[pkg-wpa-devel] r913 - in /hostapd/trunk: ./ debian/
paravoid at users.alioth.debian.org
paravoid at users.alioth.debian.org
Wed Dec 12 01:14:49 UTC 2007
Author: paravoid
Date: Wed Dec 12 01:14:49 2007
New Revision: 913
URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=913
Log:
* New upstream release.
Removed:
hostapd/trunk/.cvsignore
Modified:
hostapd/trunk/ChangeLog
hostapd/trunk/aes_wrap.c
hostapd/trunk/aes_wrap.h
hostapd/trunk/debian/changelog
hostapd/trunk/driver_madwifi.c
hostapd/trunk/driver_test.c
hostapd/trunk/eap_gpsk.c
hostapd/trunk/eap_gpsk_common.c
hostapd/trunk/eap_gpsk_common.h
hostapd/trunk/hostapd.conf
hostapd/trunk/ieee802_1x.c
hostapd/trunk/l2_packet_freebsd.c
hostapd/trunk/l2_packet_linux.c
hostapd/trunk/madwifi.conf
hostapd/trunk/radius.c
hostapd/trunk/radius_client.c
hostapd/trunk/tls_openssl.c
hostapd/trunk/version.h
Modified: hostapd/trunk/ChangeLog
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/ChangeLog?rev=913&op=diff
==============================================================================
--- hostapd/trunk/ChangeLog (original)
+++ hostapd/trunk/ChangeLog Wed Dec 12 01:14:49 2007
@@ -1,4 +1,10 @@
ChangeLog for hostapd
+
+2007-12-02 - v0.5.9
+ * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest
+ draft (draft-ietf-emu-eap-gpsk-07.txt)
+ * fixed debugging code not to use potentially unaligned read to fetch
+ IPv4 addresses
2007-05-28 - v0.5.8
* updated driver_devicescape.c to build with the current
Modified: hostapd/trunk/aes_wrap.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/aes_wrap.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/aes_wrap.c (original)
+++ hostapd/trunk/aes_wrap.c Wed Dec 12 01:14:49 2007
@@ -7,7 +7,7 @@
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
- * Copyright (c) 2003-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -34,10 +34,11 @@
/**
* aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
- * @kek: Key encryption key (KEK)
- * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
- * @plain: Plaintext key to be wrapped, n * 64 bit
- * @cipher: Wrapped key, (n + 1) * 64 bit
+ * @kek: 16-octet Key encryption key (KEK)
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @plain: Plaintext key to be wrapped, n * 64 bits
+ * @cipher: Wrapped key, (n + 1) * 64 bits
* Returns: 0 on success, -1 on failure
*/
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher)
@@ -93,9 +94,10 @@
/**
* aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394)
* @kek: Key encryption key (KEK)
- * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes
- * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bit
- * @plain: Plaintext key, n * 64 bit
+ * @n: Length of the plaintext key in 64-bit units; e.g., 2 = 128-bit = 16
+ * bytes
+ * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bits
+ * @plain: Plaintext key, n * 64 bits
* Returns: 0 on success, -1 on failure (e.g., integrity verification failed)
*/
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain)
@@ -167,28 +169,45 @@
/**
- * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * omac1_aes_128_vector - One-Key CBC MAC (OMAC1) hash with AES-128
* @key: 128-bit key for the hash operation
- * @data: Data buffer for which a MAC is determined
- * @data: Length of data buffer in bytes
+ * @num_elem: Number of elements in the data vector
+ * @addr: Pointers to the data areas
+ * @len: Lengths of the data blocks
* @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
* Returns: 0 on success, -1 on failure
*/
-int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac)
{
void *ctx;
u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE];
- const u8 *pos = data;
- size_t i, left = data_len;
+ const u8 *pos, *end;
+ size_t i, e, left, total_len;
ctx = aes_encrypt_init(key, 16);
if (ctx == NULL)
return -1;
os_memset(cbc, 0, BLOCK_SIZE);
+ total_len = 0;
+ for (e = 0; e < num_elem; e++)
+ total_len += len[e];
+ left = total_len;
+
+ e = 0;
+ pos = addr[0];
+ end = pos + len[0];
+
while (left >= BLOCK_SIZE) {
- for (i = 0; i < BLOCK_SIZE; i++)
+ for (i = 0; i < BLOCK_SIZE; i++) {
cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
if (left > BLOCK_SIZE)
aes_encrypt(ctx, cbc, cbc);
left -= BLOCK_SIZE;
@@ -198,9 +217,15 @@
aes_encrypt(ctx, pad, pad);
gf_mulx(pad);
- if (left || data_len == 0) {
- for (i = 0; i < left; i++)
+ if (left || total_len == 0) {
+ for (i = 0; i < left; i++) {
cbc[i] ^= *pos++;
+ if (pos >= end) {
+ e++;
+ pos = addr[e];
+ end = pos + len[e];
+ }
+ }
cbc[left] ^= 0x80;
gf_mulx(pad);
}
@@ -210,6 +235,24 @@
aes_encrypt(ctx, pad, mac);
aes_encrypt_deinit(ctx);
return 0;
+}
+
+
+/**
+ * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC)
+ * @key: 128-bit key for the hash operation
+ * @data: Data buffer for which a MAC is determined
+ * @data_len: Length of data buffer in bytes
+ * @mac: Buffer for MAC (128 bits, i.e., 16 bytes)
+ * Returns: 0 on success, -1 on failure
+ *
+ * This is a mode for using block cipher (AES in this case) for authentication.
