use new pkcs11-helper interface to add providers
The new interface in pkcs11-helper 1.28 allows decoupling of provider
registration and initialization.
This allows modifying more (and future) properties apart from the
6 fixed ones supported as arguments to pkcs11h_addProvider().
With the new interface it is easier to see (from a code perspective)
which option is set to which value.
It's also not necessary to supply values for built-in defaults:
- slot_event_method=PKCS11H_SLOTEVENT_METHOD_AUTO
- slot_poll_interval=0
Signed-off-by: Marc Becker <marc.becker@astos.de>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20221211191403.805-1-marc.becker@astos.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25643.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 45d9b0210a22353e587c29c5d3c3990346a4a189)
Marc Becker authored on 2022/12/12 04:14:03Showing 1 changed files
| ... | ... |
@@ -396,6 +396,38 @@ pkcs11_addProvider( |
| 396 | 396 |
provider |
| 397 | 397 |
); |
| 398 | 398 |
|
| 399 |
+#if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) |
|
| 400 |
+ if ((rv = pkcs11h_registerProvider(provider)) != CKR_OK) |
|
| 401 |
+ {
|
|
| 402 |
+ msg(M_WARN, "PKCS#11: Cannot register provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); |
|
| 403 |
+ } |
|
| 404 |
+ else |
|
| 405 |
+ {
|
|
| 406 |
+ PKCS11H_BOOL allow_protected_auth = protected_auth; |
|
| 407 |
+ PKCS11H_BOOL cert_is_private = cert_private; |
|
| 408 |
+ |
|
| 409 |
+ rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOCATION, provider, strlen(provider) + 1); |
|
| 410 |
+ |
|
| 411 |
+ if (rv == CKR_OK) |
|
| 412 |
+ {
|
|
| 413 |
+ rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, sizeof(allow_protected_auth)); |
|
| 414 |
+ } |
|
| 415 |
+ if (rv == CKR_OK) |
|
| 416 |
+ {
|
|
| 417 |
+ rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &private_mode, sizeof(private_mode)); |
|
| 418 |
+ } |
|
| 419 |
+ if (rv == CKR_OK) |
|
| 420 |
+ {
|
|
| 421 |
+ rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private)); |
|
| 422 |
+ } |
|
| 423 |
+ |
|
| 424 |
+ if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK) |
|
| 425 |
+ {
|
|
| 426 |
+ msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); |
|
| 427 |
+ pkcs11h_removeProvider(provider); |
|
| 428 |
+ } |
|
| 429 |
+ } |
|
| 430 |
+#else /* if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) */ |
|
| 399 | 431 |
if ( |
| 400 | 432 |
(rv = pkcs11h_addProvider( |
| 401 | 433 |
provider, |
| ... | ... |
@@ -410,6 +442,7 @@ pkcs11_addProvider( |
| 410 | 410 |
{
|
| 411 | 411 |
msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); |
| 412 | 412 |
} |
| 413 |
+#endif /* if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) */ |
|
| 413 | 414 |
|
| 414 | 415 |
dmsg( |
| 415 | 416 |
D_PKCS11_DEBUG, |