[PATCH v2 1/2] Make tls_engine_load_dynamic_generic externally accessible.
Andrew Beltrano
anbeltra at microsoft.com
Fri Apr 30 23:48:21 BST 2021
Expose tls_engine_load_dynamic_generic such that it can be used
by other code wishing to load an openssl engine dynamically. The
function is already written in way that is not specific to tls and was
moved verbatim.
Signed-off-by: Andrew Beltrano <anbeltra at microsoft.com>
---
doc/code_structure.doxygen | 3 +
hostapd/Android.mk | 11 +++
hostapd/Makefile | 11 +++
src/crypto/openssl_engine.c | 98 ++++++++++++++++++++++
src/crypto/openssl_engine.h | 10 +++
src/crypto/tls_openssl.c | 86 +------------------
wpa_supplicant/Android.mk | 11 +++
wpa_supplicant/Makefile | 11 +++
wpa_supplicant/nmake.mak | 1 +
wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj | 4 +
10 files changed, 161 insertions(+), 85 deletions(-)
create mode 100644 src/crypto/openssl_engine.c
create mode 100644 src/crypto/openssl_engine.h
diff --git a/doc/code_structure.doxygen b/doc/code_structure.doxygen
index 454f17975..e8297dad0 100644
--- a/doc/code_structure.doxygen
+++ b/doc/code_structure.doxygen
@@ -126,6 +126,9 @@ with with hostapd. The following C files are currently used:
\ref ms_funcs.c and \ref ms_funcs.h
Helper functions for MSCHAPV2 and LEAP
+\ref openssl_engine.c
+ Helper functions for OpenSSL engine functionality
+
\ref tls.h
Definition of TLS library wrapper
diff --git a/hostapd/Android.mk b/hostapd/Android.mk
index b3af96886..09ea68f63 100644
--- a/hostapd/Android.mk
+++ b/hostapd/Android.mk
@@ -560,6 +560,9 @@ NEED_JSON=y
NEED_GAS=y
NEED_BASE64=y
NEED_ASN1=y
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
ifdef CONFIG_DPP2
L_CFLAGS += -DCONFIG_DPP2
endif
@@ -647,6 +650,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
ifdef TLS_FUNCS
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
OBJS += src/crypto/tls_openssl.c
OBJS += src/crypto/tls_openssl_ocsp.c
LIBS += -lssl
@@ -1055,6 +1061,11 @@ OBJS += src/common/gas.c
OBJS += src/ap/gas_serv.c
endif
+ifdef NEED_OPENSSL_ENGINE
+OBJS += src/crypto/openssl_engine.o
+CFLAGS += -DCONFIG_OPENSSL_ENGINE
+endif
+
ifdef CONFIG_PROXYARP
L_CFLAGS += -DCONFIG_PROXYARP
OBJS += src/ap/x_snoop.c
diff --git a/hostapd/Makefile b/hostapd/Makefile
index ac085fd10..34ced9049 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -590,6 +590,9 @@ NEED_JSON=y
NEED_GAS=y
NEED_BASE64=y
NEED_ASN1=y
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
ifdef CONFIG_DPP2
CFLAGS += -DCONFIG_DPP2
endif
@@ -707,6 +710,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
CONFIG_CRYPTO=openssl
ifdef TLS_FUNCS
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
OBJS += ../src/crypto/tls_openssl.o
OBJS += ../src/crypto/tls_openssl_ocsp.o
LIBS += -lssl
@@ -1201,6 +1207,11 @@ OBJS += ../src/common/gas.o
OBJS += ../src/ap/gas_serv.o
endif
+ifdef NEED_OPENSSL_ENGINE
+OBJS += ../src/crypto/openssl_engine.o
+CFLAGS += -DCONFIG_OPENSSL_ENGINE
+endif
+
ifdef CONFIG_PROXYARP
CFLAGS += -DCONFIG_PROXYARP
OBJS += ../src/ap/x_snoop.o
diff --git a/src/crypto/openssl_engine.c b/src/crypto/openssl_engine.c
new file mode 100644
index 000000000..5fbc480d1
--- /dev/null
+++ b/src/crypto/openssl_engine.c
@@ -0,0 +1,98 @@
+/*
+ * Engine interface functions for OpenSSL
+ * Copyright (c) 2004-2021, Jouni Malinen <j at w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "includes.h"
+
+#include <openssl/engine.h>
+
+#include "common.h"
+#include "openssl_engine.h"
+
+/**
+ * tls_engine_load_dynamic_generic - load any openssl engine
+ * @pre: an array of commands and values that load an engine initialized
+ * in the engine specific function
+ * @post: an array of commands and values that initialize an already loaded
+ * engine (or %NULL if not required)
+ * @id: the engine id of the engine to load (only required if post is not %NULL
+ *
+ * This function is a generic function that loads any openssl engine.
