[Openvpn-devel] [PATCH 2/3] use new pkcs11-helper provider interface

[Marc Becker via Openvpn-devel]

split provider creation, property modifications and initialization.
new interface available since pkcs11-helper v1.28
---
 src/openvpn/pkcs11.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index b6ceb582..6ef26eb0 100644
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -396,6 +396,40 @@ pkcs11_addProvider(
         provider
         );

+#if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0))
+    if ((rv = pkcs11h_registerProvider(provider)) != CKR_OK
+        || (rv = pkcs11h_setProviderProperty(provider, 
PKCS11H_PROVIDER_PROPERTY_LOCATION, provider, strlen(provider) + 1)) != 
CKR_OK)
+    {
+        msg(M_WARN, "PKCS#11: Cannot create provider '%s' %ld-'%s'", 
provider, rv, pkcs11h_getMessage(rv));
+    }
+    else
+    {
+        PKCS11H_BOOL allow_protected_auth = protected_auth;
+        PKCS11H_BOOL cert_is_private = cert_private;
+
+        if (allow_protected_auth
+            && (rv = pkcs11h_setProviderProperty(provider, 
PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, 
sizeof(allow_protected_auth))) != CKR_OK)
+        {
+            msg(M_WARN, "PKCS#11: Cannot enable protected 
authentication '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
+        }
+        if (private_mode != PKCS11H_PRIVATEMODE_MASK_AUTO
+            && (rv = pkcs11h_setProviderProperty(provider, 
PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &private_mode, 
sizeof(private_mode))) != CKR_OK)
+        {
+            msg(M_WARN, "PKCS#11: Cannot private mode '%s' %ld-'%s'", 
provider, rv, pkcs11h_getMessage(rv));
+        }
+        if (cert_is_private
+            && (rv = pkcs11h_setProviderProperty(provider, 
PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, 
sizeof(cert_is_private))) != CKR_OK)
+        {
+            msg(M_WARN, "PKCS#11: Cannot set provider properties '%s' 
%ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
+        }
+
+        if ((rv = pkcs11h_initializeProvider(provider)) != CKR_OK)
+        {
+            pkcs11h_removeProvider(provider);
+        }
+    }
+    if (rv != CKR_OK)
+#else
     if (
         (rv = pkcs11h_addProvider(
              provider,
@@ -407,6 +441,7 @@ pkcs11_addProvider(
              cert_private
              )) != CKR_OK
         )
+#endif
     {
         msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' 
%ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
     }
--
2.38.1.windows.1


_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel