[PATCH] Support building with BoringSSL.

Jouni Malinen j at w1.fi
Mon Oct 6 18:35:27 EDT 2014


On Thu, Sep 18, 2014 at 06:40:03PM -0700, Adam Langley wrote:
> BoringSSL is Google's cleanup of OpenSSL and an attempt to unify
> Chromium, Android and internal codebases around a single OpenSSL.
> 
> As part of moving Android to BoringSSL, the wpa_supplicant maintainers
> in Android requested that I upstream the change. I've worked to reduce
> the size of the patch a lot but I'm afraid that it still contains a
> number of #ifdefs.

Thanks, I applied this with couple of changes. I had to do following
additional edits to make this compile and link in my tests:


diff --git a/src/crypto/crypto_openssl.c b/src/crypto/crypto_openssl.c
index 028efc8..b4c59d1 100644
--- a/src/crypto/crypto_openssl.c
+++ b/src/crypto/crypto_openssl.c
@@ -137,7 +130,7 @@ void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher)
 	}
 	pkey[i] = next | 1;
 
-	DES_set_key(&pkey, &ks);
+	DES_set_key((DES_cblock *) &pkey, &ks);
 	DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks,
 			DES_ENCRYPT);
 }
diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 4436fb8..7335033 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1217,7 +1224,7 @@ static int tls_match_suffix(X509 *cert, const char *match)
 
 	ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
 
-	for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) {
+	for (i = 0; ext && i < (int) sk_GENERAL_NAME_num(ext); i++) {
 		gen = sk_GENERAL_NAME_value(ext, i);
 		if (gen->type != GEN_DNS)
 			continue;
@@ -3392,9 +3399,15 @@ unsigned int tls_capabilities(void *tls_ctx)
  * commented out unless explicitly needed for EAP-FAST in order to be able to
  * build this file with unmodified openssl. */
 
+#ifdef OPENSSL_IS_BORINGSSL
+static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
+			   STACK_OF(SSL_CIPHER) *peer_ciphers,
+			   const SSL_CIPHER **cipher, void *arg)
+#else /* OPENSSL_IS_BORINGSSL */
 static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
 			   STACK_OF(SSL_CIPHER) *peer_ciphers,
 			   SSL_CIPHER **cipher, void *arg)
+#endif /* OPENSSL_IS_BORINGSSL */
 {
 	struct tls_connection *conn = arg;
 	int ret;

 
-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list