These two patches are fixing some problems which are fixed in hostapd
master, but not in version 2.8.
Signed-off-by: Hauke Mehrtens <ha...@hauke-m.de>
---
...-in-storing-of-external_auth-SSID-BS.patch | 82 +++++++++++++++++++
...-Fix-ENGINE-support-with-OpenSSL-1.1.patch | 39 +++++++++
2 files changed, 121 insertions(+)
create mode 100644
package/network/services/hostapd/patches/040-Fix-a-regression-in-storing-of-external_auth-SSID-BS.patch
create mode 100644
package/network/services/hostapd/patches/041-Fix-ENGINE-support-with-OpenSSL-1.1.patch
diff --git
a/package/network/services/hostapd/patches/040-Fix-a-regression-in-storing-of-external_auth-SSID-BS.patch
b/package/network/services/hostapd/patches/040-Fix-a-regression-in-storing-of-external_auth-SSID-BS.patch
new file mode 100644
index 0000000000..8b29b08160
--- /dev/null
+++
b/package/network/services/hostapd/patches/040-Fix-a-regression-in-storing-of-external_auth-SSID-BS.patch
@@ -0,0 +1,82 @@
+From d42df8d6ce81d47aea8059c45e3db5c51897f7e8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j...@w1.fi>
+Date: Sun, 28 Apr 2019 16:24:32 +0300
+Subject: [PATCH] Fix a regression in storing of external_auth SSID/BSSID
+
+An earlier change in drivers_ops API for struct external_auth broke the
+way SSID and BSSID for an external authentication request were stored.
+The implementation depended on the memory array being available in the
+API struct with a use of memcpy() to copy the full structure even though
+when only SSID and BSSID was needed. Fix this by replacing that
+easy-to-break storing mechanism with explicit arrays for the exact set
+of needed information.
+
+Fixes: dd1a8cef4c05 ("Remove unnecessary copying of SSID and BSSID for
external_auth")
+Signed-off-by: Jouni Malinen <j...@w1.fi>
+---
+ wpa_supplicant/sme.c | 19 ++++++++++++-------
+ wpa_supplicant/wpa_supplicant_i.h | 4 +++-
+ 2 files changed, 15 insertions(+), 8 deletions(-)
+
+--- a/wpa_supplicant/sme.c
++++ b/wpa_supplicant/sme.c
+@@ -965,9 +965,9 @@ static void sme_send_external_auth_statu
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.status = status;
+- params.ssid = wpa_s->sme.ext_auth.ssid;
+- params.ssid_len = wpa_s->sme.ext_auth.ssid_len;
+- params.bssid = wpa_s->sme.ext_auth.bssid;
++ params.ssid = wpa_s->sme.ext_auth_ssid;
++ params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
++ params.bssid = wpa_s->sme.ext_auth_bssid;
+ wpa_drv_send_external_auth_status(wpa_s, ¶ms);
+ }
+
+@@ -1032,8 +1032,13 @@ void sme_external_auth_trigger(struct wp
+ return;
+
+ if (data->external_auth.action == EXT_AUTH_START) {
+- os_memcpy(&wpa_s->sme.ext_auth, data,
+- sizeof(struct external_auth));
++ if (!data->external_auth.bssid || !data->external_auth.ssid)
++ return;
++ os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
++ ETH_ALEN);
++ os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
++ data->external_auth.ssid_len);
++ wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
+ wpa_s->sme.seq_num = 0;
+ wpa_s->sme.sae.state = SAE_NOTHING;
+ wpa_s->sme.sae.send_confirm = 0;
+@@ -1091,7 +1096,7 @@ static int sme_sae_auth(struct wpa_suppl
+ wpa_s->current_ssid, 2);
+ else
+ sme_external_auth_send_sae_commit(
+- wpa_s, wpa_s->sme.ext_auth.bssid,
++ wpa_s, wpa_s->sme.ext_auth_bssid,
+ wpa_s->current_ssid);
+ return 0;
+ }
+@@ -1110,7 +1115,7 @@ static int sme_sae_auth(struct wpa_suppl
+ wpa_s->current_ssid, 1);
+ else
+ sme_external_auth_send_sae_commit(
+- wpa_s, wpa_s->sme.ext_auth.bssid,
++ wpa_s, wpa_s->sme.ext_auth_bssid,
+ wpa_s->current_ssid);
+ return 0;
+ }
+--- a/wpa_supplicant/wpa_supplicant_i.h
++++ b/wpa_supplicant/wpa_supplicant_i.h
+@@ -802,7 +802,9 @@ struct wpa_supplicant {
+ int sae_group_index;
+ unsigned int sae_pmksa_caching:1;
+ u16 seq_num;
+- struct external_auth ext_auth;
++ u8 ext_auth_bssid[ETH_ALEN];
++ u8 ext_auth_ssid[SSID_MAX_LEN];
++ size_t ext_auth_ssid_len;
+ #endif /* CONFIG_SAE */
+ } sme;
+ #endif /* CONFIG_SME */
diff --git
a/package/network/services/hostapd/patches/041-Fix-ENGINE-support-with-OpenSSL-1.1.patch
b/package/network/services/hostapd/patches/041-Fix-ENGINE-support-with-OpenSSL-1.1.patch
new file mode 100644
index 0000000000..c130626884
--- /dev/null
+++
b/package/network/services/hostapd/patches/041-Fix-ENGINE-support-with-OpenSSL-1.1.patch
@@ -0,0 +1,39 @@
+From 6326fa0c408c266275f600d2a71eb974ab22be7e Mon Sep 17 00:00:00 2001
+From: David Woodhouse <dw...@infradead.org>
+Date: Sun, 28 Apr 2019 21:56:34 +0300
+Subject: [PATCH] Fix ENGINE support with OpenSSL 1.1+
+
+Commit 373c7969485 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and
+deprecated APIs") removed a call to ENGINE_load_dynamic() for newer
+versions of OpenSSL, asserting that it should happen automatically.
+
+That appears not to be the case, and loading engines now fails because
+the dynamic engine isn't present.
+
+Fix it by calling ENGINE_load_builtin_engines(), which works for all
+versions of OpenSSL. Also remove the call to ERR_load_ENGINE_strings()
+because that should have happened when SSL_load_error_strings() is
+called anyway.
+
+Fixes: 373c79694859 ("OpenSSL: Fix compile with OpenSSL 1.1.0 and deprecated
APIs")
+Signed-off-by: David Woodhouse <dw...@infradead.org>
+---
+ src/crypto/tls_openssl.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/src/crypto/tls_openssl.c
++++ b/src/crypto/tls_openssl.c
+@@ -1071,11 +1071,8 @@ void * tls_init(const struct tls_config
+ }
+
+ #ifndef OPENSSL_NO_ENGINE
+- wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+- ERR_load_ENGINE_strings();
+- ENGINE_load_dynamic();
+-#endif /* OPENSSL_VERSION_NUMBER */
++ wpa_printf(MSG_DEBUG, "ENGINE: Loading builtin engines");
++ ENGINE_load_builtin_engines();
+
+ if (conf &&
+ (conf->opensc_engine_path || conf->pkcs11_engine_path ||
--
2.20.1
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
