hostapd: libressl patch

author: Gluzskiy Alexandr <sss@sss.chaoslab.ru> 2018-03-14 13:33:10 +0300
committer: Gluzskiy Alexandr <sss@sss.chaoslab.ru> 2018-03-14 13:33:10 +0300
commit: c2663561fc67e3cb5ed04b231cc297aabd570f86 (patch)
tree: 3e984485e1d9293c88904b5d58bab97ceb247d95 /net-wireless
parent: 352cd099b4122eb0e26d4863311424b6b09cde5b (diff)
2 files changed, 140 insertions, 0 deletions
diff --git a/net-wireless/hostapd/files/libressl.patch b/net-wireless/hostapd/files/libressl.patch
new file mode 100644
index 0000000..6279652
--- /dev/null
+++ b/net-wireless/hostapd/files/libressl.patch
@@ -0,0 +1,138 @@
+diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
+index b63b35e9f..2baa7bfcf 100644
+--- a/src/crypto/crypto_openssl.c
++++ b/src/crypto/crypto_openssl.c
+@@ -33,49 +33,9 @@
+ #include "aes_wrap.h"
+ #include "crypto.h"
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+-/* Compatibility wrappers for older versions. */
+-
+-static HMAC_CTX * HMAC_CTX_new(void)
+-{
+-	HMAC_CTX *ctx;
+-
+-	ctx = os_zalloc(sizeof(*ctx));
+-	if (ctx)
+-		HMAC_CTX_init(ctx);
+-	return ctx;
+-}
+-
+-
+-static void HMAC_CTX_free(HMAC_CTX *ctx)
+-{
+-	if (!ctx)
+-		return;
+-	HMAC_CTX_cleanup(ctx);
+-	bin_clear_free(ctx, sizeof(*ctx));
+-}
+-
+ 
+-static EVP_MD_CTX * EVP_MD_CTX_new(void)
+-{
+-	EVP_MD_CTX *ctx;
+ 
+-	ctx = os_zalloc(sizeof(*ctx));
+-	if (ctx)
+-		EVP_MD_CTX_init(ctx);
+-	return ctx;
+-}
+-
+-
+-static void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+-{
+-	if (!ctx)
+-		return;
+-	EVP_MD_CTX_cleanup(ctx);
+-	bin_clear_free(ctx, sizeof(*ctx));
+-}
+ 
+-#endif /* OpenSSL version < 1.1.0 */
+ 
+ static BIGNUM * get_group5_prime(void)
+ {
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 4413ec325..7dbbd2d8c 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -58,50 +58,6 @@ typedef int stack_index_t;
+ #endif /* OPENSSL_NO_TLSEXT */
+ #endif /* SSL_set_tlsext_status_type */
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
+-     defined(LIBRESSL_VERSION_NUMBER)) &&    \
+-    !defined(BORINGSSL_API_VERSION)
+-/*
+- * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
+- * 1.1.0 and newer BoringSSL revisions. Provide compatibility wrappers for
+- * older versions.
+- */
+-
+-static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+-				    size_t outlen)
+-{
+-	if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
+-		return 0;
+-	os_memcpy(out, ssl->s3->client_random, SSL3_RANDOM_SIZE);
+-	return SSL3_RANDOM_SIZE;
+-}
+-
+-
+-static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+-				    size_t outlen)
+-{
+-	if (!ssl->s3 || outlen < SSL3_RANDOM_SIZE)
+-		return 0;
+-	os_memcpy(out, ssl->s3->server_random, SSL3_RANDOM_SIZE);
+-	return SSL3_RANDOM_SIZE;
+-}
+-
+-
+-#ifdef OPENSSL_NEED_EAP_FAST_PRF
+-static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+-					 unsigned char *out, size_t outlen)
+-{
+-	if (!session || session->master_key_length < 0 ||
+-	    (size_t) session->master_key_length > outlen)
+-		return 0;
+-	if ((size_t) session->master_key_length < outlen)
+-		outlen = session->master_key_length;
+-	os_memcpy(out, session->master_key, outlen);
+-	return outlen;
+-}
+-#endif /* OPENSSL_NEED_EAP_FAST_PRF */
+-
+-#endif
+ 
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #ifdef CONFIG_SUITEB
+@@ -2457,12 +2413,6 @@ static int tls_set_conn_flags(struct tls_connection *conn, unsigned int flags,
+ 	else
+ 		SSL_clear_options(ssl, SSL_OP_NO_TLSv1_1);
+ #endif /* SSL_OP_NO_TLSv1_1 */
+-#ifdef SSL_OP_NO_TLSv1_2
+-	if (flags & TLS_CONN_DISABLE_TLSv1_2)
+-		SSL_set_options(ssl, SSL_OP_NO_TLSv1_2);
+-	else
+-		SSL_clear_options(ssl, SSL_OP_NO_TLSv1_2);
+-#endif /* SSL_OP_NO_TLSv1_2 */
+ #ifdef CONFIG_SUITEB
+ #ifdef OPENSSL_IS_BORINGSSL
+ 	/* Start with defaults from BoringSSL */
+@@ -4344,15 +4294,6 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
+ 		}
+ 	}
+ #endif
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+-	if (params->flags & TLS_CONN_EAP_FAST) {
+-		/* Need to disable TLS v1.3 at least for now since OpenSSL 1.1.1
+-		 * refuses to start the handshake with the modified ciphersuite
+-		 * list (no TLS v1.3 ciphersuites included) for EAP-FAST. */
+-		wpa_printf(MSG_DEBUG, "OpenSSL: Disable TLSv1.3 for EAP-FAST");
+-		SSL_set_options(conn->ssl, SSL_OP_NO_TLSv1_3);
+-	}
+-#endif
+ #endif /* EAP_FAST || EAP_FAST_DYNAMIC || EAP_SERVER_FAST */
+ 
+ 	while ((err = ERR_get_error())) {
diff --git a/net-wireless/hostapd/hostapd-scm.ebuild b/net-wireless/hostapd/hostapd-scm.ebuild
index a446f45..a5e759b 100644
--- a/net-wireless/hostapd/hostapd-scm.ebuild
+++ b/net-wireless/hostapd/hostapd-scm.ebuild
@@ -42,6 +42,8 @@ src_prepare() {
 
 	sed -i -e "s:/etc/hostapd:/etc/hostapd/hostapd:g" \
 		"${S}/hostapd.conf" || die
+	cd ..
+	use libressl && eapply "${FILESDIR}/libressl.patch"
 }
 
 src_configure() {
author	Gluzskiy Alexandr <sss@sss.chaoslab.ru>	2018-03-14 13:33:10 +0300
committer	Gluzskiy Alexandr <sss@sss.chaoslab.ru>	2018-03-14 13:33:10 +0300
commit	c2663561fc67e3cb5ed04b231cc297aabd570f86 (patch)
tree	3e984485e1d9293c88904b5d58bab97ceb247d95 /net-wireless
parent	352cd099b4122eb0e26d4863311424b6b09cde5b (diff)