248 lines
10 KiB
Diff
248 lines
10 KiB
Diff
diff -ur BUILD/wpa_supplicant-0.6.9/src/crypto/tls.h BUILD2/wpa_supplicant-0.6.9/src/crypto/tls.h
|
|
--- BUILD/wpa_supplicant-0.6.9/src/crypto/tls.h 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/src/crypto/tls.h 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -32,6 +32,7 @@
|
|
const char *opensc_engine_path;
|
|
const char *pkcs11_engine_path;
|
|
const char *pkcs11_module_path;
|
|
+ const char *pkcs11_module_init_args;
|
|
};
|
|
|
|
/**
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c BUILD2/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c
|
|
--- BUILD/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/src/crypto/tls_openssl.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -667,9 +667,11 @@
|
|
* tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
|
|
* @pkcs11_so_path: pksc11_so_path from the configuration
|
|
* @pcks11_module_path: pkcs11_module_path from the configuration
|
|
+ * @pkcs11_module_init_args: pkcs11_module_init_args from the configuration
|
|
*/
|
|
static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
|
|
- const char *pkcs11_module_path)
|
|
+ const char *pkcs11_module_path,
|
|
+ const char *pkcs11_module_init_args)
|
|
{
|
|
char *engine_id = "pkcs11";
|
|
const char *pre_cmd[] = {
|
|
@@ -682,6 +684,7 @@
|
|
};
|
|
const char *post_cmd[] = {
|
|
"MODULE_PATH", NULL /* pkcs11_module_path */,
|
|
+ "INIT_ARGS", NULL /* pkcs11_module_init_args */,
|
|
NULL, NULL
|
|
};
|
|
|
|
@@ -692,6 +695,9 @@
|
|
pre_cmd[3] = engine_id;
|
|
post_cmd[1] = pkcs11_module_path;
|
|
|
|
+ if (pkcs11_module_init_args)
|
|
+ post_cmd[3] = pkcs11_module_init_args;
|
|
+
|
|
wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
|
|
pkcs11_so_path);
|
|
|
|
@@ -761,7 +767,8 @@
|
|
|
|
if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
|
|
tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
|
|
- conf->pkcs11_module_path)) {
|
|
+ conf->pkcs11_module_path,
|
|
+ conf->pkcs11_module_init_args)) {
|
|
tls_deinit(ssl);
|
|
return NULL;
|
|
}
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c
|
|
--- BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -1834,6 +1834,7 @@
|
|
conf.opensc_engine_path = ctx->opensc_engine_path;
|
|
conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
|
|
conf.pkcs11_module_path = ctx->pkcs11_module_path;
|
|
+ conf.pkcs11_module_init_args = ctx->pkcs11_module_init_args;
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
conf.wps = ctx->wps;
|
|
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h
|
|
--- BUILD/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/src/eapol_supp/eapol_supp_sm.h 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -198,6 +198,15 @@
|
|
* module is not loaded.
|
|
*/
|
|
const char *pkcs11_module_path;
|
|
+
|
|
+ /**
|
|
+ * pkcs11_module_init_args - The initialization arguments to the OpenSSL
|
|
+ * OpenSC/PKCS#11 module.
|
|
+ *
|
|
+ * This is an OpenSSL specific configuration option for configuring
|
|
+ * the initialization arguments of the PKCS#11 module.
|
|
+ */
|
|
+ const char *pkcs11_module_init_args;
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
|
|
/**
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.c BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.c
|
|
--- BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.c 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -1188,6 +1188,7 @@
|
|
tlsconf.opensc_engine_path = conf->opensc_engine_path;
|
|
tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
|
|
tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
|
|
+ tlsconf.pkcs11_module_init_args = conf->pkcs11_module_init_args;
|
|
sm->ssl_ctx = tls_init(&tlsconf);
|
|
if (sm->ssl_ctx == NULL) {
|
|
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.h BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.h
|
|
--- BUILD/wpa_supplicant-0.6.9/src/eap_peer/eap.h 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/src/eap_peer/eap.h 2009-05-05 11:48:04.000000000 +0200
|
|
@@ -246,6 +246,13 @@
|
|
*/
|
|
const char *pkcs11_module_path;
|
|
/**
|
|
+ * pkcs11_module_init_args - OpenSC PKCS#11 module initialization
|
|
+ * arguments for OpenSSL engine.
|
|
+ *
|
|
+ * Usually, NULL.
|
|
+ */
|
|
+ const char *pkcs11_module_init_args;
|
|
+ /**
|
|
* wps - WPS context data
|
|
*
|
|
* This is only used by EAP-WSC and can be left %NULL if not available.
