@@ -11,7 +11,7 @@
#include <time.h>
#ifdef ANDROID
-#include <linux/capability.h>
+#include <sys/capability.h>
#include <linux/prctl.h>
#include <private/android_filesystem_config.h>
#endif /* ANDROID */
--
1.8.4.1
From 45b603746553e9d98736d31ff9db85e96af0a92f Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Tue, 20 Mar 2012 17:00:47 -0700
Subject: [PATCH 2/8] Use keystore ENGINE for private key operations
To: hostap@lists.shmoo.com
The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.
Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.
Change-Id: Iabab5077c3d167a1e13bc8ef8745dc59ad4d62f7
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
src/crypto/tls_openssl.c | 9 +++++++++
1 file changed, 9 insertions(+)
@@ -10,9 +10,11 @@
#ifndef CONFIG_SMARTCARD
#ifndef OPENSSL_NO_ENGINE
+#ifndef ANDROID
#define OPENSSL_NO_ENGINE
#endif
#endif
+#endif
#include <openssl/ssl.h>
#include <openssl/err.h>
@@ -858,16 +860,21 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
return -1;
}
+#ifndef ANDROID
if (pin == NULL) {
wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
return -1;
}
+#endif
if (key_id == NULL) {
wpa_printf(MSG_ERROR, "ENGINE: Key Id not set");
return -1;
}
ERR_clear_error();
+#ifdef ANDROID
+ ENGINE_load_dynamic();
+#endif
conn->engine = ENGINE_by_id(engine_id);
if (!conn->engine) {
wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]",
@@ -882,11 +889,13 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
}
wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
+#ifndef ANDROID
if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
ERR_error_string(ERR_get_error(), NULL));
goto err;
}
+#endif
/* load private key first in-case PIN is required for cert */
conn->private_key = ENGINE_load_private_key(conn->engine,
key_id, NULL, NULL);
--
1.8.4.1
From 7b07320b12c373689eae3b9e64416bbce87ddd59 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Wed, 26 Jun 2013 14:57:31 -0700
Subject: [PATCH 3/8] Remove obsolete keystore path
To: hostap@lists.shmoo.com
It's not possible to get a raw private key from keystore anymore, so
this would fail every time anyway. Remove it so it doesn't confuse
anyone that looks at this code.
Change-Id: I021fc1707b16474d8698c85055a6fcc4095cd215
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
src/crypto/tls_openssl.c | 20 --------------------
1 file changed, 20 deletions(-)
@@ -2208,26 +2208,6 @@ static int tls_connection_private_key(void *_ssl_ctx,
break;
}
-#ifdef ANDROID
- if (!ok && private_key &&
- os_strncmp("keystore://", private_key, 11) == 0) {
- BIO *bio = BIO_from_keystore(&private_key[11]);
- EVP_PKEY *pkey = NULL;
- if (bio) {
- pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
- BIO_free(bio);
- }
- if (pkey) {
- if (SSL_use_PrivateKey(conn->ssl, pkey) == 1) {
- wpa_printf(MSG_DEBUG, "OpenSSL: Private key "
- "from keystore");
- ok = 1;
- }
- EVP_PKEY_free(pkey);
- }
- }
-#endif /* ANDROID */
-
while (!ok && private_key) {
#ifndef OPENSSL_NO_STDIO
if (SSL_use_PrivateKey_file(conn->ssl, private_key,
--
1.8.4.1
From 5fc6507f64a8f24fcafaa92b86210951ca474742 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Tue, 20 Mar 2012 13:05:25 -0700
Subject: [PATCH 4/8] Restore OpenSSL ENGINE support
To: hostap@lists.shmoo.com
We now use an OpenSSL ENGINE to support keystore functionality.