+ * OMAC1 was standardized with the name CMAC by NIST in a Special Publication
+ * (SP) 800-38B.
+ */
+int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac)
+{
+ return omac1_aes_128_vector(key, 1, &data, &data_len, mac);
}
#endif /* CONFIG_NO_AES_OMAC1 */
Modified: hostapd/trunk/aes_wrap.h
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/aes_wrap.h?rev=913&op=diff
==============================================================================
--- hostapd/trunk/aes_wrap.h (original)
+++ hostapd/trunk/aes_wrap.h Wed Dec 12 01:14:49 2007
@@ -7,7 +7,7 @@
* - AES-128 EAX mode encryption/decryption
* - AES-128 CBC
*
- * Copyright (c) 2003-2005, Jouni Malinen <j at w1.fi>
+ * Copyright (c) 2003-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -24,6 +24,8 @@
int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher);
int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain);
+int omac1_aes_128_vector(const u8 *key, size_t num_elem,
+ const u8 *addr[], const size_t *len, u8 *mac);
int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac);
int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out);
int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce,
Modified: hostapd/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/debian/changelog?rev=913&op=diff
==============================================================================
--- hostapd/trunk/debian/changelog (original)
+++ hostapd/trunk/debian/changelog Wed Dec 12 01:14:49 2007
@@ -1,8 +1,9 @@
-hostapd (1:0.5.8-2) UNRELEASED; urgency=low
+hostapd (1:0.5.9-1) UNRELEASED; urgency=low
* NOT RELEASED YET
-
- -- Faidon Liambotis <paravoid at debian.org> Tue, 24 Jul 2007 18:03:49 +0300
+ * New upstream release.
+
+ -- Faidon Liambotis <paravoid at debian.org> Wed, 12 Dec 2007 03:14:13 +0200
hostapd (1:0.5.8-1) unstable; urgency=low
Modified: hostapd/trunk/driver_madwifi.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/driver_madwifi.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/driver_madwifi.c (original)
+++ hostapd/trunk/driver_madwifi.c Wed Dec 12 01:14:49 2007
@@ -440,8 +440,9 @@
ret = set80211priv(priv, IEEE80211_IOCTL_DELKEY, &wk, sizeof(wk));
if (ret < 0) {
- wpa_printf(MSG_DEBUG, "%s: Failed to delete key (addr " MACSTR
- " key_idx %d)", __func__, MAC2STR(addr), key_idx);
+ wpa_printf(MSG_DEBUG, "%s: Failed to delete key (addr %s"
+ " key_idx %d)", __func__, ether_sprintf(addr),
+ key_idx);
}
return ret;
@@ -499,10 +500,10 @@
ret = set80211priv(priv, IEEE80211_IOCTL_SETKEY, &wk, sizeof(wk));
if (ret < 0) {
- wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr " MACSTR
+ wpa_printf(MSG_DEBUG, "%s: Failed to set key (addr %s"
" key_idx %d alg '%s' key_len %lu txkey %d)",
- __func__, MAC2STR(wk.ik_macaddr), key_idx, alg,
- (unsigned long) key_len, txkey);
+ __func__, ether_sprintf(wk.ik_macaddr), key_idx,
+ alg, (unsigned long) key_len, txkey);
}
return ret;
Modified: hostapd/trunk/driver_test.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/driver_test.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/driver_test.c (original)
+++ hostapd/trunk/driver_test.c Wed Dec 12 01:14:49 2007
@@ -170,9 +170,10 @@
u16 fc;
if (drv->test_socket < 0 || len < 10 || drv->socket_dir == NULL) {
- wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%d "
- "socket_dir=%p)",
- __func__, drv->test_socket, len, drv->socket_dir);
+ wpa_printf(MSG_DEBUG, "%s: invalid parameters (sock=%d len=%lu"
+ " socket_dir=%p)",
+ __func__, drv->test_socket, (unsigned long) len,
+ drv->socket_dir);
return -1;
}
Modified: hostapd/trunk/eap_gpsk.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/eap_gpsk.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/eap_gpsk.c (original)
+++ hostapd/trunk/eap_gpsk.c Wed Dec 12 01:14:49 2007
@@ -1,5 +1,5 @@
/*
- * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-03.txt) server
+ * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-06.txt) server
* Copyright (c) 2006-2007, Jouni Malinen <j at w1.fi>
*
* This program is free software; you can redistribute it and/or modify
@@ -23,15 +23,15 @@
struct eap_gpsk_data {
enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state;
u8 rand_server[EAP_GPSK_RAND_LEN];
- u8 rand_client[EAP_GPSK_RAND_LEN];
+ u8 rand_peer[EAP_GPSK_RAND_LEN];
u8 msk[EAP_MSK_LEN];
u8 emsk[EAP_EMSK_LEN];
u8 sk[EAP_GPSK_MAX_SK_LEN];
size_t sk_len;
u8 pk[EAP_GPSK_MAX_PK_LEN];
size_t pk_len;
- u8 *id_client;
- size_t id_client_len;
+ u8 *id_peer;
+ size_t id_peer_len;
u8 *id_server;
size_t id_server_len;
#define MAX_NUM_CSUITES 2
@@ -85,17 +85,17 @@
data->csuite_count = 0;
if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
EAP_GPSK_CIPHER_AES)) {
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor,
+ WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
EAP_GPSK_VENDOR_IETF);
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier,
+ WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
EAP_GPSK_CIPHER_AES);
data->csuite_count++;
}
if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF,
EAP_GPSK_CIPHER_SHA256)) {
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor,
+ WPA_PUT_BE32(data->csuite_list[data->csuite_count].vendor,
EAP_GPSK_VENDOR_IETF);
- WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier,
+ WPA_PUT_BE16(data->csuite_list[data->csuite_count].specifier,
EAP_GPSK_CIPHER_SHA256);
data->csuite_count++;
}
@@ -108,7 +108,7 @@
{
struct eap_gpsk_data *data = priv;
free(data->id_server);
- free(data->id_client);
+ free(data->id_peer);
free(data);
}
@@ -174,8 +174,8 @@
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-3");
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
- len = 1 + 2 * EAP_GPSK_RAND_LEN + sizeof(struct eap_gpsk_csuite) + 2 +
- miclen;
+ len = 1 + 2 * EAP_GPSK_RAND_LEN + 2 + data->id_server_len +
+ sizeof(struct eap_gpsk_csuite) + 2 + miclen;
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqDataLen,
len, EAP_CODE_REQUEST, id, &pos);
if (req == NULL) {
@@ -188,13 +188,18 @@
*pos++ = EAP_GPSK_OPCODE_GPSK_3;
start = pos;
- memcpy(pos, data->rand_client, EAP_GPSK_RAND_LEN);
+ memcpy(pos, data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
memcpy(pos, data->rand_server, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
+ WPA_PUT_BE16(pos, data->id_server_len);
+ pos += 2;
+ if (data->id_server)
+ memcpy(pos, data->id_server, data->id_server_len);
+ pos += data->id_server_len;
csuite = (struct eap_gpsk_csuite *) pos;
- WPA_PUT_BE24(csuite->vendor, data->vendor);
- WPA_PUT_BE24(csuite->specifier, data->specifier);
+ WPA_PUT_BE32(csuite->vendor, data->vendor);
+ WPA_PUT_BE16(csuite->specifier, data->specifier);
pos += sizeof(*csuite);
/* no PD_Payload_2 */
@@ -282,7 +287,7 @@
if (end - pos < 2) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "ID_Client length");
+ "ID_Peer length");
eap_gpsk_state(data, FAILURE);
return;
}
@@ -290,21 +295,21 @@
pos += 2;
if (end - pos < alen) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "ID_Client");
- eap_gpsk_state(data, FAILURE);
- return;
- }
- free(data->id_client);
- data->id_client = malloc(alen);
- if (data->id_client == NULL) {
+ "ID_Peer");
+ eap_gpsk_state(data, FAILURE);
+ return;
+ }
+ free(data->id_peer);
+ data->id_peer = malloc(alen);
+ if (data->id_peer == NULL) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store "
- "%d-octet ID_Client", alen);
- return;
- }
- memcpy(data->id_client, pos, alen);
- data->id_client_len = alen;
- wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Client",
- data->id_client, data->id_client_len);
+ "%d-octet ID_Peer", alen);
+ return;
+ }
+ memcpy(data->id_peer, pos, alen);
+ data->id_peer_len = alen;
+ wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Peer",
+ data->id_peer, data->id_peer_len);
pos += alen;
if (end - pos < 2) {
@@ -332,13 +337,13 @@
if (end - pos < EAP_GPSK_RAND_LEN) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for "
- "RAND_Client");
- eap_gpsk_state(data, FAILURE);
- return;
- }
- memcpy(data->rand_client, pos, EAP_GPSK_RAND_LEN);
- wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Client",
