From patchwork Wed Sep 6 23:56:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ben Greear X-Patchwork-Id: 810824 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="YsD8sDsQ"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xngVN2f1dz9t2r for ; Thu, 7 Sep 2017 09:57:00 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Owner; bh=S+gLDpxqo6Oq+e1ccrJfKwMC+DSOAEbcT8S5bstKpxg=; b=YsD 8sDsQTVDuKjUAZ5Z0W2Ac4Byk3cDaQoJZMtnbDBKtLnqyaOWBz13pqc/EHJQuSzUuZQhT/pbHCWRZ UgPH1GCVeC20LFvR7y9SeGVaJovwsDfpvqIInOILzZ9466bb0CHwwl/rPc8JFkninIsE/P5PR9vtF z1ZwxRGX5sdbvFIJrQ3sJGttYmgflreyVJNQwRukut6sV2BN+DW5RiHCzjkVEXrKhBVosOAXfZjp4 wc8qUvTIfTk9mlEe4xCcr6UAdAnWz4x5vmGbNPu2W3zqjng0uM3QW3Q9CLOvSJ08/HseeT+8BWWiG bOW46QXS1GsQxOncAGP9S+JHkuoS9/g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dpkBM-0003VO-Nn; Wed, 06 Sep 2017 23:56:32 +0000 Received: from mail2.candelatech.com ([208.74.158.173]) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1dpkBI-0003Pw-Sm for hostap@lists.infradead.org; Wed, 06 Sep 2017 23:56:30 +0000 Received: from v-f26-64.candelatech.com (firewall.candelatech.com [50.251.239.81]) by mail2.candelatech.com (Postfix) with ESMTP id 1E95040A5A2; Wed, 6 Sep 2017 16:56:07 -0700 (PDT) From: greearb@candelatech.com To: hostap@lists.infradead.org Subject: [RFC] hs20: Allow compiling hs20 client on fedora-26 Date: Wed, 6 Sep 2017 16:56:00 -0700 Message-Id: <20170906235600.9886-1-greearb@candelatech.com> X-Mailer: git-send-email 2.13.5 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20170906_165629_133690_687DF4D1 X-CRM114-Status: GOOD ( 11.65 ) X-Spam-Score: -1.9 (-) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-1.9 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ben Greear MIME-Version: 1.0 Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org From: Ben Greear Seems openssl has changed quite a bit, so some of the hacks and direct access to members no longer works. This is an attempt at fixing that. Signed-off-by: Ben Greear --- hs20/client/est.c | 8 ++++++-- src/utils/http_curl.c | 22 +++++++++++++++++++--- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/hs20/client/est.c b/hs20/client/est.c index 9f1519bf4..b865cbdfa 100644 --- a/hs20/client/est.c +++ b/hs20/client/est.c @@ -219,6 +219,10 @@ typedef struct { } d; } AttrOrOID; +#ifndef OPENSSL_IS_BORINGSSL +DEFINE_STACK_OF(AttrOrOID) +#endif + typedef struct { int type; STACK_OF(AttrOrOID) *attrs; @@ -352,9 +356,9 @@ static void add_csrattrs(struct hs20_osu_client *ctx, CsrAttrs *csrattrs, } } #else /* OPENSSL_IS_BORINGSSL */ - num = SKM_sk_num(AttrOrOID, csrattrs->attrs); + num = sk_AttrOrOID_num(csrattrs->attrs); for (i = 0; i < num; i++) { - AttrOrOID *ao = SKM_sk_value(AttrOrOID, csrattrs->attrs, i); + AttrOrOID *ao = sk_AttrOrOID_value(csrattrs->attrs, i); switch (ao->type) { case 0: add_csrattrs_oid(ctx, ao->d.oid, exts); diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c index 58519ea8d..ca2279ac5 100644 --- a/src/utils/http_curl.c +++ b/src/utils/http_curl.c @@ -446,6 +446,7 @@ sk_num(CHECKED_CAST(_STACK *, STACK_OF(ASN1_IA5STRING) *, (st))) #define sk_ASN1_IA5STRING_value(st, i) (ASN1_IA5STRING *) \ sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i)) #else /* OPENSSL_IS_BORINGSSL */ +#ifdef SKM_sk_num #define sk_LogotypeInfo_num(st) SKM_sk_num(LogotypeInfo, (st)) #define sk_LogotypeInfo_value(st, i) SKM_sk_value(LogotypeInfo, (st), (i)) #define sk_LogotypeImage_num(st) SKM_sk_num(LogotypeImage, (st)) @@ -456,6 +457,13 @@ sk_value(CHECKED_CAST(_STACK *, const STACK_OF(ASN1_IA5STRING) *, (st)), (i)) #define sk_HashAlgAndValue_value(st, i) SKM_sk_value(HashAlgAndValue, (st), (i)) #define sk_ASN1_IA5STRING_num(st) SKM_sk_num(ASN1_IA5STRING, (st)) #define sk_ASN1_IA5STRING_value(st, i) SKM_sk_value(ASN1_IA5STRING, (st), (i)) +#else +DEFINE_STACK_OF(LogotypeInfo) +DEFINE_STACK_OF(LogotypeImage) +DEFINE_STACK_OF(LogotypeAudio) +DEFINE_STACK_OF(HashAlgAndValue) +DEFINE_STACK_OF(ASN1_IA5STRING) +#endif #endif /* OPENSSL_IS_BORINGSSL */ @@ -1136,7 +1144,7 @@ static int ocsp_resp_cb(SSL *s, void *arg) return 0; } - store = SSL_CTX_get_cert_store(s->ctx); + store = SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)); if (ctx->peer_issuer) { wpa_printf(MSG_DEBUG, "OpenSSL: Add issuer"); debug_dump_cert("OpenSSL: Issuer certificate", @@ -1271,13 +1279,14 @@ static int ocsp_resp_cb(SSL *s, void *arg) return 1; } +#if (OPENSSL_VERSION_NUMBER < 0x1010006fL) static SSL_METHOD patch_ssl_method; static const SSL_METHOD *real_ssl_method; static int curl_patch_ssl_new(SSL *s) { - SSL_CTX *ssl = s->ctx; + SSL_CTX *ssl = SSL_get_SSL_CTXs->ctx; int ret; ssl->method = real_ssl_method; @@ -1288,6 +1297,7 @@ static int curl_patch_ssl_new(SSL *s) return ret; } +#endif #endif /* HAVE_OCSP */ @@ -1306,6 +1316,7 @@ static CURLcode curl_cb_ssl(CURL *curl, void *sslctx, void *parm) SSL_CTX_set_tlsext_status_cb(ssl, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ssl, ctx); +#if (OPENSSL_VERSION_NUMBER < 0x1010006fL) /* * Use a temporary SSL_METHOD to get a callback on SSL_new() * from libcurl since there is no proper callback registration @@ -1315,6 +1326,7 @@ static CURLcode curl_cb_ssl(CURL *curl, void *sslctx, void *parm) patch_ssl_method.ssl_new = curl_patch_ssl_new; real_ssl_method = ssl->method; ssl->method = &patch_ssl_method; +#endif } #endif /* HAVE_OCSP */ @@ -1351,13 +1363,17 @@ static CURL * setup_curl_post(struct http_ctx *ctx, const char *address, #ifdef EAP_TLS_OPENSSL curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_cb_ssl); curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, ctx); -#ifdef OPENSSL_IS_BORINGSSL +#if (defined OPENSSL_IS_BORINGSSL) || (OPENSSL_VERSION_NUMBER >= 0x1010006fL) /* For now, using the CURLOPT_SSL_VERIFYSTATUS option only * with BoringSSL since the OpenSSL specific callback hack to * enable OCSP is not available with BoringSSL. The OCSP * implementation within libcurl is not sufficient for the * Hotspot 2.0 OSU needs, so cannot use this with OpenSSL. */ + /* Fedora-26 OpenSSL (0x1010006f) Lno longer has access + * to internals to do that hack, so enable the option for + * that as well. --Ben + */ if (ctx->ocsp != NO_OCSP) curl_easy_setopt(curl, CURLOPT_SSL_VERIFYSTATUS, 1L); #endif /* OPENSSL_IS_BORINGSSL */