From 1176ab6dd4850cff64a35760e82dbfeb02cd155c Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 20 Mar 2012 17:00:47 -0700 Subject: [PATCH] Android: Use keystore ENGINE for private key operations The new keystore ENGINE is usable to perform private key operations when we can't get the actual private key data. This is the case when hardware crypto is enabled: the private key never leaves the hardware. Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't PKCS#11 or OpenSC. This just changes a few #define variables to allow us to talk to our keystore engine without having one of those enabled and without using a PIN. Signed-off-by: Dmitry Shmidt --- src/crypto/tls_openssl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index 95c674a45..2b7b010cb 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -10,9 +10,11 @@ #ifndef CONFIG_SMARTCARD #ifndef OPENSSL_NO_ENGINE +#ifndef ANDROID #define OPENSSL_NO_ENGINE #endif #endif +#endif #include #include @@ -858,16 +860,21 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id, wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); return -1; } +#ifndef ANDROID if (pin == NULL) { wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); return -1; } +#endif if (key_id == NULL) { wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); return -1; } ERR_clear_error(); +#ifdef ANDROID + ENGINE_load_dynamic(); +#endif conn->engine = ENGINE_by_id(engine_id); if (!conn->engine) { wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", @@ -882,11 +889,13 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id, } wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); +#ifndef ANDROID if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", ERR_error_string(ERR_get_error(), NULL)); goto err; } +#endif /* load private key first in-case PIN is required for cert */ conn->private_key = ENGINE_load_private_key(conn->engine, key_id, NULL, NULL);