- data->rand_client, EAP_GPSK_RAND_LEN);
+ "RAND_Peer");
+ eap_gpsk_state(data, FAILURE);
+ return;
+ }
+ memcpy(data->rand_peer, pos, EAP_GPSK_RAND_LEN);
+ wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Peer",
+ data->rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
if (end - pos < EAP_GPSK_RAND_LEN) {
@@ -397,13 +402,13 @@
if (i == data->csuite_count) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Peer selected unsupported "
"ciphersuite %d:%d",
- WPA_GET_BE24(csuite->vendor),
- WPA_GET_BE24(csuite->specifier));
- eap_gpsk_state(data, FAILURE);
- return;
- }
- data->vendor = WPA_GET_BE24(csuite->vendor);
- data->specifier = WPA_GET_BE24(csuite->specifier);
+ WPA_GET_BE32(csuite->vendor),
+ WPA_GET_BE16(csuite->specifier));
+ eap_gpsk_state(data, FAILURE);
+ return;
+ }
+ data->vendor = WPA_GET_BE32(csuite->vendor);
+ data->specifier = WPA_GET_BE16(csuite->specifier);
wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel %d:%d",
data->vendor, data->specifier);
pos += sizeof(*csuite);
@@ -434,8 +439,8 @@
if (eap_gpsk_derive_keys(sm->user->password, sm->user->password_len,
data->vendor, data->specifier,
- data->rand_client, data->rand_server,
- data->id_client, data->id_client_len,
+ data->rand_peer, data->rand_server,
+ data->id_peer, data->id_peer_len,
data->id_server, data->id_server_len,
data->msk, data->emsk,
data->sk, &data->sk_len,
Modified: hostapd/trunk/eap_gpsk_common.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/eap_gpsk_common.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/eap_gpsk_common.c (original)
+++ hostapd/trunk/eap_gpsk_common.c Wed Dec 12 01:14:49 2007
@@ -18,8 +18,9 @@
#include "eap_defs.h"
#include "aes_wrap.h"
#include "crypto.h"
-#include "sha1.h"
+#ifdef EAP_GPSK_SHA256
#include "sha256.h"
+#endif /* EAP_GPSK_SHA256 */
#include "eap_gpsk_common.h"
@@ -43,31 +44,29 @@
}
-static int eap_gpsk_gkdf(const u8 *psk /* Y */, size_t psk_len,
- const u8 *data /* Z */, size_t data_len,
- u8 *buf, size_t len /* X */)
+static int eap_gpsk_gkdf_cmac(const u8 *psk /* Y */,
+ const u8 *data /* Z */, size_t data_len,
+ u8 *buf, size_t len /* X */)
{
u8 *opos;
size_t i, n, hashlen, left, clen;
- u8 ibuf[2], hash[SHA1_MAC_LEN];
- const u8 *addr[3];
- size_t vlen[3];
-
- hashlen = SHA1_MAC_LEN;
- /* M_i = Hash-Function (i || Y || Z); */
+ u8 ibuf[2], hash[16];
+ const u8 *addr[2];
+ size_t vlen[2];
+
+ hashlen = sizeof(hash);
+ /* M_i = MAC_Y (i || Z); (MAC = AES-CMAC-128) */
addr[0] = ibuf;
vlen[0] = sizeof(ibuf);
- addr[1] = psk;
- vlen[1] = psk_len;
- addr[2] = data;
- vlen[2] = data_len;
+ addr[1] = data;
+ vlen[1] = data_len;
opos = buf;
left = len;
n = (len + hashlen - 1) / hashlen;
for (i = 1; i <= n; i++) {
WPA_PUT_BE16(ibuf, i);
- sha1_vector(3, addr, vlen, hash);
+ omac1_aes_128_vector(psk, 2, addr, vlen, hash);
clen = left > hashlen ? hashlen : left;
os_memcpy(opos, hash, clen);
opos += clen;
@@ -78,34 +77,72 @@
}
-static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
- const u8 *seed, size_t seed_len,
- u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
- u8 *pk, size_t *pk_len)
-{
-#define EAP_GPSK_SK_LEN_AES 16
-#define EAP_GPSK_PK_LEN_AES 16
- u8 zero_string[1], mk[32], *pos, *data;
- u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
- EAP_GPSK_PK_LEN_AES];
- size_t data_len;
-
- /*
- * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
- * (= seed)
- * KS = 16, PL = psk_len, CSuite_Sel = 0x000000 0x000001
- * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString)
- * MSK = GKDF-160 (MK, inputString)[0..63]
- * EMSK = GKDF-160 (MK, inputString)[64..127]
- * SK = GKDF-160 (MK, inputString)[128..143]
- * PK = GKDF-160 (MK, inputString)[144..159]
- * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel ||
- * inputString)
- * Hash-Function = SHA-1 (see [RFC3174])
- * hashlen = 20 octets (160 bits)
- */
-
- os_memset(zero_string, 0, sizeof(zero_string));
+#ifdef EAP_GPSK_SHA256
+static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */,
