summaryrefslogtreecommitdiff
path: root/p11-kit/modules.c
diff options
context:
space:
mode:
Diffstat (limited to 'p11-kit/modules.c')
-rw-r--r--p11-kit/modules.c48
1 files changed, 31 insertions, 17 deletions
diff --git a/p11-kit/modules.c b/p11-kit/modules.c
index ef8cea6..43ace18 100644
--- a/p11-kit/modules.c
+++ b/p11-kit/modules.c
@@ -1126,6 +1126,21 @@ p11_kit_module_get_name (CK_FUNCTION_LIST *module)
return name;
}
+static const char *
+module_get_option_inlock (Module *mod,
+ const char *option)
+{
+ p11_dict *config;
+
+ if (mod == NULL)
+ config = gl.config;
+ else
+ config = mod->config;
+ if (config == NULL)
+ return NULL;
+ return p11_dict_get (config, option);
+}
+
/**
* p11_kit_module_get_flags:
* @module: the module
@@ -1145,6 +1160,7 @@ p11_kit_module_get_name (CK_FUNCTION_LIST *module)
int
p11_kit_module_get_flags (CK_FUNCTION_LIST *module)
{
+ const char *trusted;
Module *mod;
int flags = 0;
@@ -1165,6 +1181,11 @@ p11_kit_module_get_flags (CK_FUNCTION_LIST *module)
}
if (!mod || mod->critical)
flags |= P11_KIT_MODULE_CRITICAL;
+ if (mod) {
+ trusted = module_get_option_inlock (mod, "trust-policy");
+ if (_p11_conf_parse_boolean (trusted, false))
+ flags |= P11_KIT_MODULE_TRUSTED;
+ }
}
p11_unlock ();
@@ -1265,21 +1286,6 @@ p11_kit_module_for_name (CK_FUNCTION_LIST **modules,
return ret;
}
-static const char *
-module_get_option_inlock (Module *mod,
- const char *option)
-{
- p11_dict *config;
-
- if (mod == NULL)
- config = gl.config;
- else
- config = mod->config;
- if (config == NULL)
- return NULL;
- return p11_dict_get (config, option);
-}
-
/**
* p11_kit_registered_option:
* @module: a pointer to a registered module
@@ -1735,12 +1741,19 @@ prepare_module_inlock_reentrant (Module *mod,
CK_FUNCTION_LIST **module)
{
p11_destroyer destroyer;
+ const char *trusted;
p11_virtual *virt;
bool is_managed;
bool with_log;
assert (module != NULL);
+ if (flags & P11_KIT_MODULE_TRUSTED) {
+ trusted = module_get_option_inlock (mod, "trust-policy");
+ if (!_p11_conf_parse_boolean (trusted, false))
+ return CKR_FUNCTION_NOT_SUPPORTED;
+ }
+
if (flags & P11_KIT_MODULE_UNMANAGED) {
is_managed = false;
with_log = false;
@@ -1821,7 +1834,9 @@ p11_modules_load_inlock_reentrant (int flags,
rv = prepare_module_inlock_reentrant (mod, flags, modules + at);
if (rv == CKR_OK)
at++;
- else if (rv != CKR_FUNCTION_NOT_SUPPORTED)
+ else if (rv == CKR_FUNCTION_NOT_SUPPORTED)
+ rv = CKR_OK;
+ else
break;
}
@@ -2301,7 +2316,6 @@ p11_kit_module_load (const char *module_path,
rv = load_module_from_file_inlock (NULL, module_path, &mod);
if (rv == CKR_OK) {
-
/* WARNING: Reentrancy can occur here */
rv = prepare_module_inlock_reentrant (mod, flags, &module);
if (rv != CKR_OK)