diff -ur BUILD/wpa_supplicant-0.6.9/src/crypto/tls.h BUILD2/wpa_supplicant-0.6.9/src/crypto/tls.h --- BUILD/wpa_supplicant-0.6.9/src/crypto/tls.h 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/src/crypto/tls.h 2009-05-05 11:47:15.000000000 +0200 @@ -32,6 +32,7 @@ const char *opensc_engine_path; const char *pkcs11_engine_path; const char *pkcs11_module_path; + const char *pkcs11_module_init_args; }; /** diff -ur BUILD/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c BUILD2/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c --- BUILD/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c 2009-05-05 11:47:15.000000000 +0200 @@ -667,9 +667,11 @@ * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc * @pkcs11_so_path: pksc11_so_path from the configuration * @pcks11_module_path: pkcs11_module_path from the configuration + * @pkcs11_module_init_args: pkcs11_module_init_args from the configuration */ static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, - const char *pkcs11_module_path) + const char *pkcs11_module_path, + const char *pkcs11_module_init_args) { char *engine_id = "pkcs11"; const char *pre_cmd[] = { @@ -682,6 +684,7 @@ }; const char *post_cmd[] = { "MODULE_PATH", NULL /* pkcs11_module_path */, + "INIT_ARGS", NULL /* pkcs11_module_init_args */, NULL, NULL }; @@ -692,6 +695,9 @@ pre_cmd[3] = engine_id; post_cmd[1] = pkcs11_module_path; + if (pkcs11_module_init_args) + post_cmd[3] = pkcs11_module_init_args; + wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", pkcs11_so_path); @@ -761,7 +767,8 @@ if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, - conf->pkcs11_module_path)) { + conf->pkcs11_module_path, + conf->pkcs11_module_init_args)) { tls_deinit(ssl); return NULL; } diff -ur BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c --- BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c 2009-05-05 11:47:15.000000000 +0200 @@ -1834,6 +1834,7 @@ conf.opensc_engine_path = ctx->opensc_engine_path; conf.pkcs11_engine_path = ctx->pkcs11_engine_path; conf.pkcs11_module_path = ctx->pkcs11_module_path; + conf.pkcs11_module_init_args = ctx->pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ conf.wps = ctx->wps; diff -ur BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h --- BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h 2009-05-05 11:47:15.000000000 +0200 @@ -198,6 +198,15 @@ * module is not loaded. */ const char *pkcs11_module_path; + + /** + * pkcs11_module_init_args - The initialization arguments to the OpenSSL + * OpenSC/PKCS#11 module. + * + * This is an OpenSSL specific configuration option for configuring + * the initialization arguments of the PKCS#11 module. + */ + const char *pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ /** diff -ur BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.c BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.c --- BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.c 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.c 2009-05-05 11:47:15.000000000 +0200 @@ -1188,6 +1188,7 @@ tlsconf.opensc_engine_path = conf->opensc_engine_path; tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path; tlsconf.pkcs11_module_path = conf->pkcs11_module_path; + tlsconf.pkcs11_module_init_args = conf->pkcs11_module_init_args; sm->ssl_ctx = tls_init(&tlsconf); if (sm->ssl_ctx == NULL) { wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS " diff -ur BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.h BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.h --- BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.h 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.h 2009-05-05 11:48:04.000000000 +0200 @@ -246,6 +246,13 @@ */ const char *pkcs11_module_path; /** + * pkcs11_module_init_args - OpenSC PKCS#11 module initialization + * arguments for OpenSSL engine. + * + * Usually, NULL. + */ + const char *pkcs11_module_init_args; + /** * wps - WPS context data * * This is only used by EAP-WSC and can be left %NULL if not available. diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.c --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.c 2009-05-05 11:49:45.000000000 +0200 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.c 2009-05-05 11:47:15.000000000 +0200 @@ -1580,6 +1580,7 @@ os_free(config->opensc_engine_path); os_free(config->pkcs11_engine_path); os_free(config->pkcs11_module_path); + os_free(config->pkcs11_module_init_args); #endif /* EAP_TLS_OPENSSL */ os_free(config->driver_param); os_free(config->device_name); diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c 2009-05-05 11:49:45.000000000 +0200 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c 2009-05-05 11:49:24.000000000 +0200 @@ -444,6 +444,7 @@ { STR(opensc_engine_path) }, { STR(pkcs11_engine_path) }, { STR(pkcs11_module_path) }, + { STR(pkcs11_module_init_args) }, #endif /* EAP_TLS_OPENSSL */ { STR(driver_param) }, { INT(dot11RSNAConfigPMKLifetime) }, @@ -854,6 +855,9 @@ if (config->pkcs11_module_path) fprintf(f, "pkcs11_module_path=%s\n", config->pkcs11_module_path); + if (config->pkcs11_module_init_args) + fprintf(f, "pkcs11_module_init_args=%s\n", + config->pkcs11_module_init_args); #endif /* EAP_TLS_OPENSSL */ if (config->driver_param) fprintf(f, "driver_param=%s\n", config->driver_param); diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.h BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.h --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.h 2009-05-05 11:49:45.000000000 +0200 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.h 2009-05-05 11:47:15.000000000 +0200 @@ -195,6 +195,15 @@ * module is not loaded. */ char *pkcs11_module_path; + + /** + * pkcs11_module_init_args - The initialization arguments to the OpenSSL + * OpenSC/PKCS#11 module. + * + * This is an OpenSSL specific configuration option for configuring + * the initialization arguments of the PKCS#11 module. + */ + char *pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ /** diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c 2009-05-05 11:49:45.000000000 +0200 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c 2009-05-05 11:47:15.000000000 +0200 @@ -866,7 +866,7 @@ static const char *dont_quote[] = { "key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap", "opensc_engine_path", "pkcs11_engine_path", "pkcs11_module_path", - "bssid", NULL + "pkcs11_module_init_args", "bssid", NULL }; static dbus_bool_t should_quote_opt(const char *key) @@ -1204,6 +1204,7 @@ char *opensc_engine_path = NULL; char *pkcs11_engine_path = NULL; char *pkcs11_module_path = NULL; + char *pkcs11_module_init_args = NULL; struct wpa_dbus_dict_entry entry; if (!dbus_message_iter_init(message, &iter)) @@ -1230,6 +1231,11 @@ pkcs11_module_path = os_strdup(entry.str_value); if (pkcs11_module_path == NULL) goto error; + } else if (!strcmp(entry.key, "pkcs11_module_init_args") && + (entry.type == DBUS_TYPE_STRING)) { + pkcs11_module_init_args = os_strdup(entry.str_value); + if (pkcs11_module_init_args == NULL) + goto error; } else { wpa_dbus_dict_entry_clear(&entry); goto error; @@ -1244,6 +1250,8 @@ wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path; os_free(wpa_s->conf->pkcs11_module_path); wpa_s->conf->pkcs11_module_path = pkcs11_module_path; + os_free(wpa_s->conf->pkcs11_module_init_args); + wpa_s->conf->pkcs11_module_init_args = pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ eapol_sm_deinit(wpa_s->eapol); @@ -1257,6 +1265,7 @@ os_free(opensc_engine_path); os_free(pkcs11_engine_path); os_free(pkcs11_module_path); + os_free(pkcs11_module_init_args); return wpas_dbus_new_invalid_opts_error(message, NULL); } diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c 2009-05-05 11:47:15.000000000 +0200 @@ -408,6 +408,7 @@ ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; + ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ wpa_s->eapol = eapol_sm_init(ctx); diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c 2009-03-23 15:06:28.000000000 +0100 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c 2009-05-05 11:47:15.000000000 +0200 @@ -557,6 +557,7 @@ ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; + ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args; #endif /* EAP_TLS_OPENSSL */ ctx->wps = wpa_s->wps; ctx->eap_param_needed = wpa_supplicant_eap_param_needed; diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c --- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c 2009-05-05 11:49:45.000000000 +0200 +++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c 2009-05-05 11:47:15.000000000 +0200 @@ -577,7 +577,7 @@ wpa_s->current_ssid = NULL; /* * TODO: should notify EAPOL SM about changes in opensc_engine_path, - * pkcs11_engine_path, pkcs11_module_path. + * pkcs11_engine_path, pkcs11_module_path, pkcs11_module_init_args. */ if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { /*