diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-30 13:51:33 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-11-03 16:10:57 +0000 |
| commit | 418b2e12b5d589f81987ccdaae09b4cc33384ee6 (patch) | |
| tree | 1521ddaa1154377e2a1041783684a746a9cb2777 /lib | |
| parent | 00ae9ab6d51929b17c43e1424b434a951a59bd58 (diff) | |
| download | gnutls-418b2e12b5d589f81987ccdaae09b4cc33384ee6.tar.gz | |
tests: added PKCS#11 module loading test
This checks:
1. Whether all modules are loaded from p11-kit when
no explicit gnutls_pkcs11_init() is called and
pkcs11 calls are accessed.
2. Whether only the trusted modules are loaded from
p11-kit and no other PKCS#11 calls than PKCS#11
cert validation is performed.
3. Whether the trusted modules are loaded when
gnutls_pkcs11_init() is called with manual
flag.
Resolves #315
Resolves #316
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libgnutls.map | 1 | ||||
| -rw-r--r-- | lib/pkcs11.c | 41 |
2 files changed, 37 insertions, 5 deletions
diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 43a6b13212..16c582c6f6 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1241,6 +1241,7 @@ GNUTLS_PRIVATE_3_4 { _gnutls_mpi_log; _gnutls_mpi_release; # Internal symbols needed by tests/: + _gnutls_pkcs11_token_get_url; _gnutls_pkcs12_string_to_key; _gnutls_bin2hex; _gnutls_mac_to_entry; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index ceb05bbe8d..5955f19c61 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -2192,11 +2192,18 @@ find_token_modname_cb(struct ck_function_list *module, struct pkcs11_session_inf return 0; } +/* Internal symbol used by tests */ +int +_gnutls_pkcs11_token_get_url(unsigned int seq, + gnutls_pkcs11_url_type_t detailed, char **url, + unsigned flags); + /** - * gnutls_pkcs11_token_get_url: + * _gnutls_pkcs11_token_get_url: * @seq: sequence number starting from 0 * @detailed: non zero if a detailed URL is required * @url: will contain an allocated url + * @flags: zero or 1. When 1 no initialization is performed. * * This function will return the URL for each token available * in system. The url has to be released using gnutls_free() @@ -2205,16 +2212,18 @@ find_token_modname_cb(struct ck_function_list *module, struct pkcs11_session_inf * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if the sequence number * exceeds the available tokens, otherwise a negative error value. * - * Since: 2.12.0 **/ int -gnutls_pkcs11_token_get_url(unsigned int seq, - gnutls_pkcs11_url_type_t detailed, char **url) +_gnutls_pkcs11_token_get_url(unsigned int seq, + gnutls_pkcs11_url_type_t detailed, char **url, + unsigned flags) { int ret; struct find_token_num tn; - PKCS11_CHECK_INIT; + if (!(flags & 1)) { + PKCS11_CHECK_INIT; + } memset(&tn, 0, sizeof(tn)); tn.seq = seq; @@ -2239,6 +2248,28 @@ gnutls_pkcs11_token_get_url(unsigned int seq, } /** + * gnutls_pkcs11_token_get_url: + * @seq: sequence number starting from 0 + * @detailed: non zero if a detailed URL is required + * @url: will contain an allocated url + * + * This function will return the URL for each token available + * in system. The url has to be released using gnutls_free() + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if the sequence number + * exceeds the available tokens, otherwise a negative error value. + * + * Since: 2.12.0 + **/ +int +gnutls_pkcs11_token_get_url(unsigned int seq, + gnutls_pkcs11_url_type_t detailed, char **url) +{ + return _gnutls_pkcs11_token_get_url(seq, detailed, url, 0); +} + +/** * gnutls_pkcs11_token_get_info: * @url: should contain a PKCS 11 URL * @ttype: Denotes the type of information requested |