{"id":2197208,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2197208/?format=json","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.0/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260217115333.503359-2-Wojciech.Dubowik@mt.com>","date":"2026-02-17T11:53:27","name":"[v6,1/6] tools: mkeficapsule: Add support for pkcs11","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"97d0676113624c28317268750ede553444480ef0","submitter":{"id":90988,"url":"http://patchwork.ozlabs.org/api/1.0/people/90988/?format=json","name":"Wojciech Dubowik","email":"Wojciech.Dubowik@mt.com"},"delegate":{"id":3184,"url":"http://patchwork.ozlabs.org/api/1.0/users/3184/?format=json","username":"sjg","first_name":"Simon","last_name":"Glass","email":"sjg@chromium.org"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260217115333.503359-2-Wojciech.Dubowik@mt.com/mbox/","series":[{"id":492416,"url":"http://patchwork.ozlabs.org/api/1.0/series/492416/?format=json","date":"2026-02-17T11:53:26","name":"UEFI Capsule - PKCS11 Support","version":6,"mbox":"http://patchwork.ozlabs.org/series/492416/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2197208/checks/","tags":{},"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.a=rsa-sha256\n header.s=selector2 header.b=HmM0nk9t;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=mt.com header.i=@mt.com header.b=\"HmM0nk9t\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=reject dis=none) header.from=mt.com","phobos.denx.de;\n spf=fail smtp.mailfrom=Wojciech.Dubowik@mt.com","dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=mt.com;"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fFdMm707dz1xpl\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 17 Feb 2026 22:53:56 +1100 (AEDT)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 6655283D8A;\n\tTue, 17 Feb 2026 12:53:44 +0100 (CET)","by phobos.denx.de (Postfix, from userid 109)\n id A6B0983AA9; Tue, 17 Feb 2026 12:53:42 +0100 (CET)","from AM0PR83CU005.outbound.protection.outlook.com\n (mail-westeuropeazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c201::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id A33B483C32\n for <u-boot@lists.denx.de>; Tue, 17 Feb 2026 12:53:40 +0100 (CET)","from DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13)\n by DBBPR03MB6761.eurprd03.prod.outlook.com (2603:10a6:10:1f4::8) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9611.16; Tue, 17 Feb\n 2026 11:53:37 +0000","from DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc]) by DB9PR03MB7180.eurprd03.prod.outlook.com\n ([fe80::6fd2:12a9:4423:8ddc%6]) with mapi id 15.20.9611.012; Tue, 17 Feb 2026\n 11:53:37 +0000"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=WJzuTgWHsy50pp3oipS8VED7aAsljCRcpFAYfSS2voXxPWnRz7YrW3gDIcgpTl8bAwD9VwiCbeARi78VmVYBTA4291/QvZRlO56pRIT/mMFibSd7kMGb3xVVKqbwHkDLfevpPgEYbspufYfP3yQVrOP+nI31+pzWWr1EnzRyB9dn/A45amkiveWOMgRoQkUBfo2pP8iRUXYrMWFGLiJl+PeIOO9xrpzNG7O55uDDKRfMTl56ug2bXBhqhlJERx9fLXqVyJnR3YT40TVX18DSZIX/6rB/DbykPnziYXLjbEKidRjev3k1SUidrGZhiXMkdWFN5MRM0MmkXd7gtH+QOg==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=jBwweOlCpZeftZbJuccgdi/1Nkjf80tmWb05ojhdlNM=;\n b=lQ50SC5n3SdOaKvcGLau087w6CKXV1dYY7WAvJYky7KWEF0SS1SShCVmqb1fw1RVYzhkNq7dxevhHevjIUUZqgB4GP1q/dBBqnIOnPa6vldTQo3oOUUugjY5LjeSerdvd1MDa7o1skPEQDr5vPo/0I/wI20xkSezyzxT6AdNur0JygTBV3zTM7cAf4hdr7kZ4D8ZPhMzA10tfzDsU0ab8nuP62JIT2daY1zvf7sBHvrshuVs0XVT6wZ7JE5mSqcHGrqfp402uZnuNt48gtKKYEvjqlg5TqXm/4VggqXng4WHFLBp3VpaEufCrl9GnrCsIYGueAp+59BueD/hg/KFNw==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass\n header.d=mt.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=jBwweOlCpZeftZbJuccgdi/1Nkjf80tmWb05ojhdlNM=;\n b=HmM0nk9tWY7Fd2LTMbJKrtjph9dTiiySg2b6uBLywvQ9FvWP62Hw9qE8sUo+ivmMaHSOxQ+461f6EbcO9639veYbkflevS4b6WFgVw5TsoKOYz4YN/lP3Bc0wRIZBKfgCo3Puq18PfUSrsv6PtogeHC2Y2rzZzb41D6Qmo7mQF+BphA+pgjWShUr+rgffHReRrvKHbVRlH0iQPFN6G2TJGo5SQNrfAwBialpts2Dk8gfyv3dHiA48bvyCz644tyMAdK3As+7LrYQnEmfh11rz2pgVF+wQoa7wt/ePa9y11qenSjQkUufB4FWpwpQzxj7sFhsC00qDwP3Xg8bfF0v1w==","From":"Wojciech Dubowik <Wojciech.Dubowik@mt.com>","To":"u-boot@lists.denx.de","Cc":"Wojciech Dubowik <Wojciech.Dubowik@mt.com>, ilias.apalodimas@linaro.org,\n trini@konsulko.com, simon.glass@canonical.com, quentin.schulz@cherry.de","Subject":"[PATCH v6 1/6] tools: mkeficapsule: Add support for pkcs11","Date":"Tue, 17 Feb 2026 12:53:27 +0100","Message-ID":"<20260217115333.503359-2-Wojciech.Dubowik@mt.com>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<20260217115333.503359-1-Wojciech.Dubowik@mt.com>","References":"<20260217115333.503359-1-Wojciech.Dubowik@mt.com>","Content-Transfer-Encoding":"8bit","Content-Type":"text/plain","X-ClientProxiedBy":"ZR0P278CA0116.CHEP278.PROD.OUTLOOK.COM\n (2603:10a6:910:20::13) To DB9PR03MB7180.eurprd03.prod.outlook.com\n (2603:10a6:10:22d::13)","MIME-Version":"1.0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"DB9PR03MB7180:EE_|DBBPR03MB6761:EE_","X-MS-Office365-Filtering-Correlation-Id":"6ad36f1b-795a-45ef-f67a-08de6e1b2f4b","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|366016|376014|52116014|1800799024|19092799006|7142099003|38350700014;","X-Microsoft-Antispam-Message-Info":"\n dJBQTp0MotqMIM7N+e4AWw+2sIVhMtvY4pffEdTrdctFJMiqnuof0Y0qAYWs4v3vdYdsOCbYO9A4ap6eUUMK0Fp9DIqx3K+2eFa+hiz3sKodR0KD/+5LPmSDe/iPphT5k68jPmrBwUrcuRPCGkB9gAEjQQNSZsj7oyNyg5HiIolnILcgvrNKqfTG9ZZGz2Df7ORlQnjG/JKID94YdL2FEJ6MAwg/4AJCtKuMBVpfFcWhAFi7hbTPP73V50DPpys1kUob7clLgpfA/mwNnuj4EpE9kwJFLisIKSf6jSJzq0vhIX6PKFNcOAgnsP5sFQ3thv0l42o5RRYvVEJH76V4F5gy8lTUttp756Y8onpBysG9QWhheYdZ/S+GXI4u/a2h1o7AQ+x0SZgbWWwT/avCWmbf3TJBZ3Osm3GQck0V0MKaNTfH2l19O+PHEVvjx3sp7I7L/57SnMY+NQARiL0UoHr3FuyviEpERo2VtNi6Olo7vHemkYTjyeH53+V7NpjHYKlR2AuHfPxBRFVR72hGkKnlTIRE6xbYvmo4gZaFnmJVJM3qglFcsJCycmDkgf8eoomlTk37FpapK3EOC6aqVjX/GmKoVjHJYpeErie9h3qbDfqVtXx7GT/cS5Y/CrTkAgRT04w6v4FbebfFilcEvDqi8kjlql6FcdwaMMGSFClzzYVYIAT/fP98uzCDPul4jPz867aKRQJ36CiNXCgIXC5MOpBvFo13pQJhzI4XvIKJBLU/kif1AxxXGGgNNtOiJ0PdBy4eLtcHfCmlO4a1+2ZNw4VVEPjv1Ae4ZEBdmlavQe/EicTpaUvwD4sz0uw28PMVcIygNUFR0l79S8960DhwvhrvM7N76X41NyEvEP/gSE2BrnyzN4YkoeQwRPQomFOznO1YV5agNQDZl59qj0RgqViRsujvwK4w+6PV2vkMcIv9D5PwIocgrR3TcZSvEvLxfNYkKr+reagcz7owLd4Hv+xQrpj4Ecx6/9W17xi9d0n2a6grIC2BR1iJDoDwV/hfQgQ0WlzrTT62r8QNvxeRH4k5vHR4z6OP3U/uUkXjjE1JKShMNqgcxLyPjumnYnVdykU8nIAiJK+3Oen04hwQMZtztcqfIm/8cxdaRS56pn36MyglaOO6FlhcJkqhc2kg4iGuM2ik0287Xvtk4jB1aaG+XscoDsWlOwk447KT1HacUfz/fRfdIsTNGKUZmfHCW16qt8Pw86btztLkoCtEZXXYXeyKlLZb0YfGJYioTNsYSPbQG41WRt5m0ZzZ8Gm45A7sNvlYOw0VbNX7Dvcp46pVGnT0n8U5MWeW+BKNbQ9eUpxD1lUESO8YgUqa65KQ/KsHb6/PbLv40MQP7/3a4bIKxC7nAxo64345LBS+NG+XcvX6/9flWwd18G9HwZ8RT9RRkg6+GdSXBT47uQOoHeTmNSUIilc19MCJX7xYOpTZ9xNkPQbm4kwhOB7ptl3iWrJttrP7GgA0LgVlAcDKA8mXykEJI4sKvIL87OGgwa7yCqV3jyZ4uH7aM9cOjr1B9v5RfdKntvw2T45SZ+rEkPnVClelw8XaURyNylRyOL4NIIgHizaxCsqkCcnJC/qORKDoD1nKbSRa43ss0ZDDLLNb3lmS35r0LR2ubU0=","X-Forefront-Antispam-Report":"CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DB9PR03MB7180.eurprd03.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(366016)(376014)(52116014)(1800799024)(19092799006)(7142099003)(38350700014);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n hRSxhp4BOXrwNyl5zzLnKcwWj2jQ7tCnVIH2EKz4r6ncuhs6TBl/FuQgXVqzrlKuvz59mpbYJrfU63nfKAoZEyI3Ytwy/v6wPxonI2REKe71NCvDZ4NYnqBQaAMFjVf8boOb4lY95Y2j/k2ISVtGqzA6LxrlVGQnRI4JkIEYBqWNuD/JRSkxHHDCqb+t1fsDrUcOaI0KUu3QqpQY4EQhmHkzo1gqy5F8VIMmdHskgtvxpIORqY3Ol1EMylxx6HfeDnkKQFvaK3LEW2YS02W/OiuqsSGKUks3Z1Bvg4Uw9eOnTI/21ER0rymKFrrc1tYsnyUtSzhHP8zJc+k+mE27BULD4q0BQGXE4y+gDl7hdtQAOkk9sOqFe8kDZHWaa3XzVtfTwnCmOamXV3BFvmAD8OFIuqt9nV4ic3+U7N3zHfdhOqR19yQVPkxaHVh2VjEjKrPt4jSz3GOPpDeKMo8Jh0Wb3wP1+GTvpnHRerch+HEaxyPHNUBDk6AFf07UA3tUZ6t7UEfBAhGP9cvpDsBFf6FXgJpIZoelt3OF3SFNjUt0YuQZbEqWmhlJeM5FYp7j1hZWh9aKbfK3U7E3PBttdrk3Wk/LfAdyOo4vMQ4+de1FF2rjU4ZhmVtkY2+UuxEEt2s+YAB9ps6Qh7sgKjTINjKTFHOx5fMkR5biyr6J2fd9Wgs2EiarzHL8TH2F/AWVuk6hSvekquylopLOcvPLV9hFi9D75qutybq1kQOwNuiJKR/swGptZSZ2X9GGlyVQJXeV8WP5D4GzS+ufKpxmYkjXcNtHQ7Ac15NPX5eHoXCJpHZxthSMfyqeYzCxgizPDhLnns8iySVXGVYiQPeCsep/I2wRSAwGubi54WCr/ILx5llU/Cmk8Uxh2lByFKznu4OpnnLOcBhYO3TuslVyelRQXCpmhEZkVk5jv6BtXxQZlgnuLW+nK+vGgsySGBU0PRMaRerAHS4Kp8pfptvAENGnQ7mjXDjp6FO0VJitmumFxon2be7MzdcnEpz1tfQh2YiHQbveMBYRSWY02rXX8C6EJ1mglG3LM62PUUkv6sk7fNrFUFjfsOmK9iCIaXBtyNNF6zS6tM1jrdG9WMiNLWCghensiS7h+JbD6sYaIxMmeyu0vKvgATAu4k1Ysji0N3y5FGCdfTBTVSmx2AUiizNZmHRKDfg/KmpGD66elnJMs5l5kz5GRwNsRxe4Nih8lOuHOiJO08lwoS1BcfvumqfaA16fLRzHswGdHYxQ0LssoSIxHh87JZoujoe9Ws8iYvH6t3OmoiPTxLKHUO02cldu97hrr8SMfpWsiLzPobqYrPe6umw+AlYyKqDPh52hJ/zZphQHqVOjwsnF5jp8eksfkIiiRWuH7xovb23Fz2MrNew0bbvOVGubOwWQOM+F+GyOWCsI03kpYP6IcyyT/nxNOkrFYldgutfJhSpLvO6mQEdA5Tkv2rU+fbyy7tCZaHP0CWgkoXK0w52Mp2DvYcb+uVKm/OqbDIvxtN2V9ZcrdFYv1hSFoSqufQ41QyZkVEecTf00aSVm9Szpi2SAVhmvuNSDXQKr6M8cq0WM8ukL7e0WX3t3SgpsaD6CicFDPZ4RnW5Ms/opIFHXMZMdQzKTnx1+9naFDlflHTwfUrSCEH5sBr+WlixtRZ1vGpER1mravHXCA9u1Lc71M7USyl+OGmWhOT2zq5WEiv1OFRrSuFf1Fb3wGx/2qLFbsn7ZU0ges6oXtoExXfsnIccm2w==","X-OriginatorOrg":"mt.com","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n 