From patchwork Wed Dec 14 14:33:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Marc Becker X-Patchwork-Id: 2908 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:622a:418d:b0:3a5:7962:c21f with SMTP id cd13csp320263qtb; Wed, 14 Dec 2022 06:34:05 -0800 (PST) X-Google-Smtp-Source: AA0mqf5JyueT6kSf6e4FGgH0mf8p+F6XdJtMaCvpSr5376f1MyOW3e56wQEdKShnPGkDw0UWCOS3 X-Received: by 2002:a5d:9445:0:b0:6df:e3ad:1e1c with SMTP id x5-20020a5d9445000000b006dfe3ad1e1cmr12751633ior.12.1671028445436; Wed, 14 Dec 2022 06:34:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671028445; cv=none; d=google.com; s=arc-20160816; b=cP87TOugXBLYP54BErVVxG3yy/c5x2AaeY2McJBM24d30iDN1zAlhzq73q3jrIc6ot TtUeIjyWX9lhTkiRu46fXssV0Q5szHey+wdK2UbgqqYaeTILb8D0UDpznVGlGexQ/gt7 BO93EVLdMhIq10bNwryj1uHBCTmw4HycFeCwwvLC/AubTv9spFwTV45m0lb4Ys6TW0rE Tv388R/cMcgDYHzkgQPk9DmV/QwFmjuRzLxwBPnRYie5oqyp+M4VvIlKvFkUvPbW8XlU avCxtwTL3AZx7wZjBWOLw6dXjTribdPOALIJqv/bsV0o4jxYvZjQkNItkgt8Fj0f6Shu KpjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:reply-to:from:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:dkim-signature:dkim-signature; bh=vBnwPXmNHGaumHW+ubVgv7OkDU/HcDIoW0ouXqsX1eA=; b=YU+RLEcKMV67+tndCwpAeWkZR2Jun7fRMH9uOhggc2x8Q3VM6nzp50NfH98QLkC6ST uTqvc/hlVlehQWMphYNvkgwVEH7B9ArxBClZKgMSSTnslL8Rbf9KY09N+8Gj+i/3fZbh Bd9AS3Cy64scEgNBZ4KRLV3Yvyt0dIUBLstGrIX2Yhvs2HpHo/pA5CmVseubpI1u60vh 9h4RpjwijOs2xYX/sAMmj7Rke66yG6hi26FgJ3pW8nIvzALN5qLYphmIQa7v1FSgX2gJ LZU08SJiTyUC0pB+4bG81pso3atNgsUxaDz6oRImvkwYPmEz2nObMYIEMOjWbouVxtTC aAPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=D3z+H8Ya; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="WoEQBXL/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id y4-20020a056602048400b006ddbffbee4csi12021265iov.56.2022.12.14.06.34.05 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 Dec 2022 06:34:05 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=D3z+H8Ya; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b="WoEQBXL/"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=pass (p=QUARANTINE sp=NONE dis=NONE) header.from=sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1p5SpH-0001oX-Fh; Wed, 14 Dec 2022 14:33:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1p5SpG-0001oQ-Sb for openvpn-devel@lists.sourceforge.net; Wed, 14 Dec 2022 14:33:38 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=vnwOiv8drt0cCMKMYoSUBF2ZhOY9B6L2hPypCfAORv4=; b=D3z+H8YavMWgKAfuSawL8v5X8C BspOxmuhRTIlT8n6USV4dyfIFz0/gdeXzprWZ6hHmP5lP12jMJ9TGTUJzUtPWxlgm14SKPpwXN2+O 2qi8AFVPTn0qPZd9POI5+8KC86qXOZdcHzfIRcNGtodnNFSqlIPbh8ufTs++sc3d+YlU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=vnwOiv8drt0cCMKMYoSUBF2ZhOY9B6L2hPypCfAORv4=; b=WoEQBXL/OPHBn5d24UaJPRkI8t CGbP+ypN4Rj3xW5S1FGSWbDQliTff8rt2U7Fn3hRm3pQTwbdjiluKO+UXNmgkZ/7fC+z0tMnp55Y5 TxAa+VDFc/7/baj7UVd7MOzuTW/o/29xOwHFHbzm3Uu2iNpOptKyH4nAAoOqRHbmihec=; Received: from mail.astos.de ([217.110.68.46]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1p5SpE-0008QT-1M for openvpn-devel@lists.sourceforge.net; Wed, 14 Dec 2022 14:33:37 +0000 To: openvpn-devel@lists.sourceforge.net Date: Wed, 14 Dec 2022 15:33:25 +0100 Message-Id: <20221214143325.2604-1-marc.becker@astos.de> In-Reply-To: <20221211200108.1402-1-marc.becker@astos.de> References: <20221211200108.1402-1-marc.becker@astos.de> MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Add dynamic loader flag feature to bundled pkcs11-helper. Required to allow special handling for PKCS11 providers on win32. Signed-off-by: Marc Becker --- Part 2 of [PATCH v3 3/3] special handling for PKCS11 providers on win32 - split contrib patch from OpenVPN change Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1p5SpE-0008QT-1M Subject: [Openvpn-devel] [PATCH] vcpkg-ports/pkcs11-helper: support loader flags X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Marc Becker via Openvpn-devel From: Marc Becker Reply-To: Marc Becker Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1752200323396863544?= X-GMAIL-MSGID: =?utf-8?q?1752200323396863544?