Feature request: Add ability to specify initialize flags for pkcs11 provider

[lo1ol]

Hi! I previously written to you ​here about this feature. I can reformat my code as required, but firstly I want to get some feedback about changes at all.

Required changes is possible, because new version of pkcs11-helper released, ​which supports this feature.

This allows to resolves openvpn bug, linked with using pkcs11 args in multithread app without initialization pkcs11 library with CKF_OS_LOCKING_OK flag.

[Gert Döring]

@selva, I have too little overview on pkcs#11 topics. Can you enlighten me on what we have, what we want, ...? thanks :-)

[Selva Nair]

For cross-reference, this is what I wrote few months back in response to the corresponding patch in the ML ​https://sourceforge.net/p/openvpn/mailman/openvpn-devel/thread/20210930113308.815777-1-mkh199740@mail.ru/ -- somehow this patch is not in patchwork.

I don't quite understand the need for exposing "init-args" to the user. 
The only two supported flags in the cryptoki docs are related to the use 
of threads. But we are the application and we should know what flags to 
pass --- not the user --- isn't it? If CKF_OS_LOCKING_OK is required, 
can't we just set it unconditionally?
 
That said, OpenVPN2 is single threaded, so why is there a "bug in 
openvpn" related to the use of pkcs11 library from multiple threads 
referred to here?

I haven't seen any response to that. I'm not aware of any bug related to multi-threaded use in OpenVPN 2. We have forking related issues but, AFAICT, that is unrelated.

[Gert Döring]

Closing this due to unclear motivation for the patch, and no feedback.