From: Jouni Malinen <j@w1.fi>
Date: Sun, 23 Mar 2025 08:25:34 +0000 (+0200)
Subject: Revert "OpenSSL: Fix EAP-TLS connection failure in Android"
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c33ba59d85a1967906e570d95340c9e98c5508b1;p=thirdparty%2Fhostap.git

Revert "OpenSSL: Fix EAP-TLS connection failure in Android"

This reverts commit b5c7f20804655de31114e17524735691cf0e2798 to allow a
more complete change to be used for addressing the issue with the
earlier commit on Android.

Signed-off-by: Jouni Malinen <j@w1.fi>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 719797662..aaf519be5 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -389,8 +389,6 @@ static void openssl_unload_pkcs11_provider(void)
 }
 
 
-#ifndef ANDROID
-
 static bool openssl_can_use_provider(const char *engine_id, const char *req)
 {
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -461,8 +459,6 @@ err_key:
 #endif /* OpenSSL version >= 3.0 */
 }
 
-#endif /* !ANDROID */
-
 
 static X509 * provider_load_cert(const char *cert_id)
 {
@@ -1525,11 +1521,9 @@ err:
 
 	return ret;
 #else /* OPENSSL_NO_ENGINE */
-#ifndef ANDROID
 	conn->private_key = provider_load_key(key_id);
 	if (!conn->private_key)
 		return -1;
-#endif /* !ANDROID */
 
 	return 0;
 #endif /* OPENSSL_NO_ENGINE */
@@ -5598,10 +5592,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 
 	if (engine_id && ca_cert_id) {
-#if !defined(ANDROID) && defined(OPENSSL_NO_ENGINE)
+#ifdef OPENSSL_NO_ENGINE
 		if (!openssl_can_use_provider(engine_id, ca_cert_id))
 			return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
-#endif /* !ANDROID && OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_NO_ENGINE */
 		if (tls_connection_engine_ca_cert(data, conn, ca_cert_id))
 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
 	} else if (tls_connection_ca_cert(data, conn, params->ca_cert,
@@ -5611,10 +5605,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 
 	if (engine_id && cert_id) {
-#if !defined(ANDROID) && defined(OPENSSL_NO_ENGINE)
+#ifdef OPENSSL_NO_ENGINE
 		if (!openssl_can_use_provider(engine_id, cert_id))
 			return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
-#endif /* !ANDROID && OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_NO_ENGINE */
 		if (tls_connection_engine_client_cert(conn, cert_id))
 			return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED;
 	} else if (tls_connection_client_cert(conn, params->client_cert,
@@ -5623,10 +5617,10 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 		return -1;
 
 	if (engine_id && key_id) {
-#if !defined(ANDROID) && defined(OPENSSL_NO_ENGINE)
+#ifdef OPENSSL_NO_ENGINE
 		if (!openssl_can_use_provider(engine_id, key_id))
 			return TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED;
-#endif /* !ANDROID && OPENSSL_NO_ENGINE */
+#endif /* OPENSSL_NO_ENGINE */
 		wpa_printf(MSG_DEBUG,
 			   "TLS: Using private key from engine/provider");
 		if (tls_connection_engine_private_key(conn))