[gnutls-devel] GnuTLS | GNUTLS_PKCS11_TOKEN_MODNAME is unavailable when a provider is manually loaded (#633)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Nov 30 18:53:24 CET 2018


I think I found the problem. `p11_kit_config_option(module, "module")` returns the value of the `module` option in the p11-kit configuration file. When autoloading is enabled, the module gains its name from the configuration file:
```
# /usr/share/p11-kit/modules/p11-kit-trust.module
module: p11-kit-trust.so
# /usr/share/p11-kit/modules/softhsm2.module
module: /usr/lib/softhsm/libsofthsm2.so
```

When loading from file, of course no module configuration file is available. Proposal:
- Add a new `GNUTLS_PKCS11_TOKEN_MODULE_NAME` type that returns the value of [p11_kit_module_get_name][1]. Examples: `p11-kit-trust` or `softhsm2`
- Add a new `GNUTLS_PKCS11_TOKEN_MODULE_FILENAME` type that returns the value of [p11_kit_module_get_filename][2]. Examples: `/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so` or `/usr/lib/softhsm/libsofthsm2.so`
- Deprecate the `GNUTLS_PKCS11_TOKEN_MODNAME` (and make it an alias of `GNUTLS_PKCS11_TOKEN_MODULE_NAME`). Reason for deprecation is because it has bugs (this one and the truncation and NULL crash issue fixed by !827).
- (Add tests that check that all fields are NULL)

Alternatively:
- Keep the `GNUTLS_PKCS11_TOKEN_MODNAME` type which uses [p11_kit_module_get_name][1].
- Add a new `GNUTLS_PKCS11_TOKEN_MODPATH` type which uses [p11_kit_module_get_filename][2].

What do you think? This would likely be a continuation of !827 (it touches similar code). Should I add these changes to that PR?

 [1]: https://p11-glue.github.io/p11-glue/p11-kit/manual/p11-kit-Modules.html#p11-kit-module-get-name
 [2]: https://p11-glue.github.io/p11-glue/p11-kit/manual/p11-kit-Modules.html#p11-kit-module-get-filename

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/633#note_121461229
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181130/46ecd25d/attachment.html>


More information about the Gnutls-devel mailing list