+ const u8 *data /* Z */, size_t data_len,
+ u8 *buf, size_t len /* X */)
+{
+ u8 *opos;
+ size_t i, n, hashlen, left, clen;
+ u8 ibuf[2], hash[SHA256_MAC_LEN];
+ const u8 *addr[2];
+ size_t vlen[2];
+
+ hashlen = SHA256_MAC_LEN;
+ /* M_i = MAC_Y (i || Z); (MAC = HMAC-SHA256) */
+ addr[0] = ibuf;
+ vlen[0] = sizeof(ibuf);
+ addr[1] = data;
+ vlen[1] = data_len;
+
+ opos = buf;
+ left = len;
+ n = (len + hashlen - 1) / hashlen;
+ for (i = 1; i <= n; i++) {
+ WPA_PUT_BE16(ibuf, i);
+ hmac_sha256_vector(psk, 32, 2, addr, vlen, hash);
+ clen = left > hashlen ? hashlen : left;
+ os_memcpy(opos, hash, clen);
+ opos += clen;
+ left -= clen;
+ }
+
+ return 0;
+}
+#endif /* EAP_GPSK_SHA256 */
+
+
+static int eap_gpsk_derive_keys_helper(u32 csuite_specifier,
+ u8 *kdf_out, size_t kdf_out_len,
+ const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk,
+ u8 *sk, size_t sk_len,
+ u8 *pk, size_t pk_len)
+{
+ u8 mk[32], *pos, *data;
+ size_t data_len, mk_len;
+ int (*gkdf)(const u8 *psk, const u8 *data, size_t data_len,
+ u8 *buf, size_t len);
+
+ gkdf = NULL;
+ switch (csuite_specifier) {
+ case EAP_GPSK_CIPHER_AES:
+ gkdf = eap_gpsk_gkdf_cmac;
+ mk_len = 16;
+ break;
+#ifdef EAP_GPSK_SHA256
+ case EAP_GPSK_CIPHER_SHA256:
+ gkdf = eap_gpsk_gkdf_sha256;
+ mk_len = SHA256_MAC_LEN;
+ break;
+#endif /* EAP_GPSK_SHA256 */
+ default:
+ return -1;
+ }
+
+ if (psk_len < mk_len)
+ return -1;
data_len = 2 + psk_len + 6 + seed_len;
data = os_malloc(data_len);
@@ -116,24 +153,22 @@
pos += 2;
os_memcpy(pos, psk, psk_len);
pos += psk_len;
- WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */
- pos += 3;
- WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_AES); /* CSuite/Specifier */
- pos += 3;
+ WPA_PUT_BE32(pos, EAP_GPSK_VENDOR_IETF); /* CSuite/Vendor = IETF */
+ pos += 4;
+ WPA_PUT_BE16(pos, csuite_specifier); /* CSuite/Specifier */
+ pos += 2;
os_memcpy(pos, seed, seed_len); /* inputString */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (AES)",
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation",
data, data_len);
- if (eap_gpsk_gkdf(zero_string, sizeof(zero_string), data, data_len,
- mk, sizeof(mk)) < 0) {
+ if (gkdf(psk, data, data_len, mk, mk_len) < 0) {
os_free(data);
return -1;
}
os_free(data);
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk));
-
- if (eap_gpsk_gkdf(mk, sizeof(mk), seed, seed_len,
- kdf_out, sizeof(kdf_out)) < 0)
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, mk_len);
+
+ if (gkdf(mk, seed, seed_len, kdf_out, kdf_out_len) < 0)
return -1;
pos = kdf_out;
@@ -145,163 +180,113 @@
os_memcpy(emsk, pos, EAP_EMSK_LEN);
pos += EAP_EMSK_LEN;
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, EAP_GPSK_SK_LEN_AES);
- os_memcpy(sk, pos, EAP_GPSK_SK_LEN_AES);
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, sk_len);
+ os_memcpy(sk, pos, sk_len);
+ pos += sk_len;
+
+ if (pk) {
+ wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, pk_len);
+ os_memcpy(pk, pos, pk_len);
+ }
+
+ return 0;
+}
+
+
+static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len,
+ const u8 *seed, size_t seed_len,
+ u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
+ u8 *pk, size_t *pk_len)
+{
+#define EAP_GPSK_SK_LEN_AES 16
+#define EAP_GPSK_PK_LEN_AES 16
+ u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES +
+ EAP_GPSK_PK_LEN_AES];
+
+ /*
+ * inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
+ * (= seed)
+ * KS = 16, PL = psk_len, CSuite_Sel = 0x00000000 0x0001
+ * MK = GKDF-16 (PSK[0..15], PL || PSK || CSuite_Sel || inputString)
+ * MSK = GKDF-160 (MK, inputString)[0..63]
+ * EMSK = GKDF-160 (MK, inputString)[64..127]
+ * SK = GKDF-160 (MK, inputString)[128..143]
+ * PK = GKDF-160 (MK, inputString)[144..159]
+ * zero = 0x00 || 0x00 || ... || 0x00 (16 times)
+ * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
+ * CSuite_Sel || inputString)
+ */
+
*sk_len = EAP_GPSK_SK_LEN_AES;
- pos += EAP_GPSK_SK_LEN_AES;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, EAP_GPSK_PK_LEN_AES);
