diff options
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_library.c | 19 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_library.h | 3 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/pkcs11/pkcs11_manager.c | 5 |
3 files changed, 19 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index e2b06ccc1..437364781 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -800,7 +800,8 @@ static void check_features(private_pkcs11_library_t *this, CK_INFO *info) /** * Initialize a PKCS#11 library */ -static bool initialize(private_pkcs11_library_t *this, char *name, char *file) +static bool initialize(private_pkcs11_library_t *this, char *name, char *file, + bool os_locking) { CK_C_GetFunctionList pC_GetFunctionList; CK_INFO info; @@ -825,10 +826,16 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file) name, ck_rv_names, rv); return FALSE; } - - rv = this->public.f->C_Initialize(&args); + if (os_locking) + { + rv = CKR_CANT_LOCK; + } + else + { + rv = this->public.f->C_Initialize(&args); + } if (rv == CKR_CANT_LOCK) - { /* try OS locking */ + { /* fallback to OS locking */ memset(&args, 0, sizeof(args)); args.flags = CKF_OS_LOCKING_OK; rv = this->public.f->C_Initialize(&args); @@ -870,7 +877,7 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file) /** * See header */ -pkcs11_library_t *pkcs11_library_create(char *name, char *file) +pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) { private_pkcs11_library_t *this; @@ -893,7 +900,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file) return NULL; } - if (!initialize(this, name, file)) + if (!initialize(this, name, file, os_locking)) { dlclose(this->handle); free(this); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index 36fe841b4..33e5f97dc 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -119,8 +119,9 @@ void pkcs11_library_trim(char *str, int len); * * @param name an arbitrary name, for debugging * @param file pkcs11 library file to dlopen() + * @param os_lock enforce OS Locking for this library * @return library abstraction */ -pkcs11_library_t *pkcs11_library_create(char *name, char *file); +pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock); #endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 0c27600a6..9308e9c25 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -373,7 +373,10 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, free(entry); continue; } - entry->lib = pkcs11_library_create(module, entry->path); + entry->lib = pkcs11_library_create(module, entry->path, + lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.modules.%s.os_locking", + FALSE, module)); if (!entry->lib) { free(entry); |