Skip to content

Commit

Permalink
use new pkcs11-helper interface to add providers
Browse files Browse the repository at this point in the history 
The new interface in  pkcs11-helper 1.28 allows decoupling of provider
registration and initialization.
This allows modifying more (and future) properties apart from the
6 fixed ones supported as arguments to pkcs11h_addProvider().

With the new interface it is easier to see (from a code perspective)
which option is set to which value.
It's also not necessary to supply values for built-in defaults:
- slot_event_method=PKCS11H_SLOTEVENT_METHOD_AUTO
- slot_poll_interval=0

Signed-off-by: Marc Becker <[email protected]>
Acked-by: Selva Nair <[email protected]>
Message-Id: <[email protected]>
URL: https://www.mail-archive.com/[email protected]/msg25643.html
Signed-off-by: Gert Doering <[email protected]>
  • Loading branch information
@astos-marcb @cron2
astos-marcb authored and cron2 committed Dec 15, 2022
1 parent 8958a36 commit 45d9b02
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions src/openvpn/pkcs11.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -396,6 +396,38 @@ pkcs11_addProvider(
provider
);

#if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0))
if ((rv = pkcs11h_registerProvider(provider)) != CKR_OK)
{
msg(M_WARN, "PKCS#11: Cannot register provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
}
else
{
PKCS11H_BOOL allow_protected_auth = protected_auth;
PKCS11H_BOOL cert_is_private = cert_private;

rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOCATION, provider, strlen(provider) + 1);

if (rv == CKR_OK)
{
rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, sizeof(allow_protected_auth));
}
if (rv == CKR_OK)
{
rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &private_mode, sizeof(private_mode));
}
if (rv == CKR_OK)
{
rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private));
}

if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK)
{
msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
pkcs11h_removeProvider(provider);
}
}
#else /* if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) */
if (
(rv = pkcs11h_addProvider(
provider,
Expand All @@ -410,6 +442,7 @@ pkcs11_addProvider(
{
msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
}
#endif /* if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) */

dmsg(
D_PKCS11_DEBUG,
Expand Down

0 comments on commit 45d9b02

Please sign in to comment.