Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2225673/?format=api
{ "id": 2225673, "url": "http://patchwork.ozlabs.org/api/patches/2225673/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260421121418.3257226-1-Wojciech.Dubowik@mt.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260421121418.3257226-1-Wojciech.Dubowik@mt.com>", "list_archive_url": null, "date": "2026-04-21T12:14:16", "name": "[v3] tools: mkeficapsule: Rework pkcs11 support", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "a93e6428349896b2337a95ddce267c7a9c7a3189", "submitter": { "id": 90988, "url": "http://patchwork.ozlabs.org/api/people/90988/?format=api", "name": "Wojciech Dubowik", "email": "Wojciech.Dubowik@mt.com" }, "delegate": { "id": 3651, "url": "http://patchwork.ozlabs.org/api/users/3651/?format=api", "username": "trini", "first_name": "Tom", "last_name": "Rini", "email": "trini@ti.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260421121418.3257226-1-Wojciech.Dubowik@mt.com/mbox/", "series": [ { "id": 500788, "url": "http://patchwork.ozlabs.org/api/series/500788/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=500788", "date": "2026-04-21T12:14:16", "name": "[v3] tools: mkeficapsule: Rework pkcs11 support", "version": 3, "mbox": "http://patchwork.ozlabs.org/series/500788/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2225673/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2225673/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.a=rsa-sha256\n header.s=selector2 header.b=ZVDYa43V;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.b=\"ZVDYa43V\";\n\tdkim-atps=neutral", "phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com", "phobos.denx.de;\n spf=fail smtp.mailfrom=Wojciech.Dubowik@mt.com", "dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=mt.com;" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0Lrf1N2Cz1yGs\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 21 Apr 2026 22:14:42 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 77D01805D7;\n\tTue, 21 Apr 2026 14:14:32 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 9DBE483693; Tue, 21 Apr 2026 14:14:31 +0200 (CEST)", "from MRWPR03CU001.outbound.protection.outlook.com\n (mail-francesouthazlp170110003.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c207::3])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 6E838801A9\n for <u-boot@lists.denx.de>; Tue, 21 Apr 2026 14:14:28 +0200 (CEST)", "from DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13)\n by AS2PR03MB9877.eurprd03.prod.outlook.com (2603:10a6:20b:546::21)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.33; Tue, 21 Apr\n 2026 12:14:23 +0000", "from DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc]) by DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc%6]) with mapi id 15.20.9846.016; Tue, 21 Apr 2026\n 12:14:24 +0000" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS\n autolearn=ham autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=I8IVpEqMWTvhLg6K2Gnxu2FhCDHNv5dZirBokTnB5e8/pjZu0gtmH/YLZ08hNtSlF5+dTaR6EdYSt1rvkXkXbVZpdoSLO8CfQn+GUR2Gz6w/TkSCda3kkdKRybZwBBWBOJ2Xy145EHlI9cYmY4m4njo1UpO9egEokZ5YpamrL0HUZ52UnbpoGnmsZOThdzt7t9AEz8b3++aAgEDdPf0kzWbkcPsfBWSc3C9YfCyDhW+eXRnBLd4jrCweipC7uJO8foE5PvEC1w3jwV6mGMELD94RMH6Omv2gUtEJXTgZ18N0TmtYNers9LRrgAURb/dfJOIZnQjKYcusRvi5XUu+bQ==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=WWzX9p4wA5cRs0tEV1r1VbQXZUY31v7Ks3huRPHOQdg=;\n b=sTHiYMJ8tKgQt6u9lvB9QULrhESzn8oJNFzay9v9OVjLMhTH+6qZ8sLbFWKnnUjqey18McTbd8EkOip9qTvn8JLHrYyUN4qnsZGiTnABIxIWC9yMqVBScJUamgLF7OTpavyK4lbJdae+CBBjJEAUPGldbJEaq4muD/0HJLAWUiCSgeEGIcM1ZqvEEO6pUyh70X+hFSy1rFDRR1U2xlF3s7qkwa57Qs7P4XlLX4SuQM0lR86Vg+28Pn9vvGcxJI9pjU92TrRAq1qPZkEcMtIXrZlO7jEmbBqdEm5W+AQD4Ai0nfn0PZqkVcjcFchWVbKItvxRP/R62rIDZJSs6X3WCw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass\n header.d=mt.com; arc=none", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=WWzX9p4wA5cRs0tEV1r1VbQXZUY31v7Ks3huRPHOQdg=;\n b=ZVDYa43V+2a8w+L2pjK8HaKs+F/uVYC3JDKt/y/NlVL10A+rHHJTFUTXU4IRCJmoPE16+4XT4a8tgOZepK1xBhhFITlyI4TJ25sS7oRxQ7YryaEv9JHQoa6DJYSBmYW28lztEiySqt6OPIVWJFb9E/plHlgMy8aALv11hqTYtqNEaKN1KEbbmNZHYbqJYmkBwFCniIzCRkmyFNjrNgRlWHnkFEWdB0bwaApjU4YIvnY/n0Y58kT+63bvWKovLfHLdresQHrcUleH3/BgBgbV3TYMVsHM38/hAsrDQWKQpUcGgzVk84iJtEcY4Cy7tXpvbh1Ya9iknbuyFi0IJHw0nA==", "From": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>", "To": "u-boot@lists.denx.de", "Cc": "Wojciech Dubowik <Wojciech.Dubowik@mt.com>,\n Franz Schnyder <fra.schnyder@gmail.com>, trini@konsulko.com,\n \"openembedded-core @ lists . openembedded . org\"\n <openembedded-core@lists.openembedded.org>,\n Francesco Dolcini <francesco@dolcini.it>, Simon Glass <sjg@chromium.org>,\n Quentin Schulz <quentin.schulz@cherry.de>,\n David Lechner <dlechner@baylibre.com>", "Subject": "[PATCH v3] tools: mkeficapsule: Rework pkcs11 support", "Date": "Tue, 21 Apr 2026 14:14:16 +0200", "Message-ID": "<20260421121418.3257226-1-Wojciech.Dubowik@mt.com>", "X-Mailer": "git-send-email 2.47.3", "Content-Transfer-Encoding": "8bit", "Content-Type": "text/plain", "X-ClientProxiedBy": "ZR1PEPF000077DC.CHEP278.PROD.OUTLOOK.COM\n (2603:10a6:918::41a) To DB9PR03MB7180.eurprd03.prod.outlook.com\n (2603:10a6:10:22d::13)", "MIME-Version": "1.0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "DB9PR03MB7180:EE_|AS2PR03MB9877:EE_", "X-MS-Office365-Filtering-Correlation-Id": "e48f0e2f-a003-4bd5-7e63-08de9f9f8693", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|19092799006|366016|376014|52116014|1800799024|38350700014|56012099003|18002099003;", "X-Microsoft-Antispam-Message-Info": "\n