Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2198584/?format=api
{ "id": 2198584, "url": "http://patchwork.ozlabs.org/api/patches/2198584/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260220091518.180641-2-Wojciech.Dubowik@mt.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260220091518.180641-2-Wojciech.Dubowik@mt.com>", "list_archive_url": null, "date": "2026-02-20T09:15:11", "name": "[v7,1/6] tools: mkeficapsule: Add support for pkcs11", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "97d0676113624c28317268750ede553444480ef0", "submitter": { "id": 90988, "url": "http://patchwork.ozlabs.org/api/people/90988/?format=api", "name": "Wojciech Dubowik", "email": "Wojciech.Dubowik@mt.com" }, "delegate": { "id": 3184, "url": "http://patchwork.ozlabs.org/api/users/3184/?format=api", "username": "sjg", "first_name": "Simon", "last_name": "Glass", "email": "sjg@chromium.org" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260220091518.180641-2-Wojciech.Dubowik@mt.com/mbox/", "series": [ { "id": 492764, "url": "http://patchwork.ozlabs.org/api/series/492764/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=492764", "date": "2026-02-20T09:15:10", "name": "UEFI Capsule - PKCS11 Support", "version": 7, "mbox": "http://patchwork.ozlabs.org/series/492764/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2198584/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2198584/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.a=rsa-sha256\n header.s=selector2 header.b=CziWcOwX;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.b=\"CziWcOwX\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=fail smtp.mailfrom=Wojciech.Dubowik@mt.com", "dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=mt.com;" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fHPjj5wQLz1xvS\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 20 Feb 2026 20:15:37 +1100 (AEDT)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id BEFE383E81;\n\tFri, 20 Feb 2026 10:15:27 +0100 (CET)", "by phobos.denx.de (Postfix, from userid 109)\n id A51D083AC5; Fri, 20 Feb 2026 10:15:26 +0100 (CET)", "from DU2PR03CU002.outbound.protection.outlook.com\n (mail-northeuropeazlp170110003.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c200::3])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id A5E7483E76\n for <u-boot@lists.denx.de>; Fri, 20 Feb 2026 10:15:24 +0100 (CET)", "from DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13)\n by DBBPR03MB10319.eurprd03.prod.outlook.com (2603:10a6:10:53a::17)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.15; Fri, 20 Feb\n 2026 09:15:23 +0000", "from DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc]) by DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc%6]) with mapi id 15.20.9632.010; Fri, 20 Feb 2026\n 09:15:23 +0000" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=A86QiZgUFhod++NLIYKTFBcTAXqvm8ULxoQV2UF/eZx3hdZJ28CBwUKfFeWxoDzEVCBWEBXLeeMPPd2FZOcTVRtcbZ0JEx2PjtpsqanE9kQJiTuJR1pb4bwJj90sxaA1xkipPDh6YoCShRi/erppPmYnjaUSpk+dXCE44er8HTZ3zAy8dV58aMl0OdE7ySC68uDGYxiD80oXuJNKCug1DWg9Mqif/RKw8w4/FD6K+ukFR0bpkVWoriKljxww9LynwJJKPcK+xNtzsxzzvFYUfzjLxgGuwiscR9wrxhw0EqAKZ3GmTkzuKIZ5JtLPk2AeZbGzQCnsW09xpp8XLk7Iag==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=jBwweOlCpZeftZbJuccgdi/1Nkjf80tmWb05ojhdlNM=;\n b=eyLFFZCwkBcX62GmJPxzBbYqd9DZmcgmX8YYUmUEzd2tFOVb8NLZfP39b9Sg0xM67GfbjtXE0J8Vgs/dkSQ5Cvtdpx9dnZIEGvHvmZxeersmHM1WRKseiAB7jhZCodK2BAEoWHPgydHnJRPqge0f4Czc9vfbvrIt+tDoI7NPOYjwW6pWemAU5RCVQgvyW0BIPapz5LeJrRFNMaoaCkpr8L1HP+0TfUQiv235FdHjWZyXDKKN9KCIXNyOVFKTpTVgAPNmQqWamhjut/Pgu6UaCnBhRZpi340Exu+Ouw74IYTNeNcfLDRfXmxLBLjiYFwZx627QbVNfIq3grPlCMbIVA==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass\n header.d=mt.com; arc=none", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=jBwweOlCpZeftZbJuccgdi/1Nkjf80tmWb05ojhdlNM=;\n b=CziWcOwXoX4j48MZsPjhqdECF/fQSOY2o4D45+gZmLtUtPJCoQgzvR7pxYIua+gSQX/kg8egg1zeVonclL0iMZ/k0gJcNhR+Ix2NApBu6h5rmfcFnhxLG/kyX1Y4C/ujPHyLEE1opks/WvrxuqGI5NX9zPYnVLreoWRI7yAPAqeqsTV5FT6Hmj/eIjvYBsIK9MlifZ5w1GCMpidyV2znNUKsch2bOaNDoK/4JTWLrzWzDzyNvego3IYg3zFpUnXH+2tPvs/rUQ6l26xSWMDSIjQBS/4UUIAkLyjADuRh1FDDarLFnmPgqT9EZJIDAxgKh6y1eNr9OtaaHVx9E7v7gA==", "From": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>", "To": "u-boot@lists.denx.de", "Cc": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>, ilias.apalodimas@linaro.org,\n trini@konsulko.com, simon.glass@canonical.com, quentin.schulz@cherry.de", "Subject": "[PATCH v7 1/6] tools: mkeficapsule: Add support for pkcs11", "Date": "Fri, 20 Feb 2026 10:15:11 +0100", "Message-ID": "<20260220091518.180641-2-Wojciech.Dubowik@mt.com>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260220091518.180641-1-Wojciech.Dubowik@mt.com>", "References": "<20260220091518.180641-1-Wojciech.Dubowik@mt.com>", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-ClientProxiedBy": "ZR2P278CA0041.CHEP278.PROD.OUTLOOK.COM\n (2603:10a6:910:47::10) To DB9PR03MB7180.eurprd03.prod.outlook.com\n (2603:10a6:10:22d::13)", "MIME-Version": "1.0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "DB9PR03MB7180:EE_|DBBPR03MB10319:EE_", "X-MS-Office365-Filtering-Correlation-Id": "043ba3e3-a03b-4bf8-bc15-08de706093c1", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|19092799006|376014|52116014|10070799003|1800799024|366016|7142099003;", "X-Microsoft-Antispam-Message-Info": "\n rmwyxPYAdGRbIzvIEoeR5Qa4Mp+qfQ8EboYWQiEQHh1y167CSZdfTyIfu+l5kOdPKyEZvr/2vxv1kFj5uZcNP++XxhIm4orcK20tHgsiRg0n/kCU0fl9LLDT2S4Zj1E/NppnKAo/Wgp8GJOe2C6JUboSAUKNPwiUxu0hhTxbTCa3fXNYHOQM5K2lkEGE1nMm9IIc64O22M9oloGjtduUlwzscL89WH7zmCVeB2HQPhO3UXuC+H/b2ZwlSOQlqhldR3vtG8AzQvmZAOYaQdT8brjIGxGLng97Zmw0n5cTuu4Gsm9Qw2eAag8YyMnqY7tvLxYPtH1hI9C/c0V7YQYnyfuEYO9JTHnnlLI2azqvc+jNe5WRJ+9BaiwW4CeRDCFLBmtmCQCd3TX8KV9tYHFgKhcTyd+40LMfSfyvkSqkHFlnX6zNXWOQzQzeHqQt9ubQbAAwFkR6TuV3Bztaor6g6K96KnPPQJ8ar2eJE9y7Y2P15MsnlbOKKjSXEg97hOW30tE/lbqeP7OZuxcmLR5wUddhiGu6NmAQ3UCeP4178qttMYuLAJIQXEo9g8HczxH6AZDldgJjmMZLdJSvIoH3gxGCrjeqz8riRIt3Gg+X+J0tBqybp/2SGL9m0SDF3w8fIrMfLDUvoiqIaIphmMNwd6k5Ej/tgPHPXO+xZkuJkMuYm2EiORJ+SCwq23+arOLFEt6a2xzngz8zjv/wolAaBZ3Tuq4ulGEEQlBfbB8Wc2UiR9p2w6gDEqi3xDToAgT3pB5ny+J6XRY55CQVxMwVQ6lnx+u6oVP4h1t5d8I5lKa9sr2g0JZPgG+tXgHDzug1fUVbqs6dEM4BCw9ostMPP9M6xTOyunpp6qABU99pY1FGNEgro/qPTGPX5i/hrOVVHecUFOHBs3Xwv6ettG4ArQHZaoa24rojxm1R+D0Fz8kJMOcf9G8boa70Kj4IObu6zKhfClSyFXvBZ66nLTXn44aEuJcib5Jhpj5ru1f949gjqGADg11mZQH0uRl83ioLAKV3ezob7xrS3LmHjYXgsDcsVwtg2LIiP8PNK4Y9+zlfV94pTGiSkWUwp2IeAjulEvcngthwpjJP4mk1Vbq2u/BjWG/NLxxlJVfaEQMcFkxvXDWPZkRhK4LEsCPq4w0sbY2aJ9xPmtNL6QNga2zgM3G0FpCQc9eNv/jp85CkNYoywM4rLgAHNVi8wkW28UjeSK7DfIU/GWbGp9dBiPm8lHz6u7rdmKdJmRpzTBlR21Qh36pgkZPghI1IiKyU/2YDhJFpTqhEmzXiUD3R0Rk99prUm+wEfYUQwaf/9+6gb3pOrRIbU1y9ycTLgz3n46TqZPvU+1c+iOsbfZDN6vAMnCAeLKv85gx656l43ghPORJ0GFCByqQDmDb1m6nwKaGb1w0xy04ZNPO+cxvk+5aUcGecNH+YHj/ob53Eshr69w0KWXxtGBiuEljOZK8eH/rXxlRjVWWOchBlIgWzeCHmxVX0q/Ty14jNkTt97QygZoB5knb3il9jq+VwaRrL1FPvlC0XEvA38aL12Eu6czoaYB3oTUdL7PDv0j1zI023E+U=", "X-Forefront-Antispam-Report": "CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DB9PR03MB7180.eurprd03.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(19092799006)(376014)(52116014)(10070799003)(1800799024)(366016)(7142099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "2", "X-MS-Exchange-AntiSpam-MessageData-0": "\n 9vPXtlffU255Lm/Jc+cFwtpxKjqxYWSl2HpeUrXo9uzxV7ABfbCQumarM03Py4dYLR/fg87uKgQ2+GZ0vuqgsC3mD10DxZgqB3GBI3X1aRioOG8WlsdNspknOOt3OO2EOXG0Dw66ghdkHWvF2hqIzESJ+G1hOgpdU2Cg/SFAoNmSbzwiQH/xlOgJ/7+L9BuMacsQBPLbFUFFTQkEgCh+5KFXwUwUpy4rcV+R8TpeKrUv2GC3xMm0flJ8Kb5UuRqEsIktzTkaBKxoX+X9x2iCVreI83nNJZqn78m2duxT+jKZmKjcwiegq02+AY7EAi/CRb4YfYjGzWh9gXjVWb0B2CiCEcfk2TyBfuA7mbOi27cZ2ejtKwwKDssq0BcRZOUgHzm7ImYbKfYqlLmRcZS4bX//Fr56WFW/hYgaRWm1Lk/AsvRq5EJe9Na60a8LTtm2UekqXugdKirBhprbiexzBwMIBmQWMhuFaNAOaO2FQxEptTzA7ChMweoft0+X4cH9dbF0THpYp5xGgmrl9RdsjhKMU9rD7P5S9MWW/RMQYMnyAkgcQGX0oT97dqe7jaqaCbBdYLKPPmhoWxxHQEk7JPafLmZsdKkrN/An8Dr42z4zIP1xt6BTcFbZWXPtnWjbn8gpMQ2G2GphU3gPvYBJHX9fNtZipTrwj97Bc+Yi4ixnCEQxfE7d9Cl3GVaZ2PUQMKkI11AeOd4rr0c96Gpc26NT0IwR7+/3QqkEg36cP2M4kvj9fcswi3NsK6kqw0CQ6qghimfPjfwqryWMk+xzV9ARFkA6H/yqhhrdeHUIAI0Qo54B/p14cCqF6C8pSNr/jlpKTPPGb670GePSCIiwP7ATnmiCH5Wy/ndVKAfzWSH0OK96eikrjs2IQl3JxOPnwDNSw0IT4X1ZEWdndf+I0Wsh8SU8Zd1F+UjAyk3oUtuQB4aQT3UvPyji/VQVjjkushqpjom4NLncWaCxDLaN83QLF5bK9az2y+Gr7UXbr7nrDWEYDpcQs+gggQQoWsj0TD/flgi/3mPCed+rqK8n8athgrJanC58sFPsSmTDEN7/UqtRcO37vHsWDGJZUb3DhfwueTONXdE0yI8T+xCKQi7C6uI0vi+jdrg71cBBlq66dm+I9Ilmj8SL1GrboPUM0geMUSQXoV8sfPtOgPoBPtmjvwd3E/9PRpYUexjGM9AlNFZQscwQ/t3lDKWxd1M4ApTAWoavCizIgzynWYx0UKWtOalqHSkQUTXuX97gY63kHLFQa30AvIXqU4da8PmcB6XGCqo81eUQX1X7uJBvpzw2NuvZQxYhD940YJqvdgOFQaJ8bBu1PhtmfkVNbpRwgECUNxG01LZ9HVU0tqb7wj2x/VQIeCI2Rn6mJOXblNH93O6j0n2Jvs4Hm5dmREP2Q7uGRg5i71hrAcg5x85ZpOEuStDCs6WElND2uF3kmnQYdG/Ia7BvTZ5BRSrVIfQ4ekXPDobliZGKV7hrN7frVl7tefS+vVqjkWh2qgimMjMSMQkvOMmWSJufPDGIo4aIWclSVEMrKrTRRGbMzOt9O6xZBE0+zq7JI0qpIJmF3cbah5AyjUUgTd19SKbpKivPy11Q7xOxBwddeZzpg647xMzqikV5loRF5GkCyaGxFv8QZiTdxfRO6/+Wx6VABgl45VWjifEdDSL/HNbfnbmRHAxl7QpjcJhNpv2zzcpjdMa4TegIoqx25avf2Fao1TGVrAYGdfz6d1W/cSJTXe0l9Kn68JZYlxaZLr+e58HP3H8FtfcWtLzZKZdlAdHQHavFIXXJRLIy", "X-MS-Exchange-AntiSpam-MessageData-1": "NRSYBeZjkCJfkH54MLdwICnYC0vndVune18=", "X-OriginatorOrg": "mt.