@@ -10,9 +10,11 @@
#ifndef CONFIG_SMARTCARD
#ifndef OPENSSL_NO_ENGINE
+#ifndef ANDROID
#define OPENSSL_NO_ENGINE
#endif
#endif
+#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
@@ -858,16 +860,21 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
return -1;
}
+#ifndef ANDROID
if (pin == NULL) {
wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
return -1;
}
+#endif
if (key_id == NULL) {
wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
return -1;
}
ERR_clear_error();
+#ifdef ANDROID
+ ENGINE_load_dynamic();
+#endif
conn->engine = ENGINE_by_id(engine_id);
if (!conn->engine) {
wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
@@ -882,11 +889,13 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
}
wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
+#ifndef ANDROID
if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
ERR_error_string(ERR_get_error(), NULL));
goto err;
}
+#endif
/* load private key first in-case PIN is required for cert */
conn->private_key = ENGINE_load_private_key(conn->engine,
key_id, NULL, NULL);
The new keystore ENGINE is usable to perform private key operations when we can't get the actual private key data. This is the case when hardware crypto is enabled: the private key never leaves the hardware. Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't PKCS#11 or OpenSC. This just changes a few #define variables to allow us to talk to our keystore engine without having one of those enabled and without using a PIN. Change-Id: Iabab5077c3d167a1e13bc8ef8745dc59ad4d62f7 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> --- src/crypto/tls_openssl.c | 9 +++++++++ 1 file changed, 9 insertions(+)