File wpa_supplicant-pkcs11-init-args.patch of Package wpa_supplicant

Index: wpa_supplicant-0.6.4/src/crypto/tls.h
===================================================================
--- wpa_supplicant-0.6.4.orig/src/crypto/tls.h
+++ wpa_supplicant-0.6.4/src/crypto/tls.h
@@ -32,6 +32,7 @@ struct tls_config {
 	const char *opensc_engine_path;
 	const char *pkcs11_engine_path;
 	const char *pkcs11_module_path;
+	const char *pkcs11_module_init_args;
 };
 
 /**
Index: wpa_supplicant-0.6.4/src/crypto/tls_openssl.c
===================================================================
--- wpa_supplicant-0.6.4.orig/src/crypto/tls_openssl.c
+++ wpa_supplicant-0.6.4/src/crypto/tls_openssl.c
@@ -653,9 +653,11 @@ static int tls_engine_load_dynamic_gener
  * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc
  * @pkcs11_so_path: pksc11_so_path from the configuration
  * @pcks11_module_path: pkcs11_module_path from the configuration
+ * @pkcs11_module_init_args: pkcs11_module_init_args from the configuration
  */
 static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path,
-					  const char *pkcs11_module_path)
+					  const char *pkcs11_module_path,
+					  const char *pkcs11_module_init_args)
 {
 	char *engine_id = "pkcs11";
 	const char *pre_cmd[] = {
@@ -668,6 +670,7 @@ static int tls_engine_load_dynamic_pkcs1
 	};
 	const char *post_cmd[] = {
 		"MODULE_PATH", NULL /* pkcs11_module_path */,
+		"INIT_ARGS", NULL /* pkcs11_module_init_args */,
 		NULL, NULL
 	};
 
@@ -678,6 +681,9 @@ static int tls_engine_load_dynamic_pkcs1
 	pre_cmd[3] = engine_id;
 	post_cmd[1] = pkcs11_module_path;
 
+	if (pkcs11_module_init_args)
+		post_cmd[3] = pkcs11_module_init_args;
+
 	wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s",
 		   pkcs11_so_path);
 
@@ -747,7 +753,8 @@ void * tls_init(const struct tls_config
 
 		if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) ||
 		    tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path,
-						   conf->pkcs11_module_path)) {
+						   conf->pkcs11_module_path,
+						   conf->pkcs11_module_init_args)) {
 			tls_deinit(ssl);
 			return NULL;
 		}
Index: wpa_supplicant-0.6.4/src/eap_peer/eap.c
===================================================================
--- wpa_supplicant-0.6.4.orig/src/eap_peer/eap.c
+++ wpa_supplicant-0.6.4/src/eap_peer/eap.c
@@ -1169,6 +1169,7 @@ struct eap_sm * eap_peer_sm_init(void *e
 	tlsconf.opensc_engine_path = conf->opensc_engine_path;
 	tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
 	tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
+	tlsconf.pkcs11_module_init_args = conf->pkcs11_module_init_args;
 	sm->ssl_ctx = tls_init(&tlsconf);
 	if (sm->ssl_ctx == NULL) {
 		wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "
Index: wpa_supplicant-0.6.4/src/eap_peer/eap.h
===================================================================
--- wpa_supplicant-0.6.4.orig/src/eap_peer/eap.h
+++ wpa_supplicant-0.6.4/src/eap_peer/eap.h
@@ -246,6 +246,13 @@ struct eap_config {
 	 */
 	const char *pkcs11_module_path;
 	/**
+	 * pkcs11_module_init_args - OpenSC PKCS#11 module initialization 
+	 * arguments for OpenSSL engine.
+	 *
+	 * Usually, NULL.
+	 */
+	const char *pkcs11_module_init_args;
+	/**
 	 * mac_addr - MAC address of the peer
 	 *
 	 * This can be left %NULL if not available.
Index: wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.c
===================================================================
--- wpa_supplicant-0.6.4.orig/src/eapol_supp/eapol_supp_sm.c
+++ wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.c
@@ -1801,6 +1801,7 @@ struct eapol_sm *eapol_sm_init(struct ea
 	conf.opensc_engine_path = ctx->opensc_engine_path;
 	conf.pkcs11_engine_path = ctx->pkcs11_engine_path;
 	conf.pkcs11_module_path = ctx->pkcs11_module_path;
+	conf.pkcs11_module_init_args = ctx->pkcs11_module_init_args;
 #endif /* EAP_TLS_OPENSSL */
 