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.c
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.c 2009-05-05 11:49:45.000000000 +0200
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -1580,6 +1580,7 @@
|
|
os_free(config->opensc_engine_path);
|
|
os_free(config->pkcs11_engine_path);
|
|
os_free(config->pkcs11_module_path);
|
|
+ os_free(config->pkcs11_module_init_args);
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
os_free(config->driver_param);
|
|
os_free(config->device_name);
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c 2009-05-05 11:49:45.000000000 +0200
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config_file.c 2009-05-05 11:49:24.000000000 +0200
|
|
@@ -444,6 +444,7 @@
|
|
{ STR(opensc_engine_path) },
|
|
{ STR(pkcs11_engine_path) },
|
|
{ STR(pkcs11_module_path) },
|
|
+ { STR(pkcs11_module_init_args) },
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
{ STR(driver_param) },
|
|
{ INT(dot11RSNAConfigPMKLifetime) },
|
|
@@ -854,6 +855,9 @@
|
|
if (config->pkcs11_module_path)
|
|
fprintf(f, "pkcs11_module_path=%s\n",
|
|
config->pkcs11_module_path);
|
|
+ if (config->pkcs11_module_init_args)
|
|
+ fprintf(f, "pkcs11_module_init_args=%s\n",
|
|
+ config->pkcs11_module_init_args);
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
if (config->driver_param)
|
|
fprintf(f, "driver_param=%s\n", config->driver_param);
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.h BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.h
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/config.h 2009-05-05 11:49:45.000000000 +0200
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/config.h 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -195,6 +195,15 @@
|
|
* module is not loaded.
|
|
*/
|
|
char *pkcs11_module_path;
|
|
+
|
|
+ /**
|
|
+ * pkcs11_module_init_args - The initialization arguments to the OpenSSL
|
|
+ * OpenSC/PKCS#11 module.
|
|
+ *
|
|
+ * This is an OpenSSL specific configuration option for configuring
|
|
+ * the initialization arguments of the PKCS#11 module.
|
|
+ */
|
|
+ char *pkcs11_module_init_args;
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
|
|
/**
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c 2009-05-05 11:49:45.000000000 +0200
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/ctrl_iface_dbus_handlers.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -866,7 +866,7 @@
|
|
static const char *dont_quote[] = {
|
|
"key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap",
|
|
"opensc_engine_path", "pkcs11_engine_path", "pkcs11_module_path",
|
|
- "bssid", NULL
|
|
+ "pkcs11_module_init_args", "bssid", NULL
|
|
};
|
|
|
|
static dbus_bool_t should_quote_opt(const char *key)
|
|
@@ -1204,6 +1204,7 @@
|
|
char *opensc_engine_path = NULL;
|
|
char *pkcs11_engine_path = NULL;
|
|
char *pkcs11_module_path = NULL;
|
|
+ char *pkcs11_module_init_args = NULL;
|
|
struct wpa_dbus_dict_entry entry;
|
|
|
|
if (!dbus_message_iter_init(message, &iter))
|
|
@@ -1230,6 +1231,11 @@
|
|
pkcs11_module_path = os_strdup(entry.str_value);
|
|
if (pkcs11_module_path == NULL)
|
|
goto error;
|
|
+ } else if (!strcmp(entry.key, "pkcs11_module_init_args") &&
|
|
+ (entry.type == DBUS_TYPE_STRING)) {
|
|
+ pkcs11_module_init_args = os_strdup(entry.str_value);
|
|
+ if (pkcs11_module_init_args == NULL)
|
|
+ goto error;
|
|
} else {
|
|
wpa_dbus_dict_entry_clear(&entry);
|
|
goto error;
|
|
@@ -1244,6 +1250,8 @@
|
|
wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path;
|
|
os_free(wpa_s->conf->pkcs11_module_path);
|
|
wpa_s->conf->pkcs11_module_path = pkcs11_module_path;
|
|
+ os_free(wpa_s->conf->pkcs11_module_init_args);
|
|
+ wpa_s->conf->pkcs11_module_init_args = pkcs11_module_init_args;
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
|
|
eapol_sm_deinit(wpa_s->eapol);
|
|
@@ -1257,6 +1265,7 @@
|
|
os_free(opensc_engine_path);
|
|
os_free(pkcs11_engine_path);
|
|
os_free(pkcs11_module_path);
|
|
+ os_free(pkcs11_module_init_args);
|
|
return wpas_dbus_new_invalid_opts_error(message, NULL);
|
|
}
|
|
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/eapol_test.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -408,6 +408,7 @@
|
|
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
|
|
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
|
|
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
|
|
+ ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args;
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
|
|
wpa_s->eapol = eapol_sm_init(ctx);
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c 2009-03-23 15:06:28.000000000 +0100
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpas_glue.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -557,6 +557,7 @@
|
|
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
|
|
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
|
|
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
|
|
+ ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args;
|
|
#endif /* EAP_TLS_OPENSSL */
|
|
ctx->wps = wpa_s->wps;
|
|
ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
|
|
diff -ur BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c
|
|
--- BUILD/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c 2009-05-05 11:49:45.000000000 +0200
|
|
+++ BUILD2/wpa_supplicant-0.6.9/wpa_supplicant/wpa_supplicant.c 2009-05-05 11:47:15.000000000 +0200
|
|
@@ -577,7 +577,7 @@
|
|
wpa_s->current_ssid = NULL;
|
|
/*
|
|
* TODO: should notify EAPOL SM about changes in opensc_engine_path,
|
|
- * pkcs11_engine_path, pkcs11_module_path.
|
|
+ * pkcs11_engine_path, pkcs11_module_path, pkcs11_module_init_args.
|
|
*/
|
|
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
|
|
/*
|