- os_memcpy(pk, pos, EAP_GPSK_PK_LEN_AES);
*pk_len = EAP_GPSK_PK_LEN_AES;
- return 0;
-}
-
-
-#ifdef EAP_GPSK_SHA256
-static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */, size_t psk_len,
- const u8 *data /* Z */, size_t data_len,
- u8 *buf, size_t len /* X */)
-{
- u8 *opos;
- size_t i, n, hashlen, left, clen;
- u8 ibuf[2], hash[SHA256_MAC_LEN];
- const u8 *addr[3];
- size_t vlen[3];
-
- hashlen = SHA256_MAC_LEN;
- /* M_i = Hash-Function (i || Y || Z); */
- addr[0] = ibuf;
- vlen[0] = sizeof(ibuf);
- addr[1] = psk;
- vlen[1] = psk_len;
- addr[2] = data;
- vlen[2] = data_len;
-
- opos = buf;
- left = len;
- n = (len + hashlen - 1) / hashlen;
- for (i = 1; i <= n; i++) {
- WPA_PUT_BE16(ibuf, i);
- sha256_vector(3, addr, vlen, hash);
- clen = left > hashlen ? hashlen : left;
- os_memcpy(opos, hash, clen);
- opos += clen;
- left -= clen;
- }
-
- return 0;
-}
-
-
+ return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_AES,
+ kdf_out, sizeof(kdf_out),
+ psk, psk_len, seed, seed_len,
+ msk, emsk, sk, *sk_len,
+ pk, *pk_len);
+}
+
+
+#ifdef EAP_GPSK_SHA256
static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len,
const u8 *seed, size_t seed_len,
u8 *msk, u8 *emsk,
- u8 *sk, size_t *sk_len,
- u8 *pk, size_t *pk_len)
+ u8 *sk, size_t *sk_len)
{
#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN
#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN
- u8 mk[SHA256_MAC_LEN], zero_string[1], *pos, *data;
u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 +
EAP_GPSK_PK_LEN_SHA256];
- size_t data_len;
/*
- * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server
+ * inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
* (= seed)
- * KS = 32, PL = psk_len, CSuite_Sel = 0x000000 0x000002
- * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString)
- * MSK = GKDF-192 (MK, inputString)[0..63]
- * EMSK = GKDF-192 (MK, inputString)[64..127]
- * SK = GKDF-192 (MK, inputString)[128..159]
- * PK = GKDF-192 (MK, inputString)[160..191]
- * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel ||
- * inputString)
- * Hash-Function = SHA256 (see [RFC4634])
- * hashlen = 32 octets (256 bits)
+ * KS = 32, PL = psk_len, CSuite_Sel = 0x00000000 0x0002
+ * MK = GKDF-32 (PSK[0..31], PL || PSK || CSuite_Sel || inputString)
+ * MSK = GKDF-160 (MK, inputString)[0..63]
+ * EMSK = GKDF-160 (MK, inputString)[64..127]
+ * SK = GKDF-160 (MK, inputString)[128..159]
+ * zero = 0x00 || 0x00 || ... || 0x00 (32 times)
+ * Method-ID = GKDF-16 (zero, "Method ID" || EAP_Method_Type ||
+ * CSuite_Sel || inputString)
*/
- os_memset(zero_string, 0, sizeof(zero_string));
-
- data_len = 2 + psk_len + 6 + seed_len;
- data = os_malloc(data_len);
- if (data == NULL)
- return -1;
- pos = data;
- WPA_PUT_BE16(pos, psk_len);
- pos += 2;
- os_memcpy(pos, psk, psk_len);
- pos += psk_len;
- WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */
- pos += 3;
- WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_SHA256); /* CSuite/Specifier */
- pos += 3;
- os_memcpy(pos, seed, seed_len); /* inputString */
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (SHA256)",
- data, data_len);
-
- if (eap_gpsk_gkdf_sha256(zero_string, sizeof(zero_string),
- data, data_len, mk, sizeof(mk)) < 0) {
- os_free(data);
- return -1;
- }
- os_free(data);
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk));
-
- if (eap_gpsk_gkdf_sha256(mk, sizeof(mk), seed, seed_len,
- kdf_out, sizeof(kdf_out)) < 0)
- return -1;
-
- pos = kdf_out;
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MSK", pos, EAP_MSK_LEN);
- os_memcpy(msk, pos, EAP_MSK_LEN);
- pos += EAP_MSK_LEN;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: EMSK", pos, EAP_EMSK_LEN);
- os_memcpy(emsk, pos, EAP_EMSK_LEN);
- pos += EAP_EMSK_LEN;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK",
- pos, EAP_GPSK_SK_LEN_SHA256);
- os_memcpy(sk, pos, EAP_GPSK_SK_LEN_SHA256);
- *sk_len = EAP_GPSK_SK_LEN_AES;
- pos += EAP_GPSK_SK_LEN_AES;
-
- wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK",
- pos, EAP_GPSK_PK_LEN_SHA256);
