/**
* Initialize a PKCS#11 library
*/
-static bool initialize(private_pkcs11_library_t *this, char *name, char *file)
+static bool initialize(private_pkcs11_library_t *this, char *name, char *file,
+ bool os_locking)
{
CK_C_GetFunctionList pC_GetFunctionList;
CK_INFO info;
name, ck_rv_names, rv);
return FALSE;
}
-
- rv = this->public.f->C_Initialize(&args);
+ if (os_locking)
+ {
+ rv = CKR_CANT_LOCK;
+ }
+ else
+ {
+ rv = this->public.f->C_Initialize(&args);
+ }
if (rv == CKR_CANT_LOCK)
- { /* try OS locking */
+ { /* fallback to OS locking */
memset(&args, 0, sizeof(args));
args.flags = CKF_OS_LOCKING_OK;
rv = this->public.f->C_Initialize(&args);
/**
* See header
*/
-pkcs11_library_t *pkcs11_library_create(char *name, char *file)
+pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking)
{
private_pkcs11_library_t *this;
return NULL;
}
- if (!initialize(this, name, file))
+ if (!initialize(this, name, file, os_locking))
{
dlclose(this->handle);
free(this);
*
* @param name an arbitrary name, for debugging
* @param file pkcs11 library file to dlopen()
+ * @param os_lock enforce OS Locking for this library
* @return library abstraction
*/
-pkcs11_library_t *pkcs11_library_create(char *name, char *file);
+pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock);
#endif /** PKCS11_LIBRARY_H_ @}*/
free(entry);
continue;
}
- entry->lib = pkcs11_library_create(module, entry->path);
+ entry->lib = pkcs11_library_create(module, entry->path,
+ lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.modules.%s.os_locking",
+ FALSE, module));
if (!entry->lib)
{
free(entry);
projects / people / ms / strongswan.git / commitdiff
