OpenSSL: Do not require a PIN for PKCS#11

It isn't mandatory. If we need one and it's not present, the ENGINE will
try asking for it. Make sure it doesn't actually let an OpenSSL UI loose,
since we don't currently capture those.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
This commit is contained in:
David Woodhouse 2014-12-18 15:09:55 +00:00 committed by Jouni Malinen
parent 96955192b3
commit a642a52b17

View file

@ -897,12 +897,6 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set");
return -1; return -1;
} }
#ifndef ANDROID
if (pin == NULL) {
wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set");
return -1;
}
#endif
ERR_clear_error(); ERR_clear_error();
#ifdef ANDROID #ifdef ANDROID
@ -923,16 +917,26 @@ static int tls_engine_init(struct tls_connection *conn, const char *engine_id,
wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); wpa_printf(MSG_DEBUG, "ENGINE: engine initialized");
#ifndef ANDROID #ifndef ANDROID
if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { if (pin && ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) {
wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]",
ERR_error_string(ERR_get_error(), NULL)); ERR_error_string(ERR_get_error(), NULL));
goto err; goto err;
} }
#endif #endif
if (key_id) { if (key_id) {
/*
* Ensure that the ENGINE does not attempt to use the OpenSSL
* UI system to obtain a PIN, if we didn't provide one.
*/
struct {
const void *password;
const char *prompt_info;
} key_cb = { "", NULL };
/* load private key first in-case PIN is required for cert */ /* load private key first in-case PIN is required for cert */
conn->private_key = ENGINE_load_private_key(conn->engine, conn->private_key = ENGINE_load_private_key(conn->engine,
key_id, NULL, NULL); key_id, NULL,
&key_cb);
if (!conn->private_key) { if (!conn->private_key) {
wpa_printf(MSG_ERROR, wpa_printf(MSG_ERROR,
"ENGINE: cannot load private key with id '%s' [%s]", "ENGINE: cannot load private key with id '%s' [%s]",