From patchwork Wed Dec 7 00:59:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Becker X-Patchwork-Id: 2889 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp2609490qtb; Tue, 6 Dec 2022 17:10:01 -0800 (PST) X-Google-Smtp-Source: AA0mqf4Z7wbyW2SMav9ZnyTWJi/ExwFXZSyZaDeOzPonn+P47QGmemm01zk0b2k9GxInh1AicXjj X-Received: by 2002:a17:902:8ec3:b0:186:e68a:9aa8 with SMTP id x3-20020a1709028ec300b00186e68a9aa8mr86781543plo.104.1670375401245; Tue, 06 Dec 2022 17:10:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670375401; cv=none; d=google.com; s=arc-20160816; b=0Ay8EznXiVpoFvVXqijFey2NU7pwotqkk/coA5xCeazBqhiUutLbsJ1TOGhDoLYERm /HH1vtQnFPJz6J5Yd8RXpNbsgH/nF4YkK4U9WZWhU0poZXLW7L5pjgQzYDxQy4niWRws UQey4JloHAHP5LLuIJPxaa6bxr7LEj+U6L+9gTKWLt8deqLE93XjAuzZihADBdOxEVG6 NILz1JqKPNgD5PBsnRYjhprSm1mPjqDv4CYOZ0/YbAW5Lil70BAITICj+hNbDxehR4ag utIQ7wpDf8amCPGCSQjz9C7SqrlXtpUhekar5ocFwi+YBJq2odZcskoWEAyFLrge0fuq yf/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:in-reply-to:references:to:content-language :mime-version:date:message-id:dkim-signature:dkim-signature; bh=bfddL0dyJgA31DUIWOxDz+eVDrXGOEfPhh70K7AKu7Q=; b=nxuPhMuGUJvyxd7AALOnqged+utu1/KcKrbThDw1Mebx4ycZXveblCnKwgXWBuSUgj ELSl/TTIV7Sj8YggGy90PW5T/OmGDvgspJy0TMlXBoM2FwnaRuJ3g1hiWHtmIj+UWXhb VG1vlaI49/6+RjXiI5xjPVNqt/F5uTMajSfqVnCuxcShCuMlE6mKRjg4gHwu+mjJOUmO OfNou5m59MrK15dAMnWwzbLp9ogOuz6ntNsgL9kaT7IexONQMqCncqYJfP0vSkjhuEk1 wgrhzlsWzLmCVSa9QKRzydB3Y9hIID/ua7OkKHxeVVc5qi/Y5fCEy5Kru23BgSHmNhhB kexw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=e8tLIbwP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=F6NIuVGn; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d25-20020aa797b9000000b00576b089cc3esi9642550pfq.159.2022.12.06.17.10.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Dec 2022 17:10:01 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=e8tLIbwP; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=F6NIuVGn; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2ivw-0000yG-Ff; Wed, 07 Dec 2022 01:09:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2ivl-0000xg-8H for openvpn-devel@lists.sourceforge.net; Wed, 07 Dec 2022 01:09:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: References:To:From:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=k54VxrTmcFstBfjRVE9ELGeI7LF4lQBBLYDmU8pBC8w=; b=e8tLIbwPmEHSJu9lUp/+UmR4+A jjxdt+hWAflFkph2LWkzMYbGoHhwK3+r7VRLkQrRnzgPi1+PqI57A85nC8vOax9MZmggCwkJRXKK7 lm5DaW2pGWF1LVPS2F8EihySxSvak/ghQv/2g7Am+AT0leMLbRS6VlcVRNOSkuEJXuaI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:To:From: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=k54VxrTmcFstBfjRVE9ELGeI7LF4lQBBLYDmU8pBC8w=; b=F6NIuVGnYYeslGfWdXjQ710KoQ Id/tDrC9lfHddKMIUBp0mDQiqVj9e/EBH32Bu6snGFj/bbMJALGIRg1BsuIyobFKuJoR7kuolg3kq w7zyl1fSUdM6aUejAjOP9rUBTdnTsT1ANLzNc2Ym+bigO9h0p9XYuTMe00ei6u5o3DGs=; Received: from mail.astos.de ([217.110.68.46]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p2ivk-008aho-Dm for openvpn-devel@lists.sourceforge.net; Wed, 07 Dec 2022 01:09:01 +0000 Message-ID: Date: Wed, 7 Dec 2022 01:59:34 +0100 MIME-Version: 1.0 Content-Language: de-DE, en-US To: openvpn-devel@lists.sourceforge.net References: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> In-Reply-To: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: --- src/openvpn/pkcs11.c | 12 + 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 507af17c..b6ceb582 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -853,17 +853,7 @@ show_pkcs11_ids( goto cleanup; } Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1p2ivk-008aho-Dm Subject: [Openvpn-devel] [PATCH 1/3] unify code paths for loading PKCS11 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Marc Becker via Openvpn-devel From: Marc Becker Reply-To: Marc Becker Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751515556586827799?= X-GMAIL-MSGID: =?utf-8?q?1751515556586827799?= --- src/openvpn/pkcs11.