@@ -126,6 +126,9 @@ with with hostapd. The following C files are currently used:
\ref ms_funcs.c and \ref ms_funcs.h
Helper functions for MSCHAPV2 and LEAP
+\ref openssl_engine.c
+ Helper functions for OpenSSL engine functionality
+
\ref tls.h
Definition of TLS library wrapper
@@ -647,6 +647,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
ifdef TLS_FUNCS
+ifndef OPENSSL_NO_ENGINE
+OBJS += ../src/crypto/openssl_engine.o
+endif
OBJS += src/crypto/tls_openssl.c
OBJS += src/crypto/tls_openssl_ocsp.c
LIBS += -lssl
@@ -707,6 +707,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
CONFIG_CRYPTO=openssl
ifdef TLS_FUNCS
+ifndef OPENSSL_NO_ENGINE
+OBJS += ../src/crypto/openssl_engine.o
+endif
OBJS += ../src/crypto/tls_openssl.o
OBJS += ../src/crypto/tls_openssl_ocsp.o
LIBS += -lssl
new file mode 100644
@@ -0,0 +1,98 @@
+/*
+ * Engine interface functions for OpenSSL
+ * Copyright (c) 2004-2021, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+
+#include <openssl/engine.h>
+
+#include "common.h"
+#include "openssl_engine.h"
+
+/**
+ * tls_engine_load_dynamic_generic - load any openssl engine
+ * @pre: an array of commands and values that load an engine initialized
+ * in the engine specific function
+ * @post: an array of commands and values that initialize an already loaded
+ * engine (or %NULL if not required)
+ * @id: the engine id of the engine to load (only required if post is not %NULL
+ *
+ * This function is a generic function that loads any openssl engine.
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_engine_load_dynamic_generic(const char *pre[],
+ const char *post[], const char *id)
+{
+ ENGINE *engine;
+ const char *dynamic_id = "dynamic";
+
+ engine = ENGINE_by_id(id);
+ if (engine) {
+ wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
+ "available", id);
+ /*
+ * If it was auto-loaded by ENGINE_by_id() we might still
+ * need to tell it which PKCS#11 module to use in legacy
+ * (non-p11-kit) environments. Do so now; even if it was
+ * properly initialised before, setting it again will be
+ * harmless.
+ */
+ goto found;
+ }
+ ERR_clear_error();
+
+ engine = ENGINE_by_id(dynamic_id);
+ if (engine == NULL) {
+ wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
+ dynamic_id,
+ ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+
+ /* Perform the pre commands. This will load the engine. */
+ while (pre && pre[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
+ if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
+ wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
+ "%s %s [%s]", pre[0], pre[1],
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_free(engine);
+ return -1;
+ }
+ pre += 2;
+ }
+
+ /*
+ * Free the reference to the "dynamic" engine. The loaded engine can
+ * now be looked up using ENGINE_by_id().
+ */
+ ENGINE_free(engine);
+
+ engine = ENGINE_by_id(id);
+ if (engine == NULL) {
+ wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
+ id, ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+ found:
+ while (post && post[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
+ if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
+ wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
+ " %s %s [%s]", post[0], post[1],
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_remove(engine);
+ ENGINE_free(engine);
+ return -1;
+ }
+ post += 2;
+ }
+ ENGINE_free(engine);
+
+ return 0;
+}
new file mode 100644
@@ -0,0 +1,10 @@
+/*
+ * Engine interface functions for OpenSSL
+ * Copyright (c) 2004-2021, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+int tls_engine_load_dynamic_generic(const char *pre[],
+ const char *post[], const char *id);
@@ -23,6 +23,7 @@
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#include "openssl_engine.h"
#endif /* OPENSSL_NO_ENGINE */
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
@@ -778,91 +779,6 @@ static void ssl_info_cb(const SSL *ssl, int where, int ret)
#ifndef OPENSSL_NO_ENGINE
-/**
- * tls_engine_load_dynamic_generic - load any openssl engine
- * @pre: an array of commands and values that load an engine initialized
- * in the engine specific function
- * @post: an array of commands and values that initialize an already loaded
- * engine (or %NULL if not required)
- * @id: the engine id of the engine to load (only required if post is not %NULL
- *
- * This function is a generic function that loads any openssl engine.
