@@ -396,6 +396,40 @@ pkcs11_addProvider(
provider
);
+#if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0))
+ if ((rv = pkcs11h_registerProvider(provider)) != CKR_OK
+ || (rv = pkcs11h_setProviderProperty(provider,
PKCS11H_PROVIDER_PROPERTY_LOCATION, provider, strlen(provider) + 1)) !=
CKR_OK)
+ {
+ msg(M_WARN, "PKCS#11: Cannot create provider '%s' %ld-'%s'",
provider, rv, pkcs11h_getMessage(rv));
+ }
+ else
+ {
+ PKCS11H_BOOL allow_protected_auth = protected_auth;
+ PKCS11H_BOOL cert_is_private = cert_private;
+
+ if (allow_protected_auth
+ && (rv = pkcs11h_setProviderProperty(provider,
PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth,
sizeof(allow_protected_auth))) != CKR_OK)
+ {
+ msg(M_WARN, "PKCS#11: Cannot enable protected
authentication '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
+ }
+ if (private_mode != PKCS11H_PRIVATEMODE_MASK_AUTO
+ && (rv = pkcs11h_setProviderProperty(provider,
PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &private_mode,
sizeof(private_mode))) != CKR_OK)
+ {
+ msg(M_WARN, "PKCS#11: Cannot private mode '%s' %ld-'%s'",
provider, rv, pkcs11h_getMessage(rv));
+ }
+ if (cert_is_private
+ && (rv = pkcs11h_setProviderProperty(provider,
PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private,
sizeof(cert_is_private))) != CKR_OK)
+ {
+ msg(M_WARN, "PKCS#11: Cannot set provider properties '%s'
%ld-'%s'", provider, rv, pkcs11h_getMessage(rv));
split provider creation, property modifications and initialization. new interface available since pkcs11-helper v1.28 --- src/openvpn/pkcs11.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) + } + + if ((rv = pkcs11h_initializeProvider(provider)) != CKR_OK) + { + pkcs11h_removeProvider(provider); + } + } + if (rv != CKR_OK) +#else if ( (rv = pkcs11h_addProvider( provider, @@ -407,6 +441,7 @@ pkcs11_addProvider( cert_private )) != CKR_OK ) +#endif { msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); }