summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGustavo Zacarias <gustavo@zacarias.com.ar>2012-10-02 07:40:51 (GMT)
committer Peter Korsgaard <jacmet@sunsite.dk>2012-10-03 22:03:08 (GMT)
commit9a5df36c24a669eb3f0af425cd343d594a79475d (patch)
tree1f609f93ecf9d67da594d9398cbcac09131165b3
parent2bd4ee3e39c4d84280622e8082468efbf687da07 (diff)
downloadbuildroot-9a5df36c24a669eb3f0af425cd343d594a79475d.tar.gz
buildroot-9a5df36c24a669eb3f0af425cd343d594a79475d.tar.bz2
hostapd: add openssl 1.0.1 patch
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
-rw-r--r--package/hostapd/hostapd-openssl-1.0.1.patch54
1 files changed, 54 insertions, 0 deletions
diff --git a/package/hostapd/hostapd-openssl-1.0.1.patch b/package/hostapd/hostapd-openssl-1.0.1.patch
new file mode 100644
index 0000000..2e110f4
--- /dev/null
+++ b/package/hostapd/hostapd-openssl-1.0.1.patch
@@ -0,0 +1,54 @@
+From e6e243d97795306aeb604948e7101f9f14e8b8ca Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 17 Aug 2012 23:55:14 +0300
+Subject: [PATCH] Fix EAP-FAST with OpenSSL 1.0.1
+
+The mechanism to figure out key block size based on ssl->read_hash
+does not seem to work with OpenSSL 1.0.1, so add an alternative
+mechanism to figure out the NAC key size that seems to work at
+least with the current OpenSSL 1.0.1 releases.
+
+Signed-hostap: Jouni Malinen <j@w1.fi>
+intended-for: hostap-1
+(cherry picked from commit 7f996409e7e5aa0bb066257906e87ab3294d4fd0)
+---
+ src/crypto/tls_openssl.c | 14 +++++++++++++-
+ 1 files changed, 13 insertions(+), 1 deletions(-)
+
+diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
+index 6380ce0..c4a76be 100644
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -2785,6 +2785,7 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
+ {
+ const EVP_CIPHER *c;
+ const EVP_MD *h;
++ int md_size;
+
+ if (conn == NULL || conn->ssl == NULL ||
+ conn->ssl->enc_read_ctx == NULL ||
+@@ -2798,9 +2799,20 @@ int tls_connection_get_keyblock_size(void *tls_ctx,
+ #else
+ h = conn->ssl->read_hash;
+ #endif
++ if (h)
++ md_size = EVP_MD_size(h);
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++ else if (conn->ssl->s3)
++ md_size = conn->ssl->s3->tmp.new_mac_secret_size;
++#endif
++ else
++ return -1;
+
++ wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
++ "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
++ EVP_CIPHER_iv_length(c));
+ return 2 * (EVP_CIPHER_key_length(c) +
+- EVP_MD_size(h) +
++ md_size +
+ EVP_CIPHER_iv_length(c));
+ }
+
+--
+1.7.4-rc1
+