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) provider, rv, pkcs11h_getMessage(rv)); goto cleanup; diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 507af17c..b6ceb582 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -853,17 +853,7 @@ show_pkcs11_ids( goto cleanup; } - if ( - (rv = pkcs11h_addProvider( - provider, - provider, - TRUE, - 0, - FALSE, - 0, - cert_private ? TRUE : FALSE - )) != CKR_OK - ) + if (!pkcs11_addProvider(provider, TRUE, 0, cert_private ? TRUE : FALSE)) { msg(M_FATAL, "PKCS#11: Cannot add provider '%s' %ld-'%s'", From patchwork Wed Dec 7 01:08:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Becker X-Patchwork-Id: 2888 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp2609327qtb; Tue, 6 Dec 2022 17:09:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf7GN6fTiv00luPx11YzW0XIux5VTmPiQogiSM07nr1aABD2Y6l7wVoXwu/lKQ0/ZXYHjrQh X-Received: by 2002:a65:4d43:0:b0:470:8e8a:e7fe with SMTP id j3-20020a654d43000000b004708e8ae7femr68731355pgt.215.1670375368412; Tue, 06 Dec 2022 17:09:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670375368; cv=none; d=google.com; s=arc-20160816; b=NMTbFR82eL7BKOLWiGZFA94TFJjza2O0uJxDNP7Q9oPu2u7cragKecDmnACuihMDuk IZaLotzxSWlNx2QCdbujXM7vAKw4RHY6YLaTRrczQH7LbpWJfvZdiHc/Nzb5avOCMfGC RixvO39Y6vS50p32qC4E6CcoMgU5g9g4u3f4qA4HvVkGTnNit0ZZ8AxAM5lMgKC30OPH 34zC9AwtDksn8CUVxbXdERJqAAsIkHQbei2K3qgH4YIm7ZBpDKf4yWReRS+XQj/XojhG Qnc7Bv31crCA5paw2Ws6Pm1vOFbq0j1git1zAiuqCR/44Wkkaum0rfldNUY+kMVYL5ck oUSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:in-reply-to:references:to:content-language :mime-version:date:message-id:dkim-signature:dkim-signature; bh=OAzAe57FIzaKTiHgiQeLNNC31AXI76U51G8+dg/5Vso=; b=ceK3jEonGFzvuCDlR1Ebs91Rm7Nw9Lilz50W6mRoJLL9gDwjawRI3sum2FZkgByqd8 HPLRnOx2C/5bpxaJ6aIFKxiowYKNVWsOLP4nAcuC2+mqo0y04az9oyECvf/GDDnr51BL szj4y0+IvkNq/R8PyQCfClvfn/6f3MfxihB5hSTBMAb/j3Q9nRupgoJktgpZAyYzb2u9 p6NfqzK6VC7NWUEjkZACWmK9jYvi55S4n7setvXKEJQFBHPvlJnEft8A3ZtHMYYtqNn8 a2FYG0Iy3hdn6gAD8QL/tJDLw0Vr85BVvvduKOGR+q6EkZDTZTLmHl5yo07zn2BjKXFj GcDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=i+VGW1Fp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ci0SWYm1; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id d11-20020a65588b000000b00477e3b523c4si18531507pgu.226.2022.12.06.17.09.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Dec 2022 17:09:28 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=i+VGW1Fp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=ci0SWYm1; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2ivD-0000wV-2I; Wed, 07 Dec 2022 01:08:27 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2ivA-0000wL-T5 for openvpn-devel@lists.sourceforge.net; Wed, 07 Dec 2022 01:08:24 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: References:To:From:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=mocKq+28uiAm37pBVagRh/e4YurNRG51kvlBF1mOIvU=; b=i+VGW1Fpm5gVAbmZ5u+7508t2B fQCBiaSUuRje06sdtHdaiTpgG1RhD0+czJVxR0Z9roy2t77I5fR3bENskyjNA5Oe4cJ38oquCM7ud SQqwKIA34y4ylheL0nBVxH3+6IrZCCEQMOQX+csskeLOuI0hziV+sBqzJmdG3U3bRhr8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:To:From: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=mocKq+28uiAm37pBVagRh/e4YurNRG51kvlBF1mOIvU=; b=ci0SWYm1n5SqLjg9S/gnKdmwZl WEHlegb4iKAWwn3WthDJBQdYAHPajzyTWcZ1Dm3dLHDABzPiG7Jmq11g/CA9ue5llxlREKpIwhAA1 O2sXfyNgv8Jn9LZx6ft4Pwi1zZKT1AI8uIPRwfpYk8DosI5fdr0miL84pOL/lBm4Z0Is=; Received: from mail.astos.de ([217.110.68.46]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p2iv6-008agi-8N for openvpn-devel@lists.sourceforge.net; Wed, 07 Dec 2022 01:08:24 +0000 Message-ID: <707e6961-f15f-5500-3a6c-c6d0b5c8f051@astos.de> Date: Wed, 7 Dec 2022 02:08:11 +0100 MIME-Version: 1.0 Content-Language: de-DE, en-US To: openvpn-devel@lists.sourceforge.net References: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> In-Reply-To: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: split provider creation, property modifications and initialization. new interface available since pkcs11-helper v1.28 --- src/openvpn/pkcs11.