- *
- * Returns: 0 on success, -1 on failure
- */
-static int tls_engine_load_dynamic_generic(const char *pre[],
- const char *post[], const char *id)
-{
- ENGINE *engine;
- const char *dynamic_id = "dynamic";
-
- engine = ENGINE_by_id(id);
- if (engine) {
- wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
- "available", id);
- /*
- * If it was auto-loaded by ENGINE_by_id() we might still
- * need to tell it which PKCS#11 module to use in legacy
- * (non-p11-kit) environments. Do so now; even if it was
- * properly initialised before, setting it again will be
- * harmless.
- */
- goto found;
- }
- ERR_clear_error();
-
- engine = ENGINE_by_id(dynamic_id);
- if (engine == NULL) {
- wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
- dynamic_id,
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
- }
-
- /* Perform the pre commands. This will load the engine. */
- while (pre && pre[0]) {
- wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
- if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
- wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
- "%s %s [%s]", pre[0], pre[1],
- ERR_error_string(ERR_get_error(), NULL));
- ENGINE_free(engine);
- return -1;
- }
- pre += 2;
- }
-
- /*
- * Free the reference to the "dynamic" engine. The loaded engine can
- * now be looked up using ENGINE_by_id().
- */
- ENGINE_free(engine);
-
- engine = ENGINE_by_id(id);
- if (engine == NULL) {
- wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
- id, ERR_error_string(ERR_get_error(), NULL));
- return -1;
- }
- found:
- while (post && post[0]) {
- wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
- if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
- wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
- " %s %s [%s]", post[0], post[1],
- ERR_error_string(ERR_get_error(), NULL));
- ENGINE_remove(engine);
- ENGINE_free(engine);
- return -1;
- }
- post += 2;
- }
- ENGINE_free(engine);
-
- return 0;
-}
-
-
/**
* tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
* @pkcs11_so_path: pksc11_so_path from the configuration
@@ -1061,6 +1061,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
ifdef TLS_FUNCS
L_CFLAGS += -DEAP_TLS_OPENSSL
+ifndef OPENSSL_NO_ENGINE
+OBJS += ../src/crypto/openssl_engine.o
+endif
OBJS += src/crypto/tls_openssl.c
OBJS += src/crypto/tls_openssl_ocsp.c
LIBS += -lssl
@@ -1104,6 +1104,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
ifdef TLS_FUNCS
CFLAGS += -DEAP_TLS_OPENSSL
+ifndef OPENSSL_NO_ENGINE
+OBJS += ../src/crypto/openssl_engine.o
+endif
OBJS += ../src/crypto/tls_openssl.o
OBJS += ../src/crypto/tls_openssl_ocsp.o
LIBS += -lssl
@@ -122,6 +122,7 @@ OBJS = \
$(OBJDIR)\l2_packet_winpcap.obj \
$(OBJDIR)\tls_openssl.obj \
$(OBJDIR)\ms_funcs.obj \
+ $(OBJDIR)\openssl_engine.obj \
$(OBJDIR)\crypto_openssl.obj \
$(OBJDIR)\fips_prf_openssl.obj \
$(OBJDIR)\pcsc_funcs.obj \
@@ -394,6 +394,10 @@
RelativePath="..\..\scan.c"
>
</File>
+ <File
+ RelativePath="..\..\..\src\crypto\openssl_engine.c"
+ >
+ </File>
<File
RelativePath="..\..\..\src\crypto\sha1.c"
>
Expose tls_engine_load_dynamic_generic such that it can be used by other code wishing to load an openssl engine dynamically. The function is already written in way that is not specific to tls and was moved verbatim. Signed-off-by: Andrew Beltrano <anbeltra@microsoft.com> --- doc/code_structure.doxygen | 3 + hostapd/Android.mk | 3 + hostapd/Makefile | 3 + src/crypto/openssl_engine.c | 98 ++++++++++++++++++++++ src/crypto/openssl_engine.h | 10 +++ src/crypto/tls_openssl.c | 86 +------------------ wpa_supplicant/Android.mk | 3 + wpa_supplicant/Makefile | 3 + wpa_supplicant/nmake.mak | 1 + wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj | 4 + 10 files changed, 129 insertions(+), 85 deletions(-) create mode 100644 src/crypto/openssl_engine.c create mode 100644 src/crypto/openssl_engine.h