| From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 |
| From: Matthias Maennich <maennich@google.com> |
| Date: Thu, 26 Nov 2020 10:08:38 +0000 |
| Subject: REVISIT: ANDROID: extract-cert: omit PKCS#11 support if building |
| against BoringSSL |
| |
| BoringSSL does not implement the ENGINE API. In Android we do not seem |
| to rely on the PKCS#11 -> DER extraction. Hence, make this conditional |
| on the SSL library used. |
| |
| [CPNOTE: 21/07/21] Lee: Androidness |
| [CPNOTE: 06/10/21] Lee: If THE sign-file patch makes it into Mainline, this should bereworked/upstreamed |
| |
| Bug: 135570712 |
| Signed-off-by: Matthias Maennich <maennich@google.com> |
| Change-Id: I84af6633dd470083497087c7dd1a2734480e2b0e |
| --- |
| scripts/extract-cert.c | 7 +++++++ |
| 1 file changed, 7 insertions(+) |
| |
| diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c |
| --- a/scripts/extract-cert.c |
| +++ b/scripts/extract-cert.c |
| @@ -49,6 +49,7 @@ static void display_openssl_errors(int l) |
| } |
| } |
| |
| +#ifndef OPENSSL_IS_BORINGSSL |
| static void drain_openssl_errors(void) |
| { |
| const char *file; |
| @@ -58,6 +59,7 @@ static void drain_openssl_errors(void) |
| return; |
| while (ERR_get_error_line(&file, &line)) {} |
| } |
| +#endif |
| |
| #define ERR(cond, fmt, ...) \ |
| do { \ |
| @@ -112,6 +114,10 @@ int main(int argc, char **argv) |
| fclose(f); |
| exit(0); |
| } else if (!strncmp(cert_src, "pkcs11:", 7)) { |
| +#ifdef OPENSSL_IS_BORINGSSL |
| + ERR(1, "BoringSSL does not support extracting from PKCS#11"); |
| + exit(1); |
| +#else |
| ENGINE *e; |
| struct { |
| const char *cert_id; |
| @@ -134,6 +140,7 @@ int main(int argc, char **argv) |
| ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); |
| ERR(!parms.cert, "Get X.509 from PKCS#11"); |
| write_cert(parms.cert); |
| +#endif |
| } else { |
| BIO *b; |
| X509 *x509; |