Revert "OpenSSL: Fix EAP-TLS connection failure in Android"

This reverts commit b5c7f20804655de31114e17524735691cf0e2798 to allow a
more complete change to be used for addressing the issue with the
earlier commit on Android.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 719797662c4f3d512044a2a142c90ad1185c9c11..aaf519be57eff4d38f6556203d4eb60320aaaf76 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -389,8 +389,6 @@ static void openssl_unload_pkcs11_provider(void)
 }
 
 
-#ifndef ANDROID
-
 static bool openssl_can_use_provider(const char *engine_id, const char *req)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -461,8 +459,6 @@ err_key:
 #endif /* OpenSSL version >= 3.0 */
 }
 
-#endif /* !ANDROID */
-
 
 static X509 * provider_load_cert(const char *cert_id)
 {
@@ -1525,11 +1521,9 @@ err:
 
        return ret;
 #else /* OPENSSL_NO_ENGINE */
-#ifndef ANDROID
        conn->private_key = provider_load_key(key_id);
        if (!conn->private_key)
                return -1;
-#endif /* !ANDROID */
 
        return 0;
 #endif /* OPENSSL_NO_ENGINE */
@@ -5598,10 +5592,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
 
        if (engine_id && ca_cert_id) {
-#if !defined(ANDROID) && defined(OPENSSL_NO_ENGINE)
+#ifdef OPENSSL_NO_ENGINE
                if (!openssl_can_use_provider(engine_id, ca_cert_id))
                        return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
-#endif /* !ANDROID && OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_NO_ENGINE */
                if (tls_connection_engine_ca_cert(data, conn, ca_cert_id))
                        return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
        } else if (tls_connection_ca_cert(data, conn, params->ca_cert,
@@ -5611,10 +5605,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
 
        if (engine_id && cert_id) {
-#if !defined(ANDROID) && defined(OPENSSL_NO_ENGINE)
+#ifdef OPENSSL_NO_ENGINE
                if (!openssl_can_use_provider(engine_id, cert_id))
                        return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
-#endif /* !ANDROID && OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_NO_ENGINE */
                if (tls_connection_engine_client_cert(conn, cert_id))
                        return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
        } else if (tls_connection_client_cert(conn, params->client_cert,
@@ -5623,10 +5617,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
                return -1;
 
        if (engine_id && key_id) {
-#if !defined(ANDROID) && defined(OPENSSL_NO_ENGINE)
+#ifdef OPENSSL_NO_ENGINE
                if (!openssl_can_use_provider(engine_id, key_id))
                        return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
-#endif /* !ANDROID && OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_NO_ENGINE */
                wpa_printf(MSG_DEBUG,
                           "TLS: Using private key from engine/provider");
                if (tls_connection_engine_private_key(conn))