Re: [Openvpn-devel] [PATCH v3 3/3] special handling for PKCS11 providers on win32

Wed, 14 Dec 2022 07:49:34 -0800 

Hi,

On Sun, Dec 11, 2022 at 3:01 PM Marc Becker via Openvpn-devel <
openvpn-devel@lists.sourceforge.net> wrote:

> Change win32 dynamic loader behavior when supplying an absolute path.
> The DLL location is considered/preferred to resolve dependencies.
> Support in pkcs11-helper for loader flag is detected at compile time.
>
> 3rd party DLLs and additional dependencies do no longer need to be moved
> to the OpenVPN directory or require changes to %PATH% configuration.
>
> Signed-off-by: Marc Becker <marc.bec...@astos.de>
> ---
>  src/openvpn/pkcs11.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
> index b74ac8f4..aa027337 100644
> --- a/src/openvpn/pkcs11.c
> +++ b/src/openvpn/pkcs11.c
> @@ -420,6 +420,13 @@ pkcs11_addProvider(
>          {
>              rv = pkcs11h_setProviderProperty(provider,
> PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private,
> sizeof(cert_is_private));
>          }
> +#if defined(WIN32) && defined(PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS)
> +        if (rv == CKR_OK && platform_absolute_pathname(provider))
> +        {
> +            unsigned loader_flags = LOAD_LIBRARY_SEARCH_DEFAULT_DIRS |
> LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR;
> +            rv = pkcs11h_setProviderProperty(provider,
> PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS, &loader_flags,
> sizeof(loader_flags));
> +        }
> +#endif
>
>          if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider))
> != CKR_OK)
>          {
>

This requires a proposed change to pkcs11-helper which I believe will be
merged upstream -- Alon has closed the PR with a positive remark which
usually means change accepted, but not sure when it will land in the repo.
So, I have only stared at the code and it looks good to me: doesn't break
current builds and should add provider path to dll search path on Windows
when upstream gets updated (or if/when we locally patch pkcs11-helper)

Acked-by: Selva Nair <selva.n...@gmail.com>

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel























					Reply via email to