= Add dynamic loader flag feature to bundled pkcs11-helper. Required to allow special handling for PKCS11 providers on win32. Signed-off-by: Marc Becker Acked-by: Lev Stipakov --- Part 2 of [PATCH v3 3/3] special handling for PKCS11 providers on win32 - split contrib patch from OpenVPN change See https://github.com/OpenSC/pkcs11-helper/pull/59 Support is expected to land in pkcs11-helper with next release (v1.30?), anticipate change to have stable behavior during OpenVPN 2.6 lifetime --- ...cs11-helper-002-dynamic_loader_flags.patch | 102 ++++++++++++++++++ .../vcpkg-ports/pkcs11-helper/portfile.cmake | 1 + 2 files changed, 103 insertions(+) create mode 100644 contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch diff --git a/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch new file mode 100644 index 00000000..325dea8b --- /dev/null +++ b/contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch @@ -0,0 +1,102 @@ +From 934197611dd1260d17ae0f11ae81c1d2e85612d2 Mon Sep 17 00:00:00 2001 +From: Marc Becker +Date: Fri, 22 Jul 2022 10:33:05 +0200 +Subject: [PATCH] core: add provider property for loader flags + +support flags for dynamic loader via provider property +set original values as defaults, use verbatim (user-supplied) value +--- + include/pkcs11-helper-1.0/pkcs11h-core.h | 11 ++++++++++- + lib/_pkcs11h-core.h | 2 ++ + lib/pkcs11h-core.c | 13 +++++++++++-- + 3 files changed, 23 insertions(+), 3 deletions(-) + +diff --git a/include/pkcs11-helper-1.0/pkcs11h-core.h b/include/pkcs11-helper-1.0/pkcs11h-core.h +index 9028c277..56f87718 100644 +--- a/include/pkcs11-helper-1.0/pkcs11h-core.h ++++ b/include/pkcs11-helper-1.0/pkcs11h-core.h +@@ -384,8 +384,17 @@ extern "C" { + */ + #define PKCS11H_PROVIDER_PROPERTY_PROVIDER_DESTRUCT_HOOK_DATA 8 + ++/** ++ * @brief Provider loader flags for platform. ++ * Value type is unsigned. ++ * Default value is platform dependent: ++ * win32 -> 0 ++ * dlopen -> RTLD_NOW | RTLD_LOCAL ++ */ ++#define PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS 9 ++ + /** @private */ +-#define _PKCS11H_PROVIDER_PROPERTY_LAST 9 ++#define _PKCS11H_PROVIDER_PROPERTY_LAST 10 + + /** @} */ + +diff --git a/lib/_pkcs11h-core.h b/lib/_pkcs11h-core.h +index f879c0e8..1c02e35d 100644 +--- a/lib/_pkcs11h-core.h ++++ b/lib/_pkcs11h-core.h +@@ -134,6 +134,8 @@ struct _pkcs11h_provider_s { + #if defined(ENABLE_PKCS11H_SLOTEVENT) + _pkcs11h_thread_t slotevent_thread; + #endif ++ ++ unsigned loader_flags; + }; + + struct _pkcs11h_session_s { +diff --git a/lib/pkcs11h-core.c b/lib/pkcs11h-core.c +index 0bf11e87..409ad9e2 100644 +--- a/lib/pkcs11h-core.c ++++ b/lib/pkcs11h-core.c +@@ -138,6 +138,7 @@ static const char * __pkcs11h_provider_preperty_names[] = { + "init_args", + "provider_destruct_hook", + "provider_destruct_hook_data", ++ "provider_loader_flags", + NULL + }; + +@@ -916,6 +917,10 @@ pkcs11h_registerProvider ( + reference + ); + ++#if !defined(_WIN32) ++ provider->loader_flags = RTLD_NOW | RTLD_LOCAL; ++#endif ++ + _PKCS11H_DEBUG ( + PKCS11H_LOG_DEBUG2, + "PKCS#11: pkcs11h_registerProvider Provider '%s'", +@@ -1001,6 +1006,7 @@ pkcs11h_setProviderPropertyByName ( + case PKCS11H_PROVIDER_PROPERTY_SLOT_EVENT_METHOD: + case PKCS11H_PROVIDER_PROPERTY_MASK_PRIVATE_MODE: + case PKCS11H_PROVIDER_PROPERTY_SLOT_POLL_INTERVAL: ++ case PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS: + *(unsigned *)value = (unsigned)strtol(value_str, 0, 0); + value_size = sizeof(unsigned); + break; +@@ -1084,6 +1090,9 @@ __pkcs11h_providerPropertyAddress( + case PKCS11H_PROVIDER_PROPERTY_PROVIDER_DESTRUCT_HOOK_DATA: + *value = &provider->destruct_hook_data; + *value_size = sizeof(provider->destruct_hook_data); ++ case PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS: ++ *value = &provider->loader_flags; ++ *value_size = sizeof(provider->loader_flags); + break; + } + rv = CKR_OK; +@@ -1254,9 +1263,9 @@ pkcs11h_initializeProvider ( + } + + #if defined(_WIN32) +- provider->handle = LoadLibraryA (provider->provider_location); ++ provider->handle = LoadLibraryExA (provider->provider_location, NULL, provider->loader_flags); + #else +- provider->handle = dlopen (provider->provider_location, RTLD_NOW | RTLD_LOCAL); ++ provider->handle = dlopen (provider->provider_location, provider->loader_flags); + #endif + + if (provider->handle == NULL) { diff --git a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake index 4432b550..1c6cedac 100644 --- a/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake +++ b/contrib/vcpkg-ports/pkcs11-helper/portfile.cmake @@ -14,6 +14,7 @@ vcpkg_extract_source_archive_ex( 0001-nmake-compatibility-with-vcpkg-nmake.patch 0002-config-w32-vc.h.in-indicate-OpenSSL.patch pkcs11-helper-001-RFC7512.patch + pkcs11-helper-002-dynamic_loader_flags.patch ) vcpkg_build_nmake(