aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c74
1 files changed, 32 insertions, 42 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index b1962568f..554e07ff6 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -22,6 +22,7 @@
#include <debug.h>
#include <utils/linked_list.h>
#include <threading/mutex.h>
+#include <threading/rwlock.h>
#include "pkcs11_manager.h"
#include "pkcs11_creds.h"
@@ -57,6 +58,16 @@ struct private_pkcs11_plugin_t {
* mutex to lock list
*/
mutex_t *mutex;
+
+ /**
+ * TRUE if events from tokens are to be handled
+ */
+ bool handle_events;
+
+ /**
+ * Lock for the above flag
+ */
+ rwlock_t *handle_events_lock;
};
/**
@@ -66,9 +77,10 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
CK_SLOT_ID slot, bool add)
{
enumerator_t *enumerator;
- pkcs11_creds_t *creds, *found = NULL;;
+ pkcs11_creds_t *creds, *found = NULL;
- if (add)
+ this->handle_events_lock->read_lock(this->handle_events_lock);
+ if (add && this->handle_events)
{
creds = pkcs11_creds_create(p11, slot);
if (creds)
@@ -79,7 +91,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
lib->credmgr->add_set(lib->credmgr, &creds->set);
}
}
- else
+ else if (this->handle_events)
{
this->mutex->lock(this->mutex);
enumerator = this->creds->create_enumerator(this->creds);
@@ -104,6 +116,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
}
}
+ this->handle_events_lock->unlock(this->handle_events_lock);
}
METHOD(plugin_t, get_name, char*,
@@ -113,20 +126,21 @@ METHOD(plugin_t, get_name, char*,
}
/**
- * Register/unregister PKCS#11 manager.
+ * Load/unload certificates from tokens.
*/
-static bool register_manager(private_pkcs11_plugin_t *this,
- plugin_feature_t *feature, bool reg, void *data)
+static bool handle_certs(private_pkcs11_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *data)
{
+ this->handle_events_lock->write_lock(this->handle_events_lock);
+ this->handle_events = reg;
+ this->handle_events_lock->unlock(this->handle_events_lock);
+
if (reg)
{
enumerator_t *enumerator;
pkcs11_library_t *p11;
CK_SLOT_ID slot;
- this->manager = pkcs11_manager_create((void*)token_event_cb, this);
- lib->set(lib, "pkcs11-manager", this->manager);
-
enumerator = this->manager->create_token_enumerator(this->manager);
while (enumerator->enumerate(enumerator, &p11, &slot))
{
@@ -143,13 +157,9 @@ static bool register_manager(private_pkcs11_plugin_t *this,
lib->credmgr->remove_set(lib->credmgr, &creds->set);
creds->destroy(creds);
}
-
- lib->set(lib, "pkcs11-manager", NULL);
- this->manager->destroy(this->manager);
}
return TRUE;
}
-
/**
* Add a set of features
*/
@@ -169,76 +179,49 @@ METHOD(plugin_t, get_features, int,
static plugin_feature_t f_hash[] = {
PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
PLUGIN_PROVIDE(HASHER, HASH_MD2),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(HASHER, HASH_MD5),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(HASHER, HASH_SHA1),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(HASHER, HASH_SHA256),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(HASHER, HASH_SHA384),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(HASHER, HASH_SHA512),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
};
static plugin_feature_t f_dh[] = {
PLUGIN_REGISTER(DH, pkcs11_dh_create),
PLUGIN_PROVIDE(DH, MODP_2048_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_2048_224),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_2048_256),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_1536_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_3072_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_4096_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_6144_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_8192_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_1024_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_1024_160),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_768_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, MODP_CUSTOM),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
};
static plugin_feature_t f_rng[] = {
PLUGIN_REGISTER(RNG, pkcs11_rng_create),
PLUGIN_PROVIDE(RNG, RNG_STRONG),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(RNG, RNG_TRUE),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
};
static plugin_feature_t f_key[] = {
PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
};
static plugin_feature_t f_ecdh[] = {
PLUGIN_REGISTER(DH, pkcs11_dh_create),
PLUGIN_PROVIDE(DH, ECP_192_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, ECP_224_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, ECP_256_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, ECP_384_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
PLUGIN_PROVIDE(DH, ECP_521_BIT),
- PLUGIN_DEPENDS(CUSTOM, "pkcs11-manager"),
};
static plugin_feature_t f_manager[] = {
- PLUGIN_CALLBACK(register_manager, NULL),
- PLUGIN_PROVIDE(CUSTOM, "pkcs11-manager"),
+ PLUGIN_CALLBACK((plugin_feature_callback_t)handle_certs, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "pkcs11-certs"),
PLUGIN_DEPENDS(CERT_DECODE, CERT_X509),
};
static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
@@ -279,8 +262,11 @@ METHOD(plugin_t, get_features, int,
METHOD(plugin_t, destroy, void,
private_pkcs11_plugin_t *this)
{
+ lib->set(lib, "pkcs11-manager", NULL);
+ this->manager->destroy(this->manager);
this->creds->destroy(this->creds);
this->mutex->destroy(this->mutex);
+ this->handle_events_lock->destroy(this->handle_events_lock);
free(this);
}
@@ -301,7 +287,11 @@ plugin_t *pkcs11_plugin_create()
},
.creds = linked_list_create(),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .handle_events_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
+ this->manager = pkcs11_manager_create((void*)token_event_cb, this);
+ lib->set(lib, "pkcs11-manager", this->manager);
+
return &this->public.plugin;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 22:55:03 +0000