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1p2iv6-008agi-8N Subject: [Openvpn-devel] [PATCH 2/3] use new pkcs11-helper provider interface X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Marc Becker via Openvpn-devel From: Marc Becker Reply-To: Marc Becker Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751515522178823663?= X-GMAIL-MSGID: =?utf-8?q?1751515522178823663?= split provider creation, property modifications and initialization. new interface available since pkcs11-helper v1.28 --- src/openvpn/pkcs11.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) + } + + if ((rv = pkcs11h_initializeProvider(provider)) != CKR_OK) + { + pkcs11h_removeProvider(provider); + } + } + if (rv != CKR_OK) +#else if ( (rv = pkcs11h_addProvider( provider, @@ -407,6 +441,7 @@ pkcs11_addProvider( cert_private )) != CKR_OK ) +#endif { msg(M_WARN, "PKCS#11: Cannot initialize provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); } diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index b6ceb582..6ef26eb0 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -396,6 +396,40 @@ pkcs11_addProvider( provider ); +#if PKCS11H_VERSION >= ((1<<16) | (28<<8) | (0<<0)) + if ((rv = pkcs11h_registerProvider(provider)) != CKR_OK + || (rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOCATION, provider, strlen(provider) + 1)) != CKR_OK) + { + msg(M_WARN, "PKCS#11: Cannot create provider '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); + } + else + { + PKCS11H_BOOL allow_protected_auth = protected_auth; + PKCS11H_BOOL cert_is_private = cert_private; + + if (allow_protected_auth + && (rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, sizeof(allow_protected_auth))) != CKR_OK) + { + msg(M_WARN, "PKCS#11: Cannot enable protected authentication '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); + } + if (private_mode != PKCS11H_PRIVATEMODE_MASK_AUTO + && (rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE, &private_mode, sizeof(private_mode))) != CKR_OK) + { + msg(M_WARN, "PKCS#11: Cannot private mode '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); + } + if (cert_is_private + && (rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private))) != CKR_OK) + { + msg(M_WARN, "PKCS#11: Cannot set provider properties '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); From patchwork Wed Dec 7 01:10:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Becker X-Patchwork-Id: 2890 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp2609947qtb; Tue, 6 Dec 2022 17:11:24 -0800 (PST) X-Google-Smtp-Source: AA0mqf72A4vubykQxe/2IXT2YWoHtlZqFIJxDz3mq5LwALP5G/JaQlxPxj1k4fxYlM53ABym7eWs X-Received: by 2002:a17:903:214c:b0:189:b5a3:8144 with SMTP id s12-20020a170903214c00b00189b5a38144mr26301237ple.100.1670375484144; Tue, 06 Dec 2022 17:11:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670375484; cv=none; d=google.com; s=arc-20160816; b=EZvinZMWGY1n1il/1IFbzYM3l5RULQi3F2D3VPXNq3cYtEtjS3eyvBYwERcwWZz9I1 ZHAXAtUYQSog1ys9JtBCsF+GuX5OEdbet3yOy/i4VxCr2QptJoExfadJhOGdu7t9Wi7b +VJKAjrch+5d6h0B+eAh502yeeYckLnhbTaRzMXZpLfE3azW7MFQekpR3A+vTY1pu5Mv l2x4LV5HrwjcYgx6x25KRe7OhU/EUuH0lacizjqZqbXvcw7hYqSyMXhK39A8W4cDwcl0 BfjmagKitL+q5AISyh88jAJ8AitXw4+UsqshD74EUQp9NV0Qw2KXo97Q7bwr2mjqKptf avwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:in-reply-to:references:to:content-language :mime-version:date:message-id:dkim-signature:dkim-signature; bh=OlqzfiGfFH/JPjIcDmWQHRCsrrRUOYayCZq4E4PU6X4=; b=g6NAa/8B0/PrDOs9t3M1JrRolIZYr+x6K/55E8ZX/eJWeRfv8fPn7/ziPLAs9cys7v hJ+PhhAD6E4p2SHh9oaMENTSk4PKizisrjswT8bpctEgbg48ma1I34dOSdKA4eaZuVQ1 Y7ugu1kOOBotlsw2pMdsz4E+q0+7yVLRnTSuw2F8IxwgHoDOa1Eey+KIhrQ/V0fkzWla izDuWd6CZ9YaIl/IWiYXLZZ9ORFwhnEwp9yCiQhcg9R16K++rCGNSaNLjvk0cyx/yFdj qftW46n5HI/OEhST1KFRM4m93rS6noca38xqdPNXwTuDk0UZLltei0Ok0v35RFkVjPDu H95w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="NDdE/LDJ"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=C3jInl18; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id b10-20020a6541ca000000b00478831ab0b0si7582832pgq.121.2022.12.06.17.11.