6ad36f1b-795a-45ef-f67a-08de6e1b2f4b","X-MS-Exchange-CrossTenant-AuthSource":"DB9PR03MB7180.eurprd03.prod.outlook.com","X-MS-Exchange-CrossTenant-AuthAs":"Internal","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"17 Feb 2026 11:53:37.0683 (UTC)","X-MS-Exchange-CrossTenant-FromEntityHeader":"Hosted","X-MS-Exchange-CrossTenant-Id":"fb4c0aee-6cd2-482f-a1a5-717e7c02496b","X-MS-Exchange-CrossTenant-MailboxType":"HOSTED","X-MS-Exchange-CrossTenant-UserPrincipalName":"\n LPyyRf6k6ZaF0emcBC/RDkuXt5MgSTyjQbMZs/i9yBzDf51ggs0do60hc9T0Slx7AnMNJYoUFDtnqiOQ2zqUpQ==","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"DBBPR03MB6761","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"With pkcs11 support it's now possible to specify keys\nwith URI format. To use this feature the filename must\nbegin \"pkcs11:..\" and have valid URI pointing to certificate\nand private key in HSM.\n\nThe environment variable PKCS11_MODULE_PATH must point to the\nright pkcs11 provider i.e. with softhsm:\nexport PKCS11_MODULE_PATH=<path>/libsofthsm2.so\n\nExample command line:\ntools/mkeficapsule --monotonic-count 1 \\\n --private-key \"pkcs11:token=EX;object=capsule;type=private;pin-source=pin.txt\" \\\n --certificate \"pkcs11:token=EX;object=capsule;type=cert;pin-source=pin.txt\" \\\n --index 1 \\\n --guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX \\\n \"capsule-payload\" \\\n \"capsule.cap\"\n\nSigned-off-by: Wojciech Dubowik <Wojciech.Dubowik@mt.com>\nReviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>\n---\n tools/mkeficapsule.c | 110 +++++++++++++++++++++++++++++++++----------\n 1 file changed, 84 insertions(+), 26 deletions(-)","diff":"diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c\nindex 0f41cdb64f54..a0ee76295a1a 100644\n--- a/tools/mkeficapsule.c\n+++ b/tools/mkeficapsule.c\n@@ -228,21 +228,54 @@ static int create_auth_data(struct auth_context *ctx)\n \tgnutls_pkcs7_t pkcs7;\n \tgnutls_datum_t data;\n \tgnutls_datum_t signature;\n+\tgnutls_pkcs11_obj_t *obj_list;\n+\tunsigned int obj_list_size = 0;\n+\tconst char *lib;\n \tint ret;\n+\tbool pkcs11_cert = false;\n+\tbool pkcs11_key = false;\n \n-\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n-\tif (ret < 0)\n-\t\treturn -1;\n-\tif (file_size > UINT_MAX)\n-\t\treturn -1;\n-\tcert.size = file_size;\n+\tif (!strncmp(ctx->cert_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n+\t\tpkcs11_cert = true;\n \n-\tret = read_bin_file(ctx->key_file, &key.data, &file_size);\n-\tif (ret < 0)\n-\t\treturn -1;\n-\tif (file_size > UINT_MAX)\n-\t\treturn -1;\n-\tkey.size = file_size;\n+\tif (!strncmp(ctx->key_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n+\t\tpkcs11_key = true;\n+\n+\tif (pkcs11_cert || pkcs11_key) {\n+\t\tlib = getenv(\"PKCS11_MODULE_PATH\");\n+\t\tif (!lib) {\n+\t\t\tfprintf(stdout,\n+\t\t\t\t\"PKCS11_MODULE_PATH not set in the environment\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tgnutls_pkcs11_init(GNUTLS_PKCS11_FLAG_MANUAL, NULL);\n+\t\tgnutls_global_init();\n+\n+\t\tret = gnutls_pkcs11_add_provider(lib, \"trusted\");\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stdout, \"Failed to add pkcs11 provider\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\t}\n+\n+\tif (!pkcs11_cert) {\n+\t\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n+\t\tif (ret < 0)\n+\t\t\treturn -1;\n+\t\tif (file_size > UINT_MAX)\n+\t\t\treturn -1;\n+\t\tcert.size = file_size;\n+\t}\n+\n+\tif (!pkcs11_key) {\n+\t\tret = read_bin_file(ctx->key_file, &key.data, &file_size);\n+\t\tif (ret < 0)\n+\t\t\treturn -1;\n+\t\tif (file_size > UINT_MAX)\n+\t\t\treturn -1;\n+\t\tkey.size = file_size;\n+\t}\n \n \t/*\n \t * For debugging,\n@@ -265,22 +298,42 @@ static int create_auth_data(struct auth_context *ctx)\n \t\treturn -1;\n \t}\n \n-\t/* load a private key */\n-\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n-\t\t\t\t\t     0, 0);\n-\tif (ret < 0) {\n-\t\tfprintf(stderr,\n-\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n-\t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t/* load x509 certificate */\n+\tif (pkcs11_cert) {\n+\t\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n+\t\t\t\t\t\t\t ctx->cert_file, 0);\n+\t\tif (ret < 0 || obj_list_size == 0) {\n+\t\t\tfprintf(stdout, \"Failed to import crt_file URI objects\\n\");\n+\t\t\treturn -1;\n+\t\t}\n+\n+\t\tgnutls_x509_crt_import_pkcs11(x509, obj_list[0]);\n+\t} else {\n+\t\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n-\t/* load x509 certificate */\n-\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n-\tif (ret < 0) {\n-\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n-\t\t\tgnutls_strerror(ret));\n-\t\treturn -1;\n+\t/* load a private key */\n+\tif (pkcs11_key) {\n+\t\tret = gnutls_privkey_import_pkcs11_url(pkey, ctx->key_file);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr, \"error in %d: %s\\n\", __LINE__,\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n+\t} else {\n+\t\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n+\t\t\t\t\t\t     0, 0);\n+\t\tif (ret < 0) {\n+\t\t\tfprintf(stderr,\n+\t\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n+\t\t\t\tgnutls_strerror(ret));\n+\t\t\treturn -1;\n+\t\t}\n \t}\n \n \t/* generate a PKCS #7 structure */\n@@ -349,6 +402,11 @@ static int create_auth_data(struct auth_context *ctx)\n \t *   gnutls_free(signature.data);\n \t */\n \n+\tif (pkcs11_cert || pkcs11_key) {\n+\t\tgnutls_global_deinit();\n+\t\tgnutls_pkcs11_deinit();\n+\t}\n+\n \treturn 0;\n }\n \n","prefixes":["v6","1/6"]}