From patchwork Thu Apr 20 13:44:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Hristo Venev X-Patchwork-Id: 752812 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3w80VM6nGJz9ryQ for ; Thu, 20 Apr 2017 23:44:59 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="DBk5YAmq"; dkim=fail reason="signature verification failed" (4096-bit key; secure) header.d=venev.name header.i=@venev.name header.b="WHGa+b6N"; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Mime-Version:References:In-Reply-To:Date:To:From:Subject:Message-ID:Reply-To: Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=hSSJ+XCrK1jCgN7D0iLjnJOmdYzkLt/BJebW8hhWde0=; b=DBk5YAmqNzUfUd+FArqj1NBbs lIQQQD6vrx/dSXTPF3g/+yncaaiBI/sDS+rBWTDEBwwNgLOxEGER/jS9kQ0dhFbELnD4OP3dgeBC3 m0u+UBrC4fp6cRfUX0KriZ/mYdV6pJVEL1ce7AeH16H67vU9zHQwCCxN+rVHf0gdeWV90Sa0x6rDR TfV2xk8cM+M3yWRXu3lXtJqoBxOy87RGIsVBtEWV0DQ6H9UYe9SOdx5SHKfrTEQqLhWeMIWIY3Xbf zT9MJ32vN4nzlBfc5lGntTLVNNjASL1MZH82rB5VthI4d8umJ3ndGkujzyHOfG8XvcuUJgoh8dzkw fCIyU2pMw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1d1COH-0000AP-PS; Thu, 20 Apr 2017 13:44:57 +0000 Received: from venev.name ([95.111.59.253]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1d1COE-000092-M8 for hostap@lists.infradead.org; Thu, 20 Apr 2017 13:44:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=venev.name; s=default; h=Mime-Version:Content-Type:References:In-Reply-To:Date:To:From: Subject:Message-ID:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=YllCi527pK8HWVbWcAaSs5pELwODLzhuIGUoHjorI0Y=; b=WHGa+b6NihLrjWmT28f6czG1Mw JG4LZQhiP5JFtsUJtqMEag/JiRQPTEAOdboeZ2G0/mUTKh3tam4Y0Gy9T4Rg08jRFKm2GCRxt6FV2 vEAmUKei8uXPMC3N1VIujqT7Tj1pvV3BbRjWAf8mAauYgKFM1Y1yBSHstav7eYfrIpoUQu5QmxxeF UICQLKqsmpJHGmhOEE0yte8eLOc2Z5UDQa/sJIMvo/U618JFf+whdCnFGPYZs35UhS3QYT2oFfLgS trnKzSohO3WoK1vPdIgqUA7NPuTV8/V3Qs2Qn9W/Jp7mYc5+SHAc2X7jyQc2Vq8bUgxXwcewgdzCo ZaNQzWdByTGkeC0FbR8bfKp4PBDB7HBhUwKKA6TjT9ZawuCoStjz4nGoVvkT0LbrCi+s/tuNn5l/M WXDv4qugKuVzXnsSL1TzQ68YMTeihbLj3tgwWjV+4f/pUnoIiNIeIYEJc10Yu/wSpDJjRIlvBOi6s kwnLRZgFTOHTAnhqi9hllXddMUGXPo2/xJLcFz2500amvIkONT8OAYRQ6UldFjhdLp1kszDfJyK6a 7vZrPsQMN1FGqsjbF5avpSuv5OIqeKQxNNISUUTHjvcR+GnjjJq/C8dw8tJzUeAXr/eipgmI2MouC VaWKN+q3NAD6Jn0UECYXC7jv5SA28eWKicCmcQlak=; Received: from catz-4843.stcatz.ox.ac.uk ([129.67.48.67] helo=hristo-laptop) by venev.name with esmtpsa (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256) (Exim 4.87_1) (envelope-from ) id 1d1CNs-0007K0-KU for hostap@lists.infradead.org; Thu, 20 Apr 2017 16:44:32 +0300 Message-ID: <1492695871.2148.14.camel@venev.name> Subject: Re: [PATCH 3/3] hostapd: set openssl_ecdh_curves From: Hristo Venev To: hostap@lists.infradead.org Date: Thu, 20 Apr 2017 14:44:31 +0100 In-Reply-To: <1492695407.2148.10.camel@venev.name> References: <1492695162.2148.6.camel@venev.name> <1492695407.2148.10.camel@venev.name> X-Mailer: Evolution 3.24.1 (3.24.1-1.fc26) Mime-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170420_064454_948700_B702E631 X-CRM114-Status: UNSURE ( 8.54 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org I forgot to call free(). Here is version 2: hostapd: set openssl_ecdh_curves This makes it possible to use ECDSA certificates with EAP-TLS/TTLS/etc. Signed-off-by: Hristo Venev ---  hostapd/config_file.c | 3 +++  src/ap/ap_config.c    | 1 +  src/ap/ap_config.h    | 1 +  src/ap/authsrv.c      | 1 +  4 files changed, 6 insertions(+)   hapd->conf->ocsp_stapling_response;   params.ocsp_stapling_response_multi = --  2.12.2 diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 7b4380605..2d4eb6e76 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -2195,6 +2195,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,   } else if (os_strcmp(buf, "openssl_ciphers") == 0) {   os_free(bss->openssl_ciphers);   bss->openssl_ciphers = os_strdup(pos); + } else if (os_strcmp(buf, "openssl_ecdh_curves") == 0) { + os_free(bss->openssl_ecdh_curves); + bss->openssl_ecdh_curves = os_strdup(pos);   } else if (os_strcmp(buf, "fragment_size") == 0) {   bss->fragment_size = atoi(pos);  #ifdef EAP_SERVER_FAST diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 6b3d4e862..18ac0ab77 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -503,6 +503,7 @@ void hostapd_config_free_bss(struct hostapd_bss_config *conf)   os_free(conf->ocsp_stapling_response_multi);   os_free(conf->dh_file);   os_free(conf->openssl_ciphers); + os_free(conf->openssl_ecdh_keys);   os_free(conf->pac_opaque_encr_key);   os_free(conf->eap_fast_a_id);   os_free(conf->eap_fast_a_id_info); diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 989b07107..343732043 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -366,6 +366,7 @@ struct hostapd_bss_config {   char *ocsp_stapling_response_multi;   char *dh_file;   char *openssl_ciphers; + char *openssl_ecdh_curves;   u8 *pac_opaque_encr_key;   u8 *eap_fast_a_id;   size_t eap_fast_a_id_len; diff --git a/src/ap/authsrv.c b/src/ap/authsrv.c index 8a658244a..a94f08236 100644 --- a/src/ap/authsrv.c +++ b/src/ap/authsrv.c @@ -170,6 +170,7 @@ int authsrv_init(struct hostapd_data *hapd)   params.private_key_passwd = hapd->conf- >private_key_passwd;   params.dh_file = hapd->conf->dh_file;   params.openssl_ciphers = hapd->conf->openssl_ciphers; + params.openssl_ecdh_curves = hapd->conf- >openssl_ecdh_curves;   params.ocsp_stapling_response =