special handling for PKCS11 providers on win32

Change win32 dynamic loader behavior when supplying an absolute path.
The DLL location is considered/preferred to resolve dependencies.
Support in pkcs11-helper for loader flag is detected at compile time.

3rd party DLLs and additional dependencies do no longer need to be moved
to the OpenVPN directory or require changes to %PATH% configuration.

Signed-off-by: Marc Becker <marc.becker@astos.de>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20221211200108.1402-1-marc.becker@astos.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25646.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit e299b8d0d62a4763b20bf9a3bd6aadf414aa89fe)

diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c
index b74ac8f470452e276202a14564365876aec881d3..aa027337668ec8c8f57bc8888660f621f216770f 100644 (file)
--- a/src/openvpn/pkcs11.c
+++ b/src/openvpn/pkcs11.c
@@ -420,6 +420,13 @@ pkcs11_addProvider(
         {
             rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_CERT_IS_PRIVATE, &cert_is_private, sizeof(cert_is_private));
         }
+#if defined(WIN32) && defined(PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS)
+        if (rv == CKR_OK && platform_absolute_pathname(provider))
+        {
+            unsigned loader_flags = LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR;
+            rv = pkcs11h_setProviderProperty(provider, PKCS11H_PROVIDER_PROPERTY_LOADER_FLAGS, &loader_flags, sizeof(loader_flags));
+        }
+#endif
 
         if (rv != CKR_OK || (rv = pkcs11h_initializeProvider(provider)) != CKR_OK)
         {