Change-Id: Ifa654183a86462e1542c58dd39e20ffe11a8edfa
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
hostapd/Android.mk | 3 ---
wpa_supplicant/Android.mk | 3 ---
2 files changed, 6 deletions(-)
@@ -44,9 +44,6 @@ endif
# To allow non-ASCII characters in SSID
L_CFLAGS += -DWPA_UNICODE_SSID
-# OpenSSL is configured without engines on Android
-L_CFLAGS += -DOPENSSL_NO_ENGINE
-
INCLUDES = $(LOCAL_PATH)
INCLUDES += $(LOCAL_PATH)/src
INCLUDES += $(LOCAL_PATH)/src/utils
@@ -54,9 +54,6 @@ endif
# To allow non-ASCII characters in SSID
L_CFLAGS += -DWPA_UNICODE_SSID
-# OpenSSL is configured without engines on Android
-L_CFLAGS += -DOPENSSL_NO_ENGINE
-
INCLUDES = $(LOCAL_PATH)
INCLUDES += $(LOCAL_PATH)/src
INCLUDES += $(LOCAL_PATH)/src/common
--
1.8.4.1
From 19b1a85512ae2794059548521bc2cd7b75661cb5 Mon Sep 17 00:00:00 2001
From: Dmitry Shmidt <dimitrysh@google.com>
Date: Thu, 7 Nov 2013 12:37:30 -0800
Subject: [PATCH 5/8] Android: Remove obsolete WPA_UNICODE_SSID define
To: hostap@lists.shmoo.com
Change-Id: Ic342eff728b418c2d3d053b4b9b89d81d7c56a62
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
hostapd/Android.mk | 3 ---
wpa_supplicant/Android.mk | 3 ---
2 files changed, 6 deletions(-)
@@ -41,9 +41,6 @@ ifeq ($(TARGET_ARCH),arm)
L_CFLAGS += -mabi=aapcs-linux
endif
-# To allow non-ASCII characters in SSID
-L_CFLAGS += -DWPA_UNICODE_SSID
-
INCLUDES = $(LOCAL_PATH)
INCLUDES += $(LOCAL_PATH)/src
INCLUDES += $(LOCAL_PATH)/src/utils
@@ -51,9 +51,6 @@ ifeq ($(TARGET_ARCH),arm)
L_CFLAGS += -mabi=aapcs-linux
endif
-# To allow non-ASCII characters in SSID
-L_CFLAGS += -DWPA_UNICODE_SSID
-
INCLUDES = $(LOCAL_PATH)
INCLUDES += $(LOCAL_PATH)/src
INCLUDES += $(LOCAL_PATH)/src/common
--
1.8.4.1
From c0f6d84eee63c378742c1ed1344e6265a82e6aa9 Mon Sep 17 00:00:00 2001
From: Joe Onorato <joeo@google.com>
Date: Tue, 22 May 2012 14:16:30 -0700
Subject: [PATCH 6/8] Get rid of LOCAL_MODULE_TAGS := user
To: hostap@lists.shmoo.com
Change-Id: I6d9ed4e6e1d94cfedcb703eec4adfe227d35b473
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
wpa_supplicant/Android.mk | 1 -
1 file changed, 1 deletion(-)
@@ -1569,7 +1569,6 @@ include $(BUILD_EXECUTABLE)
#
#include $(CLEAR_VARS)
#LOCAL_MODULE := wpa_supplicant.conf
-#LOCAL_MODULE_TAGS := user
#LOCAL_MODULE_CLASS := ETC
#LOCAL_MODULE_PATH := $(local_target_dir)
#LOCAL_SRC_FILES := $(LOCAL_MODULE)
--
1.8.4.1
From 0693993ee378fde500fd52757f38da066fd7e5e7 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Thu, 7 Nov 2013 15:06:59 -0800
Subject: [PATCH 7/8] Switch keystore to binder
To: hostap@lists.shmoo.com
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
src/crypto/tls_openssl.c | 35 +++++++++++++++++------------------
wpa_supplicant/Android.mk | 2 +-
2 files changed, 18 insertions(+), 19 deletions(-)
@@ -24,11 +24,6 @@
#include <openssl/engine.h>
#endif /* OPENSSL_NO_ENGINE */
-#ifdef ANDROID
-#include <openssl/pem.h>
-#include "keystore_get.h"
-#endif /* ANDROID */
-
#include "common.h"
#include "crypto.h"
#include "tls.h"
@@ -60,6 +55,23 @@
#endif /* OPENSSL_NO_TLSEXT */
#endif /* SSL_set_tlsext_status_type */
+#ifdef ANDROID
+#include <openssl/pem.h>
+#include <keystore/keystore_get.h>
+
+static BIO * BIO_from_keystore(const char *key)
+{
+ BIO *bio = NULL;
+ uint8_t *value = NULL;
