[pkg-wpa-devel] [wpa] 02/04: Reapply an accidentally lost patch to fix pkcs11 OpenSSL engine initialisation (Closes: #827253).
Andrew Shadura
andrewsh at debian.org
Tue Aug 9 18:16:29 UTC 2016
This is an automated email from the git hooks/post-receive script.
andrewsh pushed a commit to branch debian/sid
in repository wpa.
commit 5c981be3f4a1863e9381d842236addefa5a51ed4
Author: Andrew Shadura <andrewsh at debian.org>
Date: Sat Jul 23 14:04:31 2016 +0200
Reapply an accidentally lost patch to fix pkcs11 OpenSSL engine
initialisation (Closes: #827253).
---
debian/changelog | 2 +
debian/patches/openssl-initialise-pkcs-11.patch | 55 +++++++++++++++++++++++++
debian/patches/series | 3 +-
3 files changed, 59 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index f54c7fb..5c997c6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ wpa (2.5-2+v2.4-2) UNRELEASED; urgency=medium
* Apply patches from upstream to unbreak dedicated P2P Device support
(closes: #833402).
+ * Reapply an accidentally lost patch to fix pkcs11 OpenSSL engine
+ initialisation (Closes: #827253).
-- Andrew Shadura <andrewsh at debian.org> Tue, 09 Aug 2016 20:02:00 +0200
diff --git a/debian/patches/openssl-initialise-pkcs-11.patch b/debian/patches/openssl-initialise-pkcs-11.patch
new file mode 100644
index 0000000..e9180c4
--- /dev/null
+++ b/debian/patches/openssl-initialise-pkcs-11.patch
@@ -0,0 +1,55 @@
+From c3d7fb7e2724150950e1a1eac29460ea255811c3 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <dwmw2 at infradead.org>
+Date: Wed, 8 Jun 2016 21:03:40 +0100
+Subject: OpenSSL: Initialise PKCS#11 engine even if found with ENGINE_by_id()
+
+Recent versions of engine_pkcs11 are set up to be autoloaded on demand
+with ENGINE_by_id() because they don't need explicit configuration.
+
+But if we *do* want to explicitly configure them with a PKCS#11 module
+path, we should still do so.
+
+We can't tell whether it was already initialised, but it's harmless to
+repeat the MODULE_PATH command if it was.
+
+Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+Tested-by: Michael Schaller <misch at google.com>
+---
+ src/crypto/tls_openssl.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index c831fba..23ac64b 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -624,10 +624,16 @@
+
+ engine = ENGINE_by_id(id);
+ if (engine) {
+- ENGINE_free(engine);
+ wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already "
+ "available", id);
+- return 0;
++ /*
++ * If it was auto-loaded by ENGINE_by_id() we might still
++ * need to tell it which PKCS#11 module to use in legacy
++ * (non-p11-kit) environments. Do so now; even if it was
++ * properly initialised before, setting it again will be
++ * harmless.
++ */
++ goto found;
+ }
+ ERR_clear_error();
+
+@@ -664,7 +670,7 @@
+ id, ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+-
++ found:
+ while (post && post[0]) {
+ wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]);
+ if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) {
+--
+cgit v0.12
+
diff --git a/debian/patches/series b/debian/patches/series
index 70bc8db..7abb0a3 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -29,4 +29,5 @@ wpa_supplicant_fix-dependency-odering-when-invoked-with-dbus.patch
dbus-fix-operations-for-p2p-mgmt.patch
nl80211_dont_call_linux_iface_up_for_a_dedicated_p2p_device.patch
do_not_wait_for_monitor_to_attach_if_no_control_interface.patch
-wpa_supplicant_do_not_wait_for_monitor_on_p2p_device_interface.patch
\ No newline at end of file
+wpa_supplicant_do_not_wait_for_monitor_on_p2p_device_interface.patch
+openssl-initialise-pkcs-11.patch
\ No newline at end of file
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/wpa.git
More information about the Pkg-wpa-devel
mailing list