+ *
+ * Returns: 0 on success, -1 on failure
+ */
+int tls_engine_load_dynamic_generic(const char *pre[],
+ const char *post[], const char *id)
+{
+ ENGINE *engine;
+ const char *dynamic_id = "dynamic";
+
+ engine = ENGINE_by_id(id);
+ if (engine) {
+ wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
+ "available", id);
+ /*
+ * If it was auto-loaded by ENGINE_by_id() we might still
+ * need to tell it which PKCS#11 module to use in legacy
+ * (non-p11-kit) environments. Do so now; even if it was
+ * properly initialised before, setting it again will be
+ * harmless.
+ */
+ goto found;
+ }
+ ERR_clear_error();
+
+ engine = ENGINE_by_id(dynamic_id);
+ if (engine == NULL) {
+ wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
+ dynamic_id,
+ ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+
+ /* Perform the pre commands. This will load the engine. */
+ while (pre && pre[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
+ if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
+ wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
+ "%s %s [%s]", pre[0], pre[1],
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_free(engine);
+ return -1;
+ }
+ pre += 2;
+ }
+
+ /*
+ * Free the reference to the "dynamic" engine. The loaded engine can
+ * now be looked up using ENGINE_by_id().
+ */
+ ENGINE_free(engine);
+
+ engine = ENGINE_by_id(id);
+ if (engine == NULL) {
+ wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
+ id, ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+ found:
+ while (post && post[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
+ if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
+ wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
+ " %s %s [%s]", post[0], post[1],
+ ERR_error_string(ERR_get_error(), NULL));
+ ENGINE_remove(engine);
+ ENGINE_free(engine);
+ return -1;
+ }
+ post += 2;
+ }
+ ENGINE_free(engine);
+
+ return 0;
+}
diff --git a/src/crypto/openssl_engine.h b/src/crypto/openssl_engine.h
new file mode 100644
index 000000000..50e625bac
--- /dev/null
+++ b/src/crypto/openssl_engine.h
@@ -0,0 +1,10 @@
+/*
+ * Engine interface functions for OpenSSL
+ * Copyright (c) 2004-2021, Jouni Malinen <j at w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+int tls_engine_load_dynamic_generic(const char *pre[],
+ const char *post[], const char *id);
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 345a35ee1..9463574a5 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -23,6 +23,7 @@
#include <openssl/x509v3.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#include "openssl_engine.h"
#endif /* OPENSSL_NO_ENGINE */
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
@@ -778,91 +779,6 @@ static void ssl_info_cb(const SSL *ssl, int where, int ret)
#ifndef OPENSSL_NO_ENGINE
-/**
- * tls_engine_load_dynamic_generic - load any openssl engine
- * @pre: an array of commands and values that load an engine initialized
- * in the engine specific function
- * @post: an array of commands and values that initialize an already loaded
- * engine (or %NULL if not required)
- * @id: the engine id of the engine to load (only required if post is not %NULL
- *
- * This function is a generic function that loads any openssl engine.
- *
- * Returns: 0 on success, -1 on failure
- */
-static int tls_engine_load_dynamic_generic(const char *pre[],
- const char *post[], const char *id)
-{
- ENGINE *engine;
- const char *dynamic_id = "dynamic";
-
- engine = ENGINE_by_id(id);
- if (engine) {
- wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
- "available", id);
- /*
- * If it was auto-loaded by ENGINE_by_id() we might still
- * need to tell it which PKCS#11 module to use in legacy
- * (non-p11-kit) environments. Do so now; even if it was
- * properly initialised before, setting it again will be
- * harmless.
- */
- goto found;
- }
- ERR_clear_error();
-
- engine = ENGINE_by_id(dynamic_id);
- if (engine == NULL) {
- wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
- dynamic_id,
- ERR_error_string(ERR_get_error(), NULL));
- return -1;
- }
-
- /* Perform the pre commands. This will load the engine. */
- while (pre && pre[0]) {
- wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]);
- if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) {
- wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: "
- "%s %s [%s]", pre[0], pre[1],
- ERR_error_string(ERR_get_error(), NULL));
- ENGINE_free(engine);
- return -1;
- }
- pre += 2;
- }
-
- /*
- * Free the reference to the "dynamic" engine. The loaded engine can
- * now be looked up using ENGINE_by_id().