+ int length = keystore_get(key, strlen(key), &value);
+ if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL) {
+ BIO_write(bio, value, length);
+ }
+ free(value);
+ return bio;
+}
+#endif /* ANDROID */
+
static int tls_openssl_ref_count = 0;
struct tls_context {
@@ -1496,19 +1508,6 @@ static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert)
#endif /* OPENSSL_NO_STDIO */
-#ifdef ANDROID
-static BIO * BIO_from_keystore(const char *key)
-{
- BIO *bio = NULL;
- char value[KEYSTORE_MESSAGE_SIZE];
- int length = keystore_get(key, strlen(key), value);
- if (length != -1 && (bio = BIO_new(BIO_s_mem())) != NULL)
- BIO_write(bio, value, length);
- return bio;
-}
-#endif /* ANDROID */
-
-
static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn,
const char *ca_cert, const u8 *ca_cert_blob,
size_t ca_cert_blob_len, const char *ca_path)
@@ -1540,7 +1540,7 @@ include $(LOCAL_PATH)/eap_proxy_$(CONFIG_EAP_PROXY).mk
endif
ifeq ($(CONFIG_TLS), openssl)
-LOCAL_SHARED_LIBRARIES += libcrypto libssl
+LOCAL_SHARED_LIBRARIES += libcrypto libssl libkeystore_binder
endif
ifdef CONFIG_DRIVER_NL80211
LOCAL_STATIC_LIBRARIES += libnl_2
--
1.8.4.1
From af80a11ac234b412c19ad03723bd984889bb56d9 Mon Sep 17 00:00:00 2001
From: Ying Wang <wangying@google.com>
Date: Thu, 7 Nov 2013 15:09:36 -0800
Subject: [PATCH 8/8] Add liblog
To: hostap@lists.shmoo.com
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
---
hostapd/Android.mk | 4 ++--
wpa_supplicant/Android.mk | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
@@ -885,7 +885,7 @@ endif
include $(CLEAR_VARS)
LOCAL_MODULE := hostapd_cli
LOCAL_MODULE_TAGS := debug
-LOCAL_SHARED_LIBRARIES := libc libcutils
+LOCAL_SHARED_LIBRARIES := libc libcutils liblog
LOCAL_CFLAGS := $(L_CFLAGS)
LOCAL_SRC_FILES := $(OBJS_c)
LOCAL_C_INCLUDES := $(INCLUDES)
@@ -901,7 +901,7 @@ endif
ifneq ($(BOARD_HOSTAPD_PRIVATE_LIB),)
LOCAL_STATIC_LIBRARIES += $(BOARD_HOSTAPD_PRIVATE_LIB)
endif
-LOCAL_SHARED_LIBRARIES := libc libcutils libcrypto libssl
+LOCAL_SHARED_LIBRARIES := libc libcutils liblog libcrypto libssl
ifdef CONFIG_DRIVER_NL80211
LOCAL_STATIC_LIBRARIES += libnl_2
endif
@@ -1517,7 +1517,7 @@ endif
include $(CLEAR_VARS)
LOCAL_MODULE := wpa_cli
LOCAL_MODULE_TAGS := debug
-LOCAL_SHARED_LIBRARIES := libc libcutils
+LOCAL_SHARED_LIBRARIES := libc libcutils liblog
LOCAL_CFLAGS := $(L_CFLAGS)
LOCAL_SRC_FILES := $(OBJS_c)
LOCAL_C_INCLUDES := $(INCLUDES)
@@ -1532,7 +1532,7 @@ endif
ifneq ($(BOARD_WPA_SUPPLICANT_PRIVATE_LIB),)
LOCAL_STATIC_LIBRARIES += $(BOARD_WPA_SUPPLICANT_PRIVATE_LIB)
endif
-LOCAL_SHARED_LIBRARIES := libc libcutils
+LOCAL_SHARED_LIBRARIES := libc libcutils liblog
ifdef CONFIG_EAP_PROXY
OBJS += src/eap_peer/eap_proxy_$(CONFIG_EAP_PROXY).c
@@ -1581,7 +1581,7 @@ LOCAL_MODULE = libwpa_client
LOCAL_CFLAGS = $(L_CFLAGS)
LOCAL_SRC_FILES = src/common/wpa_ctrl.c src/utils/os_$(CONFIG_OS).c
LOCAL_C_INCLUDES = $(INCLUDES)
-LOCAL_SHARED_LIBRARIES := libcutils
+LOCAL_SHARED_LIBRARIES := libcutils liblog
LOCAL_COPY_HEADERS_TO := libwpa_client
LOCAL_COPY_HEADERS := src/common/wpa_ctrl.h
include $(BUILD_SHARED_LIBRARY)
Change-Id: I168ac70cc03d0dd31af77906d71b8b1f77752501 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> --- src/utils/os_unix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)