I7f+2/XKfN7W5HgsXkSb6Cq81e5tILYb0nX7PfGSg/wlcdx3FJekffk6qA4hGSx5OhNKG1fCjzNo4TtFv41sYgX/bjJZ6ZJCtnL1IGlewoFuA034Bgx/z3MrhU9hCAYyZJkXUTZkYOl9/oqoj87UyLHwauV5gsWwm1Wavc7qwhGYMNqOns8rz5PeaiwkBrpKeL9bggb4MOhNOj+93uZGpRZSAS+12oY6QLtFKopf9JWLGMEeKEs7nXtoh4KbnZcreLDByNW2NQRxT619ujhnrjklpl9M48rpW6thVSY9FeYyOGi3WsxBnSaHuGFlJdE9m29bIbMgn3+bt1g36X/bub0Zt16qYQ2h5NquA+qmH0yP9mxG82TehIpgUrzTvQKP4nIGrJwpA/1JPQQSF+f+rPER0euNqCAoS9H8E0XTzhG7YdJbsruKfBKFvsmNRIbmFaCoCycQvJZTAF76+GLj7A0kM56uqFU6WWeme59wYjfDJFzqkssoEpIpGCFYkhctoxwZgAJs5DpOfjs6l5dLJbzB94nXRvPgV29dIuLNZw+HJ/2FKrOyIU/horG1vwWT7cil9H1snMhUxDeEuFs2jcB+CoYnN5TPAH5oCtVGAfBvEC0BanIeMN5DhpcS8Enh1eb5gp75wNeooS/A4RVul7mSEZear/EsWuxUwzAZTVHdC2T6OTiatvB/iccShgkDOfIsut81C8jfycbvTWcvmHyUjZ3KaU/o5sUEJI3P1d/vwOubWwuXkKQK23q4hMP9wmEAveMvKN0JphRTz0wHaT9uFjItuAoCSZ2JvgyDEQg=", "X-Forefront-Antispam-Report": "CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DB9PR03MB7180.eurprd03.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(19092799006)(366016)(376014)(52116014)(1800799024)(38350700014)(56012099003)(18002099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n Uc7hOJvPRs1EFcGgOt3MP35Oi+ZfEvT+j/KDkuuNnX5AJUL5XVqeegmOYnesbgPCYci5HnR3BqI9cOOcIM9IPbyOO2K++dCZnR/Oph9QuGYM4CT0C1Q0k0TDBLKqzyf4gHhjKmrk6OU66W5PNElWc0tL3K+odVY8F7gq/+PdYF9lo/PIb/QZh6xpKx9n8CiAIWjMFS7Dvdq+Vz/W7K4ci5BQ4l1bk8hn6EJz5APwQuFTfN/GCjax8hTOkp1lbMQYWypAhadTqcKDj419vgcdIl7D7yV8xU/LBY0l4c5/k3CvlDRXCL7Qny9/zMZFFX2Or+2EsZfDKvJqDmSejH1YWz+QRy7266NgBMLpA55wWrO5tAt7afS66pueFhcpXcuU1V8EZQwsKEb2GUOgtIhK3PvYxLy2qRM6bZTuncAtsDd/XwFgCBBUf1hzSDp54aMsJGY/Lh2bsCDAPN3mWI1D70ePCuD3YeOqHMLCrNPOVLxvUSp7tkdXgrley3RHxlnVqEd7yvL4x4YxNVe3h7ZNsF0Q5iuvYQZVsZzGfIEEVdnpJHUo7jhKroR2THvMRjCcKdM6hdTjJnsTmZWBruWQC65nUSG1G3ow2cWXO7+WtW8GoFrhUwFThGJl1GM2mAthiq3/275ZwJOP56fMlR8TIGu5hZv8SB49hwDbauFGNly8a0YggjaqaJG+mZDBthEPlnfw3WnN0i422uk0a/IptXxt6Bc5rtPGhWfkZJ5j5NzZODmju2/GSo3LGU666WbUZzRkv/5wDa522Zvcf8XuFIrOR3q8TSUeA5XWlztcx0fflS30ASX8hKXKsa+PhyJWgh+pXJ3UDXIXhHiRr5VQZFLtTqj9+zWJKcBo4uHqlox+dP1ZuZ5wTlPz9xJIWW1mK+m8ya7u1wyPG+Qt9OizSTksFv8vsMeqCYihLXEE5nkMVry2OvtWUUuYblkmc17QlIlqVwXbwjMkZTXZvhcvsaF9SIuY1LgugTPcr0VRJUKfWZqu2TDYAi80p1SoU8mE7wVnpqPSHooDYL8C+tyFe/YV4vJyVOTVlR7cSdHws2ogVp7TkvUBc4Ho/WXSetxTlVK+UGzbPk4zQ6DW+48pFRdYAUzc0LX5xRhHzx9B4F/Uqtyo5Ol8WPleFkL8fwT/ZHurhaJ9OYExgXfqX82cMFhzCm7xYOM2Dgy1hWUTiEYwVPVDSa/Bl9js2jTltce+lBkRenbOay4rFK6FHYbL9vgnp0A9QO6ZUauDRALnaUJruMU4/ZuMKHJLejONrGNLr45Woznmxpnh2VS0iDkMUCq33wugqB9HA/kLEmydpq82SAKdCtXiI27mZMDjkBG9g+xoIylqf4BYtJVYbD+s8iJIdj+SfeVTnb9UtXY+WqiNWNKJYQpwNzRjAmxPgsICvoXWGP+FHUTnMT8i6okaXo2pNXDE8USoF5TUlcU1zPe0ge/dmasT89njZQjGsFDFvJjo2q0K1bRXS9jeywIqTisxgFKhgU668BI9gHwsf0Y+hcZiDsqjWpowNv2XkT10tRtM82IkXkDKlk8YU7oVrj6/MTJwSax4FfedOAzKCMwE6tF/Zauj2OwxpRThIYC0tF3DzsNr+oAkalpqYAIvwfMPMSRR9+j18UoVEJD0BKIbTs1mfjot5uJcVRB6Z898AVtLGk29HF15QEaIWMX16EhPlD77zeeIPZlL5ricek/bwxEMleCSuODOuRNTuFZR82rMnfHqDGxCF6f1jxzIow==", "X-OriginatorOrg": "mt.com", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n e48f0e2f-a003-4bd5-7e63-08de9f9f8693", "X-MS-Exchange-CrossTenant-AuthSource": "DB9PR03MB7180.eurprd03.prod.outlook.com", "X-MS-Exchange-CrossTenant-AuthAs": "Internal", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "21 Apr 2026 12:14:24.0989 (UTC)", "X-MS-Exchange-CrossTenant-FromEntityHeader": "Hosted", "X-MS-Exchange-CrossTenant-Id": "fb4c0aee-6cd2-482f-a1a5-717e7c02496b", "X-MS-Exchange-CrossTenant-MailboxType": "HOSTED", "X-MS-Exchange-CrossTenant-UserPrincipalName": "\n 1QGrJlYncIXKRtes37/HQwLHaoWJk/7FFhrGTzwQGlk8uJfqr9FD6XjNxWzNYGhFmnblrSbirKo/IYn9Ynt0og==", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "AS2PR03MB9877", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Some distros like OpenEmbedded are using gnutls library\nwithout pkcs11 support and linking of mkeficapsule will fail.