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Dec 2022 17:11:24 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="NDdE/LDJ"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=C3jInl18; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p2ixb-0001IL-Kp; Wed, 07 Dec 2022 01:10:55 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p2ixa-0001IF-2R for openvpn-devel@lists.sourceforge.net; Wed, 07 Dec 2022 01:10:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: References:To:From:Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+Liovg2otSXwLnq0Xk80iRZnVU7BCRINa6gcwYGrqyI=; b=NDdE/LDJ0lVsZ8ljDkSrKNpqSx P2N1rRhvmlo1Jap/mIZ8+ntdc+ig9XRa5Yh5ujcoZpAZs53Fq8M2cZDmkYHqSaswzLewXvIascgnV an2yNbpZ+nbsJxTwCJfsSixY2Gol6c33Zfwx01MVm2f/mDsbgJ6b7rPnqIGD+Ep6dEw8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:To:From: Subject:MIME-Version:Date:Message-ID:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=+Liovg2otSXwLnq0Xk80iRZnVU7BCRINa6gcwYGrqyI=; b=C3jInl185D7dAYcQzf9N6ALCwD Ffu2maDt3hL/V3jBxivnMSVqJVCm1NV5/4m7BGf77eiyw9rON4x8ELMgQxOcr8tJ9/RUC21s1Uk7t z4+RxayXY1SNthoTV1hpQSa8hZJl1/CHloKimeVgrPjJjbCA6MvJbw2wi+3h89OEpSug=; Received: from mail.astos.de ([217.110.68.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p2ixV-0001dr-D7 for openvpn-devel@lists.sourceforge.net; Wed, 07 Dec 2022 01:10:53 +0000 Message-ID: Date: Wed, 7 Dec 2022 02:10:42 +0100 MIME-Version: 1.0 Content-Language: de-DE, en-US To: openvpn-devel@lists.sourceforge.net References: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> In-Reply-To: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: in case of absolute library path, search origin for dependencies --- src/openvpn/pkcs11.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) needs https://github.com/OpenSC/pkcs11-helper/pull/59 Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1p2ixV-0001dr-D7 Subject: [Openvpn-devel] [PATCH 3/3] special handling for PKCS11 providers on win32 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Marc Becker via Openvpn-devel From: Marc Becker Reply-To: Marc Becker Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751515643436800510?= X-GMAIL-MSGID: =?utf-8?q?1751515643436800510?= in case of absolute library path, search origin for dependencies --- src/openvpn/pkcs11.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) needs https://github.com/OpenSC/pkcs11-helper/pull/59 PKCS11H_PROVIDER_PROPERTY_ALLOW_PROTECTED_AUTH, &allow_protected_auth, sizeof(allow_protected_auth))) != CKR_OK) { @@ -422,7 +428,13 @@ pkcs11_addProvider( { msg(M_WARN, "PKCS#11: Cannot set provider properties '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); } - +#if defined(PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS) + if (loader_flags + && (rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS, &loader_flags, sizeof(loader_flags))) != CKR_OK) + { + msg(M_WARN, "PKCS#11: Cannot set alternative loader flags '%s' %ld-'%s'", provider, rv, pkcs11h_getMessage(rv)); + } +#endif if ((rv = pkcs11h_initializeProvider(provider)) != CKR_OK) { pkcs11h_removeProvider(provider); diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 6ef26eb0..65693aed 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -406,7 +406,13 @@ pkcs11_addProvider( { PKCS11H_BOOL allow_protected_auth = protected_auth; PKCS11H_BOOL cert_is_private = cert_private; - + unsigned loader_flags = 0; +#if defined(_WIN32) + if (platform_absolute_pathname(provider)) + { + loader_flags = LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR; + } +#endif if (allow_protected_auth && (rv = pkcs11h_setProviderProperty(provider,