Index: wpa_supplicant-0.6.4/src/crypto/tls.h =================================================================== --- wpa_supplicant-0.6.4.orig/src/crypto/tls.h +++ wpa_supplicant-0.6.4/src/crypto/tls.h @@ -32,6 +32,7 @@ struct tls_config { const char *opensc_engine_path; const char *pkcs11_engine_path; const char *pkcs11_module_path; + const char *pkcs11_module_init_args; }; /** Index: wpa_supplicant-0.6.4/src/crypto/tls_openssl.c =================================================================== --- wpa_supplicant-0.6.4.orig/src/crypto/tls_openssl.c +++ wpa_supplicant-0.6.4/src/crypto/tls_openssl.c @@ -653,9 +653,11 @@ static int tls_engine_load_dynamic_gener * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc * @pkcs11_so_path: pksc11_so_path from the configuration * @pcks11_module_path: pkcs11_module_path from the configuration + * @pkcs11_module_init_args: pkcs11_module_init_args from the configuration */ static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, - const char *pkcs11_module_path) + const char *pkcs11_module_path, + const char *pkcs11_module_init_args) { char *engine_id = "pkcs11"; const char *pre_cmd[] = { @@ -668,6 +670,7 @@ static int tls_engine_load_dynamic_pkcs1 }; const char *post_cmd[] = { "MODULE_PATH", NULL /* pkcs11_module_path */, + "INIT_ARGS", NULL /* pkcs11_module_init_args */, NULL, NULL }; @@ -678,6 +681,9 @@ static int tls_engine_load_dynamic_pkcs1 pre_cmd[3] = engine_id; post_cmd[1] = pkcs11_module_path; + if (pkcs11_module_init_args) + post_cmd[3] = pkcs11_module_init_args; + wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", pkcs11_so_path); @@ -747,7 +753,8 @@ void * tls_init(const struct tls_config if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, - conf->pkcs11_module_path)) { + conf->pkcs11_module_path, + conf->pkcs11_module_init_args)) { tls_deinit(ssl); return NULL; } Index: wpa_supplicant-0.6.4/src/eap_peer/eap.c =================================================================== --- wpa_supplicant-0.6.4.orig/src/eap_peer/eap.c +++ wpa_supplicant-0.6.4/src/eap_peer/eap.c @@ -1169,6 +1169,7 @@ struct eap_sm * eap_peer_sm_init(void *e tlsconf.opensc_engine_path = conf->opensc_engine_path; tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path; tlsconf.pkcs11_module_path = conf->pkcs11_module_path; + tlsconf.pkcs11_module_init_args = conf->pkcs11_module_init_args; sm->ssl_ctx = tls_init(&tlsconf); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " Index: wpa_supplicant-0.6.4/src/eap_peer/eap.h =================================================================== --- wpa_supplicant-0.6.4.orig/src/eap_peer/eap.h +++ wpa_supplicant-0.6.4/src/eap_peer/eap.h @@ -246,6 +246,13 @@ struct eap_config { */ const char *pkcs11_module_path; /** + * pkcs11_module_init_args - OpenSC PKCS#11 module initialization + * arguments for OpenSSL engine. + * + * Usually, NULL. + */ + const char *pkcs11_module_init_args; + /** * mac_addr - MAC address of the peer * * This can be left %NULL if not available. Index: wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.c =================================================================== --- wpa_supplicant-0.6.4.orig/src/eapol_supp/eapol_supp_sm.c +++ wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.c @@ -1801,6 +1801,7 @@ struct eapol_sm *eapol_sm_init(struct ea conf.opensc_engine_path = ctx->opensc_engine_path; conf.pkcs11_engine_path = ctx->pkcs11_engine_path; conf.pkcs11_module_path = ctx->pkcs11_module_path; + conf.pkcs11_module_init_args = ctx->pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ sm->eap = eap_peer_sm_init(sm, &eapol_cb, sm->ctx->msg_ctx, &conf); Index: wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.h =================================================================== --- wpa_supplicant-0.6.4.orig/src/eapol_supp/eapol_supp_sm.h +++ wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.h @@ -198,6 +198,15 @@ struct eapol_ctx { * module is not loaded. */ const char *pkcs11_module_path; + + /** + * pkcs11_module_init_args - The initialization arguments to the OpenSSL + * OpenSC/PKCS#11 module. + * + * This is an OpenSSL specific configuration option for configuring + * the initialization arguments of the PKCS#11 module. + */ + const char *pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ /** Index: wpa_supplicant-0.6.4/wpa_supplicant/config.c =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/config.c +++ wpa_supplicant-0.6.4/wpa_supplicant/config.c @@ -1526,6 +1526,7 @@ void wpa_config_free(struct wpa_config * os_free(config->opensc_engine_path); os_free(config->pkcs11_engine_path); os_free(config->pkcs11_module_path); + os_free(config->pkcs11_module_init_args); #endif /* EAP_TLS_OPENSSL */ os_free(config->driver_param); os_free(config->pssid); Index: wpa_supplicant-0.6.4/wpa_supplicant/config.h =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/config.h +++ wpa_supplicant-0.6.4/wpa_supplicant/config.h @@ -194,6 +194,15 @@ struct