From patchwork Sun Dec 11 20:01:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Becker X-Patchwork-Id: 2898 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp1780166qtb; Sun, 11 Dec 2022 12:01:43 -0800 (PST) X-Google-Smtp-Source: AA0mqf7YcyRwR3PiwNeKTDtAtFhdBEghhjZN2R+c96ZtXFSPvRpcHxd0oPPXFm9sRfEd2qi69f4m X-Received: by 2002:a17:90b:4f47:b0:20d:bd60:c30f with SMTP id pj7-20020a17090b4f4700b0020dbd60c30fmr13745459pjb.12.1670788903408; Sun, 11 Dec 2022 12:01:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670788903; cv=none; d=google.com; s=arc-20160816; b=Ei0eQgpKGS5sf4EqeMCsGVfYJvGgZETIiNfsd0dQnHQzQcK5WjkDpsq3T7oqS5KqfM S709qcfx9edxd2BnfmsLVHMM+2uUzj1juqns3/ZI/GUNl+2VBtSCj72ut7obAtnwa4Pa 7FTdoN/UaQ2R0okDAVcAD7pAL/cZv51brX/lcT4hXlt/qN1rsU+cj/Sh8IKMMgAYW7z2 yLpt24bQAA539xfnO5oljrtF3DxRNPC7hR2zIslYuErpxgPnONVi40INw7/kszRPZhUe K7ZknHqeqTJ5BdEHyFJ8gJfnkloywVSU4YP98tE5SiWhOsrPfHsOHuadMF1X9ks3+a4w nRvw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:dkim-signature:dkim-signature; bh=+tTdH9TqjpMd2geKyUka+cMvPtu8+A2+FlQYTpuLswg=; b=dI/eDdPl6swg9XjNPzDvIE7DhKukj+CLMeim6iOM9jTuHjTaXnrk13WEnol8BPsNJ8 y/0kO4bdTS5rstGq8114kSdfN5ImtdaZlyCY+yGhk6uIuIO73tbkBBx+V6uVNbstaXb0 tQj6iPF7YaF/4IGxlbRqzvjXnnNQcmyOQoXfeIkU7A3n3KXIXrkVMwsVE34ZER50mCtc Sl/JZoeRkP3P9H8fZMrv/OtWSQ6mMbP8sA+HxKaQOPx1ggiDCnqy9Rwo+SOiCVUQCo8E D+huLpt8v0cwoUg/ODw4pJrasD9Nj3gIsImTODt327rckzF3YiGL+Bkp95SyxcD553mz P0GQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YWqfpQfh; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OqjFZZ+1; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id lb5-20020a17090b4a4500b00218ceebbcafsi8879584pjb.130.2022.12.11.12.01.43 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 11 Dec 2022 12:01:43 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=YWqfpQfh; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=OqjFZZ+1; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p4SVo-000525-KZ; Sun, 11 Dec 2022 20:01:24 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p4SVm-00051v-Qv for openvpn-devel@lists.sourceforge.net; Sun, 11 Dec 2022 20:01:22 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ZG6c6wAxW06bYZ7XEttgoDO1OIXiG8CZ3GvIVOUm4wk=; b=YWqfpQfh6U92WCNWHRLr5ZT/s+ a86jIlbP3TtjHLJ30s5K0FG6p4TgpHK5h1XmtJyleYtd7WCjpKedfnSOig+WrUqGnB2A0jYlIJBjY QVDGwXOnOdnexHqJ/x5jjCoIAmACdaOWjNktA2L5hL2GghneWvR0gCKixfYJs9Q9NN4Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ZG6c6wAxW06bYZ7XEttgoDO1OIXiG8CZ3GvIVOUm4wk=; b=OqjFZZ+18pPdt1t7vKrUjeT0q7 ucr3AWWuanOte77u0vi97wMbYEZoOxX9lrshytH/fGazMWHsRmjP/0kWq/esQ34JEz/kq5EIsfBNR oIUjy8R+uLiWV27Cy8rZxuObRFpshGa9sHrcWNMtMj7hlC2ScXJEka7ZU19XdWA0QgHE=; Received: from mail.astos.de ([217.110.68.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p4SVk-00089i-Jx for openvpn-devel@lists.sourceforge.net; Sun, 11 Dec 2022 20:01:22 +0000 To: openvpn-devel@lists.sourceforge.net Date: Sun, 11 Dec 2022 21:01:08 +0100 Message-Id: <20221211200108.1402-1-marc.becker@astos.de> In-Reply-To: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> References: <1386e3cc-fc65-aa68-fa88-3639f6aec5a2@astos.de> MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Change win32 dynamic loader behavior when supplying an absolute path. The DLL location is considered/preferred to resolve dependencies. Support in pkcs11-helper for loader flag is detected at compile [...] Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1p4SVk-00089i-Jx Subject: [Openvpn-devel] [PATCH v3 3/3] special handling for PKCS11 providers on win32 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Marc Becker via Openvpn-devel From: Marc Becker Reply-To: Marc Becker Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1751515643436800510?= X-GMAIL-MSGID: =?utf-8?q?1751949144770847130?= Change win32 dynamic loader behavior when supplying an absolute path. The DLL location is considered/preferred to resolve dependencies. Support in pkcs11-helper for loader flag is detected at compile time. 3rd party DLLs and additional dependencies do no longer need to be moved to the OpenVPN directory or require changes to %PATH% configuration. Signed-off-by: Marc Becker Acked-by: Selva Nair --- src/openvpn/pkcs11.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index b74ac8f4..aa027337 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -420,6 +420,13 @@ pkcs11_addProvider( { rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private)); } +#if defined(WIN32) && defined(PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS) + if (rv == CKR_OK && platform_absolute_pathname(provider)) + { + unsigned loader_flags = LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR; + rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS, &loader_flags, sizeof(loader_flags)); + } +#endif if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK) {