\nIt would make maintenance of default configs a hurdle.\nAdd detection of pkcs11 support in gnutls so it's enabled\nwhen available and doesn't need to be set explicitly.\n\nChanges:\n* remove config option for pkcs11 support and add auto\n detection in Makefile\n* reduce amount of ifdefs by abstracting import pkcs11\n functions\n* add missing free and deinit functions\n\nSuggested-by: Tom Rini <trini@konsulko.com>\nCc: Franz Schnyder <fra.schnyder@gmail.com>\nSigned-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>\n---\nChanges in v3:\n- remove config option for pkcs11 support and add auto\n detection in Makefile\n- reduce amount of ifdefs by abstracting import pkcs11\n functions\n- add missing free and deinit functions\nChanges in v2:\n- make use of stderr more consistent\n- add missing ifndef around pkcs11 deinit functions\n---\n tools/Makefile | 5 ++\n tools/mkeficapsule.c | 117 ++++++++++++++++++++++++++++---------------\n 2 files changed, 81 insertions(+), 41 deletions(-)", "diff": "diff --git a/tools/Makefile b/tools/Makefile\nindex 1a5f425ecdaa..e85f5a354b81 100644\n--- a/tools/Makefile\n+++ b/tools/Makefile\n@@ -271,6 +271,11 @@ mkeficapsule-objs := generated/lib/uuid.o \\\n \t$(LIBFDT_OBJS) \\\n \tmkeficapsule.o\n hostprogs-always-$(CONFIG_TOOLS_MKEFICAPSULE) += mkeficapsule\n+GNUTLS_SUPPORTS_P11KIT = $(shell pkg-config --libs gnutls --print-requires-private \\\n+\t\t\t 2> /dev/null | grep p11-kit-1)\n+ifeq ($(GNUTLS_SUPPORTS_P11KIT),p11-kit-1)\n+HOSTCFLAGS_mkeficapsule.o += -DMKEFICAPSULE_PKCS11\n+endif\n \n include tools/fwumdata_src/fwumdata.mk\n \ndiff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c\nindex ec640c57e8a5..747431bce8fe 100644\n--- a/tools/mkeficapsule.c\n+++ b/tools/mkeficapsule.c\n@@ -207,6 +207,45 @@ static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)\n \treturn 0;\n }\n \n+#ifdef MKEFICAPSULE_PKCS11\n+static int import_pkcs11_crt(gnutls_x509_crt_t *x509, struct auth_context *ctx)\n+{\n+\tgnutls_pkcs11_obj_t *obj_list;\n+\tunsigned int obj_list_size = 0;\n+\tint i, ret;\n+\n+\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n+\t\t\t\t\t\t ctx->cert_file, 0);\n+\tif (ret < 0 || obj_list_size == 0)\n+\t\treturn ret;\n+\n+\tret = gnutls_x509_crt_import_pkcs11(*x509, obj_list[0]);\n+\n+\tfor (i = 0; i < obj_list_size; i++)\n+ gnutls_pkcs11_obj_deinit(obj_list[i]);\n+\tgnutls_free(obj_list);\n+\n+\treturn ret;\n+}\n+\n+static int import_pkcs11_key(gnutls_privkey_t *pkey, struct auth_context *ctx)\n+{\n+\treturn gnutls_privkey_import_pkcs11_url(*pkey, ctx->key_file);\n+}\n+#else\n+static