcJkqhc2kg4iGuM2ik0287Xvtk4jB1aaG+XscoDsWlOwk447KT1HacUfz/fRfdIsTNGKUZmfHCW16qt8Pw86btztLkoCtEZXXYXeyKlLZb0YfGJYioTNsYSPbQG41WRt5m0ZzZ8Gm45A7sNvlYOw0VbNX7Dvcp46pVGnT0n8U5MWeW+BKNbQ9eUpxD1lUESO8YgUqa65KQ/KsHb6/PbLv40MQP7/3a4bIKxC7nAxo64345LBS+NG+XcvX6/9flWwd18G9HwZ8RT9RRkg6+GdSXBT47uQOoHeTmNSUIilc19MCJX7xYOpTZ9xNkPQbm4kwhOB7ptl3iWrJttrP7GgA0LgVlAcDKA8mXykEJI4sKvIL87OGgwa7yCqV3jyZ4uH7aM9cOjr1B9v5RfdKntvw2T45SZ+rEkPnVClelw8XaURyNylRyOL4NIIgHizaxCsqkCcnJC/qORKDoD1nKbSRa43ss0ZDDLLNb3lmS35r0LR2ubU0=", "X-Forefront-Antispam-Report": "CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DB9PR03MB7180.eurprd03.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(366016)(376014)(52116014)(1800799024)(19092799006)(7142099003)(38350700014);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n hRSxhp4BOXrwNyl5zzLnKcwWj2jQ7tCnVIH2EKz4r6ncuhs6TBl/FuQgXVqzrlKuvz59mpbYJrfU63nfKAoZEyI3Ytwy/v6wPxonI2REKe71NCvDZ4NYnqBQaAMFjVf8boOb4lY95Y2j/k2ISVtGqzA6LxrlVGQnRI4JkIEYBqWNuD/JRSkxHHDCqb+t1fsDrUcOaI0KUu3QqpQY4EQhmHkzo1gqy5F8VIMmdHskgtvxpIORqY3Ol1EMylxx6HfeDnkKQFvaK3LEW2YS02W/OiuqsSGKUks3Z1Bvg4Uw9eOnTI/21ER0rymKFrrc1tYsnyUtSzhHP8zJc+k+mE27BULD4q0BQGXE4y+gDl7hdtQAOkk9sOqFe8kDZHWaa3XzVtfTwnCmOamXV3BFvmAD8OFIuqt9nV4ic3+U7N3zHfdhOqR19yQVPkxaHVh2VjEjKrPt4jSz3GOPpDeKMo8Jh0Wb3wP1+GTvpnHRerch+HEaxyPHNUBDk6AFf07UA3tUZ6t7UEfBAhGP9cvpDsBFf6FXgJpIZoelt3OF3SFNjUt0YuQZbEqWmhlJeM5FYp7j1hZWh9aKbfK3U7E3PBttdrk3Wk/LfAdyOo4vMQ4+de1FF2rjU4ZhmVtkY2+UuxEEt2s+YAB9ps6Qh7sgKjTINjKTFHOx5fMkR5biyr6J2fd9Wgs2EiarzHL8TH2F/AWVuk6hSvekquylopLOcvPLV9hFi9D75qutybq1kQOwNuiJKR/swGptZSZ2X9GGlyVQJXeV8WP5D4GzS+ufKpxmYkjXcNtHQ7Ac15NPX5eHoXCJpHZxthSMfyqeYzCxgizPDhLnns8iySVXGVYiQPeCsep/I2wRSAwGubi54WCr/ILx5llU/Cmk8Uxh2lByFKznu4OpnnLOcBhYO3TuslVyelRQXCpmhEZkVk5jv6BtXxQZlgnuLW+nK+vGgsySGBU0PRMaRerAHS4Kp8pfptvAENGnQ7mjXDjp6FO0VJitmumFxon2be7MzdcnEpz1tfQh2YiHQbveMBYRSWY02rXX8C6EJ1mglG3LM62PUUkv6sk7fNrFUFjfsOmK9iCIaXBtyNNF6zS6tM1jrdG9WMiNLWCghensiS7h+JbD6sYaIxMmeyu0vKvgATAu4k1Ysji0N3y5FGCdfTBTVSmx2AUiizNZmHRKDfg/KmpGD66elnJMs5l5kz5GRwNsRxe4Nih8lOuHOiJO08lwoS1BcfvumqfaA16fLRzHswGdHYxQ0LssoSIxHh87JZoujoe9Ws8iYvH6t3OmoiPTxLKHUO02cldu97hrr8SMfpWsiLzPobqYrPe6umw+AlYyKqDPh52hJ/zZphQHqVOjwsnF5jp8eksfkIiiRWuH7xovb23Fz2MrNew0bbvOVGubOwWQOM+F+GyOWCsI03kpYP6IcyyT/nxNOkrFYldgutfJhSpLvO6mQEdA5Tkv2rU+fbyy7tCZaHP0CWgkoXK0w52Mp2DvYcb+uVKm/OqbDIvxtN2V9ZcrdFYv1hSFoSqufQ41QyZkVEecTf00aSVm9Szpi2SAVhmvuNSDXQKr6M8cq0WM8ukL7e0WX3t3SgpsaD6CicFDPZ4RnW5Ms/opIFHXMZMdQzKTnx1+9naFDlflHTwfUrSCEH5sBr+WlixtRZ1vGpER1mravHXCA9u1Lc71M7USyl+OGmWhOT2zq5WEiv1OFRrSuFf1Fb3wGx/2qLFbsn7ZU0ges6oXtoExXfsnIccm2w==", "X-OriginatorOrg": "mt.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n 6ad36f1b-795a-45ef-f67a-08de6e1b2f4b", "X-MS-Exchange-CrossTenant-AuthSource": "DB9PR03MB7180.eurprd03.