- os_memcpy(pk, pos, EAP_GPSK_PK_LEN_SHA256);
- *pk_len = EAP_GPSK_PK_LEN_SHA256;
-
- return 0;
+ *sk_len = EAP_GPSK_SK_LEN_SHA256;
+
+ return eap_gpsk_derive_keys_helper(EAP_GPSK_CIPHER_SHA256,
+ kdf_out, sizeof(kdf_out),
+ psk, psk_len, seed, seed_len,
+ msk, emsk, sk, *sk_len,
+ NULL, 0);
}
#endif /* EAP_GPSK_SHA256 */
/**
* eap_gpsk_derive_keys - Derive EAP-GPSK keys
- * @psk: Pre-shared key (at least 16 bytes if AES is used)
+ * @psk: Pre-shared key
* @psk_len: Length of psk in bytes
* @vendor: CSuite/Vendor
* @specifier: CSuite/Specifier
- * @rand_client: 32-byte RAND_Client
+ * @rand_peer: 32-byte RAND_Peer
* @rand_server: 32-byte RAND_Server
- * @id_client: ID_Client
- * @id_client_len: Length of ID_Client
+ * @id_peer: ID_Peer
+ * @id_peer_len: Length of ID_Peer
* @id_server: ID_Server
* @id_server_len: Length of ID_Server
* @msk: Buffer for 64-byte MSK
* @emsk: Buffer for 64-byte EMSK
* @sk: Buffer for SK (at least EAP_GPSK_MAX_SK_LEN bytes)
* @sk_len: Buffer for returning length of SK
- * @pk: Buffer for SK (at least EAP_GPSK_MAX_PK_LEN bytes)
+ * @pk: Buffer for PK (at least EAP_GPSK_MAX_PK_LEN bytes)
* @pk_len: Buffer for returning length of PK
* Returns: 0 on success, -1 on failure
*/
int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor,
int specifier,
- const u8 *rand_client, const u8 *rand_server,
- const u8 *id_client, size_t id_client_len,
+ const u8 *rand_peer, const u8 *rand_server,
+ const u8 *id_peer, size_t id_peer_len,
const u8 *id_server, size_t id_server_len,
u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len,
u8 *pk, size_t *pk_len)
@@ -318,8 +303,8 @@
wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PSK", psk, psk_len);
- /* Seed = RAND_Client || ID_Client || RAND_Server || ID_Server */
- seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_client_len;
+ /* Seed = RAND_Peer || ID_Peer || RAND_Server || ID_Server */
+ seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_peer_len;
seed = os_malloc(seed_len);
if (seed == NULL) {
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory "
@@ -328,10 +313,10 @@
}
pos = seed;
- os_memcpy(pos, rand_client, EAP_GPSK_RAND_LEN);
+ os_memcpy(pos, rand_peer, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
- os_memcpy(pos, id_client, id_client_len);
- pos += id_client_len;
+ os_memcpy(pos, id_peer, id_peer_len);
+ pos += id_peer_len;
os_memcpy(pos, rand_server, EAP_GPSK_RAND_LEN);
pos += EAP_GPSK_RAND_LEN;
os_memcpy(pos, id_server, id_server_len);
@@ -347,8 +332,7 @@
#ifdef EAP_GPSK_SHA256
case EAP_GPSK_CIPHER_SHA256:
ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed, seed_len,
- msk, emsk, sk, sk_len,
- pk, pk_len);
+ msk, emsk, sk, sk_len);
break;
#endif /* EAP_GPSK_SHA256 */
default:
Modified: hostapd/trunk/eap_gpsk_common.h
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/eap_gpsk_common.h?rev=913&op=diff
==============================================================================
--- hostapd/trunk/eap_gpsk_common.h (original)
+++ hostapd/trunk/eap_gpsk_common.h Wed Dec 12 01:14:49 2007
@@ -32,7 +32,7 @@
#define EAP_GPSK_MAX_PK_LEN 32
#define EAP_GPSK_MAX_MIC_LEN 32
-#define EAP_GPSK_VENDOR_IETF 0x000000
+#define EAP_GPSK_VENDOR_IETF 0x00000000
#define EAP_GPSK_CIPHER_RESERVED 0x000000
#define EAP_GPSK_CIPHER_AES 0x000001
#define EAP_GPSK_CIPHER_SHA256 0x000002
@@ -43,8 +43,8 @@
#endif /* _MSC_VER */
struct eap_gpsk_csuite {
- u8 vendor[3];
- u8 specifier[3];
+ u8 vendor[4];
+ u8 specifier[2];
} STRUCT_PACKED;
#ifdef _MSC_VER
Modified: hostapd/trunk/hostapd.conf
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/hostapd.conf?rev=913&op=diff
==============================================================================
--- hostapd/trunk/hostapd.conf (original)
+++ hostapd/trunk/hostapd.conf Wed Dec 12 01:14:49 2007
@@ -388,7 +388,7 @@
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
# separate network info (comma separated list of attribute=value pairs); see,
-# e.g., draft-adrangi-eap-network-discovery-07.txt.
+# e.g., RFC 4284.