wpa_config { * module is not loaded. */ char *pkcs11_module_path; + + /** + * pkcs11_module_init_args - The initialization arguments to the OpenSSL + * OpenSC/PKCS#11 module. + * + * This is an OpenSSL specific configuration option for configuring + * the initialization arguments of the PKCS#11 module. + */ + char *pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ /** Index: wpa_supplicant-0.6.4/wpa_supplicant/config_file.c =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/config_file.c +++ wpa_supplicant-0.6.4/wpa_supplicant/config_file.c @@ -355,6 +355,16 @@ static int wpa_config_process_pkcs11_mod return 0; } +static int wpa_config_process_pkcs11_module_init_args(struct wpa_config *config, + char *pos) +{ + os_free(config->pkcs11_module_init_args); + config->pkcs11_module_init_args = os_strdup(pos); + wpa_printf(MSG_DEBUG, "pkcs11_module_init_args='%s'", + config->pkcs11_module_init_args); + return 0; +} + #endif /* EAP_TLS_OPENSSL */ @@ -457,6 +467,9 @@ static int wpa_config_process_global(str if (os_strncmp(pos, "pkcs11_module_path=", 19) == 0) return wpa_config_process_pkcs11_module_path(config, pos + 19); + + if (os_strncmp(pos, "pkcs11_module_init_args=", 24) == 0) + return wpa_config_process_pkcs11_module_init_args(config, pos + 24); #endif /* EAP_TLS_OPENSSL */ if (os_strncmp(pos, "driver_param=", 13) == 0) @@ -827,6 +840,9 @@ static void wpa_config_write_global(FILE if (config->pkcs11_module_path) fprintf(f, "pkcs11_module_path=%s\n", config->pkcs11_module_path); + if (config->pkcs11_module_init_args) + fprintf(f, "pkcs11_module_init_args=%s\n", + config->pkcs11_module_init_args); #endif /* EAP_TLS_OPENSSL */ if (config->driver_param) fprintf(f, "driver_param=%s\n", config->driver_param); Index: wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/ctrl_iface_dbus_handlers.c +++ wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c @@ -858,7 +858,7 @@ out: static const char *dont_quote[] = { "key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap", "opensc_engine_path", "pkcs11_engine_path", "pkcs11_module_path", - "bssid", NULL + "pkcs11_module_init_args", "bssid", NULL }; static dbus_bool_t should_quote_opt(const char *key) @@ -1196,6 +1196,7 @@ DBusMessage * wpas_dbus_iface_set_smartc char *opensc_engine_path = NULL; char *pkcs11_engine_path = NULL; char *pkcs11_module_path = NULL; + char *pkcs11_module_init_args = NULL; struct wpa_dbus_dict_entry entry; if (!dbus_message_iter_init(message, &iter)) @@ -1222,6 +1223,11 @@ DBusMessage * wpas_dbus_iface_set_smartc pkcs11_module_path = os_strdup(entry.str_value); if (pkcs11_module_path == NULL) goto error; + } else if (!strcmp(entry.key, "pkcs11_module_init_args") && + (entry.type == DBUS_TYPE_STRING)) { + pkcs11_module_init_args = os_strdup(entry.str_value); + if (pkcs11_module_init_args == NULL) + goto error; } else { wpa_dbus_dict_entry_clear(&entry); goto error; @@ -1236,6 +1242,8 @@ DBusMessage * wpas_dbus_iface_set_smartc wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path; os_free(wpa_s->conf->pkcs11_module_path); wpa_s->conf->pkcs11_module_path = pkcs11_module_path; + os_free(wpa_s->conf->pkcs11_module_init_args); + wpa_s->conf->pkcs11_module_init_args = pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ eapol_sm_deinit(wpa_s->eapol); @@ -1247,6 +1255,7 @@ error: os_free(opensc_engine_path); os_free(pkcs11_engine_path); os_free(pkcs11_module_path); + os_free(pkcs11_module_init_args); return wpas_dbus_new_invalid_opts_error(message, NULL); } Index: wpa_supplicant-0.6.4/wpa_supplicant/eapol_test.c =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/eapol_test.c +++ wpa_supplicant-0.6.4/wpa_supplicant/eapol_test.c @@ -335,6 +335,7 @@ static int test_eapol(struct eapol_test_ ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; + ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ wpa_s->eapol = eapol_sm_init(ctx); Index: wpa_supplicant-0.6.4/wpa_supplicant/wpa_supplicant.c =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/wpa_supplicant.c +++ wpa_supplicant-0.6.4/wpa_supplicant/wpa_supplicant.c @@ -560,7 +560,7 @@ int wpa_supplicant_reload_configuration( wpa_s->current_ssid = NULL; /* * TODO: should notify EAPOL SM about changes in opensc_engine_path, - * pkcs11_engine_path, pkcs11_module_path. + * pkcs11_engine_path, pkcs11_module_path, pkcs11_module_init_args. */ if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK || wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK) { Index: wpa_supplicant-0.6.4/wpa_supplicant/wpas_glue.c =================================================================== --- wpa_supplicant-0.6.4.orig/wpa_supplicant/wpas_glue.c +++ wpa_supplicant-0.6.4/wpa_supplicant/wpas_glue.c @@ -535,6 +535,7 @@ int wpa_supplicant_init_eapol(struct wpa ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; + ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ ctx->eap_param_needed = wpa_supplicant_eap_param_needed; ctx->cb = wpa_supplicant_eapol_cb;