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n 043ba3e3-a03b-4bf8-bc15-08de706093c1", "X-MS-Exchange-CrossTenant-AuthSource": "DB9PR03MB7180.eurprd03.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Internal", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "20 Feb 2026 09:15:23.2306 (UTC)", "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted", "X-MS-Exchange-CrossTenant-Id": "fb4c0aee-6cd2-482f-a1a5-717e7c02496b", "X-MS-Exchange-CrossTenant-MailboxType": "HOSTED", "X-MS-Exchange-CrossTenant-UserPrincipalName": "\n Cp1HeEIx2F/Nk6YBSaZ2iNbMZRWtZJLcu7m7V7ytwH8Nn5BabBB8yyvwwKAmMOTczA7o+p6lvx+/Xd4QAqTY+g==", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "DBBPR03MB10319", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "With pkcs11 support it's now possible to specify keys\nwith URI format. To use this feature the filename must\nbegin \"pkcs11:..\" and have valid URI pointing to certificate\nand private key in HSM.\n\nThe environment variable PKCS11_MODULE_PATH must point to the\nright pkcs11 provider i.e. with softhsm:\nexport PKCS11_MODULE_PATH=<path>/libsofthsm2.so\n\nExample command line:\ntools/mkeficapsule --monotonic-count 1 \\\n --private-key \"pkcs11:token=EX;object=capsule;type=private;pin-source=pin.txt\" \\\n --certificate \"pkcs11:token=EX;object=capsule;type=cert;pin-source=pin.txt\" \\\n --index 1 \\\n --guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX \\\n \"capsule-payload\" \\\n \"capsule.cap\"\n\nSigned-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>\nReviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>\n---\n tools/mkeficapsule.c | 110 +++++++++++++++++++++++++++++++++----------\n 1 file changed, 84 insertions(+), 26 deletions(-)", "diff": "diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c\nindex 0f41cdb64f54..a0ee76295a1a 100644\n--- a/tools/mkeficapsule.c\n+++ b/tools/mkeficapsule.c\n@@ -228,21 +228,54 @@ static int create_auth_data(struct auth_context *ctx)\n \tgnutls_pkcs7_t pkcs7;\n \tgnutls_datum_t data;\n \tgnutls_datum_t signature;\n+\tgnutls_pkcs11_obj_t *obj_list;\n+\tunsigned int obj_list_size = 0;\n+\tconst char *lib;\n \tint ret;\n+\tbool pkcs11_cert = false;\n+\tbool pkcs11_key = false;\n \n-\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n-\tif (ret < 0)\n-\t\treturn -1;\n-\tif (file_size > UINT_MAX)\n-\t\treturn -1;\n-\tcert.size = file_size;\n+\tif (!strncmp(ctx->cert_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n+\t\tpkcs11_cert = true;\n \n-\tret = read_bin_file(ctx->key_file, &key.data, &file_size);\n-\tif (ret < 0)\n-\t\treturn -1;\n-\tif (file_size > UINT_MAX)\n-\t\treturn -1;\n-\tkey.size = file_size;\n+\tif (!strncmp(ctx->key_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n+\t\tpkcs11_key = true;\n+\n+\tif (pkcs11_cert || pkcs11_key) {\n+\t\tlib = getenv(\"PKCS11_MODULE_PATH\");\n+\t\tif (!lib) {\n+\t\t\tfprintf(stdout,\n+\t\t\t\t\"PKCS11_MODULE_PATH not set in the environment\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tgnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);\n+\t\tgnutls_global_init();\n+\n+\t\tret = gnutls_pkcs11_add_provider(lib, \"trusted\");\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stdout, \"Failed to add pkcs11 provider\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\t}\n+\n+\tif (!pkcs11_cert) {\n+\t\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n+\t\tif (ret < 0)\n+\t\t\treturn -1;\n+\t\tif (file_size > UINT_MAX)\n+\t\t\treturn -1;\n+\t\tcert.size = file_size;\n+\t}\n+\n+\tif (!pkcs11_key) {\n+\t\tret = read_bin_file(ctx->key_file, &key.data, &file_size);\n+\t\tif (ret < 0)\n+\t\t\treturn -1;\n+\t\tif (file_size > UINT_MAX)\n+\t\t\treturn -1;\n+\t\tkey.size = file_size;\n+\t}\n \n \t/*\n \t * For debugging,\n@@ -265,22 +298,42 @@ static int create_auth_data(struct auth_context *ctx)\n \t\treturn -1;\n \t}\n \n-\t/* load a private key */\n-\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n-\t\t\t\t\t 0, 0);\n-\tif (ret < 0) {\n-\t\tfprintf(stderr,\n-\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n-\t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t/* load x509 certificate */\n+\tif (pkcs11_cert) {\n+\t\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n+\t\t\t\t\t\t\t ctx->cert_file, 0);\n+\t\tif (ret < 0 || obj_list_size == 0) {\n+\t\t\tfprintf(stdout, \"Failed to import crt_file URI objects\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tgnutls_x509_crt_import_pkcs11(x509, obj_list[0]);\n+\t} else {\n+\t\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n-\t/* load x509 certificate */\n-\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n-\tif (ret < 0) {\n-\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n-\t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t/* load a private key */\n+\tif (pkcs11_key) {\n+\t\tret = gnutls_privkey_import_pkcs11_url(pkey, ctx->key_file);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in %d: %s\\n\", __LINE__,\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n+\t} else {\n+\t\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n+\t\t\t\t\t\t 0, 0);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr,\n+\t\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n \t/* generate a PKCS #7 structure */\n@@ -349,6 +402,11 @@ static int create_auth_data(struct auth_context *ctx)\n \t * gnutls_free(signature.data);\n \t */\n \n+\tif (pkcs11_cert || pkcs11_key) {\n+\t\tgnutls_global_deinit();\n+\t\tgnutls_pkcs11_deinit();\n+\t}\n+\n \treturn 0;\n }\n \n", "prefixes": [ "v7", "1/6" ] }