#eap_message=hello
#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com
Modified: hostapd/trunk/ieee802_1x.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/ieee802_1x.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/ieee802_1x.c (original)
+++ hostapd/trunk/ieee802_1x.c Wed Dec 12 01:14:49 2007
@@ -1676,6 +1676,8 @@
void ieee802_1x_deinit(struct hostapd_data *hapd)
{
+ eloop_cancel_timeout(ieee802_1x_rekey, hapd, NULL);
+
if (hapd->driver != NULL &&
(hapd->conf->ieee802_1x || hapd->conf->wpa))
hostapd_set_ieee8021x(hapd->conf->iface, hapd, 0);
Modified: hostapd/trunk/l2_packet_freebsd.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/l2_packet_freebsd.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/l2_packet_freebsd.c (original)
+++ hostapd/trunk/l2_packet_freebsd.c Wed Dec 12 01:14:49 2007
@@ -231,8 +231,11 @@
void l2_packet_deinit(struct l2_packet_data *l2)
{
if (l2 != NULL) {
- if (l2->pcap)
+ if (l2->pcap) {
+ eloop_unregister_read_sock(
+ pcap_get_selectable_fd(l2->pcap));
pcap_close(l2->pcap);
+ }
os_free(l2);
}
}
Modified: hostapd/trunk/l2_packet_linux.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/l2_packet_linux.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/l2_packet_linux.c (original)
+++ hostapd/trunk/l2_packet_linux.c Wed Dec 12 01:14:49 2007
@@ -177,7 +177,8 @@
os_memset(&ifr, 0, sizeof(ifr));
os_strncpy(ifr.ifr_name, l2->ifname, sizeof(ifr.ifr_name));
if (ioctl(s, SIOCGIFADDR, &ifr) < 0) {
- perror("ioctl[SIOCGIFADDR]");
+ if (errno != EADDRNOTAVAIL)
+ perror("ioctl[SIOCGIFADDR]");
close(s);
return -1;
}
Modified: hostapd/trunk/madwifi.conf
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/madwifi.conf?rev=913&op=diff
==============================================================================
--- hostapd/trunk/madwifi.conf (original)
+++ hostapd/trunk/madwifi.conf Wed Dec 12 01:14:49 2007
@@ -59,7 +59,7 @@
# Optional displayable message sent with EAP Request-Identity. The first \0
# in this string will be converted to ASCII-0 (nul). This can be used to
# separate network info (comma separated list of attribute=value pairs); see,
-# e.g., draft-adrangi-eap-network-discovery-07.txt.
+# e.g., RFC 4284.
#eap_message=hello
#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com
Modified: hostapd/trunk/radius.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/radius.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/radius.c (original)
+++ hostapd/trunk/radius.c Wed Dec 12 01:14:49 2007
@@ -230,8 +230,9 @@
case RADIUS_ATTR_IP:
if (len == 4) {
- struct in_addr *addr = (struct in_addr *) pos;
- printf(" Value: %s\n", inet_ntoa(*addr));
+ struct in_addr addr;
+ os_memcpy(&addr, pos, 4);
+ printf(" Value: %s\n", inet_ntoa(addr));
} else
printf(" Invalid IP address length %d\n", len);
break;
Modified: hostapd/trunk/radius_client.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/radius_client.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/radius_client.c (original)
+++ hostapd/trunk/radius_client.c Wed Dec 12 01:14:49 2007
@@ -142,7 +142,8 @@
#ifndef CONFIG_NATIVE_WINDOWS
int _errno = errno;
perror("send[RADIUS]");
- if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL) {
+ if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL ||
+ _errno == EBADF) {
hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS,
HOSTAPD_LEVEL_INFO,
"Send failed - maybe interface status changed -"
Modified: hostapd/trunk/tls_openssl.c
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/tls_openssl.c?rev=913&op=diff
==============================================================================
--- hostapd/trunk/tls_openssl.c (original)
+++ hostapd/trunk/tls_openssl.c Wed Dec 12 01:14:49 2007
@@ -1095,6 +1095,18 @@
{
SSL_CTX *ssl_ctx = _ssl_ctx;
+ /*
+ * Remove previously configured trusted CA certificates before adding
+ * new ones.
+ */
+ X509_STORE_free(ssl_ctx->cert_store);
+ ssl_ctx->cert_store = X509_STORE_new();
+ if (ssl_ctx->cert_store == NULL) {
+ wpa_printf(MSG_DEBUG, "OpenSSL: %s - failed to allocate new "
+ "certificate store", __func__);
+ return -1;
+ }
+
if (ca_cert_blob) {
X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob,
ca_cert_blob_len);
@@ -2272,7 +2284,11 @@
return -1;
c = conn->ssl->enc_read_ctx->cipher;
+#if OPENSSL_VERSION_NUMBER >= 0x00909000L
+ h = EVP_MD_CTX_md(conn->ssl->read_hash);
+#else
h = conn->ssl->read_hash;
+#endif
return 2 * (EVP_CIPHER_key_length(c) +
EVP_MD_size(h) +
Modified: hostapd/trunk/version.h
URL: http://svn.debian.org/wsvn/pkg-wpa/hostapd/trunk/version.h?rev=913&op=diff
==============================================================================
--- hostapd/trunk/version.h (original)
+++ hostapd/trunk/version.h Wed Dec 12 01:14:49 2007
@@ -1,6 +1,6 @@
#ifndef VERSION_H
#define VERSION_H
-#define VERSION_STR "0.5.8"
+#define VERSION_STR "0.5.9"
#endif /* VERSION_H */
More information about the Pkg-wpa-devel
mailing list