 	sm->eap = eap_peer_sm_init(sm, &eapol_cb, sm->ctx->msg_ctx, &conf);
Index: wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.h
===================================================================
--- wpa_supplicant-0.6.4.orig/src/eapol_supp/eapol_supp_sm.h
+++ wpa_supplicant-0.6.4/src/eapol_supp/eapol_supp_sm.h
@@ -198,6 +198,15 @@ struct eapol_ctx {
 	 * module is not loaded.
 	 */
 	const char *pkcs11_module_path;
+
+	/**
+	 * pkcs11_module_init_args - The initialization arguments to the OpenSSL
+	 * OpenSC/PKCS#11 module.
+	 *
+	 * This is an OpenSSL specific configuration option for configuring
+	 * the initialization arguments of the PKCS#11 module.
+	 */
+	const char *pkcs11_module_init_args;
 #endif /* EAP_TLS_OPENSSL */
 
 	/**
Index: wpa_supplicant-0.6.4/wpa_supplicant/config.c
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/config.c
+++ wpa_supplicant-0.6.4/wpa_supplicant/config.c
@@ -1526,6 +1526,7 @@ void wpa_config_free(struct wpa_config *
 	os_free(config->opensc_engine_path);
 	os_free(config->pkcs11_engine_path);
 	os_free(config->pkcs11_module_path);
+	os_free(config->pkcs11_module_init_args);
 #endif /* EAP_TLS_OPENSSL */
 	os_free(config->driver_param);
 	os_free(config->pssid);
Index: wpa_supplicant-0.6.4/wpa_supplicant/config.h
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/config.h
+++ wpa_supplicant-0.6.4/wpa_supplicant/config.h
@@ -194,6 +194,15 @@ struct wpa_config {
 	 * module is not loaded.
 	 */
 	char *pkcs11_module_path;
+
+	/**
+	 * pkcs11_module_init_args - The initialization arguments to the OpenSSL
+	 * OpenSC/PKCS#11 module.
+	 *
+	 * This is an OpenSSL specific configuration option for configuring
+	 * the initialization arguments of the PKCS#11 module.
+	 */
+	char *pkcs11_module_init_args;
 #endif /* EAP_TLS_OPENSSL */
 
 	/**
Index: wpa_supplicant-0.6.4/wpa_supplicant/config_file.c
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/config_file.c
+++ wpa_supplicant-0.6.4/wpa_supplicant/config_file.c
@@ -355,6 +355,16 @@ static int wpa_config_process_pkcs11_mod
 	return 0;
 }
 
+static int wpa_config_process_pkcs11_module_init_args(struct wpa_config *config,
+					       char *pos)
+{
+	os_free(config->pkcs11_module_init_args);
+	config->pkcs11_module_init_args = os_strdup(pos);
+	wpa_printf(MSG_DEBUG, "pkcs11_module_init_args='%s'",
+		   config->pkcs11_module_init_args);
+	return 0;
+}
+
 #endif /* EAP_TLS_OPENSSL */
 
 
@@ -457,6 +467,9 @@ static int wpa_config_process_global(str
 
 	if (os_strncmp(pos, "pkcs11_module_path=", 19) == 0)
 		return wpa_config_process_pkcs11_module_path(config, pos + 19);
+
+	if (os_strncmp(pos, "pkcs11_module_init_args=", 24) == 0)
+		return wpa_config_process_pkcs11_module_init_args(config, pos + 24);
 #endif /* EAP_TLS_OPENSSL */
 
