From 2f08617da9a3d8dc59dbf802d7a0bca4028892cb Mon Sep 17 00:00:00 2001
From: Francis Dupont <fdupont@isc.org>
Date: Mon, 22 Aug 2016 13:59:53 +0200
Subject: [PATCH] Merged rt43076 (log PKCS#11 provider load failure)

---
 lib/isc/include/pk11/pk11.h |  2 ++
 lib/isc/pk11.c              |  2 ++
 lib/isc/unix/pk11_api.c     | 17 +++++++++++++++--
 lib/isc/win32/libisc.def.in |  1 +
 lib/isc/win32/pk11_api.c    | 19 +++++++++++++++++--
 5 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/lib/isc/include/pk11/pk11.h b/lib/isc/include/pk11/pk11.h
index 2164d174f2..b0d587ec98 100644
--- a/lib/isc/include/pk11/pk11.h
+++ b/lib/isc/include/pk11/pk11.h
@@ -150,6 +150,8 @@ void pk11_dump_tokens(void);
 CK_RV
 pkcs_C_Initialize(CK_VOID_PTR pReserved);
 
+char *pk11_get_load_error_message(void);
+
 CK_RV
 pkcs_C_Finalize(CK_VOID_PTR pReserved);
 
diff --git a/lib/isc/pk11.c b/lib/isc/pk11.c
index f8e89ab357..0296da73f3 100644
--- a/lib/isc/pk11.c
+++ b/lib/isc/pk11.c
@@ -206,6 +206,8 @@ pk11_initialize(isc_mem_t *mctx, const char *engine) {
 
 	if (rv == 0xfe) {
 		result = PK11_R_NOPROVIDER;
+		fprintf(stderr, "Can't load PKCS#11 provider: %s\n",
+			pk11_get_load_error_message());
 		goto unlock;
 	}
 	if (rv != CKR_OK) {
diff --git a/lib/isc/unix/pk11_api.c b/lib/isc/unix/pk11_api.c
index 9c0e372fdc..a93108642d 100644
--- a/lib/isc/unix/pk11_api.c
+++ b/lib/isc/unix/pk11_api.c
@@ -30,6 +30,7 @@
 #include <pk11/internal.h>
 
 static void *hPK11 = NULL;
+static char loaderrmsg[1024];
 
 CK_RV
 pkcs_C_Initialize(CK_VOID_PTR pReserved) {
@@ -40,14 +41,22 @@ pkcs_C_Initialize(CK_VOID_PTR pReserved) {
 
 	hPK11 = dlopen(pk11_get_lib_name(), RTLD_NOW);
 
-	if (hPK11 == NULL)
+	if (hPK11 == NULL) {
+		snprintf(loaderrmsg, sizeof(loaderrmsg),
+			 "dlopen(\"%s\") failed: %s\n",
+			 pk11_get_lib_name(), dlerror());
 		return (CKR_LIBRARY_FAILED_TO_LOAD);
+	}
 	sym = (CK_C_Initialize)dlsym(hPK11, "C_Initialize");
 	if (sym == NULL)
 		return (CKR_SYMBOL_RESOLUTION_FAILED);
 	return (*sym)(pReserved);
 }
 
+char *pk11_get_load_error_message(void) {
+	return (loaderrmsg);
+}
+
 CK_RV
 pkcs_C_Finalize(CK_VOID_PTR pReserved) {
 	CK_C_Finalize sym;
@@ -131,8 +140,12 @@ pkcs_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
 
 	if (hPK11 == NULL)
 		hPK11 = dlopen(pk11_get_lib_name(), RTLD_NOW);
-	if (hPK11 == NULL)
+	if (hPK11 == NULL) {
+		snprintf(loaderrmsg, sizeof(loaderrmsg),
+			 "dlopen(\"%s\") failed: %s\n",
+			 pk11_get_lib_name(), dlerror());
 		return (CKR_LIBRARY_FAILED_TO_LOAD);
+	}
 	if ((sym == NULL) || (hPK11 != pPK11)) {
 		pPK11 = hPK11;
 		sym = (CK_C_OpenSession)dlsym(hPK11, "C_OpenSession");
diff --git a/lib/isc/win32/libisc.def.in b/lib/isc/win32/libisc.def.in
index 115ce106be..332f247a61 100644
--- a/lib/isc/win32/libisc.def.in
+++ b/lib/isc/win32/libisc.def.in
@@ -747,6 +747,7 @@ pk11_error_fatalcheck
 pk11_finalize
 pk11_get_best_token
 pk11_get_lib_name
+pk11_get_load_error_message
 pk11_get_session
 pk11_initialize
 pk11_initmsgcat
diff --git a/lib/isc/win32/pk11_api.c b/lib/isc/win32/pk11_api.c
index 13026732f2..a69021fdaf 100644
--- a/lib/isc/win32/pk11_api.c
+++ b/lib/isc/win32/pk11_api.c
@@ -63,6 +63,7 @@ getpassphrase(const char *prompt) {
 /* load PKCS11 DLL */
 
 static HINSTANCE hPK11 = NULL;
+static char loaderrmsg[1024];
 
 CK_RV
 pkcs_C_Initialize(CK_VOID_PTR pReserved) {
@@ -80,14 +81,23 @@ pkcs_C_Initialize(CK_VOID_PTR pReserved) {
 
 	hPK11 = LoadLibraryA(lib_name);
 
-	if (hPK11 == NULL)
+	if (hPK11 == NULL) {
+		const DWORD err = GetLastError();
+		snprintf(loaderrmsg, sizeof(loaderrmsg),
+			 "LoadLibraryA(\"%s\") failed with 0x%X\n",
+			 lib_name, err);
 		return (CKR_LIBRARY_FAILED_TO_LOAD);
+	}
 	sym = (CK_C_Initialize)GetProcAddress(hPK11, "C_Initialize");
 	if (sym == NULL)
 		return (CKR_SYMBOL_RESOLUTION_FAILED);
 	return (*sym)(pReserved);
 }
 
+char *pk11_get_load_error_message(void) {
+	return (loaderrmsg);
+}
+
 CK_RV
 pkcs_C_Finalize(CK_VOID_PTR pReserved) {
 	CK_C_Finalize sym;
@@ -167,8 +177,13 @@ pkcs_C_OpenSession(CK_SLOT_ID slotID,
 
 	if (hPK11 == NULL)
 		hPK11 = LoadLibraryA(pk11_get_lib_name());
-	if (hPK11 == NULL)
+	if (hPK11 == NULL) {
+		const DWORD err = GetLastError();
+		snprintf(loaderrmsg, sizeof(loaderrmsg),
+			 "LoadLibraryA(\"%s\") failed with 0x%X\n",
+			 pk11_get_lib_name(), err);
 		return (CKR_LIBRARY_FAILED_TO_LOAD);
+	}
 	if (sym == NULL)
 		sym = (CK_C_OpenSession)GetProcAddress(hPK11, "C_OpenSession");
 	if (sym == NULL)