- */
- ENGINE_free(engine);
-
- engine = ENGINE_by_id(id);
- if (engine == NULL) {
- wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]",
- id, ERR_error_string(ERR_get_error(), NULL));
- return -1;
- }
- found:
- while (post && post[0]) {
- wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
- if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
- wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:"
- " %s %s [%s]", post[0], post[1],
- ERR_error_string(ERR_get_error(), NULL));
- ENGINE_remove(engine);
- ENGINE_free(engine);
- return -1;
- }
- post += 2;
- }
- ENGINE_free(engine);
-
- return 0;
-}
-
-
/**
* tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
* @pkcs11_so_path: pksc11_so_path from the configuration
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index f539ce134..cc5239c90 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -276,6 +276,9 @@ NEED_JSON=y
NEED_GAS_SERVER=y
NEED_BASE64=y
NEED_ASN1=y
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
ifdef CONFIG_DPP2
L_CFLAGS += -DCONFIG_DPP2
endif
@@ -1061,6 +1064,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
ifdef TLS_FUNCS
L_CFLAGS += -DEAP_TLS_OPENSSL
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
OBJS += src/crypto/tls_openssl.c
OBJS += src/crypto/tls_openssl_ocsp.c
LIBS += -lssl
@@ -1652,6 +1658,11 @@ OBJS += src/utils/json.c
L_CFLAGS += -DCONFIG_JSON
endif
+ifdef NEED_OPENSSL_ENGINE
+OBJS += src/crypto/openssl_engine.o
+CFLAGS += -DCONFIG_OPENSSL_ENGINE
+endi
+
OBJS += src/drivers/driver_common.c
OBJS += wpa_supplicant.c events.c bssid_ignore.c wpas_glue.c scan.c
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 271f2aab3..14cc193da 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -291,6 +291,9 @@ NEED_JSON=y
NEED_GAS_SERVER=y
NEED_BASE64=y
NEED_ASN1=y
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
ifdef CONFIG_DPP2
CFLAGS += -DCONFIG_DPP2
endif
@@ -1104,6 +1107,9 @@ endif
ifeq ($(CONFIG_TLS), openssl)
ifdef TLS_FUNCS
CFLAGS += -DEAP_TLS_OPENSSL
+ifndef OPENSSL_NO_ENGINE
+NEED_OPENSSL_ENGINE=y
+endif
OBJS += ../src/crypto/tls_openssl.o
OBJS += ../src/crypto/tls_openssl_ocsp.o
LIBS += -lssl
@@ -1796,6 +1802,11 @@ OBJS += ../src/utils/json.o
CFLAGS += -DCONFIG_JSON
endif
+ifdef NEED_OPENSSL_ENGINE
+OBJS += ../src/crypto/openssl_engine.o
+CFLAGS += -DCONFIG_OPENSSL_ENGINE
+endif
+
ifdef CONFIG_MODULE_TESTS
CFLAGS += -DCONFIG_MODULE_TESTS
OBJS += wpas_module_tests.o
diff --git a/wpa_supplicant/nmake.mak b/wpa_supplicant/nmake.mak
index 617df036a..195faabe5 100644
--- a/wpa_supplicant/nmake.mak
+++ b/wpa_supplicant/nmake.mak
@@ -122,6 +122,7 @@ OBJS = \
$(OBJDIR)\l2_packet_winpcap.obj \
$(OBJDIR)\tls_openssl.obj \
$(OBJDIR)\ms_funcs.obj \
+ $(OBJDIR)\openssl_engine.obj \
$(OBJDIR)\crypto_openssl.obj \
$(OBJDIR)\fips_prf_openssl.obj \
$(OBJDIR)\pcsc_funcs.obj \
diff --git a/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj b/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
index 82d9033ff..b0b51a02c 100755
--- a/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
+++ b/wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj
@@ -394,6 +394,10 @@
RelativePath="..\..\scan.c"
>
</File>
+ <File
+ RelativePath="..\..\..\src\crypto\openssl_engine.c"
+ >
+ </File>
<File
RelativePath="..\..\..\src\crypto\sha1.c"
>
--
2.20.1
More information about the Hostap
mailing list