 	if (os_strncmp(pos, "driver_param=", 13) == 0)
@@ -827,6 +840,9 @@ static void wpa_config_write_global(FILE
 	if (config->pkcs11_module_path)
 		fprintf(f, "pkcs11_module_path=%s\n",
 			config->pkcs11_module_path);
+	if (config->pkcs11_module_init_args)
+		fprintf(f, "pkcs11_module_init_args=%s\n",
+			config->pkcs11_module_init_args);
 #endif /* EAP_TLS_OPENSSL */
 	if (config->driver_param)
 		fprintf(f, "driver_param=%s\n", config->driver_param);
Index: wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/ctrl_iface_dbus_handlers.c
+++ wpa_supplicant-0.6.4/wpa_supplicant/ctrl_iface_dbus_handlers.c
@@ -858,7 +858,7 @@ out:
 static const char *dont_quote[] = {
 	"key_mgmt", "proto", "pairwise", "auth_alg", "group", "eap",
 	"opensc_engine_path", "pkcs11_engine_path", "pkcs11_module_path",
-	"bssid", NULL
+	"pkcs11_module_init_args", "bssid", NULL
 };
 
 static dbus_bool_t should_quote_opt(const char *key)
@@ -1196,6 +1196,7 @@ DBusMessage * wpas_dbus_iface_set_smartc
 	char *opensc_engine_path = NULL;
 	char *pkcs11_engine_path = NULL;
 	char *pkcs11_module_path = NULL;
+	char *pkcs11_module_init_args = NULL;
 	struct wpa_dbus_dict_entry entry;
 
 	if (!dbus_message_iter_init(message, &iter))
@@ -1222,6 +1223,11 @@ DBusMessage * wpas_dbus_iface_set_smartc
 			pkcs11_module_path = os_strdup(entry.str_value);
 			if (pkcs11_module_path == NULL)
 				goto error;
+		} else if (!strcmp(entry.key, "pkcs11_module_init_args") &&
+				 (entry.type == DBUS_TYPE_STRING)) {
+			pkcs11_module_init_args = os_strdup(entry.str_value);
+			if (pkcs11_module_init_args == NULL)
+				goto error;
 		} else {
 			wpa_dbus_dict_entry_clear(&entry);
 			goto error;
@@ -1236,6 +1242,8 @@ DBusMessage * wpas_dbus_iface_set_smartc
 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path;
 	os_free(wpa_s->conf->pkcs11_module_path);
 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path;
+	os_free(wpa_s->conf->pkcs11_module_init_args);
+	wpa_s->conf->pkcs11_module_init_args = pkcs11_module_init_args;
 #endif /* EAP_TLS_OPENSSL */
 
 	eapol_sm_deinit(wpa_s->eapol);
@@ -1247,6 +1255,7 @@ error:
 	os_free(opensc_engine_path);
 	os_free(pkcs11_engine_path);
 	os_free(pkcs11_module_path);
+	os_free(pkcs11_module_init_args);
 	return wpas_dbus_new_invalid_opts_error(message, NULL);
 }
 
Index: wpa_supplicant-0.6.4/wpa_supplicant/eapol_test.c
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/eapol_test.c
+++ wpa_supplicant-0.6.4/wpa_supplicant/eapol_test.c
@@ -335,6 +335,7 @@ static int test_eapol(struct eapol_test_
 	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
 	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
 	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
+	ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args;
 #endif /* EAP_TLS_OPENSSL */
 
 	wpa_s->eapol = eapol_sm_init(ctx);
Index: wpa_supplicant-0.6.4/wpa_supplicant/wpa_supplicant.c
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/wpa_supplicant.c
+++ wpa_supplicant-0.6.4/wpa_supplicant/wpa_supplicant.c
@@ -560,7 +560,7 @@ int wpa_supplicant_reload_configuration(
 	wpa_s->current_ssid = NULL;
 	/*
 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
-	 * pkcs11_engine_path, pkcs11_module_path.
+	 * pkcs11_engine_path, pkcs11_module_path, pkcs11_module_init_args.
 	 */
 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
 	    wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK) {
Index: wpa_supplicant-0.6.4/wpa_supplicant/wpas_glue.c
===================================================================
--- wpa_supplicant-0.6.4.orig/wpa_supplicant/wpas_glue.c
+++ wpa_supplicant-0.6.4/wpa_supplicant/wpas_glue.c
@@ -535,6 +535,7 @@ int wpa_supplicant_init_eapol(struct wpa
 	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
 	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
 	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
+	ctx->pkcs11_module_init_args = wpa_s->conf->pkcs11_module_init_args;
 #endif /* EAP_TLS_OPENSSL */
 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
 	ctx->cb = wpa_supplicant_eapol_cb;