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Internal", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "17 Feb 2026 11:53:37.0683 (UTC)", "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted", "X-MS-Exchange-CrossTenant-Id": "fb4c0aee-6cd2-482f-a1a5-717e7c02496b", "X-MS-Exchange-CrossTenant-MailboxType": "HOSTED", "X-MS-Exchange-CrossTenant-UserPrincipalName": "\n LPyyRf6k6ZaF0emcBC/RDkuXt5MgSTyjQbMZs/i9yBzDf51ggs0do60hc9T0Slx7AnMNJYoUFDtnqiOQ2zqUpQ==", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "DBBPR03MB6761", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "With pkcs11 support it's now possible to specify keys\nwith URI format. To use this feature the filename must\nbegin \"pkcs11:..\" and have valid URI pointing to certificate\nand private key in HSM.\n\nThe environment variable PKCS11_MODULE_PATH must point to the\nright pkcs11 provider i.e. with softhsm:\nexport PKCS11_MODULE_PATH=<path>/libsofthsm2.so\n\nExample command line:\ntools/mkeficapsule --monotonic-count 1 \\\n --private-key \"pkcs11:token=EX;object=capsule;type=private;pin-source=pin.txt\" \\\n --certificate \"pkcs11:token=EX;object=capsule;type=cert;pin-source=pin.txt\" \\\n --index 1 \\\n --guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX \\\n \"capsule-payload\" \\\n \"capsule.cap\"\n\nSigned-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>\nReviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>\n---\n tools/mkeficapsule.c | 110 +++++++++++++++++++++++++++++++++----------\n 1 file changed, 84 insertions(+), 26 deletions(-)", "diff": "diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c\nindex 0f41cdb64f54..a0ee76295a1a 100644\n--- a/tools/mkeficapsule.c\n+++ b/tools/mkeficapsule.c\n@@ -228,21 +228,54 @@ static int create_auth_data(struct auth_context *ctx)\n \tgnutls_pkcs7_t pkcs7;\n \tgnutls_datum_t data;\n \tgnutls_datum_t signature;\n+\tgnutls_pkcs11_obj_t *obj_list;\n+\tunsigned int obj_list_size = 0;\n+\tconst char *lib;\n \tint ret;\n+\tbool pkcs11_cert = false;\n+\tbool pkcs11_key = false;\n \n-\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n-\tif (ret < 0)\n-\t\treturn -1;\n-\tif (file_size > UINT_MAX)\n-\t\treturn -1;\n-\tcert.size = file_size;\n+\tif (!strncmp(ctx->cert_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n+\t\tpkcs11_cert = true;\n \n-\tret = read_bin_file(ctx->key_file, &key.data, &file_size);\n-\tif (ret < 0)\n-\t\treturn -1;\n-\tif (file_size > UINT_MAX)\n-\t\treturn -1;\n-\tkey.size = file_size;\n+\tif (!strncmp(ctx->key_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n+\t\tpkcs11_key = true;\n+\n+\tif (pkcs11_cert || pkcs11_key) {\n+\t\tlib = getenv(\"PKCS11_MODULE_PATH\");\n+\t\tif (!lib) {\n+\t\t\tfprintf(stdout,\n+\t\t\t\t\"PKCS11_MODULE_PATH not set in the environment\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tgnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);\n+\t\tgnutls_global_init();\n+\n+\t\tret = gnutls_pkcs11_add_provider(lib, \"trusted\");\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stdout, \"Failed to add pkcs11 provider\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\t}\n+\n+\tif (!pkcs11_cert) {\n+\t\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n+\t\tif (ret < 0)\n+\t\t\treturn -1;\n+\t\tif (file_size > UINT_MAX)\n+\t\t\treturn -1;\n+\t\tcert.size = file_size;\n+\t}\n+\n+\tif (!pkcs11_key) {\n+\t\tret = read_bin_file(ctx->key_file, &key.data, &file_size);\n+\t\tif (ret < 0)\n+\t\t\treturn -1;\n+\t\tif (file_size > UINT_MAX)\n+\t\t\treturn -1;\n+\t\tkey.size = file_size;\n+\t}\n \n \t/*\n \t * For debugging,\n@@ -265,22 +298,42 @@ static int create_auth_data(struct auth_context *ctx)\n \t\treturn -1;\n \t}\n \n-\t/* load a private key */\n-\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n-\t\t\t\t\t 0, 0);\n-\tif (ret < 0) {\n-\t\tfprintf(stderr,\n-\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n-\t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t/* load x509 certificate */\n+\tif (pkcs11_cert) {\n+\t\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n+\t\t\t\t\t\t\t ctx->cert_file, 0);\n+\t\tif (ret < 0 || obj_list_size == 0) {\n+\t\t\tfprintf(stdout, \"Failed to import crt_file URI objects\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tgnutls_x509_crt_import_pkcs11(x509, obj_list[0]);\n+\t} else {\n+\t\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n-\t/* load x509 certificate */\n-\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n-\tif (ret < 0) {\n-\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n-\t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t/* load a private key */\n+\tif (pkcs11_key) {\n+\t\tret = gnutls_privkey_import_pkcs11_url(pkey, ctx->key_file);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in %d: %s\\n\", __LINE__,\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n+\t} else {\n+\t\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n+\t\t\t\t\t\t 0, 0);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr,\n+\t\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n \t/* generate a PKCS #7 structure */\n@@ -349,6 +402,11 @@ static int create_auth_data(struct auth_context *ctx)\n \t * gnutls_free(signature.data);\n \t */\n \n+\tif (pkcs11_cert || pkcs11_key) {\n+\t\tgnutls_global_deinit();\n+\t\tgnutls_pkcs11_deinit();\n+\t}\n+\n \treturn 0;\n }\n \n", "prefixes": [ "v6", "1/6" ] }