moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ANDROID: extract-cert: omit PKCS#11 support if building against BoringSSL

Browse Source 
BoringSSL does not implement the ENGINE API. In Android we do not seem
to rely on the PKCS#11 -> DER extraction. Hence, make this conditional
on the SSL library used.

Bug: 135570712
Signed-off-by: Matthias Maennich <maennich@google.com>
Change-Id: I84af6633dd470083497087c7dd1a2734480e2b0e
This commit is contained in:
Matthias Maennich
2020-11-26 10:08:38 +00:00
parent 23037ef695
commit 2841a4316e
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/extract-cert.c
View File

@@ -49,6 +49,7 @@ static void display_openssl_errors(int l)
} }
} }
#ifndef OPENSSL_IS_BORINGSSL
static void drain_openssl_errors(void) static void drain_openssl_errors(void)
{ {
const char *file; const char *file;
@@ -58,6 +59,7 @@ static void drain_openssl_errors(void)
return; return;
while (ERR_get_error_line(&file, &line)) {} while (ERR_get_error_line(&file, &line)) {}
} }
#endif
#define ERR(cond, fmt, ...) \ #define ERR(cond, fmt, ...) \
do { \ do { \
@@ -112,6 +114,10 @@ int main(int argc, char **argv)
fclose(f); fclose(f);
exit(0); exit(0);
} else if (!strncmp(cert_src, "pkcs11:", 7)) { } else if (!strncmp(cert_src, "pkcs11:", 7)) {
#ifdef OPENSSL_IS_BORINGSSL
ERR(1, "BoringSSL does not support extracting from PKCS#11");
exit(1);
#else
ENGINE *e; ENGINE *e;
struct { struct {
const char *cert_id; const char *cert_id;
@@ -134,6 +140,7 @@ int main(int argc, char **argv)
ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
ERR(!parms.cert, "Get X.509 from PKCS#11"); ERR(!parms.cert, "Get X.509 from PKCS#11");
write_cert(parms.cert); write_cert(parms.cert);
#endif
} else { } else {
BIO *b; BIO *b;
X509 *x509; X509 *x509;