int import_pkcs11_crt(gnutls_x509_crt_t *x509, struct auth_context *ctx)\n+{\n+\tfprintf(stderr, \"Pkcs11 support is disabled\\n\");\n+\treturn -1;\n+}\n+\n+static int import_pkcs11_key(gnutls_privkey_t *pkey, struct auth_context *ctx)\n+{\n+\tfprintf(stderr, \"Pkcs11 support is disabled\\n\");\n+\treturn -1;\n+}\n+#endif\n+\n /**\n * create_auth_data - compose authentication data in capsule\n * @auth_context:\tPointer to authentication context\n@@ -221,17 +260,14 @@ static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)\n */\n static int create_auth_data(struct auth_context *ctx)\n {\n-\tgnutls_datum_t cert;\n-\tgnutls_datum_t key;\n+\tgnutls_datum_t cert = { NULL, 0 };\n+\tgnutls_datum_t key = { NULL, 0 };\n \toff_t file_size;\n-\tgnutls_privkey_t pkey;\n+\tgnutls_privkey_t pkey = NULL;\n \tgnutls_x509_crt_t x509;\n \tgnutls_pkcs7_t pkcs7;\n-\tgnutls_datum_t data;\n-\tgnutls_datum_t signature;\n-\tgnutls_pkcs11_obj_t *obj_list;\n-\tunsigned int obj_list_size = 0;\n-\tconst char *lib;\n+\tgnutls_datum_t data = { NULL, 0 };\n+\tgnutls_datum_t signature = { NULL, 0 };\n \tint ret;\n \tbool pkcs11_cert = false;\n \tbool pkcs11_key = false;\n@@ -242,10 +278,12 @@ static int create_auth_data(struct auth_context *ctx)\n \tif (!strncmp(ctx->key_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n \t\tpkcs11_key = true;\n \n+#ifdef MKEFICAPSULE_PKCS11\n \tif (pkcs11_cert || pkcs11_key) {\n+\t\tconst char *lib;\n \t\tlib = getenv(\"PKCS11_MODULE_PATH\");\n \t\tif (!lib) {\n-\t\t\tfprintf(stdout,\n+\t\t\tfprintf(stderr,\n \t\t\t\t\"PKCS11_MODULE_PATH not set in the environment\\n\");\n \t\t\treturn -1;\n \t\t}\n@@ -255,10 +293,11 @@ static int create_auth_data(struct auth_context *ctx)\n \n \t\tret = gnutls_pkcs11_add_provider(lib, \"trusted\");\n \t\tif (ret < 0) {\n-\t\t\tfprintf(stdout, \"Failed to add pkcs11 provider\\n\");\n+\t\t\tfprintf(stderr, \"Failed to add pkcs11 provider\\n\");\n \t\t\treturn -1;\n \t\t}\n \t}\n+#endif\n \n \tif (!pkcs11_cert) {\n \t\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n@@ -296,35 +335,33 @@ static int create_auth_data(struct auth_context *ctx)\n \tif (ret < 0) {\n \t\tfprintf(stderr, \"error in gnutls_x509_crt_init(): %s\\n\",\n \t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t\tgoto cleanup;\n \t}\n \n \t/* load x509 certificate */\n \tif (pkcs11_cert) {\n-\t\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n-\t\t\t\t\t\t\t ctx->cert_file, 0);\n-\t\tif (ret < 0 || obj_list_size == 0) {\n-\t\t\tfprintf(stdout, \"Failed to import crt_file URI objects\\n\");\n-\t\t\treturn -1;\n+\t\tret = import_pkcs11_crt(&x509, ctx);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in import_pkcs11_crt(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\tgoto cleanup;\n \t\t}\n-\n-\t\tgnutls_x509_crt_import_pkcs11(x509, obj_list[0]);\n \t} else {\n \t\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n \t\tif (ret < 0) {\n \t\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n \t\t\t\tgnutls_strerror(ret));\n-\t\t\treturn -1;\n+\t\t\tgoto cleanup;\n \t\t}\n \t}\n \n \t/* load a private key */\n \tif (pkcs11_key) {\n-\t\tret = gnutls_privkey_import_pkcs11_url(pkey, ctx->key_file);\n+\t\tret = import_pkcs11_key(&pkey, ctx);\n \t\tif (ret < 0) {\n-\t\t\tfprintf(stderr, \"error in %d: %s\\n\", __LINE__,\n+\t\t\tfprintf(stderr,\t\"error in import_pkcs11_key(): %s\\n\",\n \t\t\t\tgnutls_strerror(ret));\n-\t\t\treturn -1;\n+\t\t\tgoto cleanup;\n \t\t}\n \t} else {\n \t\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n@@ -333,7 +370,7 @@ static int create_auth_data(struct auth_context *ctx)\n \t\t\tfprintf(stderr,\n \t\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n \t\t\t\tgnutls_strerror(ret));\n-\t\t\treturn -1;\n+\t\t\tgoto cleanup;\n \t\t}\n \t}\n \n@@ -342,7 +379,7 @@ static int create_auth_data(struct auth_context *ctx)\n \tif (ret < 0) {\n \t\tfprintf(stderr, \"error in gnutls_pkcs7_init(): %s\\n\",\n \t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t\tgoto cleanup;\n \t}\n \n \t/* sign */\n@@ -357,7 +394,7 @@ static int create_auth_data(struct auth_context *ctx)\n \tdata.data = malloc(data.size);\n \tif (!data.data) {\n \t\tfprintf(stderr, \"allocating memory (0x%x) failed\\n\", data.size);\n-\t\treturn -1;\n+\t\tgoto cleanup;\n \t}\n \tmemcpy(data.data, ctx->image_data, ctx->image_size);\n \tmemcpy(data.data + ctx->image_size, &ctx->auth.monotonic_count,\n@@ -371,7 +408,7 @@ static int create_auth_data(struct auth_context *ctx)\n \tif (ret < 0) {\n \t\tfprintf(stderr, \"error in gnutls_pkcs7)sign(): %s\\n\",\n \t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t\tgoto cleanup;\n \t}\n \n \t/* export */\n@@ -379,7 +416,8 @@ static int create_auth_data(struct auth_context *ctx)\n \tif (ret < 0) {\n \t\tfprintf(stderr, \"error in gnutls_pkcs7_export2: %s\\n\",\n \t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t\tgnutls_free(signature.data);\n+\t\tgoto cleanup;\n \t}\n \tctx->sig_data = signature.data;\n \tctx->sig_size = signature.size;\n@@ -391,24 +429,21 @@ static int create_auth_data(struct auth_context *ctx)\n \tctx->auth.auth_info.hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;\n \tmemcpy(&ctx->auth.auth_info.cert_type, &efi_guid_cert_type_pkcs7,\n \t sizeof(efi_guid_cert_type_pkcs7));\n-\n-\t/*\n-\t * For better clean-ups,\n-\t * gnutls_pkcs7_deinit(pkcs7);\n-\t * gnutls_privkey_deinit(pkey);\n-\t * gnutls_x509_crt_deinit(x509);\n-\t * free(cert.data);\n-\t * free(key.data);\n-\t * if error\n-\t * gnutls_free(signature.data);\n-\t */\n-\n+cleanup:\n+\tgnutls_x509_crt_deinit(x509);\n+\tif (pkey)\n+ gnutls_privkey_deinit(pkey);\n+\tgnutls_pkcs7_deinit(pkcs7);\n+\tgnutls_free(cert.data);\n+\tgnutls_free(key.data);\n+\tgnutls_free(data.data);\n+#ifdef MKEFICAPSULE_PKCS11\n \tif (pkcs11_cert || pkcs11_key) {\n \t\tgnutls_global_deinit();\n \t\tgnutls_pkcs11_deinit();\n \t}\n-\n-\treturn 0;\n+#endif\n+\treturn ret;\n }\n \n /**\n", "prefixes": [ "v3" ] }